[rbak-nsp] CLIPS - hard to start up ;-)
Sridhar
manisridhar at gmail.com
Fri Oct 10 19:02:23 EDT 2008
hello Marcin,
It looks like you have configured more than what is necessary for
CLIPS/DHCP to work on your SmartEdge 100 (for example, ip pool under
the multibind interface, static IP address under the subscriber
profile while you have an internal DHCP server configured etc.). This
might be the reason you see this problem.
A couple of questions:
1. SEOS version on your SmartEdge
2. Do you have a DHCP relay between the SmartEdge and the DHCP
clients? If so, you need to add a route in context r0 for the DHCP
client subnet, pointing to the interface on the DHCP relay that faces
the SmartEdge.
I've included a working configuration for CLIPS with DHCP server on
running on the SmartEdge.
context dhserver1
!
no ip domain-lookup
!
interface 2/5-vlan20.1
ip address 172.25.26.112/24
!
interface gre-r5-r2-intf
ip address 172.25.32.112/24
!
interface lo1 loopback
ip address 172.30.26.112/32
!
interface subs multibind
ip address 172.15.8.2/23
dhcp server interface
no logging console
aaa authentication subscriber none
!
!
subscriber default
ip source-validation
dhcp max-addrs 1
!
ip route 172.15.8.0/23 172.25.26.110
!
dhcp server policy
default-lease-time 1800
maximum-lease-time 3600
subnet 172.15.8.0/23
range 172.15.8.3 172.15.9.252
option router 172.15.8.1
option domain-name-server 172.29.200.1 172.29.200.2
option dhcp-server-identifier 172.25.26.112
!
end
Here's the configuration under the port where the DHCP discovers are
received on the SmartEdge..
port ethernet 2/1
no shutdown
encapsulation dot1q
dot1q pvc 10 encapsulation 1qtunnel
dot1q pvc 20:1
service clips dhcp context dhserver1
bind interface 2/5-vlan20.1 dhserver1
hope this helps
sridhar
On Fri, Oct 10, 2008 at 3:40 PM, Marcin Kuczera <marcin at leon.pl> wrote:
> hello,
>
> I just tried to play with CLIPS as a good alternative to classical dhcp, to
> handle subscribers.
>
> But, it doesn't work properly.
> The problem is, that client is not receiving any DHCP response.
> From the point of view of CLIPs, subscriber is up, but DHCP has not finished
> it's job.
>
> [r0]RedBack_SE100#show subscribers active
> 00:0c:42:24:93:26
> Circuit 2/4 vlan-id 802 clips 134160
> Internal Circuit 2/4:1023:63/7/2/3088
> Interface bound clips
> Current port-limit unlimited
> ip address 194.169.126.120 255.255.255.0 (applied)
> dhcp max-addrs 1 (applied)
> dns primary 195.66.73.4 (applied)
> dns secondary 195.66.73.11 (applied)
> dhcp option client id (applied)
> dhcp option hostname (applied)
> [r0]RedBack_SE100#
>
> [r0]RedBack_SE100#show dhcp server host
>
> [r0]RedBack_SE100#ping 194.169.126.120
> PING 194.169.126.120 (194.169.126.120): source 194.169.126.1, 36 data bytes,
> timeout is 1 second
> .....
>
> ----194.169.126.120 PING Statistics----
> 5 packets transmitted, 0 packets received, 100.0% packet loss
> [r0]RedBack_SE100#
>
>
> The subscriber is MikroTik router board, but I also tried my laptop
> and the only packets passing are DHCP Discovery.
>
> this is the config:
> [r0]RedBack_SE100#show config
> Building configuration...
>
> Current configuration:
> !
> context r0
> !
> no ip domain-lookup
> !
> interface clips multibind
> ip address 194.169.126.1/24
> dhcp server interface
> ip pool 194.169.126.10 to 194.169.126.50 name clips1
> !
> interface vlan1903
> description r0-other-contexts
> ip address 195.66.73.140/29
> no logging console
> !
> router ospf 1
> area 0.0.0.0
> interface vlan1903
> redistribute connected
> redistribute subscriber
> redistribute static
> !
> http-redirect profile default
> url http://www.leon.pl/
> !
> aaa authentication administrator local
> !
> !
> subscriber default
> dhcp max-addrs 1
> !
> subscriber name 00:0c:42:24:93:26
> password Redback
> ip address 194.169.126.120/24
> dhcp max-addrs 1
> dns primary 195.66.73.4
> dns secondary 195.66.73.11
> subscriber name 00:1c:25:72:bb:25
> password Redback
> ip address 194.169.126.25/24
> dhcp max-addrs 1
> dns primary 195.66.73.4
> dns secondary 195.66.73.11
> service ssh client
> service telnet client
> !
> dhcp server policy
> allow-duplicate-mac
> subnet 194.169.126.0/24
> range 194.169.126.50 194.169.126.100
> mac-address 00:0c:42:24:93:26 ip-address 194.169.126.33
> option router 194.169.126.1
> option domain-name-server 195.66.73.11 195.66.73.4
>
>
> !
> !
> port ethernet 2/4
> auto-negotiate flc tx&rx force enable
> no shutdown
> encapsulation dot1q
> dot1q pvc 802 encapsulation multi
> service clips dhcp context r0
> bind interface clips r0
> dot1q pvc 1903
> bind interface vlan1903 r0
>
> end
> [r0]RedBack_SE100#
>
>
> some debug information (clips, aaa and dhcp-server exceptions)
> Oct 10 23:38:21: [2/4:1023:63/1/2/12322]: %CLIPS-7-DHCP_E:
> [2/4:1023:63/1/2/12322] Request from dhcpd discarded - create for duplicate
> MAC 00:0c:42:24:93:26
> Oct 10 23:38:21: [2/4:1023:63/1/2/12322]: %DHCP-7-CLIPS_E:
> [dhcp_clips_process_clips_response] Clips CCT Create failed for mac:
> 00:0c:42:24:93:26, dropping the request
> Oct 10 23:38:24: [0387]: [2/4:1023:63/7/2/3096]: %DHCP-7-AAA_E: Error:
> unable to locate request for MAC 00:0c:42:24:93:26
> Oct 10 23:39:00: [2/4:1023:63/1/2/12322]: %CLIPS-7-DHCP_E:
> [2/4:1023:63/1/2/12322] Request from dhcpd discarded - create for duplicate
> MAC 00:0c:42:24:93:26
> Oct 10 23:39:00: [2/4:1023:63/1/2/12322]: %DHCP-7-CLIPS_E:
> [dhcp_clips_process_clips_response] Clips CCT Create failed for mac:
> 00:0c:42:24:93:26, dropping the request
> Oct 10 23:39:04: [0387]: [2/4:1023:63/7/2/3097]: %DHCP-7-AAA_E: Error:
> unable to locate request for MAC 00:0c:42:24:93:26
>
>
> Any clue about what am I doing wrong ?
>
> Regards,
> Marcin
>
>
> _______________________________________________
> redback-nsp mailing list
> redback-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/redback-nsp
>
More information about the redback-nsp
mailing list