Hello
I am testing some cable modems with MTA incorporated.I have some problems to get them online .I am using linux dhcp server that is configured to assign only CM IP address.
I want to provide three IP for the modem ,:CM.MTA.and WAN (for internet ) (class''CM'' class"MTA" and class"CPE-or not-docsis")
Please ,can someone send me a DHCP configuration that works .
Thank you,
Ilir
There are two parts to this question how to detect CM/MTA/CPE and how to assign different IPs to each
Detecting CMs,MTAs and CPEs is easy something like this will do the trick
# Cable Modem Class
class "CM" {
# only match if first 6 chars of option 61 are docsis
match if (substring(option vendor-class-identifier,0,6) = "docsis");
spawn with hardware;
}
# Match MTAs that Identify themselves as pktc
class "MTA" {
match if (substring(option vendor-class-identifier,0,4) = "pktc");
spawn with hardware;
}
# Match Clients as determined by option 61
class "Client" {
match if ((substring(option vendor-class-identifier,0,6) != "docsis") and (substring(option vendor-class-identifier,0,4) != "pktc"));
spawn with hardware;
}
The rest of the config would be based on your Network design but should look something like this
shared-network Docsis {
# Subnet for Modems
subnet 10.200.0.0 netmask 255.255.192.0 {
option subnet-mask 255.255.192.0;
option routers 10.200.0.1;
pool {
range 10.200.0.2 10.200.63.254;
allow members of "CM";
deny members of "Client";
deny members of "MTA";
deny unknown-clients;
# other plant specific options i.e. tftp filename, tftp server, log server, Option 122 settings etc.....
}
# Subnet(s) for any Client
subnet 192.168.242.0 netmask 255.255.255.0 {
# Unknown clients
option subnet-mask 255.255.255.0;
option routers 192.168.242.1;
pool {
range 192.168.242.2 192.168.242.254;
allow unknown-clients;
allow known-clients;
allow members of "Client";
deny members of "CM";
deny members of "MTA";
option domain-name-servers 192.168.245.10,192.168.245.13;
}
}
# Subnet for EMTAs
subnet 10.200.64.0 netmask 255.255.192.0 {
option subnet-mask 255.255.192.0;
option routers 10.200.64.1;
pool {
range 10.200.64.2 10.200.127.254;
deny unknown-clients;
allow known-clients;
allow members of "MTA";
deny members of "CM";
deny members of "Client";
use-host-decl-names on;
option host-name = host-decl-name;
#Include any option 122 options for booting your mtas here
option domain-name "mta.domain.com";
option domain-name-servers 192.168.245.13, 192.168.245.10;
}
}
}
Thank you very much .
I will test the configuration.
Best regards
Ilir
From tests I was able to get only the CM online .
Seems that I have problem with declaring of dhcp options.
The config is like this :
ddns-update-style interim;
authoritative;
deny unknown-clients;
deny bootp;
deny declines;
default-lease-time 86400;
max-lease-time 86400;
option space docsis-mta;
option docsis-mta.dhcp-server-1 code 1 = ip-address;
option docsis-mta.dhcp-server-2 code 2 = ip-address;
option docsis-mta.provision-server code 3 = { integer 8, string };
option docsis-mta.krb-realm-name code 6 = string;
option docsis-mta.timer code 7 = string;
option docsis-mta-pkt code 122 = encapsulate docsis-mta;
option space PC-MTA;
option PC-MTA.DHCP-server-1 code 1 = ip-address;
option PC-MTA.DHCP-server-2 code 2 = ip-address;
option PC-MTA.Provision-server code 3 = {integer 8, string };
option PC-MTA.AS-REQ_AS-REP code 4 = { integer 32, integer 32, integer 32 };
option PC-MTA.AP-REQ_AP-REP code 5 = { integer 32, integer 32, integer 32 };
option PC-MTA.Kerberos-realm code 6 = string;
option PC-MTA.TGS-util code 7 = integer 8;
option PC-MTA.Provision-timer code 8 = integer 8;
option PC-MTA.Ticket-ctrl-mask code 9 = integer 16;
option PC-MTA-122 code 122 = encapsulate PC-MTA;
option space packetcable;
option packetcable.primary-dhcp-server code 1 = ip-address;
option packetcable.snmp-entity-address code 6 = string;
option packetcable.kerberos-realm-name code 6 = string;
option packetcable.primary-dhcp-server 192.168.150.1;
option packetcable.snmp-entity-address 03:10:00:03:31:39:32:03:31:36:38:03:31:35:30:01:31:00;
option packetcable.kerberos-realm-name 06:09:05:42:41:53:49:43:01:31:00;
# Cable Modem Class
class "CM" {
# only match if first 6 chars of option 61 are docsis
match if (substring(option vendor-class-identifier,0,6) = "docsis");
spawn with hardware;
}
# Match MTAs that Identify themselves as pktc
class "MTA" {
match if (substring(option vendor-class-identifier,0,4) = "pktc");
spawn with hardware;
}
# Match Clients as determined by option 61
class "Client" {
match if ((substring(option vendor-class-identifier,0,6) != "docsis") and (substring(option vendor-class-identifier,0,4) != "pktc"));
spawn with hardware;
}
#The rest of the config would be based on your Network design but should look something like this
shared-network Docsis {
# Subnet for Modems
subnet 192.168.63.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option routers 192.168.63.1;
pool {
range 192.168.63.0 192.168.63.254;
allow members of "CM";
deny members of "Client";
deny members of "MTA";
deny unknown-clients;
# other plant specific options i.e. tftp filename, tftp server, log server, Option 122 settings etc.....
option PC-MTA.DHCP-server-1 192.168.150.1;
option docsis-mta.dhcp-server-1 192.168.150.1;
next-server 192.168.150.1;
option time-servers 192.168.150.1;
}
}
# Subnet(s) for any Client
subnet 192.168.159.0 netmask 255.255.255.0 {
# Unknown clients
option subnet-mask 255.255.255.0;
option routers 192.168.159.1;
pool {
range 192.168.159.2 192.168.159.250;
allow unknown-clients;
allow known-clients;
allow members of "Client";
deny members of "CM";
deny members of "MTA";
option domain-name-servers 80.78.36.65;
}
}
# Subnet for EMTAs
subnet 192.168.158.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option routers 192.168.158.1;
pool {
range 192.168.158.10 192.168.158.254;
deny unknown-clients;
allow known-clients;
allow members of "MTA";
deny members of "CM";
deny members of "Client";
use-host-decl-names on;
option host-name = host-decl-name;
#Include any option 122 options for booting your mtas here
option domain-name "abcom.al";
option domain-name-servers 80.78.66.66;
next-server 192.168.150.1;
option time-servers 192.168.150.1;
option routers 192.168.158.1;
option PC-MTA.DHCP-server-1 192.168.150.1;
option docsis-mta.dhcp-server-1 192.168.150.1;
option domain-name-servers 80.78.36.65;
option time-offset -0;
option log-servers 192.168.150.1;
option domain-name "abcom.al";
option subnet-mask 255.255.255.0;
}
}
}
#}
#include "/etc/dhcpd.static";
host 17 { hardware ethernet 00:18:9b:68:4b:65; fixed-address 192.168.63.5; filename "star_512.cm"; option host-name "host5";}
host 18 { hardware ethernet 00:18:9b:68:4b:66;fixed-address 192.168.158.5; option host-name "host8";}
host 21 { hardware ethernet 00:18:9b:68:4b:67; fixed-address 192.168.158.7; option host-name "host8";}
host 19 { hardware ethernet 00:18:9b:68:4b:88; fixed-address 192.168.63.6; filename "star_512.cm"; option host-name "host5";}
host 20 { hardware ethernet 00:18:9b:68:4b:89; fixed-address 192.168.158.6; option host-name "host7";}
What type of MTA are you trying to bring online? NCS or SIP, what type of Modem Arris or Moto or something else?
for my MTA config I have something like this
# Subnet for EMTAs behind Authorized Modems
subnet 10.200.64.0 netmask 255.255.192.0 {
option subnet-mask 255.255.192.0;
option routers 10.200.64.1;
pool {
range 10.200.64.2 10.200.127.254;
deny unknown-clients;
allow known-clients;
allow members of "MTA";
deny members of "CM";
deny members of "Client";
use-host-decl-names on;
option host-name = host-decl-name;
option docsis-mta.provision-server 0 "\003mta\006domain\003net\000";
option docsis-mta.krb-realm-name "\005BASIC\0011\000";
option domain-name "mta.domain.net";
option domain-name-servers 192.168.245.13, 192.168.245.10;
}
}
MTAs are notoriously hard to get online, make sure your reviewing DHCPds logs as well as the modems logging facilities if they have it to see what is going on.
Most MTAs will not accept a DHCP offer unless it has a host name, domain name, and a provision server and krb realm name, BASIC 1 is the realm name you want to use for testing even if you are not going to use that in production as it is far less complicated. Because, if even one thing is off the DHCP transaction is ignored which makes troubleshooting tricky.
What is showing up in your dhcpd logs?
What about your modem logs?
Looking at this thread, don't you mean "Option 60, Vendor-Class-Identifier", not Option 61, which is client identifier and when wiresharking doesn't have the info required to make this work. Option 60 is where docsis start 0, length 6 and pckt start 0, length4 at the beginning of string can be matched and used to pass out the appropriate IP's, to each device. IE Stop cable modems from being sent DHCPOffers on your public networks for customer devices/routers.