Is there a way around having to clone the modem MAC address in cable/dsl nat routers? Are the conditions different when using static IP addresses for both the modem and the cable/dsl router? Do different cable/dsl routers present different problems for DOCSIS modems? I have 60 of these things to set up for a particular application and the MAC cloning aspect is a real pita part of the process. Sure would like to find a way around it if possible.
We don't have this problem with our LANcity legacy modems.
TIA for any tips/advice as usual.
Poge
this isn't a docsis problem, but a dhcp problem.
What DHCP Server are you using ?
If your using dhcp why do you need static IP address, is it a part of the package your offering, are you charging extra for it?
The reason I ask is dhcp is very good at giving all the parameters to the client whether it is a router, PC, Xbox or whatever, it can do static addresses but that is not where it shines the most. The "D" in dhcp stands for Dynamic afterall.
There are ways to make whatever client hooks up behind a modem get the same IP, but it is a real paradigm shift in the way you configure your dhcp server and quite likely will require two separate dhcp servers one for the modems and one for the clients.
>this isn't a docsis problem, but a dhcp problem.
I've since sorta figured that out.
>What DHCP Server are you using ?
ISC DHCPD at present.
>If your using dhcp why do you need static IP address, is it a part of the package your offering, are you charging extra for it?
The explanation is rather complicated, but the short answer is "yes". ;-) The long answer in this particular application involves our providing physical networking services to the local college for their off-campus student housing activities not served by their fiber. The locations are essentially rooming houses/co-ops requiring multiple connections, hence the necessity for the NAT gadgetry. The addressing arrangement is based upon a static routing arrangement between our network and the college network and using their address space for the NAT's in this application. Everything is mapped and monitored and managed via IP address. And that's only part of the long answer...
>The reason I ask is dhcp is very good at giving all the parameters to the client whether it is a router, PC, Xbox or whatever, it can do static addresses >but that is not where it shines the most. The "D" in dhcp stands for Dynamic afterall.
Understood.
>There are ways to make whatever client hooks up behind a modem get the same IP, but it is a real paradigm shift in the way you configure your dhcp >server and quite likely will require two separate dhcp servers one for the modems and one for the clients.
Understood again. I'm very curious about how to bind a CPE's IP address to the modem's MAC address in DHCPD -- if there is a way. And we may indeed end up using two provisioning servers depending on the ultimate flexibility of BroadbandProvisioner which we are in the process of also learning deploying.
But right now I'd just be happy with setting up a modem manually with a static 10.x.x.x, one CPE allowed, test it on the college address space with my laptop, set up the NAT on college address space, hang the NAT off the back of the modem, re-boot the modem, and have it see the NAT instead of wanting to still find the laptop, and/or requiring whatever MAC cloning will fool it.
So where do I start? Allow additional CPE's in the config file? Mess with lease times in DHCPD? Do something else with other dhcpd options?
TIA as usual.
Poge
I think I am following you here is what I think will work for you.
First thing you need is a version of DHCPd that is option 82 compliant we use dhcpd-4.1.0-5 which we had to compile ourselves, but I am not sure exactly what version they added option 82 stuff in. Any newer version of dhcpd3.x or dhcp4.x should work but your mileage may vary.
Option 82 is more commonly know as DHCP Relay information Option, and quite likely will need to be turned "on" in your CMTS in Cisco CMTSes the command is
ip dhcp relay information option
What it does is forward the relay information along with the standard dhcp options, in a CMTS world this means the Modem's Mac address and on Cisco CMTSes the Interface the modem is connected to.
How can this help you in dhcp terms? You can create a class for the modem in question like so
class "Modem0001Client" {
match if (substring(option agent.remote-id,0,15) = "0:4:a0:eb:51:d8") and ((substring(option vendor-class-identifier,0,6) != "docsis");
spawn with option agent.remote-id;
lease limit 1;
}
What this does it classify incoming requests whose remote-id = "0:4:a0:eb:51:d8" (dhcpd uses this weird shorthand for mac addresses this is the mac address 0004a0eb51d8) as a Request from Modem0001Client, the spawn with command tells it to group all requests from behind this modem together and the lease-limit line prevents the dhcp server from handing more than 1 leases to clients behind that modem. The other substring command tells it to ignore modems and only match clients, because modem dhcp requests also have option 82 info on them with their own mac as the remote-id, at least on cisco CMTSes.
Ok, the first half of the battle is completed you have classified the clients your interested in now you have to configure your subnets to take advantage of it
This is the "one" DHCPd server version
class "Modems" {
match if (substring(option vendor-class-identifier,0,6) = "docsis"
spawn with hardware;
}
class "Modem0001Client" {
match if (substring(option agent.remote-id,0,15) = "0:4:a0:eb:51:d8") and ((substring(option vendor-class-identifier,0,6) != "docsis");
spawn with option agent.remote-id;
lease limit 1;
}
class "Modem0002Client" {
match if (substring(option agent.remote-id,0,15) = "0:3:a1:e3:51:d5") and ((substring(option vendor-class-identifier,0,6) != "docsis");
spawn with option agent.remote-id;
lease limit 1;
}
shared-network CableNetwork {
#Subnet for modems
subnet 10.0.0.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option routers 10.0.0.1;
#Rest of required modem options
pool {
range 10.0.0.2 10.0.0.254;
allow members of "Modems";
}
}
#Subnet for clients
subnet 192.168.0.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option routers 192.168.0.1;
option domain-name-servers 192.168.1.1;
#Pool for Modem0001Client
pool {
range 192.168.0.2 192.168.0.2;
allow members of "Modem0001Client";
}
#Pool for Modem0002Client
pool {
range 192.168.0.3 192.168.0.3;
allow members of "Modem0002Client";
}
}
}
You would repeat the class "ModemxxxxClient" and pool commands for each modem you need, a huge pain in the butt, but it works.
Please note that I pieced this snippet together from various configs I have so I have not tested it, however with some minor tweaking i.e. your ip address and mac address should be a good foundation to build on.
Hi,
tested OK except older versions (mine 3.1.2) require using binary-to-ascii insted of substring
so
match if (substring(option agent.remote-id,0,15) = "0:4:a0:eb:51:d8") and ((substring(option vendor-class-identifier,0,6) != "docsis");
is:
match if ((binary-to-ascii(16, 8, ":", option agent.remote-id) = "0:4:a0:eb:51:d8") and (substring(option vendor-class-identifier,0,6) != "docsis"));
Thank You very much for that code - everything else worked like a charm :-)
Note: if anyone has problems with matching clients, there is a line to debug dhcp options
log(debug,concat ("remote-id: ",binary-to-ascii(16, 8, ":", option agent.remote-id)));
It logs only data from clients that got a lease from the server, if you get no free leases it's dhcp options won't be printed in the logs.
That was the one line I wasn't using in my configs and the docs said it was of type string which should have been substring, but glad it worked with binary-to-ascii......
on a side note: there is another slightly cleaner looking way to do this using subclasses
class "Modem0001Client" {
match if (substring(option vendor-class-identifier,0,6) != "docsis");
spawn with option agent.remote-id;
lease limit 1;
}
subclass "Modem0001Client" 1:0:4:a0:eb:51:d8;
I personally prefer the other way, because for me it makes more sense, but thought I would throw this out there for others to see.
Thanks for the input. I think I get it for the most part.
I presume the 'match if substring option id piece' is referring to the modem's MAC address in the expamples and not that of a known CPE device?
Also, once the class "Modems" is created to specify individual "Modem Clients", couldn't I just use "fixed-address" to bind to the MAC like I'm doing for the hosts instead of creating pools and designating the range for each client entry?
And yeah, pain in the butt is an understatement!
Thanks again.
Poge
Yes you can assign modem IPs by using fixed addresses - that's what i do anyway.
More speed hacks ->
1)lines
spawn with option agent.remote-id;
lease limit 1;
are redundant - remove
2)when matching by option agent.remote-id write: option agent.remote-id=MAC:OF:THE:MODEM(binary to ascii takes time)
second match instead of vendor class identifier use (let's say our modem's mac is 00:11:22:33:44:55 ) hardware!=01:00:11:22:33:44:55
I assign fixed-addresses already for the modems like so:
shared-network ModemNetwork {
authoritative;
deny client-updates;
allow unknown-clients;
# uBR c3/
subnet 10.1.0.0 netmask 255.255.0.0 {
option time-offset -18000;
option ntp-servers 128.4.40.12;
authoritative;
deny client-updates;
allow unknown-clients;
range 10.1.0.4 10.1.254.254;
option domain-name "oberlin.net";
option domain-name-servers 208.66.208.2 , 208.66.208.3;
option subnet-mask 255.255.0.0;
option broadcast-address 10.10.1.255;
option routers 10.1.0.1;
option time-servers 10.10.1.1;
option log-servers 10.10.1.3;
next-server 10.10.1.3;
option tftp-server-name "10.10.1.3";
# Setup/Upgrade
host Setup {
server-name "10.10.1.3";
option time-servers 10.10.1.1;
option bootfile-name "256_Upgrade.bin";
filename "256_Upgrade.bin";
hardware ethernet 00:1A:DE:74:F1:60;
fixed-address 10.1.254.254;
}
I'm hoping for a solution as simple as above to assign fixed addresses to whatever is on the ethernet side of the modem while binding that address assignment to the modem MAC instead of whatever CPE device is behind it. Been tearing my hair out with the earlier examples and just hoping for an easier solution. I'm not well-versed with dhcpd conventions and such, so this is sort of difficult for me to sort out on any type of 'intuitive' basis. Plus the various angles in the earlier examples aren't exactly going according to plan and I broke my dhcp server.
Gotta go through and comment everything out to see where the mistakes are and then figure out where to set up the public address range to create the pool stuff if I'm going to go that route. It doesn't like where I put it and keeps complaining about it.
Poge
It IS simple:
our modem mac 00:11:22:33:44:55
above shares network paste:
class "comp_10_0_0_3" { match if (option agent.remote-id = 00:11:22:33:44:55 ) and (hardware != 01:00:11:22:33:44:55); }
inside shared network
#PC subnet
subnet blah blah netmask 255.255.254.0{ blah blah
pool { range XX.YY.ZZ.AA XX.YY.ZZ.AA; allow members of "comp_10_0_0_3"; }
}
#modem subnet
subnet 10.0.0.0 netmask 255.255.254.0{ blah blah subnet config
host modem_10_0_0_3{ hardware ethernet 00:11:22:33:44:55; fixed-address 10.0.0.3; filename "10_0_0_3.bin"; }
}
Poge,
A couple of things:
1) you cannot assign a fixed-address for a client based on the modem mac, that is not possible, fixed-addresses require the mac address of the device in question. The solution I provided earlier simulates this by dynamically assigning an IP based on what modem the device was behind, this is not a fixed address, this is a dynamic address from a pool of 1 address thus simulating a fixed address, however if a second client were to connect from behind that modem unless the lease from the first client was released and made available it would NOT get that IP address. After a devices lease expires, the server can wait considerable time before freeing up the IP address, I believe it is something like 5 times the lease length.
2) Why are you using DHCP, if you want fixed-addresses on the clients? If you need a specific IP at a specific location why not just statically assign that information? What purpose is DHCP serving? If the answer to this question is, so that you can know the IP of the modem/client in question, for monitoring/tracking purposes save yourself a ton of headache, and determine this information elsewhere. I would suggest the arp table on your CMTS via snmp. On a Cisco CMTS this info is easily available as long as you know the mac address of the device your looking for. below is a snippet to accomplish that in PHP using David Eders phpsnmp package.
<?php
require('snmp.php');
/**
$cmts is expected to be an array of CMTS IP address in which to search
$community is the snmp community string used to query the CMTS
@return is either the IP address of the device in question or false if it was not found
*/
function getIpAddress($cmts, $community, $macAddress)
{
$snmp = new snmp();
$snmp->timeout = 1;
$snmp->version = SNMP_VERSION_2;
$formattedMac = split("_", ereg_replace("_$", "", chunk_split($macAddress, 2, "_")));
$formattedMac2 = array_map("hexdec", $formattedMac);
$formattedMac = join (".", $formattedMac2);
foreach ($cmts as $cmtsAddress) {
//This is a Cisco Propriatary OID more info on it can be found here
//http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?objectInput=1.3.6.1....
$results = $snmp->get($cmtsAddress, "1.3.6.1.4.1.9.9.116.1.3.1.1.3." . $formattedMac, $community);
$ip = current($results);
return $ip;
}
return false;
}
?>
If you absolutely need fixed-addresses on the client side of things setting up the fixed address with the routers mac is going to be the way to go. When the person goes out to install the connection have him statically assign the appropriate information test it make sure it works then hook up the router have it dhcp the same info and make sure it works.
First and foremost, mucho appreciation for the help -- and especially the patience. I realize this is pretty much newbie-type ground for many and is probably getting boring for some. And I'm not sure if I'm over-simplifying or over-complicating my expectations for the particular situation, but I've certainly learned a bit of both so far.
1) you cannot assign a fixed-address for a client based on the modem mac
The solution I provided earlier simulates this by dynamically assigning an IP
I understood the approach and logic behind it, just couldn't quite get it to work.
2) Why are you using DHCP, if you want fixed-addresses on the clients? If you need a specific IP at a specific location why not just statically assign that information?
I did.
And that's the desired approach since I'm personally provisioning the devices and managing the address inventory. Problem was, initial modem setup/testing with my laptop would not release its' (laptop's) MAC address from the modem when the NAT/router was put in place -- even after modem reboot or doing 'clear cable host' mc:ad:dr:es:00 on the CMTS (not knowing which binding was controlling what then), hence the original MAC cloning question at the beginning of the thread.
3) If you absolutely need fixed-addresses on the client side of things setting up the fixed address with the routers mac is going to be the way to go. When the person goes out to install the connection have him statically assign the appropriate information test it make sure it works then hook up the router have it dhcp the same info and make sure it works.
Aside from setting up the fixed-address with the router's MAC as a client in dhcpd, that's exactly what I was doing in simulated conditions on the bench so all the tech needed to do was change the address and gateway on the router in the field, swap out the modem, reboot, and head for the next one. So getting back to butt simple basics, adding a second CPE slot in the modem config seems to work for obvious reasons, though I'm still confused about why the modem doesn't want to release the laptop MAC address when rebooted with a new MAC address behind it in a 1 CPE scenario. That's what I'm evidently missing/misunderstanding in all this. So maybe the real question should have been how long does a modem retain a learned CPE MAC address before it will replace it with a new one?
As for the php stuff? A little over my head at present, but it is certainly going into my growing collection of snippets.
And I've recently been advise to "start looking into VoIP". Sure. No problem. I'll get right on it. (ahem?)
Yikes.
Poge