Hi there,
i'm trying for weeks to read and try something to block customers of accessing internet services and redirection into a payment site but i can't do it.
Does anyone know how to implement this on a dhcpd.conf server with a cisco ubr7246 .
My networks topology is :
Mikrotik as the main router -> cmts -> has a bundle with subnets 10.1.0.0/16 for cm and 10.16.0.0/16 for cpe
-> linux -> has a dhcp server installed with tftp
Is there a way to add groups into that dhcpd server for expired customers for example 10.0.0.0/16 and for active customers for exampl. 10.1.0.0/16
and for active cpe pools 10.16.0.0/16 and for expired accounts 10.15.0.0/16
the problem is because on the bundle i can't add two subnet's for modems just one as primary and more than one as secondary for cpe's
if i can achieve that all customers equipment/cpe can get a ip from this range 10.15.0.0/16 then i can do a redirection into mikrotik webproxy with filters and nat.
Can anyone help me to implement this on our linux side/dhcpd and cisco uBr7246 .
maybe if anyone has any bundle subinterface or any dhcpd conf or anything that can lead me to the right way.
best regards,
DarkNG
# DHCP Server Configuration file for route mode CMTS
#
authoritative;
option domain-name "localdomain";
option domain-name-servers 8.8.8.8;
option time-servers 192.53.103.108;
ddns-update-style none;
min-lease-time 3600;
default-lease-time 3600;
max-lease-time 3600;
log-facility local6;
option space PacketCable;
option PacketCable.pri-dhcp code 1 = ip-address;
option PacketCable.sec-dhcp code 2 = ip-address;
option PacketCable.kerberos-realm-name code 6 = text;
option packet-cable code 122 = encapsulate PacketCable;
option PacketCable.pri-dhcp 172.33.55.10;
# interface eth0
subnet 172.33.55.0 netmask 255.255.255.0 {
}
# cm on cmts 2 (arris)
subnet 10.1.0.0 netmask 255.255.0.0 {
option routers 10.1.0.1;
}
# cpe
subnet 10.16.0.0 netmask 255.255.0.0 {
option routers 10.16.0.1;
range dynamic-bootp 10.16.0.0 10.16.254.255;
}
You can do it with sub interfaces but I could only get it to work with two dhcp servers one for modems and one for clients, but my dhcp setup is quite different than yours you may be able to get it to work with one. If you use one you will need to replace the two cable helper addresses with one without the cable-modem and host designation
on the cmts
interface Bundle1
no ip address
cable arp filter request-send 3 2
cable arp filter reply-accept 3 2
!
interface Bundle1.1
! Authorized CPE IPs
ip address xxx.xxx.xxx.1 255.255.255.0 secondary
! Authorized Modems IPs
ip address 10.200.0.1 255.255.192.0
cable helper-address xxx.xxxx.xxx.13 cable-modem
cable helper-address xxx.xxx.xxx.14 host
!
interface Bundle1.2
! Not Authorized CPE IPs
ip address 10.200.192.1 255.255.192.0 secondary
! Not Authorized Modems
ip address 10.200.128.1 255.255.192.0
cable helper-address xxx.xxx.xxx.13 cable-modem
cable helper-address xxx.xxx.xxx.14 host
In the DHCP Server for the CPEs
class "CM" {
# only match if first 6 chars of option 61 are docsis
match if (substring(option vendor-class-identifier,0,6) = "docsis");
spawn with hardware;
log (info, concat("Modem with mac Address :", hardware, " hit the Clients DHCP Server"));
}
# Match Clients as determined by option 61
class "Client" {
match if ((substring(option vendor-class-identifier,0,6) != "docsis") and (substring(option vendor-class-identifier,0,5) != "pktc1"));
spawn with hardware;
}
# Match MTAs that Identify themselves as pktc1
class "MTA" {
match if (substring(option vendor-class-identifier,0,5) = "pktc1");
spawn with hardware;
}
# Shared network for Un Authorized Modems
shared-network ClientsBehindUnAuthedModems {
# Subnet for Un Authed modems Defined in Modem DHCP server
subnet 10.200.128.0 netmask 255.255.192.0 {
}
# Subnet for Any Client behind an UnAuthorized Modem
subnet 10.200.192.0 netmask 255.255.192.0 {
# Unknown clients
option subnet-mask 255.255.192.0;
option routers 10.200.192.1;
pool {
range 10.200.192.2 10.200.192.254;
allow unknown-clients;
allow known-clients;
allow members of "Client";
deny members of "CM";
deny members of "MTA";
default-lease-time 30;
max-lease-time 60;
min-lease-time 30;
option domain-name-servers 66.218.241.14;
}
}
}
# Shared Netork for Authorized Modems
shared-network ClientsBehindAuthedModems {
subnet 10.200.0.0 netmask 255.255.128.0 {
}
subnet xxx.xxx.xxx.0 netmask 255.255.255.0 {
option routers xxx.xxx.xxx.1;
pool {
range xxx.xxx.xxx.2 xxx.xxx.xxx.252;
allow unknown-clients;
allow known-clients;
allow members of "Client";
deny members of "CM";
deny members of "MTA";
default-lease-time 30;
max-lease-time 60;
min-lease-time 30;
option domain-name-servers xxx.xxx.xxx.14;
}
}
}
First of all thank you very much for replying me kwesibrunee.
I'll install then another dhcp server and try if i can get it work.
Is there a way that you can sent me the whole dhcpd.conf config of both dhcpd servers so i can add it to my servers with just a cm registration example on it .
If it's possible it would be very helpful for me because i'm not very familiar of using/creating linux dhcp configs even i'm trying it for weeks and month without a success .
If yes can please write me on this e-mail darkng54@gmail.com so i can add this configs .
Thankkkkk you very much again for your help and writing me a reply on this issue .