SYSTEM ADMINISTRATOR GUIDE     32/1543-CRA 119 1170/1-V1 Uen D    

Configuring DHCP

© Ericsson AB 2010. All rights reserved. No part of this document may be reproduced in any form without the written permission of the copyright owner.

Disclaimer

The contents of this document are subject to revision without notice due to continued progress in methodology, design and manufacturing. Ericsson shall have no liability for any error or damage of any kind resulting from the use of this document.

Trademark List

SmartEdge is a registered trademark of Telefonaktiebolaget LM Ericsson.

Contents

1Overview
1.1DHCPv4 Support
1.2DHCPv6 Prefix Delegation for IPv6 Subscribers

2

Configuration and Operations Tasks
2.1Configure an Internal DHCPv4 Server
2.2Configure an External DHCPv4 Server
2.3Configure a Context for an External DHCPv4 Server
2.4Configure an Interface for an External DHCPv4 Server
2.5Configure Subscriber Hosts for DHCPv4 Address Functions
2.6Configure Router to Prevent DoS Attacks from DHCPv4 Clients
2.7Configure a Traffic Card to Limit Effect of DHCPv4 Packet DoS Attacks
2.8Configure a Traffic Card to Limit Effect of DHCPv6 Packet DoS Attacks
2.9Configure DHCPv6-PD for IPv6 Subscriber Support
2.10Operations Tasks

3

Configuration Examples
3.1DHCPv4 Internal Server
3.2DHCPv4 Proxy and Maximum Address Support
3.3Subscriber Bindings to DHCPv4 Interfaces
3.4DHCPv4 Proxy Through Dynamic Subscriber Bindings
3.5DHCPv4 Proxy Through Static Interface Bindings
3.6DHCPv4 Proxy Through RADIUS
3.7Loopback Interface as DHCPv4 Source Address
3.8Configuring a DHCPv6-PD Server and Server Policy
3.9Configure a DHCPv6 PD Pool
3.10Configure Statically Mapped DHCPv6 Prefixes

Glossary


1   Overview

This document provides an overview of Dynamic Host Configuration Protocol (DHCP) features supported on the SmartEdge® router and describes the tasks performed to configure, monitor, and administer DHCP. This document also provides configuration examples of DHCP.

The SmartEdge router provides general DHCPv4 support and DHCPv6-PD support for PPP subscriber services. You can configure both DHCPv4 and DHCPv6-PD on the router; dual-stack is supported. To configure DHCPv6-PD server and DHCPv6 subscriber profiles, see Section 1.2. For more information about IPv6 subscriber services, see Configuring IPV6 Subscriber Services.

1.1   DHCPv4 Support

DHCPv4 dynamically configures IP address information for IPv4 subscriber hosts. For IPv4 support, the SmartEdge router provides the following types of DHCPv4 support:

DHCPv4 is described in the following RFCs:

For more information about RADIUS, see Configuring RADIUS. For information about vendor VSAs provided by Ericsson AB, see RADIUS Attributes.

Note:  
In all modes, DHCP maintains host entries only for multibind interfaces.

1.1.1   ARP and DHCPv4

For every valid DHCP response received from or transmitted to a subscriber, an entry is created in the Address Resolution Protocol (ARP) table. The entry includes the IP address that is assigned to the requesting medium access control (MAC) address and the incoming circuit on which the DHCP request is received. All entries are secured ARP entries. Because entries are cached in the ARP table, the SmartEdge router can route downstream packets to the correct outgoing interface. For more information about ARP, see Configuring ARP.

1.1.2   CLIPS and DHCPv4

Clientless IP service selection (CLIPS) exclusion allows you to configure DHCPv4 sessions on ports and PVCs that you have also configured for dynamic CLIPS sessions. With CLIPS exclusion, you can specify which sessions are DHCP hosts; all other sessions are dynamic CLIPS sessions. CLIPS exclusion applies only the DHCP proxy and internal servers. For more information about configuring CLIPS exclusion, see Configuring CLIPS.

The SmartEdge router supports residential gateways (RGs) with DHCP relay capability to be used as dynamic CLIPS clients. These RGs can then function as DHCP relay agents for the home network devices connected to an RG. (An RG connects network-enabled devices on a home network to the Internet.) Without this function, you must configure each RG by manually assigning it an IP address, enabling it to be used as a DHCP relay agent.

The following must occur before the can support RGs with DHCP relay capability to be used as dynamic CLIPS clients:

After the CLIPS session of an RG is established, the home network devices can establish their own CLIPS sessions by using the DHCP relay agent. The CLIPS sessions for the home network devices are independent of the CLIPS session for the RG.

Note:  
In this configuration, the DHCP server assigns the IP addresses to the RG and the home network devices on the same subnet.

To configure the SmartEdge router to support an RG as a dynamic CLIPS client, configure dynamic CLIPS circuits on the SmartEdge router. For instructions , follow the steps in the Configuring Dynamic CLIPS Circuits section in Configuring CLIPS.

The SmartEdge router supports DHCP discovery with duplicate MAC addresses for CLIPS subscribers. This enables different CLIPS subscribers to use the same MAC address, if the DHCP discover packet contains a unique GIADDR address. In general, DHCP determines the uniqueness of a subscriber based on both the MAC and GIADDR addresses instead of just the MAC address.

1.1.3   RADIUS and DHCP

When Remote Authentication Dial-In User Service (RADIUS) authentication is enabled, the SmartEdge router sends an accounting record to a RADIUS server each time an IP address is assigned or released.

If the SmartEdge router is acting as a DHCP proxy or internal server for CLIPS subscribers, the vendor class identifier received in the DHCP discover packet for the CLIPS session is sent in the RADIUS Access-Request and Accounting-Request packets to the RADIUS server, using vendor-specific attribute (VSA) 125 provided by Ericsson AB.

1.2   DHCPv6 Prefix Delegation for IPv6 Subscribers

For detailed information about using DHCPv6 PD to delegate IPv6 prefixes to subscribers, see Configuring IPV6 Subscriber Services.

2   Configuration and Operations Tasks

Note:  
In this section, the command syntax in the task tables displays only the root command; for the complete command syntax, see the Command List.

To configure DHCP features, perform the tasks described in the following sections:

2.1   Configure an Internal DHCPv4 Server

To configure the SmartEdge router to act as an internal DHCP server, perform the tasks described in Table 1.

Table 1    Configure an Internal DHCP Server

Step

Task

Root Command

Notes

1.

Create or select the context for the DHCP internal server and access context configuration mode.

context

Enter this command in global configuration mode.

2.

Create or select the interface for the DHCP internal server and access interface configuration mode.

interface

Enter this command in context configuration mode. Specify the multibind keyword.

3.

Assign one or more IP addresses to this interface.

ip address

Enter this command in interface configuration mode.

4.

Enable this interface for internal DHCP server support and assign an IP address for its support.

dhcp server

Enter this command in interface configuration mode.

5.

Enable internal DHCP server functions in this context and access DHCP server configuration mode.

dhcp server policy

Enter this command in context configuration mode.

6.

Specify global settings for the DHCP server and all its subnets, using one or more of the following tasks:

 

Enter these commands in DHCP server configuration mode.

 

Specify the default lease time.

default-lease-time

 
 

Specify the maximum lease time.

max-lease-time

 
 

Specify the offer lease time.

offer-lease-time

 
 

Enable the monitoring and reporting of available DHCP leases at the context level for minimum and maximum threshold values.

threshold

 
 

Enable DHCP clients with the same MAC address to be assigned IP addresses on different circuits.

allow-duplicate-mac

 
 

Specify one or more DHCP options.

option

Enter this command multiple times to specify as many options as you require.

 

Specify the filename of the boot loader image file.

bootp-filename

 
 

Specify the IP address that the boot loader client uses to download the boot loader image file.

bootp-siaddr

 

7.

Create a static mapping between a subnet and the specified vendor class ID.

vendor-class

 

8.

Create a subnet for the DHCP server and access DHCP subnet configuration mode.

subnet

Enter this command in DHCP server configuration mode.

 

Optional. Configure this subnet, using one or more of the following tasks:

 

Enter all commands in DHCP subnet configuration mode.

 

Assign a range of IP addresses to this subnet.

range (DHCP)

 
 

Create a static mapping between a MAC address and an IP address in this subnet.

mac-address (DHCP)

 
 

Create a static mapping between the agent circuit id subfield or the agent remote id subfield in the option 82 field and an IP address.

option-82

 
 

Specify the maximum number of IP addresses allowed for an agent circuit id.

option-82

 
 

Specify the default lease time for this subnet.

default-lease-time

These settings override the global settings for this subnet.

 

Specify the maximum lease time for this subnet.

max-lease-time

 
 

Specify the offer lease time for this subnet.

offer-lease-time

 
 

Specify one or more DHCP options for this subnet.

option

Enter this command multiple times to specify as many options as you require.


2.2   Configure an External DHCPv4 Server

To configure an external DHCP relay or proxy server, perform the tasks described in Table 2; enter all commands in DHCP relay server configuration mode, unless otherwise noted.

Table 2    Configure an External DHCP Server

Step

Task

Root Command

Notes

1.

Configure an external DHCP server, and enter DHCP relay server configuration mode.

dhcp relay server

Enter this command in context configuration mode.


You can configure only one DHCP server IP address in a single context.

2.

Configure the maximum hop count allowed for DHCP requests.

max-hops

 

3.

Configure the interval, in seconds, to wait before forwarding requests to the DHCP server.

min-wait

 

4.

Assign the DHCP server to a DHCP server group.

server-group

 

5.

Specify forwarding for DHCP messages, using one of the following tasks:

   
 

Forward packets to all other DHCP servers in the DHCP server group.

forward-all

 
 

Forward DHCP discover packets to other configured servers in the DHCP server group.

broadcast-discover

 
 

Forward packets to a standby DHCP server.

standby

 

2.3   Configure a Context for an External DHCPv4 Server

To configure a context for an external DHCP relay or proxy server, perform the tasks described in Table 3; enter all commands in context configuration mode.

Table 3    Configure a Context for an External DHCP Server

Step

Task

Root Command

Notes

1.

Specify the number of attempts and the interval to wait for each attempt when trying to reach an external DHCP server before it is marked unreachable.

dhcp relay server retries

 

2.

Disable the sending of a DHCPNAK message if the SmartEdge router receives a DHCPREQUEST message for which it does not have an entry.

dhcp relay suppress-nak

 

3.

Optional. Add the DHCP relay information option to packets.

dhcp relay option

The DHCP relay information option is described in RFC 3046, DHCP Relay Agent Information Option.

2.4   Configure an Interface for an External DHCPv4 Server

To configure an interface for an external DHCP relay or proxy server, perform the tasks described in Table 4; enter all commands in interface configuration mode, unless otherwise noted.

Table 4    Configure an Interface for an External DHCP Server

Step

Task

Root Command

Notes

1.

Enable the interface for an external DHCP server, using one of the following tasks:

   
 

Enable the interface to relay DHCP messages to an external DHCP server, and access DHCP giaddr configuration mode.

dhcp relay

These commands are mutually exclusive. If you are configuring CLIPS, you must use the dhcp proxy command.


The value for the max-dhcp-addrs argument used with these commands works in conjunction with the max-sub-addrs value specified in the dhcp max-addr command (in subscriber configuration mode); see Section 3.2.

 

Enable the interface to act as a proxy between subscribers and an external DHCP server, and access DHCP giaddr configuration mode.

dhcp proxy

 

2.

Optional. Configure an IP source address.

ip source-address

The interface address that you specify with this command must be reachable by the external DHCP server. You must specify the dhcp-server keyword.

3.

Specify an IP address for the giaddr field for DHCP packets that match the specified vendor-class-id.

vendor-class-id

Enter this command in DHCP giaddr configuration mode. You can enter either of these commands multiple times to specify multiple vendor IDs.

Note:  
By default, the IP address of the interface on which DHCP messages are transmitted is sent in DHCP packets. To not publish this IP address, configure an interface (typically loopback) to appear to be the source address for DHCP packets.

2.5   Configure Subscriber Hosts for DHCPv4 Address Functions

To configure subscriber hosts for DHCP address functions, perform the tasks described in Table 5; enter all commands in subscriber configuration mode.

Table 5    Configure Subscriber Hosts for DHCP Address Functions

Task

Root Command

Notes

Optional. Configure hosts to use DHCP to dynamically acquire address information for a subscriber circuit and set a maximum number of IP addresses that can be assigned to hosts associated with the circuit.

dhcp max-addrs

You can also configure this information in the subscriber record through the RADIUS database instead of through this command. Use vendor VSA 3 provided by Ericsson AB, DHCP-Max-Leases, for the maximum number of IP addresses; see RADIUS Attributes.

Optional. Configure hosts to use a specific DHCP interface to acquire address information for a subscriber circuit.

ip interface

You must configure the subscriber record or profile with the dhcp max-addrs command.


You must enable the specified interface for DHCP proxy or DHCP relay; see Section 3.2.


You can also configure this information in the subscriber record through the RADIUS database instead of through this command. Use vendor VSA 104 provided by Ericsson AB, IP-Interface-Name; see RADIUS Attributes.

2.6   Configure Router to Prevent DoS Attacks from DHCPv4 Clients

To configure the SmartEdge router to prevent denial of service (DoS) attacks from DHCP clients on a circuit, perform the task described in Table 6; enter the command in global configuration mode.

Table 6    Configure Router to Prevent DoS Attacks from DHCP Clients

Task

Root Command

Notes

Optional. Enable rate limiting DHCP packets on the circuit to prevent DoS attacks. Specify the number of packets allowed on each circuit, the interval during which the system counts the packets, and the drop-interval during which during which packets are dropped, if the allowed number of messages was exceeded in the previous interval.

rate-limit circuit dhcp

You have the option to rate-limit the DHCP packets based on either each MAC address on a circuit or a unique combination of MAC address and DHCP relay server address on a circuit.

2.7   Configure a Traffic Card to Limit Effect of DHCPv4 Packet DoS Attacks

To configure a traffic card to prevent denial of service (DoS) attacks, perform the task described in Table 8; enter the command in card configuration mode.

Table 7    Configure a Traffic Card to Prevent DoS Attacks

Task

Root Command

Notes

Optional. Enable rate limiting and specify the rate and burst limits for DHCP or PADI packets to prevent DoS attacks.

rate-limit dhcprate-limit padi

 

2.8   Configure a Traffic Card to Limit Effect of DHCPv6 Packet DoS Attacks

To configure a traffic card to limit the effect of DHCPv6 packet denial of service (DoS) attacks, enter the rate-limit dhcpv6 command as described in Table 8.

Table 8    Configure a Traffic Card to Limit Effect of DHCPv6 DoS Attacks

Task

Root Command

Notes

Enable rate limiting and specify the rate and burst limits for DHCPv6 packets.

rate-limit dhcpv6

Enter in card configuration mode.

2.9   Configure DHCPv6-PD for IPv6 Subscriber Support

To configure IPv6 subscriber services on a SmartEdge router, you must configure one or more multibind interfaces to function as DHCPv6-PD servers and configure a DHCPv6 server policy for subscribers.

To configure a multibind interface to be the DHCPv6-PD server, perform the following tasks:

Table 9    Configure a Multibind Interface to be the DCPv6-PD Server

Task

Root Command

Notes

Access global configuration mode.

configure

Access context configuration mode.

context

Create a multibind interface, and access interface configuration mode.

interface

This is the interface you want to configure to be DHCPv6 enabled. It can, but is not required to be a last-resort interface.

Assign an IPv6 address to the interface.

ipv6 address

Configure an interface to be a DHCPv6 server interface.

dhcpv6 server

You can configure the DHCPv6 server to use the primary IPv6 address of the interface as the server IP address or specify an IP address for it.

To configure a DHCPv6 PD prefix pool:

Table 10    Configure a DHCPv6 PD Prefix Pool

Task

Root Command

Notes

Access global configuration mode.

configure

Access context configuration mode.

context

Create a multibind interface, and access interface configuration mode.

interface

Assign an IPv6 address to the interface.

ipv6 address

Create a DHCPv6 threshold value for which a crossing event occurs.

ipv6 pool dhcpv6

DHCPv6 threshold configuration for a particular pool (in interface configuration mode) takes precedence over DHCPv6 PD threshold configuration in context configuration mode.

To optionally configure pool thresholds that apply to all DHCPv6 PD prefix pools in the context:

Table 11    Configure DHCPv6 PD Prefix Pool Thresholds

Task

Root Command

Notes

Access global configuration mode.

configure

Access context configuration mode.

context

Create pool of DHCPv6 PD prefixes under the multibind interface.

ipv6 pool dhcpv6

Threshold configuration for a particular pool (in interface configuration mode) takes precedence over threshold configuration in context configuration mode.

To create and configure a DHCPv6 server policy, perform the following tasks:

Table 12    Create and Configure a DHCPv6 Server Policy

#

Task

Root Command

Notes

1.

Configure top-level DHCPv6 service policy attributes:

 

Access global configuration mode.

configure

 

Access context configuration mode.

context

 

Create a DHCPv6 server policy and access DHCPv6 server policy configuration mode.

dhcpv6 server

Only one DHCPv6 server policy is allowed for a context.

 

Specify the IP address of a DNS name server.

option domain-name-server

 

Specify a domain name for DNS resolution.

option domain-search

 

Specify the number of seconds a client waits before refreshing the configuration information received from DHCPv6 server.

option information-refresh-time

Range is from 600 through 4294967295 seconds.

 

Configure the preference value for this DHCPv6 server.

option preference

A DHCPv6 server with a lower value is preferred over a server with a higher value.


Range is from 0 through 255.


 

Enable Rapid Commit for faster IPv6 prefix delegation.

option rapid-commit

With the RAPID COMMIT option, only two messages (SOLICIT and REPLY messages) are exchanged between the DHCPv6 server and the CPE.


We recommend using the RAPID COMMIT option when there is only one server for a client to connect to.

 

Statically map a specified IPv6 prefix to a DUID or DUID and IAID.

prefix duid

 

Configure the length of time the subscriber router can use a delegated IPv6 prefix and a given DHCPv6 prefix.

prefix lifetime

Set the prefix lifetime with one of the following constructs:


  • preferred seconds — Length of time the subscriber router is allowed to use the delegated IPv6 prefix. Range is from 600 through 4294967294 seconds.

  • valid seconds — Number of seconds a client can use a given DHCPv6 prefix. Range is from 600 through 4294967294 seconds.

  • infinite —Configures both the preferred and valid lifetimes to be infinite.

2.

If desired, configure a subset of DHCPv6 attributes that apply to a particular subnet only. Options configured for the subnet take precedence over options specified in the top-level DHCPv6 server policy:

 

If desired, access DHCPv6 server policy subnet configuration mode, where you can configure DHCPv6 server attributes that are applicable only to subscribers in the specified subnet.

subnet

Only those options that are administratively configured for a subnet differ from the options configured in the top-level DHCPv6 server policy (in DHCPv6 server policy configuration mode). If you do not specify a particular DHCPv6 policy option for the subnet (in DHCPv6 server policy subnet configuration mode), the subnet takes its configuration from the top-level DHCPv6 server policy configuration (as specified in DHCPv6 server policy configuration mode).


Replace the ipv6-prefix argument with a prefix that does not overlap with any interface configured on the router.

 

Specify a domain name for DNS resolution.

option domain-search

 

Specify the IP address of the DNS name server.

option domain-name-server

 

Configure the length of time the subscriber router is allowed to use a delegated IPv6 prefix and a given DHCPv6 prefix.

prefix

Set the prefix lifetime as follows:


  • preferred seconds — Length of time the subscriber router is allowed to use the delegated IPv6 prefix. Range is from 600 through 4294967294 seconds.

  • valid seconds — Number of seconds a client can use a given DHCPv6 prefix. Range is from 600 through 4294967294 seconds.

  • infinite —Configures both the preferred and valid lifetimes to be infinite.

2.10   Operations Tasks

To monitor, troubleshoot, and administer internal and external DHCP servers and their functions, perform the appropriate tasks described in Table 13. Enter the clear and debug commands in exec mode; enter the show commands in any mode.

Table 13    DHCPv4 Operations Tasks

Task

Command

Clear DHCP host entries, and corresponding host route and ARP entries, from the routing table.

clear dhcp host

Clear DHCP statistics.

clear dhcp stats

Enable the generation of DHCP debug messages for external DHCP servers.

debug dhcp-relay

Enable the generation of DHCP debug messages for internal DHCP servers.

debug dhcp-server

Display the current DHCP configuration for the context.

show configuration dhcp

Display DHCP relay host information.

show dhcp relay hosts

Display DHCP information about the DHCP relay server.

show dhcp relay server

Display DHCP relay statistics.

show dhcp relay stats

Display a summary of DHCP relay host information.

show dhcp relay summary

Display DHCP server host or lease information.

show dhcp server

Display DHCP server file information.

show dhcp server file

Display IP address information for an agent circuit ID.

show dhcp server option-82

Display range usage for one or more interfaces configured for a DHCP server.

show dhcp server range

Display DHCP server process statistics.

show dhcp server stats

Display dropped DHCP packet information one or more traffic cards.

show rate-limit card

Table 14    DHCPv6-PD Operations Commands

Task

Command

Clear DHCPv6 statistics.

clear dhcpv6 log

Clear DHCPv6 statistics.

clear dhcpv6 statistics

Display the DUID that the DHCPv6 server onboard the SmartEdge is using to communicate with its DHCPv6 clients .

show dhcpv6 server duid

Display the DCHPv6-PD log.


You can filter the log history by circuit, server or client DUID, or IPv6 prefix.

show dhcpv6 log

Display all the active DHCPv6 clients.


Display more information with the detail keyword.

show dhcpv6 server host

Display the active DHCPv6 clients on a circuit.

show dhcpv6 server host circuit

Display the active DHCPv6 clients that use a prefix.

show dhcpv6 server host prefix

Display the active DHCPv6 clients on a subnet.

show dhcpv6 server host subnet

Display DHCPv6 Statistics.


Display more information with the detail keyword.

show dhcpv6 statistics

Enable the generation of DHCPv6 debugging messages; see the command description for filtering keywords.

debug dhcpv6

 

show ipv6 pool

3   Configuration Examples

The following sections provide examples of configuring a DHCP internal server, DHCP proxy and maximum address support, subscriber bindings to DHCP interfaces, DHCP proxy through dynamic subscriber bindings, through static interface bindings, and DHCP proxy through RADIUS.

3.1   DHCPv4 Internal Server

The following example configures an internal DHCP server and two subnets:

! Create the context and the interface.

[local]Redback(config)#context dhcp

[local]Redback(config-ctx)#interface dhcp-if multibind



! Assign two subnets to the interface

[local]Redback(config-if)#ip address 12.1.1.0/24

[local]Redback(config-if)#ip address 13.1.1.0/24 secondary



! Enable the interface for internal DHCP functions and assign an IP address to it.

[local]Redback(config-if)#dhcp server 12.1.1.1

[local]Redback(config-if)#exit



! Enable the context for internal DHCP server functions.

[local]Redback(config-ctx)#dhcp server policy



! Specify global settings for the internal DHCP server and all its subnets.

[local]Redback(config-dhcp-server)#allow-duplicate-mac

[local]Redback(config-dhcp-server)#default-lease-time 14400

[local]Redback(config-dhcp-server)#maximum-lease-time 172800

[local]Redback(config-dhcp-server)#offer-lease-time 300

[local]Redback(config-dhcp-server)#option domain-name ericsson.com



! Specify the boot loader image file and the server IP address where it can be found

[local]Redback(config-dhcp-server)#bootp-filename of1267.bin

[local]Redback(config-dhcp-server)#bootp-siaddr 200.1.1.0



! Create an unnamed subnet and configure it. 

[local]Redback(config-dhcp-server)#subnet 13.1.1.1/24

[local]Redback(config-dhcp-subnet)#range 13.1.1.50 13.1.1.99



! Override the global settings for these options.

[local]Redback(config-dhcp-subnet)#default-lease-time 3600

[local]Redback(config-dhcp-subnet)#maximum-lease-time 14400

[local]Redback(config-dhcp-subnet)#option domain-name cool.com

[local]Redback(config-dhcp-subnet)#option domain-name-servers 12.1.1.254

[local]Redback(config-dhcp-subnet)#exit



! Create a named subnet and configure it. 

[local]Redback(config-dhcp-server)#subnet 13.1.1.100/24 name sub2

[local]Redback(config-dhcp-subnet)#range 13.1.1.150 13.1.1.199



!Create static mappings for this named subnet

[local]Redback(config-dhcp-subnet)#mac-address 02:12:34:56:78:90 
ip-address 13.1.1.2

[local]Redback(config-dhcp-subnet)#option-82 circuit-id “4:1 vlan 102”
 offset 3 ip-address 13.1.1.3 

[local]Redback(config-dhcp-subnet)#option-82 circuit-id “4:1 vlan 102” 
offset 3 max-addresses 10



! Override the global setting for this option.

[local]Redback(config-dhcp-subnet)#option domain-name hot.com

[local]Redback(config-dhcp-subnet)#exit



!Create a static mapping for this named subnet

[local]Redback(config-dhcp-server)#vendor-class “abc-client” 
offset 5 subnet sub2

3.2   DHCPv4 Proxy and Maximum Address Support

The following example illustrates how the value for the max-sub-addr argument for the dhcp max-addr command (in subscriber configuration mode) works in conjunction with the value for the max-dhcp-addr argument for the dhcp proxy command (in interface configuration mode). In this example, the number of DHCP clients that can be supported on the DHCPv4 proxy multibind interface at IP address, 120.1.1.1, is restricted to 10, with the dhcp proxy command. The first four subscribers, each with a value of 1 for max-sub-addrs, can be authenticated and a circuit can be brought up for each of them. However, subscriber sub5 cannot be authenticated because its max-sub-addr value is 10, which exceeds the remaining number of addresses available on the interface, which is now 6:

[local]Redback(config-ctx)#interface subscriber multibind

[local]Redback(config-if)#ip address 120.1.1.1/16

[local]Redback(config-if)#dhcp proxy 10

[local]Redback(config-if)#ip arp timeout 120

[local]Redback(config-if)#ip arp delete-expired

[local]Redback(config-if)#exit

[local]Redback(config-ctx)#interface to-dhcp-server

[local]Redback(config-if)#ip address 100.1.1.1/16

[local]Redback(config-if)#exit

[local]Redback(config-ctx)#subscriber name sub1

[local]Redback(config-sub)#dhcp max-addrs 1

[local]Redback(config-sub)#exit

[local]Redback(config-ctx)#subscriber name sub2

[local]Redback(config-sub)#dhcp max-addrs 1

[local]Redback(config-sub)#exit

[local]Redback(config-Ctx)#subscriber name sub3

[local]Redback(config-sub)#dhcp max-addrs 1

[local]Redback(config-sub)#exit

[local]Redback(config-ctx)#subscriber name sub4

[local]Redback(config-sub)#dhcp max-addrs 1

[local]Redback(config-sub)#exit

[local]Redback(config-ctx)#subscriber name sub5

[local]Redback(config-sub)#dhcp max-addrs 10

[local]Redback(config-sub)#exit

[local]Redback(config-ctx)#dhcp relay server 100.1.1.156

[local]Redback(config-dhcp-relay)#exit

[local]Redback(config-ctx)#dhcp relay option

3.3   Subscriber Bindings to DHCPv4 Interfaces

This section provides examples of binding subscribers to DHCPv4 interfaces using local authentication and RADIUS.

3.3.1   Using Local Authentication

The following example binds subscribers to DHCPv4 interfaces using the ip interface command (in subscriber configuration mode) with local authentication:

[local]Redback(config)#context atm_subs

[local]Redback(config-ctx)#interface bronze multibind

[local]Redback(config-if)#ip address 120.1.3.1/24

[local]Redback(config-if)#dhcp proxy 65535

[local]Redback(config-if)#exit

[local]Redback(config-ctx)#interface gold multibind

[local]Redback(config-if)#ip address 120.1.1.1/24

[local]Redback(config-if)#dhcp proxy 100

[local]Redback(config-if)#exit

[local]Redback(config-ctx)#interface silver multibind

[local]Redback(config-if)#ip address 120.1.2.1/24

[local]Redback(config-if)#dhcp proxy 10

[local]Redback(config-if)#exit

[local]Redback(config-ctx)#subscriber profile gold

[local]Redback(config-sub)#ip interface name gold

[local]Redback(config-sub)#exit

[local]Redback(config-ctx)#subscriber profile silver

[local]Redback(config-sub)#ip interface name silver

[local]Redback(config-sub)#exit

[local]Redback(config-ctx)#subscriber profile bronze

[local]Redback(config-sub)#ip interface name bronze

[local]Redback(config-sub)#exit

[local]Redback(config-ctx)#subscriber name sub1

[local]Redback(config-sub)#profile gold

[local]Redback(config-sub)#dhcp max-addrs 10

[local]Redback(config-sub)#exit

[local]Redback(config-ctx)#subscriber name sub2

[local]Redback(config-sub)#profile silver

[local]Redback(config-sub)#dhcp max-addrs 10

[local]Redback(config-sub)#exit

[local]Redback(config-ctx)#subscriber name sub3

[local]Redback(config-sub)#profile bronze

[local]Redback(config-sub)#dhcp max-addrs 10

[local]Redback(config-sub)#exit

[local]Redback(config-ctx)#exit

[local]Redback(config)#port atm 1/4

[local]Redback(config-atm-oc)#no shutdown

[local]Redback(config-atm-oc)#atm pvc 0 101 profile a1 encapsulation bridge1483

[local]Redback(config-atm-pvc)#bind subscriber sub1@atm_subs

[local]Redback(config-atm-pvc)#exit

[local]Redback(config-atm-oc)#atm pvc 0 102 profile a1 encapsulation bridge1483

[local]Redback(config-atm-pvc)#bind subscriber sub2@atm_subs

[local]Redback(config-atm-pvc)#exit

[local]Redback(config-atm-oc)#atm pvc 0 103 profile a1 encapsulation bridge1483

[local]Redback(config-atm-pvc)#bind subscriber sub3@atm_subs

The following example displays information about these subscriber circuits:

[atm_subs]Redback>show subscribers active



sub1@atm_subs

        Circuit   1/4:1 vpi-vci 0 101

        Internal Circuit   1/4:1:63/1/2/24579

        Current port-limit unlimited

        profile gold (applied)

        dhcp max-addrs 10 (applied)

        ip interface gold (applied)

sub2@atm_subs

        Circuit   1/4:1 vpi-vci 0 102

        Internal Circuit   1/4:1:63/1/2/24580

        Current port-limit unlimited

        profile silver (applied)

        dhcp max-addrs 10 (applied)

        ip interface silver (applied)

sub3@atm_subs

        Circuit   1/4:1 vpi-vci 0 103

        Internal Circuit   1/4:1:63/1/2/24581

        Current port-limit unlimited

        profile bronze (applied)

        dhcp max-addrs 10 (applied)

        ip interface bronze (applied)

The following example displays information about the DHCP hosts after they have been established on the active subscriber circuits:

[atm_subs]Redback>show subscribers active



sub1@atm_subs

        Circuit   1/4:1 vpi-vci 0 101

        Internal Circuit   1/4:1:63/1/2/24579

        Current port-limit unlimited

        profile gold (applied)

        dhcp max-addrs 10 (applied)

        ip interface gold (applied)

          IP host entries installed by DHCP: (max_addr 10 cur_enties 10)



                120.1.1.199    00:dd:00:00:00:0a

                120.1.1.191    00:dd:00:00:00:09

                120.1.1.192    00:dd:00:00:00:08

                120.1.1.200    00:dd:00:00:00:07

                120.1.1.194    00:dd:00:00:00:05

                120.1.1.193    00:dd:00:00:00:06

                120.1.1.196    00:dd:00:00:00:03

                120.1.1.195    00:dd:00:00:00:04

                120.1.1.197    00:dd:00:00:00:02

                120.1.1.198    00:dd:00:00:00:01



sub2@atm_subs

        Circuit   1/4:1 vpi-vci 0 102

        Internal Circuit   1/4:1:63/1/2/24580

        Current port-limit unlimited

        profile silver (applied)

        dhcp max-addrs 10 (applied)

        ip interface silver (applied)

          IP host entries installed by DHCP: (max_addr 10 cur_enties 10)



                120.1.2.191    00:dd:00:00:00:14

                120.1.2.192    00:dd:00:00:00:13

                120.1.2.193    00:dd:00:00:00:12

                120.1.2.194    00:dd:00:00:00:11

                120.1.2.195    00:dd:00:00:00:10

                120.1.2.196    00:dd:00:00:00:0f

                120.1.2.197    00:dd:00:00:00:0e

                120.1.2.198    00:dd:00:00:00:0d

                120.1.2.199    00:dd:00:00:00:0c

                120.1.2.200    00:dd:00:00:00:0b

sub3@atm_subs

        Circuit   1/4:1 vpi-vci 0 103

        Internal Circuit   1/4:1:63/1/2/24581

        Current port-limit unlimited

        profile bronze (applied)

        dhcp max-addrs 10 (applied)

        ip interface bronze (applied)

          IP host entries installed by DHCP: (max_addr 10 cur_enties 10)

                120.1.3.191    00:dd:00:00:00:1e

                120.1.3.192    00:dd:00:00:00:1d

                120.1.3.193    00:dd:00:00:00:1c

                120.1.3.194    00:dd:00:00:00:1b

                120.1.3.195    00:dd:00:00:00:1a

                120.1.3.196    00:dd:00:00:00:19

                120.1.3.197    00:dd:00:00:00:18

                120.1.3.198    00:dd:00:00:00:17

                120.1.3.199    00:dd:00:00:00:16

                120.1.3.200    00:dd:00:00:00:15

The following example displays DHCPv4 relay host information for this configuration:

[atm_subs]Redback>show dhcp relay hosts



Circuit                            Host              Hardware address

Lease     Ttl       Timestamp                 Relay/Proxy Context

1/4:1 vpi-vci 0 101                120.1.1.198       00:dd:00:00:00:01

1800      1709      Thu Nov  8 09:16:21 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 101                120.1.1.197       00:dd:00:00:00:02

1800      1710      Thu Nov  8 09:16:22 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 101                120.1.1.195       00:dd:00:00:00:04

1800      1713      Thu Nov  8 09:16:24 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 101                120.1.1.196       00:dd:00:00:00:03

1800      1713      Thu Nov  8 09:16:24 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 101                120.1.1.193       00:dd:00:00:00:06

1800      1711      Thu Nov  8 09:16:22 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 101                120.1.1.194       00:dd:00:00:00:05

1800      1712      Thu Nov  8 09:16:23 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 101                120.1.1.200       00:dd:00:00:00:07

1800      1712      Thu Nov  8 09:16:23 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 101                120.1.1.192       00:dd:00:00:00:08

1800      1711      Thu Nov  8 09:16:22 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 101                120.1.1.191       00:dd:00:00:00:09

1800      1711      Thu Nov  8 09:16:22 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 101                120.1.1.199       00:dd:00:00:00:0a

1800      1711      Thu Nov  8 09:16:23 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 102                120.1.2.197       00:dd:00:00:00:0e

1800      1717      Thu Nov  8 09:16:28 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 102                120.1.2.200       00:dd:00:00:00:0b

1800      1713      Thu Nov  8 09:16:25 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 102                120.1.2.199       00:dd:00:00:00:0c

1800      1716      Thu Nov  8 09:16:28 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 102                120.1.2.198       00:dd:00:00:00:0d

1800      1716      Thu Nov  8 09:16:27 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 102                120.1.2.196       00:dd:00:00:00:0f

1800      1716      Thu Nov  8 09:16:27 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 102                120.1.2.195       00:dd:00:00:00:10

1800      1715      Thu Nov  8 09:16:27 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 102                120.1.2.194       00:dd:00:00:00:11

1800      1717      Thu Nov  8 09:16:28 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 102                120.1.2.193       00:dd:00:00:00:12

1800      1718      Thu Nov  8 09:16:29 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 102                120.1.2.192       00:dd:00:00:00:13

1800      1717      Thu Nov  8 09:16:29 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 102                120.1.2.191       00:dd:00:00:00:14

1800      1719      Thu Nov  8 09:16:30 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 103                120.1.3.200       00:dd:00:00:00:15

1800      1718      Thu Nov  8 09:16:30 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 103                120.1.3.199       00:dd:00:00:00:16

1800      1720      Thu Nov  8 09:16:32 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 103                120.1.3.198       00:dd:00:00:00:17

1800      1721      Thu Nov  8 09:16:32 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 103                120.1.3.197       00:dd:00:00:00:18

1800      1721      Thu Nov  8 09:16:32 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 103                120.1.3.196       00:dd:00:00:00:19

1800      1722      Thu Nov  8 09:16:33 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 103                120.1.3.195       00:dd:00:00:00:1a

1800      1723      Thu Nov  8 09:16:34 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 103                120.1.3.194       00:dd:00:00:00:1b

1800      1721      Thu Nov  8 09:16:33 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 103                120.1.3.193       00:dd:00:00:00:1c

1800      1722      Thu Nov  8 09:16:33 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 103                120.1.3.192       00:dd:00:00:00:1d

1800      1722      Thu Nov  8 09:16:33 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 103                120.1.3.191       00:dd:00:00:00:1e

1800      1723      Thu Nov  8 09:16:34 2005  Proxy       atm_subs

3.3.2   Using RADIUS Authentication

The following example binds subscribers to DHCPv4 interfaces, using the ip interface command (in subscriber configuration mode) with RADIUS authentication:

[local]Redback(config)#context atm_subs

[local]Redback(config-ctx)#interface bronze multibind

[local]Redback(config-if)#ip address 120.1.3.1/24

[local]Redback(config-if)#dhcp proxy 100

[local]Redback(config-if)#exit

[local]Redback(config-ctx)#interface gold multibind

[local]Redback(config-if)#ip address 120.1.1.1/24

[local]Redback(config-if)#dhcp proxy 100

[local]Redback(config-if)#exit

[local]Redback(config-ctx)#interface silver multibind

[local]Redback(config-if)#ip address 120.1.2.1/24

[local]Redback(config-if)#dhcp proxy 100

[local]Redback(config-if)#exit

[local]Redback(config-ctx)#interface to-linux-server

[local]Redback(config-if)#ip address 108.1.1.1/24

[local]Redback(config-if)#exit

[local]Redback(config-ctx)#interface to-sms-server

[local]Redback(config-if)#ip address 100.1.1.1/24

[local]Redback(config-if)#exit

[local]Redback(config-ctx)#radius server 108.1.1.157 key mpls4

[local]Redback(config-ctx)#radius max-retries 5

[local]Redback(config-ctx)#radius timeout 5

[local]Redback(config-ctx)#radius algorithm round-robin

[local]Redback(config-ctx)#radius accounting algorithm round-robin

[local]Redback(config-ctx)#aaa authentication subscriber radius

[local]Redback(config-ctx)#aaa accounting subscriber radius

[local]Redback(config-ctx)#aaa accounting event dhcp

[local]Redback(config-ctx)#radius accounting server 108.1.1.157 key mpls4

[local]Redback(config-ctx)#subscriber profile gold

[local]Redback(config-sub)#ip interface name gold

[local]Redback(config-sub)#exit

[local]Redback(config-ctx)#subscriber profile silver

[local]Redback(config-sub)#ip interface name silver

[local]Redback(config-sub)#exit

[local]Redback(config-ctx)#subscriber profile bronze

[local]Redback(config-sub)#ip interface name bronze

[local]Redback(config-sub)#exit

[local]Redback(config-ctx)#dhcp relay server 108.1.1.157

[local]Redback(config-dhcp-relay)#exit

[local]Redback(config-ctx)#dhcp relay option

[local]Redback(config-ctx)#exit

[local]Redback(config)#card atm-oc3-4-port 1

[local]Redback(config)#port atm 1/4

[local]Redback(config-atm-oc)#no shutdown

[local]Redback(config-atm-oc)#atm pvc 0 101 profile a1 encapsulation bridge1483

[local]Redback(config-atm-pvc)#bind subscriber sub1@atm_subs password test

[local]Redback(config-atm-pvc)#exit

[local]Redback(config-atm-oc)#atm pvc 0 102 profile a1 encapsulation bridge1483

[local]Redback(config-atm-pvc)#bind subscriber sub2@atm_subs password test

[local]Redback(config-atm-pvc)#exit

[local]Redback(config-atm-oc)#atm pvc 0 103 profile a1 encapsulation bridge1483

[local]Redback(config-atm-pvc)#bind subscriber sub3@atm_subs password test 

The following example displays the RADIUS subscriber files:

sub1@atm_subs   Password = "test"

           Service-Type = Framed-User,

           RB-IP-Interface-Name = gold,

           RB-DHCP-Max-Leases = 10,

           RB-Context-Name = atm_subs



sub2@atm_subs   Password = "test"

           Service-Type = Framed-User,

           RB-IP-Interface-Name = silver,

           RB-DHCP-Max-Leases = 10,

           RB-Context-Name = atm_subs



sub3@atm_subs   Password = "test"

           Service-Type = Framed-User,

           RB-IP-Interface-Name = bronze,

           RB-DHCP-Max-Leases = 10,

           RB-Context-Name = atm_subs

In the RADIUS dictionary, the relevant attribute is:

VENDORATTR    2352       RB-IP-Interface-Name          104     string

One of the sample Accounting-Alive packets with the RADIUS IP interface attribute is:

Code:       Accounting-Request

Identifier: 38

Authentic:  'l<199>[<151><142><192>@<0><15><175>KCO}<163>

Attributes:

        User-Name = "sub3@atm_subs"

        Acct-Status-Type = Alive

        Acct-Session-Id = "0003003F3000601C-40757C65"

        Service-Type = Framed-User

        NAS-Identifier = "mpls4"

        NAS-Port = 17039424

        NAS-Port-Type = Sync

        NAS-Port-Id = "1/4 vpi-vci 0 103"

        Connect-Info = "a1"

        RB-Platform-ID = SmartEdge

        Acct-Authentic = RADIUS

        RB-IP-Interface-Name = "bronze"

        RB-DHCP-Max-Leases = 10

        Acct-Session-Time = 105

        Acct-Input-Packets = 32

        Acct-Output-Packets = 26

        Acct-Input-Octets = 7733

        Acct-Output-Octets = 5388

        Acct-Input-Gigawords = 0

        Acct-Output-Gigawords = 0

        RB-Acct-Input-Packets-64 = 0x20

        RB-Acct-Output-Packets-64 = 0x1a

        RB-Acct-Input-Octets-64 = 0x1e35

3.4   DHCPv4 Proxy Through Dynamic Subscriber Bindings

The following example configures DHCPv4 proxy through dynamic subscriber bindings:

[local]Redback(config)#context dyn-sub-bindings

[local]Redback(config-ctx)#interface dyn-sub-if multibind

[local]Redback(config-if)#ip address 100.1.1.1/24

[local]Redback(config-if)#dhcp proxy 251

[local]Redback(config-if)#exit

[local]Redback(config-ctx)#interface to-dhcp-server

[local]Redback(config-if)#ip address 108.1.1.1/24

[local]Redback(config-if)#exit

[local]Redback(config-ctx)#subscriber name sub21

[local]Redback(config-sub)#dhcp max-addrs 1

[local]Redback(config-sub)#exit

[local]Redback(config-ctx)#subscriber name sub22 

[local]Redback(config-sub)#dhcp max-addrs 1

[local]Redback(config-sub)#exit

[local]Redback(config-ctx)#subscriber name sub23

[local]Redback(config-sub)#dhcp max-addrs 1

[local]Redback(config-sub)#exit

[local]Redback(config-ctx)#subscriber name sub24

[local]Redback(config-sub)#dhcp max-addrs 1

[local]Redback(config-sub)#exit

[local]Redback(config-ctx)#subscriber name sub25

[local]Redback(config-sub)#dhcp max-addrs 1

[local]Redback(config-sub)#exit

[local]Redback(config-ctx)#subscriber name sub101

[local]Redback(config-sub)#password test

[local]Redback(config-sub)#dhcp max-addrs 1 

[local]Redback(config-sub)#exit

[local]Redback(config-ctx)#subscriber name sub102

[local]Redback(config-sub)#password test    

[local]Redback(config-sub)#dhcp max-addrs 1

[local]Redback(config-sub)#exit

[local]Redback(config-ctx)#subscriber name sub103

[local]Redback(config-sub)#password test

[local]Redback(config-sub)#dhcp max-addrs 1 

[local]Redback(config-sub)#exit

[local]Redback(config-ctx)#subscriber name sub104

[local]Redback(config-sub)#password test    

[local]Redback(config-sub)#dhcp max-addrs 1 

[local]Redback(config-sub)#exit

[local]Redback(config-ctx)#subscriber name sub105

[local]Redback(config-sub)#password test    

[local]Redback(config-sub)#dhcp max-addrs 1 

[local]Redback(config-sub)#exit

[local]Redback(config-ctx)#dhcp relay server 108.1.1.156

[local]Redback(config-dhcp-relay)#exit

[local]Redback(config-ctx)#dhcp relay option

[local]Redback(config-ctx)#exit

[local]Redback(config)#atm profile a1

[local]Redback(config-atm-profile)#shaping ubr

[local]Redback(config-atm-profile)#exit

[local]Redback(config)#card atm-oc3-4-port 5

[local]Redback(config-card)#exit

[local]Redback(config)#port atm 5/2

[local]Redback(config-atm-oc)#no shutdown

[local]Redback(config-atm-oc)#atm pvc 0 101 profile a1 encapsulation bridge1483

[local]Redback(config-atm-pvc)#bind subscriber sub101@subscriber password test

[local]Redback(config-atm-pvc)#exit

[local]Redback(config-atm-oc)#atm pvc 0 102 profile a1 encapsulation bridge1483

[local]Redback(config-atm-pvc)#bind subscriber sub102@subscriber password test

[local]Redback(config-atm-pvc)#exit

[local]Redback(config-atm-oc)#atm pvc 0 103 profile a1 encapsulation bridge1483

[local]Redback(config-atm-pvc)#bind subscriber sub103@subscriber password test

[local]Redback(config-atm-pvc)#exit

[local]Redback(config-atm-oc)#atm pvc 0 104 profile a1 encapsulation bridge1483

[local]Redback(config-atm-pvc)#bind subscriber sub104@subscriber password test

[local]Redback(config-atm-pvc)#exit

[local]Redback(config-atm-oc)#atm pvc 0 105 profile a1 encapsulation bridge1483

[local]Redback(config-atm-pvc)#bind subscriber sub105@subscriber password test

[local]Redback(config-atm-pvc)#exit

[local]Redback(config-atm-oc)#exit

[local]Redback(config)#port ethernet 9/1

[local]Redback(config-port)#no shutdown

[local]Redback(config-port)#bind interface to-dhcp-server subscriber

[local]Redback(config-port)#exit

[local]Redback(config)#port ethernet 9/2

[local]Redback(config-port)#no shutdown

[local]Redback(config-port)#encapsulation dot1q

[local]Redback(config-port)#dot1q pvc 21

[local]Redback(config-dot1q-pvc)#bind subscriber sub21@subscriber

[local]Redback(config-dot1q-pvc)#exit

[local]Redback(config-port)#dot1q pvc 22

[local]Redback(config-dot1q-pvc)#bind subscriber sub22@subscriber

[local]Redback(config-dot1q-pvc)#exit

[local]Redback(config-port)#dot1q pvc 23

[local]Redback(config-dot1q-pvc)#bind subscriber sub23@subscriber

[local]Redback(config-dot1q-vc)#exit

[local]Redback(config-port)#dot1q pvc 24

[local]Redback(config-dot1q-pvc)#bind subscriber sub24@subscriber

[local]Redback(config-dot1q-pvc)#exit

[local]Redback(config-port)#dot1q pvc 25

[local]Redback(config-dot1q-pvc)#bind subscriber sub25@subscriber

3.5   DHCPv4 Proxy Through Static Interface Bindings

The following example configures DHCPv4 proxy through static interface bindings:

[local]Redback(config)#context non-subscriber 
[local]Redback(config-ctx)#interface non-subscriber multibind
[local]Redback(config-if)#ip address 100.1.1.1/16
[local]Redback(config-if)#dhcp proxy 1000   
[local]Redback(config-if)#exit
[local]Redback(config-ctx)#interface to-dhcp-server
[local]Redback(config-if)#ip address 108.1.1.1/24
[local]Redback(config-if)#exit
[local]Redback(config-ctx)#interface vlan.1 multibind
[local]Redback(config-if)#ip address 121.1.1.1/24
[local]Redback(config-if)#dhcp proxy 250 
[local]Redback(config-if)#exit
[local]Redback(config-ctx)#interface vlan.10 multibind
[local]Redback(config-if)#ip address 130.1.1.1/24
[local]Redback(config-if)#dhcp proxy 250
[local]Redback(config-if)#exit
[local]Redback(config-ctx)#dhcp relay server 108.1.1.156
[local]Redback(config-dhcp-relay)#exit
[local]Redback(config-ctx)#dhcp relay option
[local]Redback(config-ctx)#exit
[local]Redback(config)#port ethernet 9/2 
[local]Redback(config-port)#no shutdown
[local]Redback(config-port)#encapsulation dot1q
[local]Redback(config-port)#dot1q pvc 1
[local]Redback(config-dot1q-pvc)#bind interface vlan.1 non-subscriber
[local]Redback(config-dot1q-pvc)#exit
[local]Redback(config-port)#dot1q pvc 10
[local]Redback(config-dot1q-pvc)#bind interface vlan.10 non-subscriber
[local]Redback(config-dot1q-pvc)#exit
[local]Redback(config-port)#dot1q pvc 11 encaps multi
[local]Redback(config-dot1q-pvc)#bind interface non-subscriber non-subscriber
[local]Redback(config-dot1q-pvc)#exit
[local]Redback(config-port)#dot1q pvc 12 encaps multi
[local]Redback(config-dot1q-pvc)#bind interface non-subscriber non-subscriber
[local]Redback(config-dot1q-pvc)#exit
[local]Redback(config-port)#dot1q pvc 13 encaps multi
[local]Redback(config-dot1q-pvc)#bind interface non-subscriber non-subscriber
[local]Redback(config-dot1q-pvc)#exit
[local]Redback(config-port)#dot1q pvc 14 encaps multi
[local]Redback(config-dot1q-pvc)#bind interface non-subscriber non-subscriber
[local]Redback(config-dot1q-pvc)#exit
[local]Redback(config-port)#dot1q pvc 15 encaps multi
[local]Redback(config-dot1q-pvc)#bind interface non-subscriber non-subscriber
[local]Redback(config-dot1q-pvc)#exit
[local]Redback(config-port)#dot1q pvc 16 encaps multi
[local]Redback(config-dot1q-pvc)#bind interface non-subscriber non-subscriber
[local]Redback(config-dot1q-pvc)#exit
[local]Redback(config-port)#dot1q pvc 17 encaps multi
[local]Redback(config-dot1q-pvc)#bind interface non-subscriber non-subscriber
[local]Redback(config-dot1q-pvc)#exit
[local]Redback(config-port)#dot1q pvc 18 encaps multi
[local]Redback(config-dot1q-pvc)#bind interface non-subscriber non-subscriber
[local]Redback(config-dot1q-pvc)#exit
[local]Redback(config-port)#dot1q pvc 19 encaps multi
[local]Redback(config-dot1q-pvc)#bind interface non-subscriber non-subscriber
[local]Redback(config-dot1q-pvc)#exit
[local]Redback(config-port)#dot1q pvc 20 encaps multi
[local]Redback(config-dot1q-pvc)#bind interface non-subscriber non-subscriber

3.6   DHCPv4 Proxy Through RADIUS

The following example configures DHCPv4 proxy through RADIUS:

[local]Redback(config)#no service multiple-contexts
[local]RedBeck(config)#context local
[local]Redback(config-ctx)#interface loop1 loopback
[local]Redback(config-if)#ip address 11.200.1.1/32
[local]Redback(config-if)#ip source-address dhcp-server
[local]Redback(config-if)#exit
[local]Redback(config-ctx)#interface subscriber multibind
[local]Redback(config-if)#ip address 100.1.0.1/16
[local]Redback(config-if)#dhcp proxy 50
[local]Redback(config-if)#exit
[local]Redback(config-ctx)#interface to-cisco-dhcp-server
[local]Redback(config-if)#ip address 108.1.1.1/24
[local]Redback(config-if)#exit
[local]Redback(config-ctx)#radius server 108.1.1.157 key dhcp
[local]Redback(config-ctx)#aaa authentication subscriber radius
[local]Redback(config-ctx)#dhcp relay server 108.1.1.156
[local]Redback(config-dhcp-relay)#exit
[local]Redback(config-ctx)#dhcp relay option
[local]Redback(config-ctx)#exit
[local]Redback(config)#card ether-12-port 9
[local]Redback(config-card)#exit
[local]Redback(config)#port ethernet 9/1
[local]Redback(config-port)#no shutdown
[local]Redback(config-port)#bind interface to-cisco-dhcp-server local
[local]Redback(config-port)#exit
[local]Redback(config)#port ethernet 9/2
[local]Redback(config-port)#no shutdown
[local]Redback(config-port)#encapsulation dot1q
[local]Redback(config-port)#dot1q pvc 1 
[local]Redback(config-dot1q-pvc)#bind subscriber sub1@local password test
[local]Redback(config-dot1q-pvc)#exit
[local]Redback(config-port)#dot1q pvc 2 
[local]Redback(config-dot1q-pvc)#bind subscriber sub2@local password test
[local]Redback(config-dot1q-pvc)#exit
[local]Redback(config-port)#dot1q pvc 3 
[local]Redback(config-dot1q-pvc)#bind subscriber sub3@local password test
[local]Redback(config-dot1q-pvc)#exit
[local]Redback(config-port)#dot1q pvc 4 
[local]Redback(config-dot1q-pvc)#bind subscriber sub4@local password test
[local]Redback(config-dot1q-pvc)#exit
[local]Redback(config-port)#dot1q pvc 5 
[local]Redback(config-dot1q-pvc)#bind subscriber sub5@local password test
[local]Redback(config-dot1q-pvc)#exit
[local]Redback(config-port)#dot1q pvc 6 
[local]Redback(config-dot1q-pvc)#bind subscriber sub6@local password test
[local]Redback(config-dot1q-pvc)#exit
[local]Redback(config-port)#dot1q pvc 7 
[local]Redback(config-dot1q-pvc)#bind subscriber sub7@local password test
[local]Redback(config-dot1q-pvc)#exit
[local]Redback(config-port)#dot1q pvc 8 
[local]Redback(config-dot1q-pvc)#bind subscriber sub8@local password test
[local]Redback(config-dot1q-pvc)#exit
[local]Redback(config-port)#dot1q pvc 9 
[local]Redback(config-dot1q-pvc)#bind subscriber sub9@local password test
[local]Redback(config-dot1q-pvc)#exit
[local]Redback(config-port)#dot1q pvc 10 
[local]Redback(config-dot1q-pvc)#bind subscriber sub10@local password test

The following output displays sample content from the RADIUS server file used in this example:

sub1@local      Password = "test"
        Service-Type = Framed-User,
        DHCP_Max_Leases = 1
sub2@local      Password = "test"
        Service-Type = Framed-User,
        DHCP_Max_Leases = 1
sub3@local      Password = "test"
        Service-Type = Framed-User,
        DHCP_Max_Leases = 1
sub4@local      Password = "test"
        Service-Type = Framed-User,
        DHCP_Max_Leases = 1

3.7   Loopback Interface as DHCPv4 Source Address

The following example shows that the IP address of the interface connected to the external DHCPv4 server is 108.1.1.1; however, a loopback interface is configured with another IP address, which is sent to the DHCPv4 server as the source IP address for DHCPv4 packets:

[local]Redback(config)#context local
[local]Redback(config-ctx)#interface to-dhcp-server
[local]Redback(config-if)#ip address 108.1.1.1/24
[local]Redback(config-if)#exit
[local]Redback(config-ctx)#interface loop1 loopback
[local]Redback(config-if)#ip address 11.200.1.1/32
[local]Redback(config-if)#ip source-address dhcp-server

3.8   Configuring a DHCPv6-PD Server and Server Policy

The following example configures a last-resort multibind interface called test-last to be the DHCPv6 server. Any subscriber circuit that attempts to come up binds to this interface. The ip unnumbered command enables IP processing on the test-lb interface without assigning it an explicit IP address:

[local]BRAS(context)#interface test-last multibind lastresort
[local]BRAS(config-if)#ip unnumbered test-lb
[local]BRAS(config-if)#dhcpv6 server interface

The following example configures a DHCPv6 server policy, and adds a different parameters for two subnets:

 [local]Redback(config-ctx)#dhcpv6 server
[local]Redback(config-dhcpv6-server)#option domain-name-server 2001:db8:4000:1::1
[local]Redback(config-dhcpv6-server)#option domain-search SJ1.com
[local]Redback(config-dhcpv6-server)#option preference 128
[local]Redback(config-dhcpv6-server)#option information-refresh-time 10000
[local]Redback(config-dhcpv6-server)#option rapid-commit
[local]Redback(config-dhcpv6-server)#prefix lifetime preferred 10000 valid 20000
[local]Redback(config-dhcp6-server)#subnet 2001:db8:2:2::/68
[local]Redback(config-dhcpv6-subnet)#prefix lifetime preferred 20000 valid 40000
[local]Redback(config-dhcp6-server)#subnet 2001:db8:2:2::/72
[local]Redback(config-dhcpv6-subnet)#option domain-name-server 2001:db8:4000:1::2
[local]Redback(config-dhcpv6-subnet)#option domain-search subnet.corp.com
[local]Redback(config-dhcpv6-subnet)#prefix lifetime infinite

3.9   Configure a DHCPv6 PD Pool

The following example creates and configures a DHCPv6 PD pool, and then configures a subscriber to obtain IPv6 prefixes from that pool. In this example, the DHCPv6 PD pool inherits falling threshold values specified for all DHCPv6 PD pools configured within a context.

First, specify falling threshold values applicable to all DHCPv6 pools configured under the context SJ1:

[local]BRAS#configure

[local]BRAS(config)#context SJ1

[local]BRAS(config-ctx)#ipv6 pool dhcpv6 threshold percentage falling 20 log 10 trap

[local]BRAS(config-ctx)#exit

Configure a DHCPv6 PD pool under a multibind interface test-2. This pool contains IPv6 prefixes in the range from ipv6 pool dhcpv6 2001:db8:1:100::/56 to 2001:db8:1:ff00::/56:

[local]BRAS(config-ctx)#interface test-2 multibind

[local]BRAS(config-if)#ipv6 address 2001:db8:b::/48

[local]BRAS(config-if)#ipv6 pool dhcpv6 2001:db8:1:100::/56 2001:db8:1:ff00::/56

Configure the following attributes in a subscriber profile for the subscriber sub_2:

[local]BRAS(config-ctx)#subscriber sub_2

[local]BRAS(config-if)#ipv6 delegated-prefix maximum 5

[local]BRAS(config-if)#ipv6 framed-pool

[local]BRAS(config-if)#ipv6 nd-profile abc

3.10   Configure Statically Mapped DHCPv6 Prefixes

The following example shows how to configure static mapping for IPv6 two prefixes. In this example:

[local]BRAS(config-ctx)#dhcpv6 server

[local]BRAS(config-dhcpv6-server)#prefix 3001:db8:c/48 duid 00:01:00:01:00:04:93:e0:00:00:00:00:a2:a2

[local]BRAS(config-dhcpv6-server)#prefix 3001:db8:c/48 duid 00:01:00:01:00:04:93:e0:00:00:00:00:a2:a2 iaid 0xfedcba98



Glossary

DoS
Denial of Service
 
DHCP
Dynamic Host Configuration Protocol
 
DHCPv6
Dynamic Host Configuration Protocol version 6
 
PD
Prefix Delegation