How-to for arris eMTAs on docsis 1.1 networks using dhcpd

Wed, 05/14/2008 - 14:07 — kwesibrunee

Forums:

Arris eMTAs work very well with sip, however getting them initially provisioned can be tough.

I have successfully deployed docsis 1.1 arris eMTAs with dhcpd using SIP. I am going to post my configs here sanitized of course for others to learn from.

What is needed to make it work is thus:
DHCP server capable of option 122 (I use dhcpd)
SIP firmware for arris modems (obtained through arris)
SIP Server (Third party or Asterisk server)
TFTP server
time of day server
log server(optional)
software to create/edit modem and mta configs (packetace from arris or the open source package docsis are sufficient)

The way my DHCP is setup is using matches, if a dhcp request comes in starting with "docsis" in its vendor-class-identifier it is classified as a modem, if the vendor-class-identifier starts with "pktc" it is treated as a mta.
Further more I use groups to differentiate between different levels of service. We authenticate both modems and clients/mtas so they must be present in the server to get an IP.
This particular server only hands out IPs for Voip modems and MTAs so all other requests are denied. I use Omapi to dynamically add/remove clients without restarting dhcpd.

We have multiple tiers of service, only listed a few, we also offer a Voip only service which has no internet access.

The way I prioritize voip traffic is with separate service flows, one for voip traffic one for everything else, both upstream and downstream.

Our SIP termination is provided by a third party. During testing I used our Asterisk server for SIP termination.

DHCPd runs on debian, and we use a Cisco 7246VXR as our cmts.

Here are the relevant configs

------------------------------------------------------------------------------------------------------------------
dhcpd.conf

ddns-update-style none;
ignore client-updates;
omapi-port 9991;
key omapi_key {
algorithm HMAC-MD5;
secret "Our encrypted Key";
};
omapi-key omapi_key;

option space docsis-mta;
option docsis-mta.dhcp-server-1 code 1 = ip-address;
option docsis-mta.dhcp-server-2 code 2 = ip-address;
option docsis-mta.provision-server code 3 = { integer 8, string };
option docsis-mta.as-req-as-rep-1 code 4 = { integer 32, integer 32, integer 32 };
option docsis-mta.as-req-as-rep-2 code 5 = { integer 32, integer 32, integer 32 };
option docsis-mta.krb-realm-name code 6 = string;
option docsis-mta.tgs-util code 7 = integer 8;
option docsis-mta.timer code 8 = integer 8;
option docsis-mta.ticket-ctrl-mask code 9 = integer 16;
option docsis-mta-pkt code 122 = encapsulate docsis-mta;

option docsis-mta.dhcp-server-1 192.168.224.40;
option docsis-mta.provision-server 0 "\003mta\007domains\003net\000";
option docsis-mta.krb-realm-name "\005BASIC\0011\000";

class "CM" {
  match if substring(option vendor-class-identifier,0,6) = "docsis";
  spawn with option agent.remote-id;
  vendor-option-space docsis-mta;
  default-lease-time 604800;
  max-lease-time 604800;
  min-lease-time 302400;
  option time-offset -21600;
  next-server 192.168.224.40;
  option tftp-server-name "192.168.224.40";
  option time-servers 192.168.224.33;
  option log-servers 192.168.224.40;
  option domain-name "mta.domains.net";
  ddns-updates off;
  option routers 10.1.6.1;
  option subnet-mask 255.255.0.0;
  option docsis-mta.dhcp-server-1 192.168.224.40;
}

class "MTA" {
  match if substring(option vendor-class-identifier,0,5) = "pktc1";
  spawn with option agent.remote-id;
  default-lease-time 21600;
  max-lease-time 21600;
  min-lease-time 10800;
  option domain-name "mta.domains.net";
  ddns-updates off;
  option domain-name-servers 192.168.245.13, 192.168.245.10;
  option subnet-mask 255.255.0.0;
  option routers 10.1.6.1;
  option log-servers 192.168.224.40;
  option time-servers 192.168.224.33;
  option tftp-server-name "192.168.224.40";
  next-server 192.168.224.40;
  option time-offset -18000;
  option host-name = host-decl-name;
  option docsis-mta.provision-server 0 "\003mta\007domains\003net\000";
  option docsis-mta.krb-realm-name "\005BASIC\0011\000";
}

/* The subnet the dhcp server is in */
subnet 192.168.224.32 netmask 255.255.255.224 {
}
/* A shared network for CMs and MTAs */
shared-network cableplant {
  /*The subnet the requests come from generally the cable interfaces IP*/
  subnet 192.168.225.0 netmask 255.255.255.0 {
  }
  /* the subnet for CMs and MTAs*/
  subnet 10.1.0.0 netmask 255.255.0.0 {
    /*this pool is for known MTAs*/
    pool {
      range 10.1.60.2 10.1.64.254;
      allow members of "MTA";
      deny unknown-clients;
    }
    /*This pool is for known cable modems*/
    pool {
     range 10.1.65.2 10.1.69.254;
      allow members of "CM";
      deny unknown-clients;
    }
  }
}
/* Group for Plus users*/
group Plus {
  filename "Plus.bin";
  option bootfile-name "Plus.bin";
}
/*Group for Voip only users*/
group VoipOnly {
  filename "VoipOnly.bin";
  option bootfile-name "VoipOnly.bin";
}

/* an MTA entry */
host nh4797942e084be960 {
  hardware ethernet 00:00:00:00:00:00;
}
/* a Cable Modem entry */
host nh46fd2a7608bc2710 {
  hardware ethernet 00:00:00:00:00:01;
  group "Plus";
}

the line
spawn with option agent.remote-id;
is necessary because the CMTS is acting as a proxy for dhcp requests

on cisco cmts's you need to add
ip dhcp relay information option
so that this information is added to the dhcp request
------------------------------------------------------------------------------------------------------------------
Modem Configs

and decoded config files for modem configs using docsis software located at http://docsis.sourceforge.net

The modems are configured to upgrade to the sip firmware if they are not using it already,

this line
SnmpMibObject enterprises.4115.1.3.1.1.2.3.5.4.0 Integer 3 ;
Turns on the web interface on the wan side

and this line
SnmpMibObject enterprises.4115.1.3.3.1.2.3.6.0 Integer 9 ;
tells the modem that the mta file will be in the format macaddress.bin

the rest is standard docsis

#docsis -d Plus.bin
Main
{
  NetworkAccess 1;
  SnmpMibObject enterprises.4115.1.3.1.1.2.3.5.4.0 Integer 3 ;
  SnmpMibObject docsDevSwAdminStatus.0 Integer 2; /* allowProvisioningUpgrade */
  MaxCPE 3;
  MaxClassifiers 20;
  GlobalPrivacyEnable 1;
  SnmpMibObject enterprises.4115.1.3.3.1.2.3.6.0 Integer 9 ;
  SwUpgradeServer 192.168.224.40;
  SwUpgradeFilename "TS050237C_112907_NA.MODEL_4_5_6.SIP.img";
  MfgCVCData 0x308203a63082028ea00302010202106c0943ec39872d8fecda6c489e5e9030300d06092a864886f70d0101050500308197310b300906035504061302555331393037060355040a133044617461204f766572204361626c65205365727669636520496e746572666163652053706563696669636174696f6e7331153013060355040b130c4361626c65204d6f64656d73313630340603550403132d444f43534953204361626c65204d6f64656d20526f6f7420436572746966696361746520417574686f72697479301e170d3031303931323030303030305a170d3133303931313233353935395a306a310b300906035504061302555331223020060355;
  MfgCVCData 0x040a1319417272697320496e7465726163746976652c204c2e4c2e432e310f300d060355040b1306444f43534953312630240603550403131d436f646520566572696669636174696f6e20436572746966696361746530820122300d06092a864886f70d01010105000382010f003082010a0282010100d40c5aeacfd1e9ab5f9e5088ca835eeb487369852ccd9a92e2f7fde9b28caaca21189c0b696ce1f2666c0bc8c7183877ce519e527030daf8437538ec12caa44922472397f5259e067131d046f67b1e2b25ef37b443b89d3f86db6655252595c427a6d641db7b392e8e01d7bbdf73d2138a85553747d6c0685f76bc80c82e755f8acc87c65650a1;
  MfgCVCData 0x492f14b48c97a806327949c5faaa438ac5f0a976474fd26cde4556d52bfa5dc7508fa7f150fa454c681f5108085296f2c94c371b57cd193e8939d6268c8cd96e3e8a06caba6d5cb82989c1751e21e77f09ca73da4daa1fde5bc68bed4b8eb5b0ea3abb23d4249790b2a093dde0806573138cbb99fdceb6ffc10203010001a31a301830160603551d250101ff040c300a06082b06010505070303300d06092a864886f70d0101050500038201010094f271a8bbbac1d7fc054260170b59f0b6ac9da70d0148699e0d240b033d9c34918f7737cd45b822edf9e1bec4c5b030d878b6378b5a7995d032e933ec0ae0db436a3f52181ffee08e0cd4f6201f1115;
  MfgCVCData 0x0f4cf1bef41c9c58ef166582b5e7f1aa1afcd7badeb7b0097845c2d95ee89f66767f3bc080c2994e8c39ca9f22bcc22151ba9221b7ca87e81fdad3fcf48feb61c739ec751ac00afacd88ccc99d11ee6a96c5a591f625875ed7af60460e7330dee05ec183d1717af3f2702df0253fd1a49cbca6a654b37cb7846f91c11e3a83d1e68c28aa25a35d9849393b009b9a5328e5729017d35bb841d62f950007ba7d73e2fff4e14d0f3a49193805495714811b;
  BaselinePrivacy
  {
    AuthTimeout 10;
    ReAuthTimeout 10;
    AuthGraceTime 600;
    OperTimeout 10;
    ReKeyTimeout 10;
    TEKGraceTime 600;
    AuthRejectTimeout 60;
    SAMapWaitTimeout 1;
    SAMapMaxRetries 4;
  }
  UsServiceFlow
  {
    UsServiceFlowRef 1;
    QosParamSetType 7;
    TrafficPriority 1;
    MaxRateSustained 256000;
    SchedulingType 2;
    RequestOrTxPolicy 0x0000008a;
  }
  UsServiceFlow
  {
    UsServiceFlowRef 2;
    QosParamSetType 7;
    TrafficPriority 7;
    MaxRateSustained 256000;
    SchedulingType 2;
    RequestOrTxPolicy 0x0000008a;
  }
  UsPacketClass
  {
    ClassifierRef 2;
    ServiceFlowRef 2;
    IpPacketClassifier
    {
      IpDstAddr 192.168.68.4;
      IpProto 257;
      IpDstMask 255.255.255.255;
    }
    ActivationState 1;
  }
  DsServiceFlow
  {
    DsServiceFlowRef 101;
    QosParamSetType 7;
    TrafficPriority 1;
    MaxRateSustained 1500000;
  }
  DsServiceFlow
  {
    DsServiceFlowRef 102;
    QosParamSetType 7;
    TrafficPriority 7;
    MaxRateSustained 256000;
  }
  DsPacketClass
  {
    ClassifierRef 102;
    ServiceFlowRef 102;
    RulePriority 1;
    ActivationState 1;
    IpPacketClassifier
    {
      IpProto 257;
      IpSrcAddr 192.168.68.4;
      IpSrcMask 255.255.255.255;
    }
  }
  /*EndOfDataMkr*/
}

Esentially the same thing but with the Ethernet and USB ports disabled.
#docsis -d VoipOnly.bin
Main
{
  NetworkAccess 1;
  SnmpMibObject enterprises.4115.1.3.1.1.2.3.5.4.0 Integer 3 ;
  SnmpMibObject ifAdminStatus.5 Integer 2; /* down */
  SnmpMibObject ifAdminStatus.1 Integer 2; /* down */
  SnmpMibObject docsDevSwAdminStatus.0 Integer 2; /* allowProvisioningUpgrade */
  MaxCPE 1;
  MaxClassifiers 20;
  GlobalPrivacyEnable 1;
  SnmpMibObject enterprises.4115.1.3.3.1.2.3.6.0 Integer 9 ;
  SwUpgradeServer 192.168.224.40;
  SwUpgradeFilename "TS050237C_112907_NA.MODEL_4_5_6.SIP.img";
  MfgCVCData 0x308203a63082028ea00302010202106c0943ec39872d8fecda6c489e5e9030300d06092a864886f70d0101050500308197310b300906035504061302555331393037060355040a133044617461204f766572204361626c65205365727669636520496e746572666163652053706563696669636174696f6e7331153013060355040b130c4361626c65204d6f64656d73313630340603550403132d444f43534953204361626c65204d6f64656d20526f6f7420436572746966696361746520417574686f72697479301e170d3031303931323030303030305a170d3133303931313233353935395a306a310b300906035504061302555331223020060355;
  MfgCVCData 0x040a1319417272697320496e7465726163746976652c204c2e4c2e432e310f300d060355040b1306444f43534953312630240603550403131d436f646520566572696669636174696f6e20436572746966696361746530820122300d06092a864886f70d01010105000382010f003082010a0282010100d40c5aeacfd1e9ab5f9e5088ca835eeb487369852ccd9a92e2f7fde9b28caaca21189c0b696ce1f2666c0bc8c7183877ce519e527030daf8437538ec12caa44922472397f5259e067131d046f67b1e2b25ef37b443b89d3f86db6655252595c427a6d641db7b392e8e01d7bbdf73d2138a85553747d6c0685f76bc80c82e755f8acc87c65650a1;
  MfgCVCData 0x492f14b48c97a806327949c5faaa438ac5f0a976474fd26cde4556d52bfa5dc7508fa7f150fa454c681f5108085296f2c94c371b57cd193e8939d6268c8cd96e3e8a06caba6d5cb82989c1751e21e77f09ca73da4daa1fde5bc68bed4b8eb5b0ea3abb23d4249790b2a093dde0806573138cbb99fdceb6ffc10203010001a31a301830160603551d250101ff040c300a06082b06010505070303300d06092a864886f70d0101050500038201010094f271a8bbbac1d7fc054260170b59f0b6ac9da70d0148699e0d240b033d9c34918f7737cd45b822edf9e1bec4c5b030d878b6378b5a7995d032e933ec0ae0db436a3f52181ffee08e0cd4f6201f1115;
  MfgCVCData 0x0f4cf1bef41c9c58ef166582b5e7f1aa1afcd7badeb7b0097845c2d95ee89f66767f3bc080c2994e8c39ca9f22bcc22151ba9221b7ca87e81fdad3fcf48feb61c739ec751ac00afacd88ccc99d11ee6a96c5a591f625875ed7af60460e7330dee05ec183d1717af3f2702df0253fd1a49cbca6a654b37cb7846f91c11e3a83d1e68c28aa25a35d9849393b009b9a5328e5729017d35bb841d62f950007ba7d73e2fff4e14d0f3a49193805495714811b;
  BaselinePrivacy
  {
    AuthTimeout 10;
    ReAuthTimeout 10;
    AuthGraceTime 600;
    OperTimeout 10;
    ReKeyTimeout 10;
    TEKGraceTime 600;
    AuthRejectTimeout 60;
    SAMapWaitTimeout 1;
    SAMapMaxRetries 4;
  }
  UsServiceFlow
  {
    UsServiceFlowRef 1;
    QosParamSetType 7;
    TrafficPriority 1;
    MaxRateSustained 256000;
    SchedulingType 2;
    RequestOrTxPolicy 0x0000008a;
  }
  UsServiceFlow
  {
    UsServiceFlowRef 2;
    QosParamSetType 7;
    TrafficPriority 7;
    MaxRateSustained 256000;
    SchedulingType 2;
    RequestOrTxPolicy 0x0000008a;
  }
  UsPacketClass
  {
    ClassifierRef 2;
    ServiceFlowRef 2;
    IpPacketClassifier
    {
      IpDstAddr 192.168.68.4;
      IpProto 257;
      IpDstMask 255.255.255.255;
    }
    ActivationState 1;
  }
  DsServiceFlow
  {
    DsServiceFlowRef 101;
    QosParamSetType 7;
    TrafficPriority 1;
    MaxRateSustained 256000;
  }
  DsServiceFlow
  {
    DsServiceFlowRef 102;
    QosParamSetType 7;
    TrafficPriority 7;
    MaxRateSustained 256000;
  }
  DsPacketClass
  {
    ClassifierRef 102;
    ServiceFlowRef 102;
    RulePriority 1;
    ActivationState 1;
    IpPacketClassifier
    {
      IpProto 257;
      IpSrcAddr 192.168.68.4;
      IpSrcMask 255.255.255.255;
    }
  }
  /*EndOfDataMkr*/
}

------------------------------------------------------------------------------------------------------------------
MTA Config

Here is a decoded mta config

#docsis -d 000011112222.bin
Main
{
  MtaConfigDelimiter 1;
  VendorSpecific
  {
    VendorIdentifier 0x0000ca;
    GenericTLV TlvCode 69 TlvStringZero "*[0-4]x|*50x.*x.[T#]|*5[356]x.[T#]|*5[47]|*6[1359]|*6[27]x.[T#]|*7[02]x.[T#]|*7[389]|*74xx*x.[T#]|*75xx|*80*x.*x.*x.[T#]|*82x.[T#]|*8[89]|*9[02689]x.[T#]|*93|"; /* tlv length = 159 */
  }
  VendorSpecific
  {
    VendorIdentifier 0x0000ca;
    GenericTLV TlvCode 69 TlvStringZero "0[T#]|011x.[T#]|101x.[T#]|1411|[0-1][2-9]xxxxxxxxx|[2-9]11|[2-9]xxxxxx[T#]|[2-9]xxxxxxxxx"; /* tlv length = 90 */
  }
  SnmpMibObject pktcMtaDevEnabled.0 Integer 1; /* true */
  SnmpMibObject enterprises.4115.11.1.27.0 String "5555555555" ;
  SnmpMibObject enterprises.4115.11.1.28.0 String "5555555555" ;
  SnmpMibObject enterprises.4115.10.1.3.0 IPAddress 10.10.10.10 ;
  SnmpMibObject enterprises.4115.11.1.1.1.2.1 String "5551234567" ;
  SnmpMibObject enterprises.4115.11.1.1.1.3.1 String "5551234567" ;
  SnmpMibObject enterprises.4115.11.1.1.1.4.1 String "5551234567" ;
  SnmpMibObject enterprises.4115.11.1.1.1.5.1 String "123456789" ;
  SnmpMibObject pktcNcsEndPntConfigMWD.9 Integer 2 ;
  SnmpMibObject ifAdminStatus.9 Integer 1; /* up */
  SnmpMibObject enterprises.4115.11.1.3.0 String "192.168.68.4;5060" ;
  SnmpMibObject enterprises.4115.11.1.4.0 Integer 0 ;
  SnmpMibObject enterprises.4115.11.1.5.0 String "192.168.68.4;5060" ;
  SnmpMibObject enterprises.4115.11.1.6.0 Integer 0 ;
  SnmpMibObject enterprises.4115.11.1.7.0 HexString 0x04808000 ;
  SnmpMibObject enterprises.4115.11.1.8.0 String "PCMU;telephone-event" ;
  SnmpMibObject enterprises.4115.11.1.9.0 Integer 20 ;
  MtaConfigDelimiter 255;
}

here is what the various parts mean (contact Arris for further clarification)

VendorSpecific stuff is digit map and feature enabling (this is what our SIP provider sets)

SnmpMibObject enterprises.4115.11.1.27.0 String "5555555555" ;
SnmpMibObject enterprises.4115.11.1.28.0 String "5555555555" ;
These lines combat a bug in old sip firmware that causes calls with no caller id to be dropped the value you set these to is not important as long as it is not a real telephone number.

SnmpMibObject enterprises.4115.10.1.3.0 IPAddress 10.10.10.10 ;
Syslog server address

SnmpMibObject enterprises.4115.11.1.1.1.2.1 String "5551234567" ;
SnmpMibObject enterprises.4115.11.1.1.1.3.1 String "5551234567" ;
SnmpMibObject enterprises.4115.11.1.1.1.4.1 String "5551234567" ;
SnmpMibObject enterprises.4115.11.1.1.1.5.1 String "123456789" ;
These are username, displayname, login, and password respectfully

SnmpMibObject pktcNcsEndPntConfigMWD.9 Integer 2 ;
SnmpMibObject ifAdminStatus.9 Integer 1; /* up */
These turn the EMTA on and set its admin status to up.

SnmpMibObject enterprises.4115.11.1.3.0 String "192.168.68.4;5060" ;
SnmpMibObject enterprises.4115.11.1.4.0 Integer 0 ;
Proxy Address;port and type 0=ipv4

SnmpMibObject enterprises.4115.11.1.5.0 String "192.168.68.4;5060" ;
SnmpMibObject enterprises.4115.11.1.6.0 Integer 0 ;
Registrar Address;port and type 0=ipv4

SnmpMibObject enterprises.4115.11.1.7.0 HexString 0x04808000 ;
SIP Feature Switch options (our sip provider set this)

SnmpMibObject enterprises.4115.11.1.8.0 String "PCMU;telephone-event" ;
provisioned codecs

SnmpMibObject enterprises.4115.11.1.9.0 Integer 20 ;
packetization rate in millisecs

----------------------------------------------------------------------------------------------------

Please post any questions you may have about my setup here and I will answer to the best of my ability. or shoot me an email offlist at jasonp*at*cablemo*dot*com

Mon, 10/06/2008 - 12:55 — cdruml

Http rather than tftp?

Pardon a newbie for a possibly simple quesition but I haven't found a solution in my own research. Our Arris eMTA pulls its config file fine via tftp but we would like it to use http instead. How can this be configured?

Fri, 10/17/2008 - 13:44 — kwesibrunee

As far as I know this is not

As far as I know this is not possible, tftp is the only way it can retrieve its config.

Out of curiousity why would you want it to use HTTP?

Sat, 08/01/2009 - 03:00 — dummy

Using your setup

Hello,

I'm using your setup for testing purposes, and have some questions,
What ip address did you assign to your cmts? what ip addresses did you assign to your nic's in your server?
I have a arris cornerstone 1500 cmts (eurodocsis 1.1) and a couple of cablemodems (motorola sbv5121e) that i want to get online.
Further i have set up a dell server with ubuntu server edition running on it.
Are the "option vendor-class-identifier,0,6) = "docsis";" always the same by different kind of cablemodems?

I'm running into some problems,

Aug 1 10:49:12 cmserver dhcpd: DHCPDISCOVER from 00:23:ed:1c:2c:ae via 192.168.224.33: network cableplant: no free leases
Aug 1 10:49:39 cmserver last message repeated 3 times

Thanks in advance,

Regards,
Donald.

Sat, 08/01/2009 - 21:15 — kwesibrunee

These configs were

These configs were sanitized, i.e. not my real IPs but given this configuration

The CMTS Cable interface would have an IP from this subnet

192.168.225.0/24 typically 192.168.225.1

The DHCPD server and the CMTS ethernet interface would have an IP from this subnet

192.168.224.32 typically 192.168.224.33 and 192.168.224.34 respectfully.

Per the docsis spec docsis 1.0+ modems must give the string docsis[Version] i.e. docsis1.0, docsis2.0 etc. when they request an IP. However since you are using EuroDocsis you will need to check the spec to make sure it uses the same string....

So based on your logs sounds like your dhcp request are coming from the wrong network, 192.168.224.33 is in a subnet that does not hand off IPs this should be the subnet between the CMTS and DHCP server, not the subnet the cable interface uses.

requests should be coming from either the 192.168.225.0 subnet or the 10.1.0.0 subnet or they won't get an IP.

Wed, 08/05/2009 - 09:57 — dummy

Arris Cornerstone 1500 CMTS

As far as i know the arris 1500 cmts is acting like a bridge, i can only set 1 ip address, and that's the one for the ethernet interface, i can't find any setting to configure the cable interface, is setting up vlan's an option? Regards, Donald.

Wed, 08/05/2009 - 10:48 — kwesibrunee

I have not worked with a

I have not worked with a bridge CMTS but try this

don't change anything on the CMTS but change these lines in the dhcpd config

[B]TO[/B]

/* A shared network for CMs and MTAs */
shared-network cableplant {
/* The subnet the dhcp server is in */
subnet 192.168.224.32 netmask 255.255.255.224 {
}
/*The subnet the requests come from generally the cable interfaces IP*/
subnet 192.168.225.0 netmask 255.255.255.0 {
}

Wed, 08/05/2009 - 16:36 — dummy

Difference

Still got the 'no free leases error',
What's the difference between those 2 blocks of code except the order? regards, donald...

Wed, 08/05/2009 - 23:41 — kwesibrunee

the way dhcpd works is as

the way dhcpd works is as you can guess, you define a subnet for the network you want to serve DHCP on.
dhcpd has a quirk, it will not work unless there is a subnet declaration for at least of of the subnets assigned to its ethernet ports. So in my original example

/* The subnet the dhcp server is in */
subnet 192.168.224.32 netmask 255.255.255.224 {
}

this code block tells dhcpd that this is a subnet that dhcpd is running on, notice no statements inside it, this is because I do not want to serve IPs from this subnet it is just to "activate" dhcpd.

dhcpd has a concept of a "Shared Network" which can combine disjointed networks, and treat them as if they are the same physical network, though they are on different subnets. In a typical cable setup this correlates to the non-routeable ips for the modems and the routeable IPs for the clients, with a shared network you can treat them as a single network. moving the first subnet into the shared network tells dhcpd to treat requests from the 192.168.224.32 subnet as if they came from any of the other subnets defined in that shared network.

So you have a shared network with 10.x.x.x/255.255.0.0 modems subnet and a 192.168.x.x/255.255.255.0 subnet for clients, if a request comes in from 10.x.x.1 it will check the pools that are defined in that shared network in document order until it finds one with suitable criteria it will then hand an IP from that pool.

so in my dhcpd file I am classifying the modems. mtas and clients and setting the criteria for the different pools so modems can only match one pool, clients can only match one pool, and mta's can only match one pool.

back to your problem, please post your dhcpd.conf file and the message that is showing up in the logs about no free leases. you also need to install wireshark on your server and get a capture of the dhcpdiscover and verify the Eurodocsis modem you have is indeed sending the string "docsis1.xxxxxxxx" or "docsis2.xxxxxxx", and if it is not adjust the class appropriately. Short of installing wireshark you could also call up arris and ask them what string Eurodocsis modems send thru to dhcp.

then we can make some headway on your problem.

Thu, 08/06/2009 - 11:19 — dummy

My setup

I captured the packet class identifiers with tshark, and tried also these full strings in the dhcpd.conf class identifiers: scientific atlanta epc 2203 -> docsis2.0:052c01010102010203010104010105010106010107010f0801100901000a01010b01180c01010d0201000e020100 motorola sb5101e -> docsis2.0:052401010102010203010104010105010106010107010f0801100901000a01010b01180c0101 motorola sbv5121e -> docsis2.0:053501010102010203010104010105010106010107010f0801100901000a01010b01180c01010d0200700e0200100f0101100400000004 thomson thg540 -> docsis2.0:053501010102010203010104010105010106010107010f0801100901000a01010b01180c01010d0201000e0201000f0101100400000004 arris tm702b -> docsis3.0: [code] cat /etc/dhcp3/dhcpd.conf ddns-update-style none; ignore client-updates; omapi-port 9991; key omapi_key { algorithm HMAC-MD5; secret "defcb4a645ef6sdfe2cef6a1"; }; omapi-key omapi_key; option space docsis-mta; option docsis-mta.dhcp-server-1 code 1 = ip-address; option docsis-mta.dhcp-server-2 code 2 = ip-address; option docsis-mta.provision-server code 3 = { integer 8, string }; option docsis-mta.as-req-as-rep-1 code 4 = { integer 32, integer 32, integer 32 }; option docsis-mta.as-req-as-rep-2 code 5 = { integer 32, integer 32, integer 32 }; option docsis-mta.krb-realm-name code 6 = string; option docsis-mta.tgs-util code 7 = integer 8; option docsis-mta.timer code 8 = integer 8; option docsis-mta.ticket-ctrl-mask code 9 = integer 16; option docsis-mta-pkt code 122 = encapsulate docsis-mta; option docsis-mta.dhcp-server-1 192.168.224.34; option docsis-mta.provision-server 0 "\003mta\007domains\003net\000"; option docsis-mta.krb-realm-name "\005BASIC\0011\000"; class "CM" { match if substring(option vendor-class-identifier,0,6) = "docsis2.0"; spawn with option agent.remote-id; vendor-option-space docsis-mta; default-lease-time 604800; max-lease-time 604800; min-lease-time 302400; option time-offset -21600; next-server 192.168.224.34; option tftp-server-name "192.168.224.34"; option time-servers 192.168.224.34; option log-servers 192.168.224.34; option domain-name "mta.domains.net"; ddns-updates off; option routers 10.1.6.1; option subnet-mask 255.255.0.0; option docsis-mta.dhcp-server-1 192.168.224.34; } class "MTA" { match if substring(option vendor-class-identifier,0,5) = "docsis3.0"; spawn with option agent.remote-id; default-lease-time 21600; max-lease-time 21600; min-lease-time 10800; option domain-name "mta.domains.net"; ddns-updates off; option domain-name-servers 10.0.0.1, 192.168.0.1; option subnet-mask 255.255.0.0; option routers 10.1.6.1; option log-servers 192.168.224.34; option time-servers 192.168.224.34; option tftp-server-name "192.168.224.34"; next-server 192.168.224.34; option time-offset -18000; option host-name = host-decl-name; option docsis-mta.provision-server 0 "\003mta\007domains\003net\000"; option docsis-mta.krb-realm-name "\005BASIC\0011\000"; } # The subnet the dhcp server is in (eth0, i don't want to serve dhcp on this interface) subnet 10.0.0.0 netmask 255.255.255.224 { } # A shared network for CMs and MTAs shared-network cableplant { # The subnet the requests come from generally the cable interfaces IP (eth1 via cmts) subnet 192.168.224.0 netmask 255.255.255.0 { } # the subnet for CMs and MTAs subnet 10.1.0.0 netmask 255.255.0.0 { # this pool is for known MTAs pool { range 10.1.60.2 10.1.64.254; allow members of "MTA"; deny unknown-clients; } # This pool is for known cable modems*/ pool { range 10.1.65.2 10.1.69.254; allow members of "CM"; deny unknown-clients; } } } # Group for Plus users group Plus { filename "Plus.bin"; option bootfile-name "Plus.bin"; } # Group for Voip only users*/ group VoipOnly { filename "VoipOnly.bin"; option bootfile-name "VoipOnly.bin"; } # an MTA entry host nh4797942e084be960 { hardware ethernet 00:00:00:00:00:00; } # a Cable Modem entry host nh46fd2a7608bc2710 { hardware ethernet 00:00:00:00:00:01; group "Plus"; } [/code] [code] Login: root Password: *********** [cmts] console> manage Management subsystem, v2.9. Type 'help' for commands. [cmts] box# ip-level [cmts] ip-level# info Parameter Value --------- ----- config-ip-address 192.168.224.33 config-ip-subnet 255.255.255.224 config-ip-gateway 192.168.224.34 default-ttl 255 (value) dns-control enabled dns-domain-name "cmts.domainname.net" [cmts] ip-level# [/code] [code] root@cmserver:/etc/dhcp3# ifconfig eth0 Link encap:Ethernet HWaddr 00:24:e8:63:e1:22 inet addr:10.0.0.28 Bcast:10.0.0.31 Mask:255.255.255.224 inet6 addr: 2001:960:66d:0:224:e8ff:fe63:e122/64 Scope:Global inet6 addr: fe80::224:e8ff:fe63:e122/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:29017 errors:0 dropped:0 overruns:0 frame:0 TX packets:15466 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:15416081 (15.4 MB) TX bytes:2102589 (2.1 MB) Interrupt:36 Memory:da000000-da012700 eth1 Link encap:Ethernet HWaddr 00:24:e8:63:e1:23 inet addr:192.168.224.34 Bcast:192.168.224.63 Mask:255.255.255.224 inet6 addr: fe80::224:e8ff:fe63:e123/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:80 errors:0 dropped:0 overruns:0 frame:0 TX packets:77 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:43305 (43.3 KB) TX bytes:26626 (26.6 KB) Interrupt:48 Memory:dc000000-dc012700 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:40 errors:0 dropped:0 overruns:0 frame:0 TX packets:40 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:10346 (10.3 KB) TX bytes:10346 (10.3 KB) root@cmserver:/etc/dhcp3# tail -f /var/log/syslog Aug 6 19:06:50 cmserver dhcpd: DHCPDISCOVER from 00:23:ed:1c:2c:ae via 192.168.224.33: network cableplant: no free leases [/code] When i move the [code] # The subnet the dhcp server is in */ subnet 10.0.0.0 netmask 255.255.255.224 { } [/code] inside the shared-network cableplant i get an extra error (Multiple interfaces match the same shared network: eth0 eth1) plus the no free leases error [code] root@cmserver:/etc/dhcp3# tail -f /var/log/syslog Aug 6 19:12:26 cmserver dhcpd: Internet Systems Consortium DHCP Server V3.1.1 Aug 6 19:12:26 cmserver dhcpd: Copyright 2004-2008 Internet Systems Consortium. Aug 6 19:12:26 cmserver dhcpd: All rights reserved. Aug 6 19:12:26 cmserver dhcpd: For info, please visit http://www.isc.org/sw/dhcp/ Aug 6 19:12:26 cmserver dhcpd: Wrote 0 class decls to leases file. Aug 6 19:12:26 cmserver dhcpd: Wrote 0 group decls to leases file. Aug 6 19:12:26 cmserver dhcpd: Wrote 0 deleted host decls to leases file. Aug 6 19:12:26 cmserver dhcpd: Wrote 0 new dynamic host decls to leases file. Aug 6 19:12:26 cmserver dhcpd: Wrote 0 leases to leases file. Aug 6 19:12:26 cmserver dhcpd: Multiple interfaces match the same shared network: eth0 eth1 Aug 6 19:13:26 cmserver dhcpd: DHCPDISCOVER from 00:23:ed:1c:2c:ae via 192.168.224.33: network cableplant: no free leases [/code] Thanks for your time, what else can i do? Regards, Donald.

Thu, 08/06/2009 - 13:31 — kwesibrunee

I see two problems right off

I see two problems right off the bat

match if substring(option vendor-class-identifier,0,6) = "docsis2.0";

and

match if substring(option vendor-class-identifier,0,5) = "docsis3.0";

these should be

match if substring(option vendor-class-identifier,0,6) = "docsis";

and

match if substring(option vendor-class-identifier,0,5) = "pktc1";

respectively

the first one checks first 6 characters of the the vendor-class-identifier for the string "docsis" the way you have it now it is checking the first 6 chars against the string "docsis2.0" which is 8 chars long needless to say it will never match.

MTA's spit out a vendor-class-identifier in the form ptkc1.0xxxxxxxx or ptkc1.5xxxxxxxx when they come out with subsequent versions they will likely be pktc2.0xxxxxxxx etc..
for your purposes though matching the first 5 chars to the string "ptkc1" is a safe bet.

as for the multiple networks problem in the log file this is because you have 10.0.0.28 bound to eth0 ifdown that interface as it is not needed, and restart dhcpd, will solve that issue.

Thu, 08/06/2009 - 16:16 — dummy

I changed the class

I changed the class identifiers, but that won't change a thing... still get the 'no free leases' error...

eth0 10.0.0.28 -> 10.0.0.1 is my gateway to internet at the moment, so i can't bring eth0 down...

if i comment out the 10.0.0.0 subnet in dhcpd.conf i get:

root@cmserver:/etc/dhcp3# tail -f /var/log/syslog
Aug 7 00:10:53 cmserver dhcpd: Wrote 0 new dynamic host decls to leases file.
Aug 7 00:10:53 cmserver dhcpd: Wrote 0 leases to leases file.
Aug 7 00:10:53 cmserver dhcpd:
Aug 7 00:10:53 cmserver dhcpd: No subnet declaration for eth0 (10.0.0.28).
Aug 7 00:10:53 cmserver dhcpd: ** Ignoring requests on eth0. If this is not what
Aug 7 00:10:53 cmserver dhcpd: you want, please write a subnet declaration
Aug 7 00:10:53 cmserver dhcpd: in your dhcpd.conf file for the network segment
Aug 7 00:10:53 cmserver dhcpd: to which interface eth0 is attached. **
Aug 7 00:10:53 cmserver dhcpd:
Aug 7 00:11:01 cmserver ntpd[3127]: clock is now synced
Aug 7 00:12:26 cmserver dhcpd: DHCPDISCOVER from 00:23:ed:1c:2c:ae via 192.168.224.33: network cableplant: no free leases
Aug 7 00:12:53 cmserver last message repeated 3 times

Clueless.... :-S

Thu, 08/06/2009 - 16:52 — kwesibrunee

one more small issue to correct and you should be in business

if the dhcp requests are not coming accross eth0 you can safely remove its subnet from the shared network.

Ok see another minor issue,

this blob

pool {
range 10.1.65.2 10.1.69.254;
allow members of "CM";
deny unknown-clients;
}

tells it to accept members of CM class but deny "unknown" clients. unknown to dhcpd means not available in the dhcpd.conf file or dynamically added and in the dhcpd.leases file.

looking at your config there is no mention of a host entry for the device with mac address 00:23:ed:1c:2c:ae

you can either change one of your existing host entries to 00:23:ed:1c:2c:ae or just create another
i.e. change

host nh46fd2a7608bc2710 {
hardware ethernet 00:00:00:00:00:01;
group "Plus";
}

host nh46fd2a7608bc2710 {
hardware ethernet 00:23:ed:1c:2c:ae;
group "Plus";
}

Fri, 08/07/2009 - 08:28 — dummy

It works

Okay, that works,

root@cmserver:/etc/dhcp3# tail -f /var/log/syslog
Aug 7 16:18:57 cmserver dhcpd: For info, please visit http://www.isc.org/sw/dhcp/
Aug 7 16:18:59 cmserver dhcpd: Internet Systems Consortium DHCP Server V3.1.1
Aug 7 16:18:59 cmserver dhcpd: Copyright 2004-2008 Internet Systems Consortium.
Aug 7 16:18:59 cmserver dhcpd: All rights reserved.
Aug 7 16:18:59 cmserver dhcpd: For info, please visit http://www.isc.org/sw/dhcp/
Aug 7 16:18:59 cmserver dhcpd: Wrote 0 class decls to leases file.
Aug 7 16:18:59 cmserver dhcpd: Wrote 0 group decls to leases file.
Aug 7 16:18:59 cmserver dhcpd: Wrote 0 deleted host decls to leases file.
Aug 7 16:18:59 cmserver dhcpd: Wrote 0 new dynamic host decls to leases file.
Aug 7 16:18:59 cmserver dhcpd: Wrote 1 leases to leases file.
Aug 7 16:19:41 cmserver dhcpd: DHCPDISCOVER from 00:23:ed:1c:2c:ae via 192.168.224.33
Aug 7 16:19:42 cmserver dhcpd: DHCPOFFER on 10.1.65.2 to 00:23:ed:1c:2c:ae via 192.168.224.33
Aug 7 16:19:42 cmserver dhcpd: DHCPREQUEST for 10.1.65.2 (192.168.224.34) from 00:23:ed:1c:2c:ae via 192.168.224.33
Aug 7 16:19:42 cmserver dhcpd: DHCPACK on 10.1.65.2 to 00:23:ed:1c:2c:ae via 192.168.224.33

I only miss the part for 'unknown' cablemodems or mta's, do you create another pool for them without the deny unknown-clients option? so they will come online and you can send them to an registration page or something using a fake dns that only resolves to 1 page (the registration page)?

Regards,
Donald.

Fri, 08/07/2009 - 11:19 — kwesibrunee

Glad your up and Running

Glad you got it up and running that is like 3/4 of the battle right there.....

Yes you can add another Subnet for unknown modems, but to get the unknown clients/MTAs to come online to only get to a registration page is a little trickier.... However I don't think it will work with a bridged CMTS, due to the fact that your DHCP requests come from the same IP

The way I have gotten it to work is to have two different dhcp servers, one for modems, one for clients/mtas.

The trick is to have dhcp requests from clients/mtas behind known modems pull from one subnet of IPs and clients behind unknown modems pull from another subnet. It can be done with Cisco CMTSes but I am certain the way I do it would not work for you using a bridged CMTS.

I am setting up some new dhcpd servers over the next few days, I just had an idea of a way it could work for possibly even a bridge CMTS I will try it and let you know.

Mon, 08/10/2009 - 17:52 — dummy

Tftp an Ntp Server

Hi,

How can the cablemodems/mta's reach the ntp server and tftp server (192.168.224.32) if they are on another subnet 10.1.0.0 (in my case using a bridged cmts) ?
I'm getting error messages in the modem log (ToD request sent - No Response Received) and (TFTP Failed - request sent - No Response)

*edit*
When i create a virtual network interface eth1:0 with ip 10.1.66.1 and change all the 192.168.224.34 to 10.1.66.1 in dhcpd.conf (time servers and dhcp servers and gateways) the modem can now reach the tftp server and tod server, now the last thing to do is create some good configs... is there any good tool for it?

Regards,
Donald.

Mon, 08/10/2009 - 18:08 — kwesibrunee

arris PacketAce is the best

arris PacketAce is the best for Arris Modems very easy to use, with a lot of templates to get you started

If you can't get access to it, requires a contract id with Arris, there are a couple of alternatives,

docsis.sourceforge.net is a cli tool that can create configs, the ones included here were created by packetace but decoded by docsis, they will reencode just fine with docsis as well.

cisco also has a docsis config generator, though it is not actively being updated any more it is a good generic decoder/encoder.

Mon, 08/17/2009 - 11:25 — dummy

Some errors

Already set up the dhcpd servers? i'm a bit further now, but i'm still struggling to get the mta online, see logs, Do you know why it takes three DISCOVERS and OFFERS for the mta to get an ip, while the cablemodem gets it directly? why is the mta waiting? Any idea what the "bad udp checksums" are? All the modems i have in stock are using packetcable firmware, that's why it won't work with all the sip example mta configs here at this site. Is is possible to use sip firmware and sip configs by using ONE sip mta config file for every mta? instead of different sip configs for the mta's? Hope you can help me out, [code] Aug 17 19:10:03 cmserver dhcpd: DHCPDISCOVER from 00:1e:69:6c:62:8a via 10.1.0.2 Aug 17 19:10:04 cmserver dhcpd: DHCPOFFER on 10.1.0.11 to 00:1e:69:6c:62:8a via 10.1.0.2 Aug 17 19:10:06 cmserver dhcpd: DHCPREQUEST for 10.1.0.11 (10.1.0.1) from 00:1e:69:6c:62:8a via 10.1.0.2 Aug 17 19:10:06 cmserver dhcpd: DHCPACK on 10.1.0.11 to 00:1e:69:6c:62:8a via 10.1.0.2 Aug 17 19:10:06 cmserver dhcpd: 3 bad udp checksums in 5 packets Aug 17 19:10:06 cmserver atftpd[5683]: Creating new socket: 10.1.0.1:55151 Aug 17 19:10:06 cmserver atftpd[5683]: Serving xtra.cfg to 10.1.0.11:1026 Aug 17 19:10:09 cmserver atftpd[5683]: End of transfer Aug 17 19:10:09 cmserver atftpd[5683]: Server thread exiting Aug 17 19:10:17 cmserver dhcpd: DHCPDISCOVER from 00:1e:69:6c:62:8b via 10.1.0.2 Aug 17 19:10:18 cmserver dhcpd: DHCPOFFER on 10.1.6.10 to 00:1e:69:6c:62:8b via 10.1.0.2 Aug 17 19:10:21 cmserver dhcpd: DHCPDISCOVER from 00:1e:69:6c:62:8b via 10.1.0.2 Aug 17 19:10:21 cmserver dhcpd: DHCPOFFER on 10.1.6.10 to 00:1e:69:6c:62:8b via 10.1.0.2 Aug 17 19:10:29 cmserver dhcpd: DHCPDISCOVER from 00:1e:69:6c:62:8b via 10.1.0.2 Aug 17 19:10:29 cmserver dhcpd: DHCPOFFER on 10.1.6.10 to 00:1e:69:6c:62:8b via 10.1.0.2 Aug 17 19:10:45 cmserver dhcpd: DHCPDISCOVER from 00:1e:69:6c:62:8b via 10.1.0.2 Aug 17 19:10:45 cmserver dhcpd: DHCPOFFER on 10.1.6.10 to 00:1e:69:6c:62:8b via 10.1.0.2 Aug 17 19:10:47 cmserver dhcpd: DHCPREQUEST for 10.1.6.10 (10.1.0.1) from 00:1e:69:6c:62:8b via 10.1.0.2 Aug 17 19:10:47 cmserver dhcpd: DHCPACK on 10.1.6.10 to 00:1e:69:6c:62:8b via 10.1.0.2 Aug 17 19:10:48 cmserver atftpd[5683]: Creating new socket: 10.1.0.1:35165 Aug 17 19:10:48 cmserver atftpd[5683]: Serving mta.bin to 10.1.6.10:1029 Aug 17 19:10:48 cmserver atftpd[5683]: End of transfer Aug 17 19:10:48 cmserver atftpd[5683]: Server thread exiting Aug 17 19:10:48 10.1.6.10 001e696c628b MTA[Thomson]:<4000950904><2892844470>Configuration File Error - Missing Parameter Aug 17 19:10:48 10.1.6.10 001e696c628b MTA[Thomson]:<4000951502><2892844470>Provisioning Complete - Fail [/code] Best regards, Donald.

Wed, 08/19/2009 - 01:16 — kwesibrunee

Some Ideas for you

Reguarding the 3 requests and UDP checksum errors, could be a noise related problem, try opening a ping window to the modem/mta while it is trying to come online and send it the largest packet you can without it fragmenting should be 1472 bytes... if you get some severe packet loss then you have an issue.

Do you have arris MTAs? or are you using Thompson....

if you are using arris
connect to the telnet client on the modem and watch the dhcp transaction, if telnet is not on connect to http://[modemIP]/techsupport.html and turn telnet on. You can troubleshoot the dhcp very well from here....

Wed, 08/19/2009 - 10:15 — dummy

UDP Checksum error

I don't think that's the issue, i'm not working in a 'live' environment, just a test environment, the cablemodems are directly attached to the cmts using diplex filters and attenuators, the cnr is 40 dB.
Yes, i have also arris mta's, the TM702b, and Motorola sbv5121e mta's , Scientific Atlanta's Webstar EPC2203 mta's.
I can try the ping test, and get back here...

Wed, 08/18/2010 - 08:16 — rbTechLLC

Just a note of thanks

I'd just like to take a quick moment to say "Thank You!!!" for sharing your experiences and configs; I've been administering a small cable system for nearly 10 years using a homegrown trouble ticketing and provisioning system (http://suptrac.sourceforge.net), and the Arris terminals threw me for a huge loop. Your posting has been invaluable in getting the new eMTAs running on our network!

Rubin
rbTechnologies, LLC
1970 VT Route 14 South
East Montpelier, VT 05651
(802)223-4448 x101
rbennett@thatitguy.com
http://thatitguy.com

Business networking services, Linux, Unix and Windows, firewalls, network security, local and Wide Area networking experts.

Thu, 08/19/2010 - 11:53 — rbTechLLC

Just a note of thanks

Rubin
rbTechnologies, LLC
1970 VT Route 14 South
East Montpelier, VT 05651
(802)223-4448 x101
rbennett@thatitguy.com
http://thatitguy.com

Business networking services, Linux, Unix and Windows, firewalls, network security, local and Wide Area networking experts.

Main menu

Navigation

You are here

How-to for arris eMTAs on docsis 1.1 networks using dhcpd

Http rather than tftp?

As far as I know this is not

Using your setup

These configs were

Arris Cornerstone 1500 CMTS

I have not worked with a

Difference

the way dhcpd works is as

My setup

I see two problems right off

I changed the class

one more small issue to correct and you should be in business

It works

Glad your up and Running

Tftp an Ntp Server

arris PacketAce is the best

Some errors

Some Ideas for you

UDP Checksum error

Just a note of thanks

Just a note of thanks

Main menu

Navigation

User login

You are here

How-to for arris eMTAs on docsis 1.1 networks using dhcpd