Hi all,
I need help with option 122. I've been browsing forums for days before I run into this obstacle. It is very hard for me to figure out what is a problem for my MTAs.
Hardware I use is BSR1000, modems are SBV5121, server is fedora, dhcp is isc-dhcpd-4.0.0.
I have gradually worked my way through dhcpd.conf - I managed to boot up CM, assign it fixed IP address, and send it option 122 so it wakes MTA up. Problem is that MTA keeps sending dhcp discover but it seems not to "hear" my dhcp offers from the server.
here goes some of the debug info from the CMTS:
[09/11-15:02:13.99:Udp-dhcp]-D-Relay BOOTREQ DISCOVER packet to server with src 10.14.0.1, dst 10.200.200.5, srcport 68, dstport 67 ciaddr 0.0.0.0, yiaddr 0.0.0.0, giaddr 10.14.0.1, chaddr 00:1a:ad:a9:20:f0, xid 0x00618d93
[09/11-15:02:13.97:Udp]-D-Udp packet recvd with src 10.200.200.5, dst 10.14.0.1, srcport 67, dstport 67
[09/11-15:02:13.97:Udp-dhcp]-D-Relay BOOTREP OFFER to client with src 10.123.128.1, dst 255.255.255.255, srcport 67, dstport 68 ciaddr 0.0.0.0, yiaddr 10.123.128.11, giaddr 10.123.128.1, chaddr 00:1a:ad:a9:20:f0, xid 0x00618d93
[09/11-15:02:21.99:Udp]-D-Udp packet recvd with src 0.0.0.0, dst 255.255.255.255, srcport 68, dstport 67
[09/11-15:02:21.97:Udp-dhcp]-D-Relay BOOTREQ DISCOVER packet to server with src 10.14.0.1, dst 10.200.200.5, srcport 68, dstport 67 ciaddr 0.0.0.0, yiaddr 0.0.0.0, giaddr 10.14.0.1, chaddr 00:1a:ad:a9:20:f0, xid 0x00618d93
[09/11-15:02:21.97:Udp]-D-Udp packet recvd with src 10.200.200.5, dst 10.14.0.1, srcport 67, dstport 67
[09/11-15:02:21.97:Udp-dhcp]-D-Relay BOOTREP OFFER to client with src 10.123.128.1, dst 255.255.255.255, srcport 67, dstport 68 ciaddr 0.0.0.0, yiaddr 10.123.128.11, giaddr 10.123.128.1, chaddr 00:1a:ad:a9:20:f0, xid 0x00618d93
here is tail of the boot log:
[root@XXX ~]# tail /var/log/boot.log
Sep 11 14:26:56 XXX dhcpd: DHCPREQUEST for 10.100.101.254 (10.200.200.5) from 00:11:2f:b4:1b:6f (XXX-catv) via 10.14.0.1
Sep 11 14:26:56 XXX dhcpd: DHCPACK on 10.100.101.254 to 00:11:2f:b4:1b:6f (XXX-catv) via 10.14.0.1
Sep 11 14:27:00 XXX dhcpd: DHCPDISCOVER from 00:1a:ad:a9:20:f0 via 10.14.0.1
Sep 11 14:27:00 XXX dhcpd: DHCPOFFER on 10.123.128.11 to 00:1a:ad:a9:20:f0 via 10.14.0.1
Sep 11 14:27:08 XXX dhcpd: DHCPDISCOVER from 00:1a:ad:a9:20:f0 via 10.14.0.1
Sep 11 14:27:08 XXX dhcpd: DHCPOFFER on 10.123.128.11 to 00:1a:ad:a9:20:f0 via 10.14.0.1
here is a piece of tcpdump sniff:
14:29:11.997584 IP (tos 0x0, ttl 255, id 14443, offset 0, flags [none], proto UDP (17), length 592) 10.14.0.1.bootpc > 10.200.200.5.bootps: BOOTP/DHCP, Request from 00:1a:ad:a9:20:f0 (oui Unknown), length 564, hops 1, xid 0x1c10f47, Flags [Broadcast]
Gateway-IP 10.14.0.1
Client-Ethernet-Address 00:1a:ad:a9:20:f0 (oui Unknown)
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Discover
MSZ Option 57, length 2: 548
Vendor-Option Option 43, length 123: 2.4.69.77.84.65.4.24.49.53.56.49.54.49.55.51.48.51.51.51.48.57.54.50.48.49.48.49.50.48.48.52.5.3.49.46.48.6.28.83.66.86.53.49.50.49.69.45.50.46.49.55.46.49.46.50.45.83.67.77.49.48.45.83.72.80.67.7.3.56.46.53.8.3.0.26.173.9.8.83.66.86.53.49.50.49.69.10.20.77.111.116.111.114.111.108.97.32.67.111.114.112.111.114.97.116.105.111.110.31.6.0.26.173.169.32.240.32.4.0.0.94.49
Vendor-Class Option 60, length 72: "pktc1.0:051E0101000201020901010A01010B060103050608090D010110010912020007"
Parameter-Request Option 55, length 8:
Hostname, Domain-Name, Subnet-Mask, Default-Gateway
Time-Zone, Domain-Name-Server, LOG, Option 122
Client-ID Option 61, length 7: ether 00:1a:ad:a9:20:f0
Agent-Information Option 82, length 14:
Unknown SubOption 2, length 6:
0x0000: 001a ada9 20ee
Unknown SubOption 43, length 4:
0x0000: 0a0e 000b
14:29:11.998171 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 377) 10.200.200.5.bootps > 10.14.0.1.bootps: BOOTP/DHCP, Reply,length 349, hops 1, xid 0x1c10f47, Flags [Broadcast]
Your-IP 10.123.128.11
Gateway-IP 10.14.0.1
Client-Ethernet-Address 00:1a:ad:a9:20:f0 (oui Unknown)
file "mta.bin"
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Offer
Server-ID Option 54, length 4: 10.200.200.5
Lease-Time Option 51, length 4: 604800
Hostname Option 12, length 13: "mta.XXX.xx"
Domain-Name Option 15, length 9: "XXX.xx"
Subnet-Mask Option 1, length 4: 255.255.128.0
Default-Gateway Option 3, length 4: 10.123.128.1
Time-Zone Option 2, length 4: 7200
Domain-Name-Server Option 6, length 4: 10.200.200.5
LOG Option 7, length 4: 10.200.200.5
T122 Option 122, length 19: 122.17.3.5.1.10.200.200.5.6.8.66.65.83.73.67.1.49.0
Agent-Information Option 82, length 14:
Unknown SubOption 2, length 6:
0x0000: 001a ada9 20ee
Unknown SubOption 43, length 4:
0x0000: 0a0e 000b
Here is my dhcpd.conf:
ddns-update-style none;
default-lease-time 600;
option domain-name "XXX.xx";
ddns-domainname "XXX.xx";
log-facility local7;
omapi-port 7911;
# option space docsis-mta;
# option docsis-mta.dhcp-server-1 code 1 = ip-address;
# option docsis-mta.dhcp-server-2 code 2 = ip-address;
# option docsis-mta.prov-server code 3 = string;
# option docsis-mta.kerberos code 6 = string;
#
# option docsis-mta-encap code 122 = encapsulate docsis-mta;
option voip122 code 122 = string;
class "cm" {
match if substring(option vendor-class-identifier,0,6) = "docsis";
spawn with option agent.remote-id;
default-lease-time 604800;
max-lease-time 604800;
min-lease-time 302400;
option tftp-server-name "10.200.200.5";
option time-servers 10.200.200.5;
option time-offset 7200;
option log-servers 10.200.200.5;
option domain-name "XXX.xx";
# vendor-option-space docsis-mta;
# option docsis-mta.dhcp-server-1 10.200.200.5;
# option docsis-mta.dhcp-server-2 10.200.200.6;
# option voip122 7a:01:04:0a:c8:c8:05;
option voip122 01:04:0a:c8:c8:05;
}
class "emta" {
match if substring(option vendor-class-identifier,0,8) = "pktc1.0:";
spawn with option agent.remote-id;
default-lease-time 604800;
max-lease-time 604800;
min-lease-time 302400;
option tftp-server-name "10.200.200.5";
option time-servers 10.200.200.5;
option time-offset 7200;
option log-servers 10.200.200.5;
option domain-name "XXX.xx";
# vendor-option-space docsis-mta-encap;
# option voip122 7a:17:01:04:0a:c8:c8:05:03:05:01:0a:c8:c8:05:06:08:42:41:53:49:43:01:31:00;
option voip122 7a:11:03:05:01:0a:c8:c8:05:06:08:42:41:53:49:43:01:31:00;
# option voip122 16:01:04:0a:c8:c8:05:03:05:01:0a:c8:c8:05:06:08:42:41:53:49:43:01:31:00;
}
class "cpe" {
}
shared-network CABLE {
option domain-name-servers 10.200.200.5;
default-lease-time 600;
max-lease-time 7200;
option time-servers 10.200.200.5;
option log-servers 10.200.200.5;
subnet 10.0.0.0 netmask 255.0.0.0 {
pool {
range 10.14.0.5 10.14.0.9;
option subnet-mask 255.254.0.0;
option routers 10.14.0.1;
next-server 10.200.200.5;
option tftp-server-name "10.200.200.5";
filename "normal.cfg";
allow members of "cm";
}
pool {
range 10.123.128.2 10.123.255.254;
option subnet-mask 255.255.128.0;
option routers 10.123.128.1;
next-server 10.200.200.5;
allow members of "emta";
ddns-updates on;
ddns-domainname "mta.XXX.xx";
option host-name "mta.yy";
}
pool {
range 10.100.100.2 10.100.101.254;
option routers 10.100.100.1;
option subnet-mask 255.255.254.0;
#allow members of "cpe";
}
} # end subnet of shared network
} # end shared-network CABLE
group pkt1 {
filename "PAKET-1.cfg";
option bootfile-name "PAKET-1.cfg";
option routers 10.11.0.1;
option subnet-mask 255.255.254.0;
}
group pkt2 {
filename "PAKET-2.cfg";
option bootfile-name "PAKET-2.cfg";
option routers 10.11.0.1;
option subnet-mask 255.255.254.0;
}
group disabled {
filename "disabled.cfg";
option bootfile-name "disabled.cfg";
option routers 10.11.0.1;
option subnet-mask 255.255.254.0;
}
group tester {
filename "normal.cfg";
option bootfile-name "normal.cfg";
option routers 10.14.0.1;
option subnet-mask 255.255.254.0;
#option docsis-mta.dhcp-server-1 10.200.200.5;
#vendor-option-space docsis-mta;
}
host test {
hardware ethernet 00:1a:ad:a9:20:ee;
fixed-address 10.14.0.11;
group "tester";
}
host test-mta {
hardware ethernet 00:1a:ad:a9:20:f0;
fixed-address 10.123.128.11;
option routers 10.123.128.1;
option subnet-mask 255.255.128.0;
option domain-name-servers 10.200.200.5;
option log-servers 10.200.200.5;
option tftp-server-name "10.200.200.5";
filename "mta.bin";
option bootfile-name "mta.bin";
option domain-name "XXX.xx";
ddns-domainname "mta.XXX.xx";
option host-name "mta.XXX.xx";
}
As you can tell from the above configuration, I've tried many different ways to send option 122 in a dhcp offer to MTA, whatever I did - it never got past dhcp discover - dhcp offer loop. Documentation for packet cable provisioning says that if no valid DHCP offer was made, MTA MUST perform another dhcp discover...I can surely ping both CM and CPE, so routing is unlikely to be the problem. I am sort of stuck - do not know what to debug anymore and my config is not working. I've tried using defined option space (vendor-option-space) but it never worked out for me, at the end I hand-encoded whole string according to the rfc3495. If I try sending string as RFC proposes it, it should NOT include "option code" at the start of the string, so real string should look, for example, if I wanted to send suboptions 3 and 6, like this option voip122 11:03:05:01:0a:c8:c8:05:06:08:42:41:53:49:43:01:31:00; however if I do not prepend it with hexed 122 than my tcpdump shows garbage instead of the de-hexed line. Therefore I used it in the form 7a:11:03:05:01:0a:c8:c8:05:06:08:42:41:53:49:43:01:31:00. I tried sending options 1,2,3, and 6, than I tried sending 1,3, and 6, than just 3 and 6 - nothing seems to help MTA accept dhcp offer.
Pretty please help me figure it out. I am not sure what to debug anymore - step where I am stuck has logical explanations, but it just seems like this will never work out for me. I cannot figure out what am I doing wrong. Thanks in advance.
hard to say what exactly it is rejecting about the offer, you may check the modems event log sometimes very obvious problems are logged there, I noticed a few probs:
1. the offer that the MTA was receiving did not have a time-servers option
2. option 122.3 was indexed with a 1 instead of 0 and was not null terminated
3 option 122.6 was missing entirely should be the string BASIC 1 or BASIC 2 (depending on what provisioning method you use Try basic 1 first) also has to be null terminated
4. your dhcp config had a catch all Subnet for 10.0.0.0/255.0.0.0 while not technically wrong made it quite confusing to read
I have rewrote your config file in a manner that should allow it to work, if not it should provide a place to start for troubleshooting. I have several of these deployments out in the wild with a conf file similar to this, though we use Arris modems (both SIP and Packetcable firmwares) but It should be pretty close when it comes to DHCP.
give this a whirl and let me know how it goes, gonna be traveling next week so may not be very available but hopefully we can get you taken care of.
ddns-update-style none;
default-lease-time 600;
# Map option 122 values for booting packetcable Devices
option space docsis-mta;
option docsis-mta.dhcp-server-1 code 1 = ip-address;
option docsis-mta.dhcp-server-2 code 2 = ip-address;
option docsis-mta.provision-server code 3 = { integer 8, string };
option docsis-mta.as-req-as-rep-1 code 4 = { integer 32, integer 32, integer 32 };
option docsis-mta.as-req-as-rep-2 code 5 = { integer 32, integer 32, integer 32 };
option docsis-mta.krb-realm-name code 6 = string;
option docsis-mta.tgs-util code 7 = integer 8;
option docsis-mta.timer code 8 = integer 8;
option docsis-mta.ticket-ctrl-mask code 9 = integer 16;
option docsis-mta-pkt code 122 = encapsulate docsis-mta;
class "cm" {
match if substring(option vendor-class-identifier,0,6) = "docsis";
spawn with hardware;
}
class "mta" {
match if substring(option vendor-class-identifier,0,4) = "pktc";
spawn with hardware;
}
class "client" {
match if ((substring(option vendor-class-identifier,0,6) != "docsis") and (substring(option vendor-class-identifier,0,4) != "pktc"));
spawn with hardware;
}
# Assuming your dhcp server is 10.200.200.5 you need this to tell it to listen for requests here
subnet 10.200.200.0 255.255.255.0 {
}
shared-network CABLE {
# Put options which are in common between subnets here so you only have to define them once
next-server 10.200.200.5;
option tftp-server-name "10.200.200.5";
option time-servers 10.200.200.5;
option log-servers 10.200.200.5;
# Time offset
option time-offset -21600;
# Subnet for your modems I find it is better to be more specific with your subnets
# and have them match what you actually have rather than have a catch all subnet.
subnet 10.14.0.0 netmask 255.254.0.0 {
pool {
range 10.14.0.5 10.14.0.9;
option subnet-mask 255.254.0.0;
option routers 10.14.0.1;
option docsis-mta.dhcp-server-1 10.200.200.5;
allow members of "cm";
}
}
# Subnet for MTAs
subnet 10.123.128.0 255.255.128.0 {
pool {
range 10.123.128.2 10.123.255.254;
option subnet-mask 255.255.128.0;
option routers 10.123.128.1;
option domain-name "mta.domain.net";
# this just sets the hostname to mta{macaddress} i.e. mta001122334455
option host-name = concat ("mta",suffix (concat ("0", binary-to-ascii (16, 8, "", substring (hardware, 1, 1))),2), "", suffix (concat ("0", binary-to-ascii (16, 8, "", substring (hardware, 2, 1))),2), "", suffix (concat ("0", binary-to-ascii (16, 8, "", substring (hardware, 3, 1))),2), "", suffix (concat ("0", binary-to-ascii (16, 8, "", substring (hardware, 4, 1))),2), "", suffix (concat ("0", binary-to-ascii (16, 8, "", substring (hardware, 5, 1))),2), "", suffix (concat ("0", binary-to-ascii (16, 8, "", substring (hardware, 6, 1))),2));
# the provision server should be on index 0 and it should be Null terminated i.e. \000
option docsis-mta.provision-server 0 "\006mta\006domain\003net\000";
# this option is also important to tell it what kind of provisioning path to use
option docsis-mta.krb-realm-name "\005BASIC\0011\000";
option domain-name-servers 10.200.200.5;
# Packetcable Config files rarely have information specific to one MTA contrary to SIP mtas which have very
# specific info in the config file for each mta. So we can include a general one here for all mtas rather than a specific one.
option bootfile-name "mta.bin";
filename "mta.bin";
allow members of "mta";
}
}
# subnet for your clients would go here.
} # end shared-network CABLE
# Groups for your modem configs
group pkt1 {
filename "PAKET-1.cfg";
option bootfile-name "PAKET-1.cfg";
}
group pkt2 {
filename "PAKET-2.cfg";
option bootfile-name "PAKET-2.cfg";
}
group disabled {
filename "disabled.cfg";
option bootfile-name "disabled.cfg";
}
group tester {
filename "normal.cfg";
option bootfile-name "normal.cfg";
}
#Host Declarations
host test {
hardware ethernet 00:1a:ad:a9:20:ee;
group "tester";
}
host test-mta {
hardware ethernet 00:1a:ad:a9:20:f0;
}
Hello,
first of all - thanks a million for lending a hand. Unfortunately, your configuration did not work for me either. I added few keywords and subnet info for clients and replaced my own config. I am stuck at the same point. I have re-checked all the routes on the both CMTS, dhcp server, and firewall, but had no luck.
Let me explain the situation a bit more - ATM I am setting "simple" example for myself before we try to deploy MTA modems in the live system. I have re-read all the information many times, and experimented a whole lot before I got stuck and asked for help :( I am not so sure that the problem is in DHCP itself, but documentation (http://www.packetcable.com/downloads/specs/PKT-SP-PROV-I11-050812.pdf) clearly states that MTA is not getting past the MTA2 step - "if no valid dhcp offer is received, the MTA MUST fail the corresponding provisioning flow step." I experimented with both option space and hexed values; I couldn't get this to work with either combination. What I did not know is the part that all suboptions need to be terminated with zeroes, nor I can get a clear understanding of delimiters for suboptions. RFC is just not informative enough and I couldn't find more info. I was surely trying first to send BASIC.1 string as suboption 6, in order to avoid secure or hybrid flow in provisioning, but mine was encoded wrongly, obviously. Also, when encoding option 3, according to the rfc3495, it consists of an sub-option code byte, length byte, and relevant - type byte: 1 says it is getting an IP address, 0 says it gets DNS-resolvable name. In my case, I was trying to provide line with an IP address - 10.200.200.5.
What I have noticed as well, when I was hexing option 122, and sniffing the bootp packets later on, if I would not prepend hexed string with 7a, sniff was garbled:
string encoded like this: option voip122 16:01:04:0a:c8:c8:05:03:05:01:0a:c8:c8:05:06:08:42:41:53:49:43:01:31:00;
produces sniffed line like this: T122 Option 122, length 24: 369165322,3368551683,83954376,3355772424,1111577417,1124151552
while, if i would prepend hexed string with 7a, it would get sniffed in "readable" format:
string encoded like this option voip122 7a:17:01:04:0a:c8:c8:05:03:05:01:0a:c8:c8:05:06:08:42:41:53:49:43:01:31:00;
produces line like this .... T122 Option 122, length 19: 122.17.3.5.1.10.200.200.5.6.8.66.65.83.73.67.1.49.0
I do not know how much significance this has but it surely is funny.
Another thing I was having trouble with - how do I troubleshoot mta itself, there is nothing when I connect to the modem? I tried debugging from other all angles I could've think of but whatever I got was not sufficient information for me to conclude what to fix.
Here goes tcpdump sniff with your config.
10:06:18.479996 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 395) 10.200.200.5.bootps > 10.14.0.1.bootps: BOOTP/DHCP, Reply, length 367, hops 1, xid 0x5050f8, Flags [Broadcast]
Your-IP 10.123.221.226
Server-IP 10.200.200.5
Gateway-IP 10.14.0.1
Client-Ethernet-Address 00:1a:ad:a9:20:f0 (oui Unknown)
file "mta.bin"
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Offer
Server-ID Option 54, length 4: 10.200.200.5
Lease-Time Option 51, length 4: 600
Hostname Option 12, length 15: "mta001aada920f0"
Domain-Name Option 15, length 14: "mta.domain.net"
Subnet-Mask Option 1, length 4: 255.255.128.0
Default-Gateway Option 3, length 4: 10.123.128.1
Time-Zone Option 2, length 4: -21600
Domain-Name-Server Option 6, length 4: 10.200.200.5
LOG Option 7, length 4: 10.200.200.5
T122 Option 122, length 30: 785,6,28020,24838,25711,28001,26990,878,25972,6,2309,16961,21321,17153,12544
Agent-Information Option 82, length 14:
Unknown SubOption 2, length 6:
0x0000: 001a ada9 20ee
Unknown SubOption 43, length 4:
0x0000: 0a0e 0009
Thanks once again for all the effort.
Best regards,
Luciano
.play.open.minded.
I know that encoding of option 122 is correct I have been using it for about a year and a half on live Packetcable Deployments, sadly Motorola does not have very good provisioning documentation, you may be better served by getting one Arris modem to experiment with, they have much better debugging tools available as well as halfway decent documentation.
I noticed that several options/settings are missing from that offer,
The mta will not accept the offer unless it has the following options
gateway
subnet mask
tftp-server -- this is different than next-server
log-servers
time-servers
dns-servers
hostname
domain-name
bootfile-name -- this is different that filename configuration option
time-offset
your offer is missing at least
time-servers
tftp-servers
bootfile-name
try adjusting your config to include those options and it should work they need to be reflected in the offer though
That is another thing that baffles me - what exactly version of isc dhcpd are you using, and on what platform? As I said - i am trying isc-dhcpd-4.0.0 on fedora. Should I go a version back or something? For some reason, information you mentioned does not get offered to modems. If you check my original config file - there is both tftp and bootfile name options included into the config, however - I never see it while sniffing packets. I will try to play around a bit more and see if I can get my hands on anything else besides motorola, at least for testing. I am really going nuts with this. Thanks once again for help.
I am using DHCPD 4.01 on Centos 5.3 so pretty close to what your using, I also have one running on 3.0.7 as well
I am wondering if your packet sniffer (tcpdump???) is smart enough to decode those options have you tried a packet sniff with wireshark?
Is your CMTS acting as a dhcp proxy? Perhaps it is dumping the offending options, does it have a dhcp debug setting?
Well I suspected that it might be just tcpdump, as I said, I am not sure if that is relevant at all. I am less worried about that, I think in other people's posts it is decoded in the same way by tcpdump. Since encoding like this works for all of you, I assume it is tcpdump.
My CMTS shouldn't have any special rules for those packets. I tried "debug ip udp dhcp" and I can see packets arriving to the CMTS. Unfortunately, it cannot be set to debug single interface, it is all interfaces or none. However, I do not think that my configuration could be responsible for dropping dhcp offers at the cmts. I also leaned onto existing and working config at other cmts to make this one. Here is cmts config a bit sanitized:
xxxxxxxxx#sh run
!
! Last configuration change at FRI SEP 11 14:49:30 2009
!
!
!
enable secret 5 6eb01c5ea94a059b874a74a2f0db5a2b0771
!
hostname XXXXXXXXXXXXxxxxxxx
!
!
!
service password-encryption
!
username sysadmin user-group sysadmin
username sysadmin password 7 xxxxxxxxxxxxxxxxxxx
username xxxxxx user-group sysadmin
username xxxxxxx password 7 xxxxxxxxxxxxxxxxxxxxxx
!
ip ftp password 7 5e15d69208be5f87
!
ip domain-name example.com
ip name-server 10.10.0.10
!
no logging control docsis
logging admin-status unconstrained
logging rate-limit 100 1
logging buffered informational
logging console errors
!
!
!
!
interface ethernet 0/0
ip address 10.200.200.10 255.255.0.0
ip helper-address 10.200.200.5
no shutdown
no ip unreachables
!
interface cable 0/0
ip address 10.14.0.1 255.254.0.0
ip address 10.123.128.1 255.255.128.0 secondary mta
ip address 10.100.100.1 255.255.254.0 secondary host
ip helper-address 10.200.200.5
cable helper-address 10.200.200.5 cable-modem
cable helper-address 10.200.200.5 host
cable helper-address 10.200.200.5 mta
cable dhcp-giaddr primary
no shutdown
no ip unreachables
cable downstream 0 frequency 642000000
cable downstream 0 modulation 64
cable downstream 0 power-level 450
cable downstream 0 rate-limit
no cable downstream 0 shutdown
cable upstream 0 frequency 42000000
cable upstream 0 channel-width 1600000
cable upstream 0 minislot-size 4
cable upstream 0 modulation-profile 2
cable upstream 0 rate-limit
no cable upstream 0 shutdown
cable upstream 1 frequency 42000000
cable upstream 1 channel-width 1600000
cable upstream 1 modulation-profile 2
cable upstream 1 rate-limit
no cable upstream 1 shutdown
cable upstream 2 frequency 42000000
cable upstream 2 channel-width 1600000
cable upstream 2 modulation-profile 2
cable upstream 2 rate-limit
no cable upstream 2 shutdown
cable upstream 3 frequency 42000000
cable upstream 3 channel-width 1600000
cable upstream 3 modulation-profile 2
cable upstream 3 rate-limit
no cable upstream 3 shutdown
cable dynamic-service authorization-mode disable
ip dhcp relay information option
ip dhcp relay information spectrum-group-name
cable flap-list trap-enable
cable downstream schedule priority-only
no cable wireless downstream modulation qpsk
!
!
!
!
!
!
!
ip route 0.0.0.0 0.0.0.0 10.200.200.1
!
!
!
snmp-server engineid local xxxxxxxxxxxxxxxxxxxxxxxxx
snmp-server context
snmp-server community public ro
snmp-server chassis-id Serial Number: XXX-YY-ZZZZ
snmp-server contact xxxx
snmp-server sysname xxxx
snmp-server location xxxxx. xxxx
snmp-server trap rate-limit 100 1
!
!
packet-cable
dqos shutdown
no em shutdown
!
!
ipsec
ipsec shutdown
!
password telnet 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
session-timeout console 0
session-timeout telnet 5
!
telnet session-limit 8
!
alias priv wr copy running-config startup-config
alias priv reset clear cable modem all reset
alias priv modems show cable modem summary
alias priv snr0 show interfaces cable 0/0 upstream 0 signal-quality
alias priv snr1 show interfaces cable 0/0 upstream 1 signal-quality
alias priv snr2 show interfaces cable 0/0 upstream 2 signal-quality
alias priv snr3 show interfaces cable 0/0 upstream 3 signal-quality
!
!
!
!
access-class 1 in
!
!
ssh load-host-key-files nvram:ssh
ssh enable
!
!
logging on
logging trap notifications
no logging snmp-trap
logging facility local1
!
clock timezone GMT+2 2 0 daylightsavings off
!
ssh password-authentication radius local-password
!
!
!
time-of-day server 10.200.200.5
enable rdn-process
!
!
!
!
!
cable service-class
!
!
Hey,
I believe tcpdump is "dumb" a little so that decoding of option 122 does not get read well. However, I have noticed another weird thing:
no matter what I try to send to MTA (namely - I've tried "forcing" options tftp-server-name and time-server) my dhcp server would send in the offer ONLY options that were required by mta in the discover. This is the piece of the config - I've tried to let MTA know about tftp servers from both pool and subnet specs, neither will work. Also, if i try to fix an IP for the client, I noticed that directives from "pool" won't work, that's why mine are duplicated.
mta config
subnet 10.123.128.0 netmask 255.255.128.0 {
option host-name = concat ("mta",suffix (concat ("0", binary-to-ascii (16, 8, "", substring (hardware, 1, 1))),2), "", suffix (concat ("0", binary-to-ascii (16, 8, "", substring (hardware, 2, 1))),2), "", suffix (concat ("0", binary-to-ascii (16, 8, "", substring (hardware,3, 1))),2), "", suffix (concat ("0", binary-to-ascii (16, 8, "", substring (hardware, 4, 1))),2), "", suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware, 5, 1))),2), "", suffix (concat ("0", binary-to-ascii (16, 8, "", substring (hardware, 6, 1))),2));
option docsis-mta.dhcp-server-1 10.200.200.5;
option docsis-mta.dhcp-server-2 10.200.200.6;
option docsis-mta.prov-server 1 "10.200.200.5";
option docsis-mta.kerberos "\005BASIC\0011\000";
option domain-name-servers 10.200.200.5;
option bootfile-name "mta.bin";
filename "mta.bin";
option tftp-server-name "10.200.200.5";
option time-servers 10.200.200.5;
option domain-name "domain.net";
option routers 10.123.128.1;
pool {
range 10.123.128.2 10.123.255.254;
option subnet-mask 255.255.128.0;
option routers 10.123.128.1;
option domain-name "domain.net";
option host-name = concat ("mta",suffix (concat ("0", binary-to-ascii (16, 8, "", substring (hardware, 1, 1))),2), "", suffix (concat ("0", binary-to-ascii (16, 8, "", substring (hardware, 2, 1))),2), "", suffix (concat ("0", binary-to-ascii (16, 8, "", substring (hardware,3, 1))),2), "", suffix (concat ("0", binary-to-ascii (16, 8, "", substring (hardware, 4, 1))),2), "", suffix (concat ("0", binary-to-ascii (16, 8, "", substring (hardware, 5, 1))),2), "", suffix (concat ("0", binary-to-ascii (16, 8, "", substring (hardware, 6, 1))),2));
option docsis-mta.dhcp-server-1 10.200.200.5;
option docsis-mta.dhcp-server-2 10.200.200.6;
option docsis-mta.prov-server 1 "10.200.200.5";
option docsis-mta.kerberos "\005BASIC\0011\000";
option domain-name-servers 10.200.200.5;
option bootfile-name "mta.bin";
filename "mta.bin";
option tftp-server-name "10.200.200.5";
option time-servers 10.200.200.5;
allow members of "emta";
}
}
tcpdump sniff:
10:19:16.843690 IP (tos 0x0, ttl 255, id 43532, offset 0, flags [none], proto UDP (17), length 592) 10.14.0.1.bootpc > 10.200.200.5.bootps: BOOTP/DHCP,Request from 00:1a:ad:a9:20:f0 (oui Unknown), length 564, hops 1, xid 0x24a3eda0, Flags [Broadcast]
Gateway-IP 10.14.0.1
Client-Ethernet-Address 00:1a:ad:a9:20:f0 (oui Unknown)
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Discover
MSZ Option 57, length 2: 548
Vendor-Option Option 43, length 123: 2.4.69.77.84.65.4.24.49.53.56.49.54.49.55.51.48.51.51.51.48.57.54.50.48.49.48.49.50.48.48.52.5.3.49.46.
48.6.28.83.66.86.53.49.50.49.69.45.50.46.49.55.46.49.46.50.45.83.67.77.49.48.45.83.72.80.67.7.3.56.46.53.8.3.0.26.173.9.8.83.66.86.53.49.50.49.69.10.20.
77.111.116.111.114.111.108.97.32.67.111.114.112.111.114.97.116.105.111.110.31.6.0.26.173.169.32.240.32.4.0.0.67.126
Vendor-Class Option 60, length 72: "pktc1.0:051E0101000201020901010A01010B060103050608090D010110010912020007"
Parameter-Request Option 55, length 8:
Hostname, Domain-Name, Subnet-Mask, Default-Gateway
Time-Zone, Domain-Name-Server, LOG, Option 122
Client-ID Option 61, length 7: ether 00:1a:ad:a9:20:f0
Agent-Information Option 82, length 14:
Unknown SubOption 2, length 6:
0x0000: 001a ada9 20ee
Unknown SubOption 43, length 4:
0x0000: 0a0e 000b
10:19:16.844997 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 398) 10.200.200.5.bootps > 10.14.0.1.bootps: BOOTP/DHCP, Reply,
length 370, hops 1, xid 0x24a3eda0, Flags [Broadcast]
Your-IP 10.123.128.11
Server-IP 10.200.200.5
Gateway-IP 10.14.0.1
Client-Ethernet-Address 00:1a:ad:a9:20:f0 (oui Unknown)
file "mta.bin"
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Offer
Server-ID Option 54, length 4: 10.200.200.5
Lease-Time Option 51, length 4: 7200
Hostname Option 12, length 15: "mta001aada920f0"
Domain-Name Option 15, length 9: "domain.net"
Subnet-Mask Option 1, length 4: 255.255.128.0
Default-Gateway Option 3, length 4: 10.123.128.1
Time-Zone Option 2, length 4: 7200
Domain-Name-Server Option 6, length 4: 10.200.200.5
LOG Option 7, length 4: 10.200.200.5
T122 Option 122, length 38: 260,2760,51205,516,2760,51206,781,305,12334,12848,12334,12848,12334,13574,2309,16961,21321,17153,12544
Agent-Information Option 82, length 14:
Unknown SubOption 2, length 6:
0x0000: 001a ada9 20ee
Unknown SubOption 43, length 4:
0x0000: 0a0e 000b
After making the cmts changes you may try a different version of dhcpd options should be passed whether they are in class definition, host definition, shared network or subnet definition, should not make any difference whatsover.
hey,
I got it working. First of all - not just that "ip helper address" is not necessary on the cable side, it is the line that was a problem for me - once I removed it (and fixed .conf file), my MTAs started getting dhcp addresses. helper address provides address where to send UDP broadcasts from interface, so I guess this command looped them back onto the wrong side, instead of having dhcp offers broadcasted towards the cable interface.
Big problem for me was tcpdump's insufficient detailed parsing of the captured files. i used tcpdump first to capture packets on the server: "tcpdump -s 0 -w testing_file port bootps &" - that would collect whole DHCP packets into testing_file for me. I would parse it with "tcpdump -r testing_file" with or without -v (verbose) switch, to see what happened. unfortunately, tcpdump does not parse well encapsulated vendor-space-options. if you want to use it to capture packets on native linux server with ssh access, it will work fine, but you need to parse packets with wireshark, which parses suboptions from option122 well. Once I used wireshark, I figured out that suboption 3 was not sent OK in my initial config. I managed to send it properly once I figured out the rule about making the strings.
to send server name "mta.domain.net" in suboption 3, you need to form string like this: option docsis-mta.provision-server 0 "\003mta\006domain\003net\000"; - it is formatted with delimiters "backslash + number of characters that follow". so, combination \003 means that 3 characters are following: mta, than \006domain combo stands for 6 chars in the word "domain"...\003 for net, and finally \000 as the end of the line. So, if your provisioning server was "cable.networks.ch", you would encode it like "\005cable\008networks\002ch\000";
So, once I had option 122 encoded properly, and when I removed wrong line in CMTS config, I managed to register my first mta with dhcp server. also, it does not require tftp server as it takes provisioning servers ip address to look for the boot file. Perhaps it is worthy to include this information into your "howto", I am sure many people wouldn't know how to prepare sub-options for option 122, and also NOT to use tcpdump for parsing sniffs. Thanks again for all the help.
some things strike me as odd in your config (this is a cisco right? looks like one with some oddities like ethernet 0/0 or cable 0/0)
Cable 0/0
ip address 10.14.0.1 255.254.0.0
ip address 10.123.128.1 255.255.128.0 secondary mta
ip address 10.100.100.1 255.255.254.0 secondary host
ip helper-address 10.200.200.5
cable helper-address 10.200.200.5 cable-modem
cable helper-address 10.200.200.5 host
cable helper-address 10.200.200.5 mta
cable dhcp-giaddr primary
I would remove the bolded lines, the cable helper address mta line does not do anything unless you have option 61 processing on which I do not see in your config, the ip helper address is not necessary in cable networks.
also not familiar with this command
cable dynamic-service authorization-mode disable
this is motorola bsr1000 - syntax is quite similar to cisco, different just enough to kill my fluency in talking to any cisco devices after few days of motoroling :) actually, cable helper-address is same as ip helper address - it tells interface where to forward udp broadcasts. i guess i need it in the config since there is no dhcp servers neither in mta nor in host networks - when dhcp packets come on cable interfaces, they are forwarded to the helper address. however, ip helper address on the cable interface was the one that was looping dhcp offers back onto the ethernet interface, instead of letting them go to the cable interface. at least that is my conclusion after all the trouble i went through.
.play.open.minded.