Hello.
I am just wondering why sub-bundle interface is using on CMTS and how CMTS recognize the ip subnet in sub-bundle interface.
Any valuable answer for this will be highly appreciated.
one way you can use it is to differentiate between authorized and unauthorized modems and give a different client ip based on which pool it came from.
this requires 2 dhcp servers.
given the following bundle config:
interface Bundle1
no ip address
cable arp filter request-send 3 2
cable arp filter reply-accept 3 2
!
interface Bundle1.1
ip address xxx.xxx.xxx.xxx 255.255.255.0 secondary
ip address 10.200.0.1 255.255.192.0
cable helper-address 192.168.173.14 host
cable helper-address 172.16.5.2 cable-modem
!
interface Bundle1.2
ip address 10.200.192.1 255.255.192.0 secondary
ip address 10.200.128.1 255.255.192.0
cable helper-address 192.168.173.14 host
cable helper-address 172.16.5.2 cable-modem
in your modems dhcp server you have a choice between two pools
one for known clients and one for unknown
# Cable Modem Class
class "CM" {
# only match if first 6 chars of option 61 are docsis
match if (substring(option vendor-class-identifier,0,6) = "docsis");
spawn with hardware;
}
# Match anything Else Only modems should be hitting this server
class "Unknown" {
match if ((substring(option vendor-class-identifier,0,6) != "docsis") and (substring(option vendor-class-identifier,0,4) != "pktc"));
spawn with hardware;
}
shared-network ModemPool {
# Subnet for Authorized Modems
subnet 10.201.0.0 netmask 255.255.192.0 {
option subnet-mask 255.255.192.0;
option routers 10.200.0.1;
pool {
deny unknown-clients;
range 10.200.0.10 10.200.61.254;
allow members of "CM";
deny members of "Unknown";
option domain-name "repmta.cablemo.net";
option docsis-mta.dhcp-server-1 24.137.143.14;
}
}
# Subnet for UnAuthorized Modems
subnet 10.201.128.0 netmask 255.255.192.0 {
option subnet-mask 255.255.192.0;
option routers 10.201.128.1;
pool {
deny known-clients;
allow unknown-clients;
range 10.201.128.2 10.201.160.254;
allow members of "CM";
deny members of "Unknown";
default-lease-time 30;
max-lease-time 30;
min-lease-time 30;
}
}
}
in your clients dhcp server you have two shared networks like so if the modem got an Ip from the authorized modem pool it will get a routeable ip and have inet access, if it got an ip from the unauthorized pool it will get a non-routeable ip and can be redirected to a walled garden.
# Cable Modem Class Should not ever get to this DHCP server if it does Log it
class "CM" {
# only match if first 6 chars of option 61 are docsis
match if (substring(option vendor-class-identifier,0,6) = "docsis");
spawn with hardware;
}
# Match Clients as determined by option 61
class "Client" {
match if ((substring(option vendor-class-identifier,0,6) != "docsis") and (substring(option vendor-class-identifier,0,4) != "pktc"));
spawn with hardware;
}
# Match MTAs that Identify themselves as pktc1
class "MTA" {
match if ((substring(option vendor-class-identifier,0,5) = "pktc1") );
spawn with hardware;
}
# Shared network for Un Authorized Modems
shared-network ClientsBehindUnAuthedModems {
# Subnet for Un Authed modems Defined in Modem DHCP server
subnet 10.200.128.0 netmask 255.255.192.0 {
}
# Subnet for Any Client behind an UnAuthorized Modem
subnet 10.200.192.0 netmask 255.255.192.0 {
# Unknown clients
option subnet-mask 255.255.192.0;
option routers 10.0.192.1;
pool {
range 10.200.192.3 10.200.224.254;
allow unknown-clients;
allow known-clients;
allow members of "Client";
deny members of "CM";
deny members of "MTA";
default-lease-time 60;
max-lease-time 60;
min-lease-time 30;
option domain-name-servers xxx.xxx.xxx.14;
}
}
}
shared-network ClientsBehindAuthedModems {
# Subnet for Authorized Modems defined in Modem DHCP Server
subnet 10.200.0.0 netmask 255.255.192.0 {
}
# Subnet(s) for any Client behind an Authorized modem
subnet xxx.xxx.xxx.0 netmask 255.255.255.0 {
# Unknown clients
option subnet-mask 255.255.255.0;
option routers xxx.xxx.xxx.1;
pool {
range xxx.xxx.xxx.2 xxx.xxx.xxx.254;
allow unknown-clients;
allow known-clients;
deny members of "Client";
deny members of "CM";
deny members of "MTA";
option domain-name-servers xxx.xxx.xxx.14, xxx.xxx.xxx.13;
}
}
}
one way you can use it is to differentiate between authorized and unauthorized modems and give a different client ip based on which pool it came from.
this requires 2 dhcp servers.
given the following bundle config:
interface Bundle1
no ip address
cable arp filter request-send 3 2
cable arp filter reply-accept 3 2
!
interface Bundle1.1
ip address xxx.xxx.xxx.xxx 255.255.255.0 secondary
ip address 10.200.0.1 255.255.192.0
cable helper-address 192.168.173.14 host
cable helper-address 172.16.5.2 cable-modem
!
interface Bundle1.2
ip address 10.200.192.1 255.255.192.0 secondary
ip address 10.200.128.1 255.255.192.0
cable helper-address 192.168.173.14 host
cable helper-address 172.16.5.2 cable-modem
in your modems dhcp server you have a choice between two pools
one for known clients and one for unknown
# Cable Modem Class
class "CM" {
# only match if first 6 chars of option 61 are docsis
match if (substring(option vendor-class-identifier,0,6) = "docsis");
spawn with hardware;
}
# Match anything Else Only modems should be hitting this server
class "Unknown" {
match if ((substring(option vendor-class-identifier,0,6) != "docsis") and (substring(option vendor-class-identifier,0,4) != "pktc"));
spawn with hardware;
}
shared-network ModemPool {
# Subnet for Authorized Modems
subnet 10.201.0.0 netmask 255.255.192.0 {
option subnet-mask 255.255.192.0;
option routers 10.200.0.1;
pool {
deny unknown-clients;
range 10.200.0.10 10.200.61.254;
allow members of "CM";
deny members of "Unknown";
option domain-name "repmta.cablemo.net";
option docsis-mta.dhcp-server-1 24.137.143.14;
}
}
# Subnet for UnAuthorized Modems
subnet 10.201.128.0 netmask 255.255.192.0 {
option subnet-mask 255.255.192.0;
option routers 10.201.128.1;
pool {
deny known-clients;
allow unknown-clients;
range 10.201.128.2 10.201.160.254;
allow members of "CM";
deny members of "Unknown";
default-lease-time 30;
max-lease-time 30;
min-lease-time 30;
}
}
}
in your clients dhcp server you have two shared networks like so if the modem got an Ip from the authorized modem pool it will get a routeable ip and have inet access, if it got an ip from the unauthorized pool it will get a non-routeable ip and can be redirected to a walled garden.
# Cable Modem Class Should not ever get to this DHCP server if it does Log it
class "CM" {
# only match if first 6 chars of option 61 are docsis
match if (substring(option vendor-class-identifier,0,6) = "docsis");
spawn with hardware;
}
# Match Clients as determined by option 61
class "Client" {
match if ((substring(option vendor-class-identifier,0,6) != "docsis") and (substring(option vendor-class-identifier,0,4) != "pktc"));
spawn with hardware;
}
# Match MTAs that Identify themselves as pktc1
class "MTA" {
match if ((substring(option vendor-class-identifier,0,5) = "pktc1") );
spawn with hardware;
}
# Shared network for Un Authorized Modems
shared-network ClientsBehindUnAuthedModems {
# Subnet for Un Authed modems Defined in Modem DHCP server
subnet 10.200.128.0 netmask 255.255.192.0 {
}
# Subnet for Any Client behind an UnAuthorized Modem
subnet 10.200.192.0 netmask 255.255.192.0 {
# Unknown clients
option subnet-mask 255.255.192.0;
option routers 10.0.192.1;
pool {
range 10.200.192.3 10.200.224.254;
allow unknown-clients;
allow known-clients;
allow members of "Client";
deny members of "CM";
deny members of "MTA";
default-lease-time 60;
max-lease-time 60;
min-lease-time 30;
option domain-name-servers xxx.xxx.xxx.14;
}
}
}
shared-network ClientsBehindAuthedModems {
# Subnet for Authorized Modems defined in Modem DHCP Server
subnet 10.200.0.0 netmask 255.255.192.0 {
}
# Subnet(s) for any Client behind an Authorized modem
subnet xxx.xxx.xxx.0 netmask 255.255.255.0 {
# Unknown clients
option subnet-mask 255.255.255.0;
option routers xxx.xxx.xxx.1;
pool {
range xxx.xxx.xxx.2 xxx.xxx.xxx.254;
allow unknown-clients;
allow known-clients;
deny members of "Client";
deny members of "CM";
deny members of "MTA";
option domain-name-servers xxx.xxx.xxx.14, xxx.xxx.xxx.13;
}
}
}