[rbak-nsp] CLIPS - hard to start up ;-)

Sridhar manisridhar at gmail.com
Fri Oct 10 19:12:24 EDT 2008


adding to my previous email..

two different IP addresses have been configured for the MAC address
00:0c:42:24:93:26, once under the "dhcp server policy", and once under
the "subscriber name". This is clearly a configuration error :)

thanks
sridhar

On Fri, Oct 10, 2008 at 4:02 PM, Sridhar <manisridhar at gmail.com> wrote:
> hello Marcin,
>
> It looks like you have configured more than what is necessary for
> CLIPS/DHCP to work on your SmartEdge 100 (for example, ip pool under
> the multibind interface, static IP address under the subscriber
> profile while you have an internal DHCP server configured etc.). This
> might be the reason you see this problem.
>
> A couple of questions:
> 1. SEOS version on your SmartEdge
> 2. Do you have a DHCP relay between the SmartEdge and the DHCP
> clients? If so, you need to add a route in context r0 for the DHCP
> client subnet, pointing to the interface on the DHCP relay that faces
> the SmartEdge.
>
> I've included a working configuration for CLIPS with DHCP server on
> running on the SmartEdge.
>
> context dhserver1
> !
>  no ip domain-lookup
> !
>  interface 2/5-vlan20.1
>  ip address 172.25.26.112/24
> !
>  interface gre-r5-r2-intf
>  ip address 172.25.32.112/24
> !
>  interface lo1 loopback
>  ip address 172.30.26.112/32
> !
>  interface subs multibind
>  ip address 172.15.8.2/23
>  dhcp server interface
>  no logging console
>
>  aaa authentication subscriber none
> !
> !
>  subscriber default
>   ip source-validation
>   dhcp max-addrs 1
> !
>  ip route 172.15.8.0/23 172.25.26.110
> !
>  dhcp server policy
>   default-lease-time 1800
>   maximum-lease-time 3600
>   subnet 172.15.8.0/23
>     range 172.15.8.3 172.15.9.252
>     option router 172.15.8.1
>     option domain-name-server 172.29.200.1 172.29.200.2
>     option dhcp-server-identifier 172.25.26.112
> !
> end
>
> Here's the configuration under the port where the DHCP discovers are
> received on the SmartEdge..
>
> port ethernet 2/1
>  no shutdown
>  encapsulation dot1q
>  dot1q pvc 10 encapsulation 1qtunnel
>  dot1q pvc 20:1
>  service clips dhcp context dhserver1
>   bind interface 2/5-vlan20.1 dhserver1
>
> hope this helps
> sridhar
>
> On Fri, Oct 10, 2008 at 3:40 PM, Marcin Kuczera <marcin at leon.pl> wrote:
>> hello,
>>
>> I just tried to play with CLIPS as a good alternative to classical dhcp, to
>> handle subscribers.
>>
>> But, it doesn't work properly.
>> The problem is, that client is not receiving any DHCP response.
>> From the point of view of CLIPs, subscriber is up, but DHCP has not finished
>> it's job.
>>
>> [r0]RedBack_SE100#show subscribers active
>> 00:0c:42:24:93:26
>>        Circuit   2/4 vlan-id 802 clips 134160
>>        Internal Circuit   2/4:1023:63/7/2/3088
>>        Interface bound  clips
>>        Current port-limit unlimited
>>        ip address 194.169.126.120 255.255.255.0 (applied)
>>        dhcp max-addrs 1 (applied)
>>        dns primary 195.66.73.4 (applied)
>>        dns secondary 195.66.73.11 (applied)
>>        dhcp option client id  (applied)
>>        dhcp option hostname  (applied)
>> [r0]RedBack_SE100#
>>
>> [r0]RedBack_SE100#show dhcp server host
>>
>> [r0]RedBack_SE100#ping 194.169.126.120
>> PING 194.169.126.120 (194.169.126.120): source 194.169.126.1, 36 data bytes,
>> timeout is 1 second
>> .....
>>
>> ----194.169.126.120 PING Statistics----
>> 5 packets transmitted, 0 packets received, 100.0% packet loss
>> [r0]RedBack_SE100#
>>
>>
>> The subscriber is MikroTik router board, but I also tried my laptop
>> and the only packets passing are DHCP Discovery.
>>
>> this is the config:
>> [r0]RedBack_SE100#show config
>> Building configuration...
>>
>> Current configuration:
>> !
>> context r0
>> !
>>  no ip domain-lookup
>> !
>>  interface clips multibind
>>  ip address 194.169.126.1/24
>>  dhcp server interface
>>  ip pool 194.169.126.10 to 194.169.126.50 name clips1
>> !
>>  interface vlan1903
>>  description r0-other-contexts
>>  ip address 195.66.73.140/29
>>  no logging console
>> !
>>  router ospf 1
>>  area 0.0.0.0
>>   interface vlan1903
>>  redistribute connected
>>  redistribute subscriber
>>  redistribute static
>> !
>>  http-redirect profile default
>>  url http://www.leon.pl/
>> !
>>  aaa authentication administrator local
>> !
>> !
>>  subscriber default
>>   dhcp max-addrs 1
>> !
>>  subscriber name 00:0c:42:24:93:26
>>   password Redback
>>   ip address 194.169.126.120/24
>>   dhcp max-addrs 1
>>   dns primary 195.66.73.4
>>   dns secondary 195.66.73.11
>>  subscriber name 00:1c:25:72:bb:25
>>   password Redback
>>   ip address 194.169.126.25/24
>>   dhcp max-addrs 1
>>   dns primary 195.66.73.4
>>   dns secondary 195.66.73.11
>>  service ssh client
>>  service telnet client
>> !
>>  dhcp server policy
>>   allow-duplicate-mac
>>   subnet 194.169.126.0/24
>>     range 194.169.126.50 194.169.126.100
>>     mac-address 00:0c:42:24:93:26 ip-address 194.169.126.33
>>     option router 194.169.126.1
>>     option domain-name-server 195.66.73.11 195.66.73.4
>>
>>
>> !
>> !
>> port ethernet 2/4
>>  auto-negotiate flc tx&rx force enable
>>  no shutdown
>>  encapsulation dot1q
>>  dot1q pvc 802 encapsulation multi
>>  service clips dhcp context r0
>>  bind interface clips r0
>>  dot1q pvc 1903
>>  bind interface vlan1903 r0
>>
>> end
>> [r0]RedBack_SE100#
>>
>>
>> some debug information (clips, aaa and dhcp-server exceptions)
>> Oct 10 23:38:21: [2/4:1023:63/1/2/12322]: %CLIPS-7-DHCP_E:
>> [2/4:1023:63/1/2/12322] Request from dhcpd discarded - create for duplicate
>> MAC 00:0c:42:24:93:26
>> Oct 10 23:38:21: [2/4:1023:63/1/2/12322]: %DHCP-7-CLIPS_E:
>> [dhcp_clips_process_clips_response] Clips CCT Create failed for mac:
>> 00:0c:42:24:93:26, dropping the request
>> Oct 10 23:38:24: [0387]: [2/4:1023:63/7/2/3096]: %DHCP-7-AAA_E: Error:
>> unable to locate request for MAC 00:0c:42:24:93:26
>> Oct 10 23:39:00: [2/4:1023:63/1/2/12322]: %CLIPS-7-DHCP_E:
>> [2/4:1023:63/1/2/12322] Request from dhcpd discarded - create for duplicate
>> MAC 00:0c:42:24:93:26
>> Oct 10 23:39:00: [2/4:1023:63/1/2/12322]: %DHCP-7-CLIPS_E:
>> [dhcp_clips_process_clips_response] Clips CCT Create failed for mac:
>> 00:0c:42:24:93:26, dropping the request
>> Oct 10 23:39:04: [0387]: [2/4:1023:63/7/2/3097]: %DHCP-7-AAA_E: Error:
>> unable to locate request for MAC 00:0c:42:24:93:26
>>
>>
>> Any clue about what am I doing wrong ?
>>
>> Regards,
>> Marcin
>>
>>
>> _______________________________________________
>> redback-nsp mailing list
>> redback-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/redback-nsp
>>
>


More information about the redback-nsp mailing list