Also I am trying to implement the freeradius DHCP with a cable modem network. What could so far has been listening to port 67, receive the request of the CMTS have the SQL query and return to the CMTS. Log in to CMTS in dhcp (d), but in freeradius debug appear as sent to the CMTS. Someone who has gone through this problem you can help me?
I would think it very rare that cable operators would use FreeRADIUS DHCP
Not to say it wont work, but I don't think anyone will have much experience to help you
Typically I would debug such DHCP flow problems with wireshark/tcpdump on the server, and "debug cable mac-address xxxx.xxxx.xxxx, debug cable dhcp" on the (Cisco) CMTS.
Dhcp(d) sometimes is related with routing. Check if you have the proper routes on the DHCP Server so the response packet can reach the cable modem behind the CMTS.
Hope it helps,
MS
I believe that all routing settings are made. I'm getting the requisiçãoe as debug Freeradius is sending. For testing, before putting on the network, I am using a BSR2000.
In debug freeradius
Received DHCP-Discover of id 072b475c from 10.250.0.1:68 to 172.18.1.54:67
DHCP-Opcode = Client-Message
DHCP-Hardware-Type = Ethernet
DHCP-Hardware-Address-Length = 6
DHCP-Hop-Count = 1
DHCP-Transaction-Id = 120276828
DHCP-Number-of-Seconds = 0
DHCP-Flags = Broadcast
DHCP-Client-IP-Address = 0.0.0.0
DHCP-Your-IP-Address = 0.0.0.0
DHCP-Server-IP-Address = 0.0.0.0
DHCP-Gateway-IP-Address = 10.250.0.1
DHCP-Client-Hardware-Address = 00:21:43:27:31:5e
DHCP-Message-Type += DHCP-Discover
DHCP-DHCP-Maximum-Msg-Size += 600
DHCP-Vendor-Class-Identifier += "docsis2.0:053501010102010203010104010105010106010107010f0801100901000a01010b01180c01010d0200700e0200100f0101100400000004"
DHCP-Parameter-Request-List += DHCP-TFTP-Server-Name
DHCP-Parameter-Request-List += DHCP-Boot-File-Name
DHCP-Parameter-Request-List += DHCP-Subnet-Mask
DHCP-Parameter-Request-List += DHCP-Router-Address
DHCP-Parameter-Request-List += DHCP-Time-Offset
DHCP-Parameter-Request-List += DHCP-Time-Server
DHCP-Parameter-Request-List += DHCP-Log-Server
DHCP-Parameter-Request-List += DHCP-CCC
DHCP-Client-Identifier += 00:21:43:27:31:5e
DHCP-Vendor += 0x020345434d030845434d3a454d54410503312e30061e534256353132312d5349502d312e302e372d53434d2d30352d53485043200703382e3508063030323034300907534256353132310a144d6f746f726f6c6120436f72706f726174696f6e0418313538333630383134373035303935343031303131303238
DHCP-Relay-Remote-Id = 0x00214327315e
server dhcp {
Trying sub-section dhcp DHCP-Discover {...}
+group DHCP-Discover {
++update reply {
++} # update reply = noop
++update reply {
expand: %{Packet-Dst-IP-Address} -> 172.18.1.54
++} # update reply = noop
[sql] expand: %{DHCP-Client-Hardware-Address} -> 00:21:43:27:31:5e
[sql] sql_set_user escaped user --> '00:21:43:27:31:5e'
rlm_sql (sql): Reserving sql socket id: 25
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id; -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '00:21:43:27:31:5e' ORDER BY id;
rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '00:21:43:27:31:5e' ORDER BY id;
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id; -> SELECT id, username, attribute, value, op FROM radreply WHERE username = '00:21:43:27:31:5e' ORDER BY id;
rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radreply WHERE username = '00:21:43:27:31:5e' ORDER BY id;
[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = '00:21:43:27:31:5e' ORDER BY priority
rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username = '00:21:43:27:31:5e' ORDER BY priority
rlm_sql (sql): Released sql socket id: 25
++[sql.authorize] = ok
++policy dhcp_sqlippool.post-auth {
+++update request {
expand: DHCP-%{DHCP-Client-Hardware-Address} -> DHCP-00:21:43:27:31:5e
expand: %{DHCP-Client-Hardware-Address} -> 00:21:43:27:31:5e
expand: %{DHCP-Gateway-IP-Address} -> 10.250.0.1
expand: %{%{DHCP-Gateway-IP-Address}:-127.0.0.1} -> 10.250.0.1
+++} # update request = noop
[sqlippool] No Pool-Name defined.
[sqlippool] expand: No Pool-Name defined (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name}) -> No Pool-Name defined (did cli 00:21:43:27:31:5e port user DHCP-00:21:43:27:31:5e)
No Pool-Name defined (did cli 00:21:43:27:31:5e port user DHCP-00:21:43:27:31:5e)
+++[sqlippool] = noop
+++? if (ok)
? Evaluating (ok) -> FALSE
+++? if (ok) -> FALSE
++} # policy dhcp_sqlippool.post-auth = noop
++[ok] = ok
+} # group DHCP-Discover = ok
DHCP: Reply will be unicast to giaddr from original packet
} # server dhcp
DHCP-Opcode = Server-Message
DHCP-Hardware-Type = Ethernet
DHCP-Hardware-Address-Length = 6
DHCP-Hop-Count = 1
DHCP-Transaction-Id = 120276828
DHCP-Number-of-Seconds = 0
DHCP-Flags = Broadcast
DHCP-Client-IP-Address = 10.250.0.100
DHCP-Your-IP-Address = 10.250.0.101
DHCP-Server-IP-Address = 172.18.1.54
DHCP-Gateway-IP-Address = 10.250.0.1
DHCP-Client-Hardware-Address = 00:21:43:27:31:5e
DHCP-Server-Host-Name = ""
DHCP-Boot-Filename = "cm_mta_5121_10m.bin"
DHCP-Subnet-Mask = 255.255.255.0
DHCP-Time-Offset = 4294956496
DHCP-Router-Address = 10.250.0.1
DHCP-Time-Server = 172.18.1.3
DHCP-Domain-Name-Server = 177.125.104.15
DHCP-Log-Server = 172.18.1.3
DHCP-IP-Address-Lease-Time = 7200
DHCP-DHCP-Server-Identifier = 172.18.1.54
DHCP-DHCP-Server-Identifier = 172.18.1.54
DHCP-DHCP-Maximum-Msg-Size = 600
DHCP-TFTP-Server-Name = "172.18.1.3"
DHCP-CCC = 0x3137322e31382e312e35
Sending DHCP-Offer of id 072b475c from 172.18.1.54:67 to 10.250.0.1:68
Finished request 5.
Cleaning up request 5 ID 120276828 with timestamp +193
Going to the next request
Ready to process requests.
IN CMTS
show cable modem
Interface Prim Connect Timing Rec Ip Address Mac Address
Sid State Offset Power
Cable 0/0/D0/U0/C0 0 offline 0 0.0.0.0 0024.a081.b618
Cable 0/0/D0/U0/C0 2011 dhcp(d) 1435 -.2 0.0.0.0 0021.4327.315e
Any suggestion?
On the BSR2k, do you have ip dhcp relay info option added?
confirm that the dhcp server can ping the modem gateway on the cable interface
~Carl
I can run the 'ping' command BSR2K to the DHCP server and the DHCP server to BSR2K. The 'ip-helper-address' parameter is set to my DHCP server. I see the logs that the DHCP request comes to the server, the server handles this request and delivery to the CMTS (BSR2K). I believe that the CMTS is not delivering the IP to the CM. Has anyone used the Freeradius DHCP server? Can pass the parameters in the configuration file Freeradius?
I appreciate any help!
Is set routes. I can take the 'ping' command both from a side to another. I installed version 3.0.4 in freeradius Centos7.
Can someone help me?
Hi,
looking at the DCHP trace I guess something is missing: It is possible to see the DHCP Discover / Offer, but where are the Request / Ack?
Have you tried to check the incoming packtes at the DCHP with tcpdump or snoop? Maybe it can bring some new clues.
If you can add more info here, it will be easier to help:
- neststat -rnv (at the DHCP)
- show run (at the CMTS)
- modem log
Regards,
MS
I am trying to do the same thing.
Any Luck?