[rbak-nsp] CLIPS - hard to start up ;-)

Sridhar manisridhar at gmail.com
Mon Oct 13 13:59:12 EDT 2008 

responses inline marked <sridhar>..

thanks
sridhar

On Fri, Oct 10, 2008 at 4:16 PM, Marcin Kuczera <marcin at leon.pl> wrote:
> Sridhar wrote:
>>
>> hello Marcin,
>>
>> It looks like you have configured more than what is necessary for
>> CLIPS/DHCP to work on your SmartEdge 100 (for example, ip pool under
>> the multibind interface, static IP address under the subscriber
>> profile while you have an internal DHCP server configured etc.). This
>> might be the reason you see this problem.
>
> well, ip pool is just an entry in config, but is not in use.
> If I remove it - it, dosen't help.
> About static IP, I tried to ommit DHCP as assigning entity.

<sridhar> you need to remove the static IP from the "subscriber name"
record, and retain it in the DHCP server policy configuration.

>
> If I remove static IP in config and the pool from multibind interface I
> receive:
> [r0]RedBack_SE100#show dhcp server host
>
> [r0]RedBack_SE100#show subscribers active
> 00:0c:42:24:93:26
>        Circuit   2/4 vlan-id 802 clips 134218
>        Internal Circuit   2/4:1023:63/7/2/3146
>        Interface bound  clips
>        Current port-limit unlimited
>        dhcp max-addrs 1 (applied)
>        dns primary 195.66.73.4 (applied)
>        dns secondary 195.66.73.11 (applied)
>        dhcp option client id  (applied)
>        dhcp option hostname  (applied)
> [r0]RedBack_SE100#
>
> so, DHCP seems to be unable to assign address.
>
>> A couple of questions:
>> 1. SEOS version on your SmartEdge
>
> 6.1.1.4
>
>> 2. Do you have a DHCP relay between the SmartEdge and the DHCP
>> clients? If so, you need to add a route in context r0 for the DHCP
>> client subnet, pointing to the interface on the DHCP relay that faces
>> the SmartEdge.
>
> nope, my subscriber is connected directly to VLAN 803 on port 2/4
>
>> I've included a working configuration for CLIPS with DHCP server on
>> running on the SmartEdge.
>>
>> context dhserver1
>>  interface 2/5-vlan20.1
>>  ip address 172.25.26.112/24
>> !
>>  interface subs multibind
>>  ip address 172.15.8.2/23
>>  dhcp server interface
>>  no logging console
>
>>  dot1q pvc 20:1
>>  service clips dhcp context dhserver1
>>   bind interface 2/5-vlan20.1 dhserver1
>
> what is the meaning of dhcserver1 interface if dhcp server is running on
> subs interface ?
> I've seen similar example, but I don't get it.

<sridhar> I guess you mean interface 2/5-vlan20.1 in context
dhserver1. This is the regular IP interface connecting the Smartedge
to the DHCP relay in front of it.

>
> Regards,
> Marcin
>
>
>
>
>
>> hope this helps
>> sridhar
>>
>> On Fri, Oct 10, 2008 at 3:40 PM, Marcin Kuczera <marcin at leon.pl> wrote:
>>>
>>> hello,
>>>
>>> I just tried to play with CLIPS as a good alternative to classical dhcp,
>>> to
>>> handle subscribers.
>>>
>>> But, it doesn't work properly.
>>> The problem is, that client is not receiving any DHCP response.
>>> From the point of view of CLIPs, subscriber is up, but DHCP has not
>>> finished
>>> it's job.
>>>
>>> [r0]RedBack_SE100#show subscribers active
>>> 00:0c:42:24:93:26
>>>       Circuit   2/4 vlan-id 802 clips 134160
>>>       Internal Circuit   2/4:1023:63/7/2/3088
>>>       Interface bound  clips
>>>       Current port-limit unlimited
>>>       ip address 194.169.126.120 255.255.255.0 (applied)
>>>       dhcp max-addrs 1 (applied)
>>>       dns primary 195.66.73.4 (applied)
>>>       dns secondary 195.66.73.11 (applied)
>>>       dhcp option client id  (applied)
>>>       dhcp option hostname  (applied)
>>> [r0]RedBack_SE100#
>>>
>>> [r0]RedBack_SE100#show dhcp server host
>>>
>>> [r0]RedBack_SE100#ping 194.169.126.120
>>> PING 194.169.126.120 (194.169.126.120): source 194.169.126.1, 36 data
>>> bytes,
>>> timeout is 1 second
>>> .....
>>>
>>> ----194.169.126.120 PING Statistics----
>>> 5 packets transmitted, 0 packets received, 100.0% packet loss
>>> [r0]RedBack_SE100#
>>>
>>>
>>> The subscriber is MikroTik router board, but I also tried my laptop
>>> and the only packets passing are DHCP Discovery.
>>>
>>> this is the config:
>>> [r0]RedBack_SE100#show config
>>> Building configuration...
>>>
>>> Current configuration:
>>> !
>>> context r0
>>> !
>>>  no ip domain-lookup
>>> !
>>>  interface clips multibind
>>>  ip address 194.169.126.1/24
>>>  dhcp server interface
>>>  ip pool 194.169.126.10 to 194.169.126.50 name clips1
>>> !
>>>  interface vlan1903
>>>  description r0-other-contexts
>>>  ip address 195.66.73.140/29
>>>  no logging console
>>> !
>>>  router ospf 1
>>>  area 0.0.0.0
>>>  interface vlan1903
>>>  redistribute connected
>>>  redistribute subscriber
>>>  redistribute static
>>> !
>>>  http-redirect profile default
>>>  url http://www.leon.pl/
>>> !
>>>  aaa authentication administrator local
>>> !
>>> !
>>>  subscriber default
>>>  dhcp max-addrs 1
>>> !
>>>  subscriber name 00:0c:42:24:93:26
>>>  password Redback
>>>  ip address 194.169.126.120/24
>>>  dhcp max-addrs 1
>>>  dns primary 195.66.73.4
>>>  dns secondary 195.66.73.11
>>>  subscriber name 00:1c:25:72:bb:25
>>>  password Redback
>>>  ip address 194.169.126.25/24
>>>  dhcp max-addrs 1
>>>  dns primary 195.66.73.4
>>>  dns secondary 195.66.73.11
>>>  service ssh client
>>>  service telnet client
>>> !
>>>  dhcp server policy
>>>  allow-duplicate-mac
>>>  subnet 194.169.126.0/24
>>>    range 194.169.126.50 194.169.126.100
>>>    mac-address 00:0c:42:24:93:26 ip-address 194.169.126.33
>>>    option router 194.169.126.1
>>>    option domain-name-server 195.66.73.11 195.66.73.4
>>>
>>>
>>> !
>>> !
>>> port ethernet 2/4
>>>  auto-negotiate flc tx&rx force enable
>>>  no shutdown
>>>  encapsulation dot1q
>>>  dot1q pvc 802 encapsulation multi
>>>  service clips dhcp context r0
>>>  bind interface clips r0
>>>  dot1q pvc 1903
>>>  bind interface vlan1903 r0
>>>
>>> end
>>> [r0]RedBack_SE100#
>>>
>>>
>>> some debug information (clips, aaa and dhcp-server exceptions)
>>> Oct 10 23:38:21: [2/4:1023:63/1/2/12322]: %CLIPS-7-DHCP_E:
>>> [2/4:1023:63/1/2/12322] Request from dhcpd discarded - create for
>>> duplicate
>>> MAC 00:0c:42:24:93:26
>>> Oct 10 23:38:21: [2/4:1023:63/1/2/12322]: %DHCP-7-CLIPS_E:
>>> [dhcp_clips_process_clips_response] Clips CCT Create failed for mac:
>>> 00:0c:42:24:93:26, dropping the request
>>> Oct 10 23:38:24: [0387]: [2/4:1023:63/7/2/3096]: %DHCP-7-AAA_E: Error:
>>> unable to locate request for MAC 00:0c:42:24:93:26
>>> Oct 10 23:39:00: [2/4:1023:63/1/2/12322]: %CLIPS-7-DHCP_E:
>>> [2/4:1023:63/1/2/12322] Request from dhcpd discarded - create for
>>> duplicate
>>> MAC 00:0c:42:24:93:26
>>> Oct 10 23:39:00: [2/4:1023:63/1/2/12322]: %DHCP-7-CLIPS_E:
>>> [dhcp_clips_process_clips_response] Clips CCT Create failed for mac:
>>> 00:0c:42:24:93:26, dropping the request
>>> Oct 10 23:39:04: [0387]: [2/4:1023:63/7/2/3097]: %DHCP-7-AAA_E: Error:
>>> unable to locate request for MAC 00:0c:42:24:93:26
>>>
>>>
>>> Any clue about what am I doing wrong ?
>>>
>>> Regards,
>>> Marcin
>>>
>>>
>>> _______________________________________________
>>> redback-nsp mailing list
>>> redback-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/redback-nsp
>>>
>>
>
>

More information about the redback-nsp mailing list