[rbak-nsp] CLIPS - hard to start up ;-)

Marcin Kuczera marcin at leon.pl
Mon Oct 13 16:35:08 EDT 2008 


Well,


In the DHCP definition:

  dhcp server policy
    allow-duplicate-mac
    subnet 194.169.126.0/24
      range 194.169.126.50 194.169.126.100

After removing
allow-duplicate-mac

- since then - works fine.
I don't know if this is a software fault or correct behaviour, however 
that was the issue.

Regards,
Marcin


Sridhar wrote:
> responses inline marked <sridhar>..
> 
> thanks
> sridhar
> 
> On Fri, Oct 10, 2008 at 4:16 PM, Marcin Kuczera <marcin at leon.pl> wrote:
>> Sridhar wrote:
>>> hello Marcin,
>>>
>>> It looks like you have configured more than what is necessary for
>>> CLIPS/DHCP to work on your SmartEdge 100 (for example, ip pool under
>>> the multibind interface, static IP address under the subscriber
>>> profile while you have an internal DHCP server configured etc.). This
>>> might be the reason you see this problem.
>> well, ip pool is just an entry in config, but is not in use.
>> If I remove it - it, dosen't help.
>> About static IP, I tried to ommit DHCP as assigning entity.
> 
> <sridhar> you need to remove the static IP from the "subscriber name"
> record, and retain it in the DHCP server policy configuration.
> 
>> If I remove static IP in config and the pool from multibind interface I
>> receive:
>> [r0]RedBack_SE100#show dhcp server host
>>
>> [r0]RedBack_SE100#show subscribers active
>> 00:0c:42:24:93:26
>>        Circuit   2/4 vlan-id 802 clips 134218
>>        Internal Circuit   2/4:1023:63/7/2/3146
>>        Interface bound  clips
>>        Current port-limit unlimited
>>        dhcp max-addrs 1 (applied)
>>        dns primary 195.66.73.4 (applied)
>>        dns secondary 195.66.73.11 (applied)
>>        dhcp option client id  (applied)
>>        dhcp option hostname  (applied)
>> [r0]RedBack_SE100#
>>
>> so, DHCP seems to be unable to assign address.
>>
>>> A couple of questions:
>>> 1. SEOS version on your SmartEdge
>> 6.1.1.4
>>
>>> 2. Do you have a DHCP relay between the SmartEdge and the DHCP
>>> clients? If so, you need to add a route in context r0 for the DHCP
>>> client subnet, pointing to the interface on the DHCP relay that faces
>>> the SmartEdge.
>> nope, my subscriber is connected directly to VLAN 803 on port 2/4
>>
>>> I've included a working configuration for CLIPS with DHCP server on
>>> running on the SmartEdge.
>>>
>>> context dhserver1
>>>  interface 2/5-vlan20.1
>>>  ip address 172.25.26.112/24
>>> !
>>>  interface subs multibind
>>>  ip address 172.15.8.2/23
>>>  dhcp server interface
>>>  no logging console
>>>  dot1q pvc 20:1
>>>  service clips dhcp context dhserver1
>>>   bind interface 2/5-vlan20.1 dhserver1
>> what is the meaning of dhcserver1 interface if dhcp server is running on
>> subs interface ?
>> I've seen similar example, but I don't get it.
> 
> <sridhar> I guess you mean interface 2/5-vlan20.1 in context
> dhserver1. This is the regular IP interface connecting the Smartedge
> to the DHCP relay in front of it.
> 
>> Regards,
>> Marcin
>>
>>
>>
>>
>>
>>> hope this helps
>>> sridhar
>>>
>>> On Fri, Oct 10, 2008 at 3:40 PM, Marcin Kuczera <marcin at leon.pl> wrote:
>>>> hello,
>>>>
>>>> I just tried to play with CLIPS as a good alternative to classical dhcp,
>>>> to
>>>> handle subscribers.
>>>>
>>>> But, it doesn't work properly.
>>>> The problem is, that client is not receiving any DHCP response.
>>>> From the point of view of CLIPs, subscriber is up, but DHCP has not
>>>> finished
>>>> it's job.
>>>>
>>>> [r0]RedBack_SE100#show subscribers active
>>>> 00:0c:42:24:93:26
>>>>       Circuit   2/4 vlan-id 802 clips 134160
>>>>       Internal Circuit   2/4:1023:63/7/2/3088
>>>>       Interface bound  clips
>>>>       Current port-limit unlimited
>>>>       ip address 194.169.126.120 255.255.255.0 (applied)
>>>>       dhcp max-addrs 1 (applied)
>>>>       dns primary 195.66.73.4 (applied)
>>>>       dns secondary 195.66.73.11 (applied)
>>>>       dhcp option client id  (applied)
>>>>       dhcp option hostname  (applied)
>>>> [r0]RedBack_SE100#
>>>>
>>>> [r0]RedBack_SE100#show dhcp server host
>>>>
>>>> [r0]RedBack_SE100#ping 194.169.126.120
>>>> PING 194.169.126.120 (194.169.126.120): source 194.169.126.1, 36 data
>>>> bytes,
>>>> timeout is 1 second
>>>> .....
>>>>
>>>> ----194.169.126.120 PING Statistics----
>>>> 5 packets transmitted, 0 packets received, 100.0% packet loss
>>>> [r0]RedBack_SE100#
>>>>
>>>>
>>>> The subscriber is MikroTik router board, but I also tried my laptop
>>>> and the only packets passing are DHCP Discovery.
>>>>
>>>> this is the config:
>>>> [r0]RedBack_SE100#show config
>>>> Building configuration...
>>>>
>>>> Current configuration:
>>>> !
>>>> context r0
>>>> !
>>>>  no ip domain-lookup
>>>> !
>>>>  interface clips multibind
>>>>  ip address 194.169.126.1/24
>>>>  dhcp server interface
>>>>  ip pool 194.169.126.10 to 194.169.126.50 name clips1
>>>> !
>>>>  interface vlan1903
>>>>  description r0-other-contexts
>>>>  ip address 195.66.73.140/29
>>>>  no logging console
>>>> !
>>>>  router ospf 1
>>>>  area 0.0.0.0
>>>>  interface vlan1903
>>>>  redistribute connected
>>>>  redistribute subscriber
>>>>  redistribute static
>>>> !
>>>>  http-redirect profile default
>>>>  url http://www.leon.pl/
>>>> !
>>>>  aaa authentication administrator local
>>>> !
>>>> !
>>>>  subscriber default
>>>>  dhcp max-addrs 1
>>>> !
>>>>  subscriber name 00:0c:42:24:93:26
>>>>  password Redback
>>>>  ip address 194.169.126.120/24
>>>>  dhcp max-addrs 1
>>>>  dns primary 195.66.73.4
>>>>  dns secondary 195.66.73.11
>>>>  subscriber name 00:1c:25:72:bb:25
>>>>  password Redback
>>>>  ip address 194.169.126.25/24
>>>>  dhcp max-addrs 1
>>>>  dns primary 195.66.73.4
>>>>  dns secondary 195.66.73.11
>>>>  service ssh client
>>>>  service telnet client
>>>> !
>>>>  dhcp server policy
>>>>  allow-duplicate-mac
>>>>  subnet 194.169.126.0/24
>>>>    range 194.169.126.50 194.169.126.100
>>>>    mac-address 00:0c:42:24:93:26 ip-address 194.169.126.33
>>>>    option router 194.169.126.1
>>>>    option domain-name-server 195.66.73.11 195.66.73.4
>>>>
>>>>
>>>> !
>>>> !
>>>> port ethernet 2/4
>>>>  auto-negotiate flc tx&rx force enable
>>>>  no shutdown
>>>>  encapsulation dot1q
>>>>  dot1q pvc 802 encapsulation multi
>>>>  service clips dhcp context r0
>>>>  bind interface clips r0
>>>>  dot1q pvc 1903
>>>>  bind interface vlan1903 r0
>>>>
>>>> end
>>>> [r0]RedBack_SE100#
>>>>
>>>>
>>>> some debug information (clips, aaa and dhcp-server exceptions)
>>>> Oct 10 23:38:21: [2/4:1023:63/1/2/12322]: %CLIPS-7-DHCP_E:
>>>> [2/4:1023:63/1/2/12322] Request from dhcpd discarded - create for
>>>> duplicate
>>>> MAC 00:0c:42:24:93:26
>>>> Oct 10 23:38:21: [2/4:1023:63/1/2/12322]: %DHCP-7-CLIPS_E:
>>>> [dhcp_clips_process_clips_response] Clips CCT Create failed for mac:
>>>> 00:0c:42:24:93:26, dropping the request
>>>> Oct 10 23:38:24: [0387]: [2/4:1023:63/7/2/3096]: %DHCP-7-AAA_E: Error:
>>>> unable to locate request for MAC 00:0c:42:24:93:26
>>>> Oct 10 23:39:00: [2/4:1023:63/1/2/12322]: %CLIPS-7-DHCP_E:
>>>> [2/4:1023:63/1/2/12322] Request from dhcpd discarded - create for
>>>> duplicate
>>>> MAC 00:0c:42:24:93:26
>>>> Oct 10 23:39:00: [2/4:1023:63/1/2/12322]: %DHCP-7-CLIPS_E:
>>>> [dhcp_clips_process_clips_response] Clips CCT Create failed for mac:
>>>> 00:0c:42:24:93:26, dropping the request
>>>> Oct 10 23:39:04: [0387]: [2/4:1023:63/7/2/3097]: %DHCP-7-AAA_E: Error:
>>>> unable to locate request for MAC 00:0c:42:24:93:26
>>>>
>>>>
>>>> Any clue about what am I doing wrong ?
>>>>
>>>> Regards,
>>>> Marcin
>>>>
>>>>
>>>> _______________________________________________
>>>> redback-nsp mailing list
>>>> redback-nsp at puck.nether.net
>>>> https://puck.nether.net/mailman/listinfo/redback-nsp
>>>>
>>
>

More information about the redback-nsp mailing list