Hi,
I wonder if someone can tell me if this is possible using dhcpd.conf and a mainstream CMTS...
I have a standard cable modem setup running with trialists provisioned via dhcpd.conf. That works well.
Now, I'd like all clients (PC's) that are connecting via a specified cable modem to be treated differently. (I'd like those clients to get a different range of IP addresses and DNS info, and be redirected to a "login" server for authentication).
So, is it possible within dhcpd.conf to identify these clients (based on the mac address of their modem) and treat them differently?
Many thanks!
its quite possible: look for classes and deny class_name, allow class_name for specific networks ranges.
--
affordable, robust provisioning and monitoring software for DOCSIS networks: dps.cable@gmail.com
will do!
Many thanks
As far as I know, Authorizing Clients based on the mac address of the modem is not possible, however, if your turn option 82 on your cmts on ( on cisco's it is dhcp information-option or something like that) you can then create a specific class that matches on option relay-agent and achieve a similar result. However, this requires creating a separate class/pool for each modem you do this for, so it will not scale well at all. If you have to only do it for 1-2 modems it may work but require a huge amount of setup.
an example dhcpd.conf of this would be:
class modem1 {
match if (substring(option relay-agent,0,15) = "00:00:00:00:00:00");
spawn with hardware;
}
class allothers {
spawn with hardware;
}
subnet 10.1.0.0 netmask 255.255.255.0 {
pool {
range 10.1.0.2 10.1.0.250;
allow members of "allothers";
deny members of "modem1";
}
pool {
range 10.1.0.251 10.1.0.254;
deny members of "allothers";
allow members of "modems1";
option domain-name-servers 10.1.0.1;
}
}
If what you are trying to do is to allow Auto-Provisioning, if you have a cisco CMTS (may work on others) there is a way to do it with DHCPd but it requires two servers one for modems and one for the clients. The way it works is you assign the clients IP based on the modems Gateway. You do this with Shared networks, and a little virtual interfaces magic. If your interested I can post a sample config. When doing it this way there is no need to authorize clients at all they will get an ip from the proper pool based on if their modem is authorized or not. If they are not authorized they get a non-routeable ip and you can use dns redirects to point them to your web page.
Many thanks for your help. I'm not a dhcpd guru (and could very well be wrong!), but wouldn't class "modem1" be assigned to the modem, not the PC. Therefore the modem will get an address from pool 10.1.0.251-254...when really I want the PC to get the "special" address! Forgive me if I'm wrong!
What I really need is all clients off most modems to get public address and continue as normal, but clients connected a few modems (say, no more than 5) to get private IP addresses that will then be forced to go to an authentication site and, once authenticated, be granted Internet access via NAT. Don't worry about the authentication and NAT...I'll worry about that later...!
Dear kwesibrunee, your solution looks good for me! (see http://www.docsis.org/node/1011)
Could you show that config or email it to me incinerator82 at hotmail dot com?
TIA!
grtz John