Hi All,
i've been lurking the forum for a while and it helped me a lot al ready!
i got the whole system online including MTA's!
But now i want to split up the CPE network to different subnets, so this can be filtered by a transparant firewall.
e.g.
CM 1 - ip 10.20.0.5\24
CPE 1 - ip 172.16.0.10\24
CM 2 - ip 10.20.0.6\24
CPE 2 - ip 172.16.10.10\24
Provisioning :
Linux Debian distro
DHCP ( 2 pools, 1 for CM, 2 (or more) for CPE)
TFTPD
DNS
NNTP
MYSQL (DB with mac address + ip address CM network) --> managing our static hosts.conf for provisioning the CM's
+/- 300 CM
Arris C3
We're using a very default config with no BIN's!
Our basic config :
--
NetworkAcces = 1
ClassOfService =
ClassId = 1
MaxDownstreamRate = 1024000
MaxUpstreamRate = 128000
CoSPrivacyEnbale = 0
MaxCpeAllowd =1
--
Compiled with packet ace for uploads to the CM's
i know i've got to look into the config files and a dhcp option (42/43/82/122??) combination, but i can't figure out what to use in which combination.
Could you give me a push in the right direction, or better a how to ;)
thnx in advance,
John
on my way i found an article that i can strip the CPE MAC in the CM and replace this MAC with the CM MAC.
this way i can use the CM MAC for deciding in which subnet it wil come.. only thing i will not have the CPE & CM network separated by vlan-bridges?
kind regards,
John
authoritative;
option CableLabs-Client-Configuration code 122 = string;
option space mta-prov;
option mta-prov code 122 = string;
default-lease-time 60000;
max-lease-time 720000;
shared-network networkname {
subnet 172.16.1.0 netmask 255.255.255.0 {
next-server 192.168.1.1;
option routers 172.16.1.1;
option subnet-mask 255.255.255.0;
option broadcast-address 172.16.1.255;
}
subnet 172.16.2.0 netmask 255.255.255.0 {
next-server 192.168.1.1;
option routers 172.16.2.1;
option subnet-mask 255.255.255.0;
option broadcast-address 172.16.2.255;
}
subnet 10.20.2.0 netmask 255.255.255.0
{
always-reply-rfc1048 true;
option routers 10.20.2.1;
option subnet-mask 255.255.255.0;
option domain-name-servers 192.168.1.1;
option log-servers 192.168.1.1;
option tftp-server-name "192.168.1.1";
option time-servers 192.168.1.1;
next-server 192.168.1.1;
}
host dv0003 { hardware ethernet 00:22:33:44:55:66; fixed-address 172.16.1.5; } # ad7
host dv0004 { hardware ethernet 00:22:33:44:55:67; fixed-address 172.16.2.5; } # ad7
}
On C3 add ip address at interface Cable 1/0
ip address 10.20.2.1 255.255.255.0
ip address 172.16.1.1 255.255.255.0 secondary
ip address 172.16.2.1 255.255.255.0 secondary
...etc
On config files you can add firewall rules to block access to network 10.20.2.0/24
Ok, i got the pools and scoped running on the dhcp server.
Different CM mac's getting the right ip's, that's working!
BUT in case of the CPE network splitting i'm in need of using option 82... and i don't know how to "turn" this on.
I'm using a C3 Cadant with software 4.4.4.6, there is no way to get option 82 trough the cmts.
i've activated the ip dhcp relay information option, i used dhcp relay.. had no effect.
cable 1/0 and fa 0/0 are both in bridge-group 0.
the siadd/giadd/ciadd fields are all empty..
we are using cm modems : arris tm602a
also at this point the MTA isn't receiving a dchp offer either.
My running cmts config :
packetcable authorize vanilla-docsis-mta
no packetcable multimedia
packetcable timer multimedia t1 30000
!
!
no ip routing
default cm subinterface Cable 1/0.0
! bij 2 br groups onderstaande op 0./1
default cpe subinterface Cable 1/0.0
!
! attached sub-interfaces
!
interface FastEthernet 0/0
description "CM_MANAGEMENT"
no shutdown
ip address 10.20.0.4 255.255.0.0
! mac-address 0015.a213.aad1
duplex full
speed 100
snmp trap link-status
load-interval 300
bridge-group 0
no allow-ip-only
management-access
no ip directed-broadcast
no ip source-verify
no ip source-verify subif
no ip l2-bg-to-bg-routing
ip verify-ip-address-filter
!
!
interface FastEthernet 0/1
description "cpe traffic"
no shutdown
! mac-address 0015.a213.aad2
duplex full
speed 100
snmp trap link-status
load-interval 300
!bridge-group 1
bridge-group 0
ip address 172.16.0.4 255.255.0.0
no allow-ip-only
no management-access
no ip directed-broadcast
no ip source-verify
no ip source-verify subif
no ip l2-bg-to-bg-routing
ip verify-ip-address-filter
!
!
interface Cable 1/0
cable utilization-interval 10
cable insertion-interval automatic
cable sync-interval 10
cable ucd-interval 2000
cable max-ranging-attempts 16
cable sid-verify
cable flap-list size 500
cable flap-list power-adjust 3
cable flap-list aging 259200
cable flap-list insertion-time 180
description "CableInt1"
no shutdown
! mac-address 0015.a213.aad3
load-interval 300
snmp trap link-status
bridge-group 0
no ip address 10.20.0.9 255.255.0.0
no allow-ip-only
no management-access
no cable source-verify
arp-broadcast-echo
l2-broadcast-echo
l2-multicast-echo
ip-broadcast-echo
ip-multicast-echo
no l2-broadcast-throttle
no downstream-dhcp-server-allowed
throttle-credits initial 15 running 2
no ip igmp enable
// turned all dhcp relay options of to make shure the cmts is running as a bridge
no ip dhcp relay
no ip dhcp relay information option
no ip dhcp relay validate renew
no ip dhcp relay non-broadcast
no cable dhcp-giaddr
// cut --