Copyright |
© Ericsson AB 2010–2011. All rights reserved. No part of this document may be reproduced in any form without the written permission of the copyright owner. | |||
Disclaimer |
The contents of this document are subject to revision without notice due to continued progress in methodology, design and manufacturing. Ericsson shall have no liability for any error or damage of any kind resulting from the use of this document. | |||
Trademark List |
|

1 Overview
This document provides an overview of Dynamic Host Configuration Protocol (DHCP) features supported on the SmartEdge router and describes the tasks performed to configure, monitor, and administer DHCP. This document also provides configuration examples of DHCP.
This document applies to both the Ericsson SmartEdge® and SM family routers. However, the software that applies to the SM family of systems is a subset of the SmartEdge OS; some of the functionality described in this document may not apply to SM family routers.
For information specific to the SM family chassis, including line cards, refer to the SM family chassis documentation.
For specific information about the differences between the SmartEdge and SM family routers, refer to the Technical Product Description SM Family of Systems (part number 5/221 02-CRA 119 1170/1) in the Product Overview folder of this Customer Product Information library.
The SmartEdge router provides general DHCPv4 support and DHCPv6-PD support for PPP subscriber services. You can configure both DHCPv4 and DHCPv6-PD on the router; dual-stack is supported. To configure DHCPv6-PD server and DHCPv6 subscriber profiles, see Section 1.2. For more information about IPv6 subscriber services, see Configuring IPV6 Subscriber Services.
1.1 DHCPv4 Support
DHCPv4 dynamically configures IP address information for IPv4 subscriber hosts. For IPv4 support, the SmartEdge router provides the following types of DHCPv4 support:
- DHCPv4 relay server
The SmartEdge router acts as an intermediary between an external DHCPv4 server and the subscriber (client). The router forwards requests from the subscriber to the DHCPv4 server and relays the responses from the server back to the subscriber.
- DHCPv4 proxy server
The SmartEdge router provides responses directly to subscriber requests. Each subscriber sees the router as the DHCPv4 server, and as such, sends all DHCPv4 negotiations, including IP address release and renewal, to the router, which then relays the information to the external DHCPv4 server. The proxy feature enables the router to maintain IP address lease timers.
- DHCPv4 internal
The SmartEdge router provides the functions of the DHCPv4 server; no communication is sent to an external DHCPv4 server.
DHCPv4 is described in the following RFCs:
- RFC 2131—Dynamic Host Configuration Protocol
- RFC 2132—DHCP Options and BOOTP Vendor Extensions
- RFC 3004—The User Class Option for DHCP
For more information about RADIUS, see Configuring RADIUS. For information about vendor VSAs provided by Ericsson AB, see RADIUS Attributes.
- Note:
- In all modes, DHCP maintains host entries only for multibind interfaces.
1.1.1 ARP and DHCPv4
For every valid DHCP response received from or transmitted to a subscriber, an entry is created in the Address Resolution Protocol (ARP) table. The entry includes the IP address that is assigned to the requesting medium access control (MAC) address and the incoming circuit on which the DHCP request is received. All entries are secured ARP entries. Because entries are cached in the ARP table, the SmartEdge router can route downstream packets to the correct outgoing interface. For more information about ARP, see Configuring ARP.
1.1.2 CLIPS and DHCPv4
Clientless IP service selection (CLIPS) exclusion allows you to configure DHCPv4 sessions on ports and PVCs that you have also configured for dynamic CLIPS sessions. With CLIPS exclusion, you can specify which sessions are DHCP hosts; all other sessions are dynamic CLIPS sessions. CLIPS exclusion applies only the DHCP proxy and internal servers. For more information about configuring CLIPS exclusion, see Configuring CLIPS.
The SmartEdge router supports residential gateways (RGs) with DHCP relay capability to be used as dynamic CLIPS clients. These RGs can then function as DHCP relay agents for the home network devices connected to an RG. (An RG connects network-enabled devices on a home network to the Internet.) Without this function, you must configure each RG by manually assigning it an IP address, enabling it to be used as a DHCP relay agent.
The following must occur before the can support RGs with DHCP relay capability to be used as dynamic CLIPS clients:
- You must configure the RG as a DHCP client.
- After the RG is assigned an IP address from a DHCP server, the RG must then operate as a DHCP relay agent.
After the CLIPS session of an RG is established, the home network devices can establish their own CLIPS sessions by using the DHCP relay agent. The CLIPS sessions for the home network devices are independent of the CLIPS session for the RG.
- Note:
- In this configuration, the DHCP server assigns the IP addresses to the RG and the home network devices on the same subnet.
To configure the SmartEdge router to support an RG as a dynamic CLIPS client, configure dynamic CLIPS circuits on the SmartEdge router. For instructions , follow the steps in the Configuring Dynamic CLIPS Circuits section in Configuring CLIPS.
The SmartEdge router supports DHCP discovery with duplicate MAC addresses for CLIPS subscribers. This enables different CLIPS subscribers to use the same MAC address, if the DHCP discover packet contains a unique GIADDR address. In general, DHCP determines the uniqueness of a subscriber based on both the MAC and GIADDR addresses instead of just the MAC address.
1.1.3 RADIUS and DHCP
When Remote Authentication Dial-In User Service (RADIUS) authentication is enabled, the SmartEdge router sends an accounting record to a RADIUS server each time an IP address is assigned or released.
If the SmartEdge router is acting as a DHCP proxy or internal server for CLIPS subscribers, the vendor class identifier received in the DHCP discover packet for the CLIPS session is sent in the RADIUS Access-Request and Accounting-Request packets to the RADIUS server, using vendor-specific attribute (VSA) 125 provided by Ericsson AB.
1.2 DHCPv6 Prefix Delegation for IPv6 Subscribers
The SmartEdge router can be configured to use DHCPv6 PD to provide IPv6 prefixes to IPv6 subscribers. You can configure IPv6 prefixes for subscribers:
- Statically
- Using the Delegated-IPv6-Prefix attribute, which can be configured statically, or by using the Delegated-IPv6-Prefix RADIUS attribute.
- Through a DHCPv6 PD prefix pool
For detailed information about using DHCPv6 PD to delegate IPv6 prefixes to subscribers, see Configuring IPV6 Subscriber Services.
2 Configuration and Operations Tasks
- Note:
- In this section, the command syntax in the task tables displays only the root command; for the complete command syntax, see the Command List.
To configure DHCP features, perform the tasks described in the following sections:
2.1 Configuring an Internal DHCPv4 Server
To configure the SmartEdge router to act as an internal DHCP server, perform the tasks described in Table 1.
Step |
Task |
Root Command |
Notes |
---|---|---|---|
1. |
Create or select the context for the DHCP internal server and access context configuration mode. |
Enter this command in global configuration mode. | |
2. |
Create or select the interface for the DHCP internal server and access interface configuration mode. |
Enter this command in context configuration mode. Specify the multibind keyword. | |
3. |
Assign one or more IP addresses to this interface. |
Enter this command in interface configuration mode. | |
4. |
Enable this interface for internal DHCP server support and assign an IP address for its support. |
Enter this command in interface configuration mode. | |
5. |
Enable internal DHCP server functions in this context and access DHCP server configuration mode. |
Enter this command in context configuration mode. | |
6. |
Specify global settings for the DHCP server and all its subnets, using one or more of the following tasks: |
Enter these commands in DHCP server configuration mode. | |
Specify either the subscriber absolute timeout or the RADIUS session-timeout as the DHCP lease time for DHCP and CLIPS subscriber sessions. |
This command is enabled by default. Use the no form of the command (no subscriber dhcp-server-lease absolute-timeout) to override this default behavior and to use the absolute-timeout (session-timeout) value as the session duration rather than as the DHCP lease time. | ||
Specify the default lease time. |
|||
Specify the maximum lease time. |
|||
Specify the offer lease time. |
|||
Enable the monitoring and reporting of available DHCP leases at the context level for minimum and maximum threshold values. |
|||
Enable DHCP clients with the same MAC address to be assigned IP addresses on different circuits. |
Do not use the allow-duplicate-mac command within a context that has CLIPS subscribers. | ||
Specify one or more DHCP options. |
Enter this command multiple times to specify as many options as you require. | ||
Specify the filename of the boot loader image file. |
|||
Specify the IP address that the boot loader client uses to download the boot loader image file. |
|||
7. |
Create a static mapping between a subnet and the specified vendor class ID. |
||
8. |
Create a subnet for the DHCP server and access DHCP subnet configuration mode. |
Enter this command in DHCP server configuration mode. | |
Optional. Configure this subnet, using one or more of the following tasks: |
Enter all the following commands in DHCP subnet configuration mode. | ||
Assign a range of IP addresses to this subnet. |
|||
Create a static mapping between a MAC address and an IP address in this subnet. |
|||
Create a static mapping between the agent circuit id subfield or the agent remote id subfield in the option 82 field and an IP address. |
|||
Specify the maximum number of IP addresses allowed for an agent circuit id. |
|||
Specify the default lease time for this subnet. |
These settings override the global settings for this subnet. | ||
Specify the maximum lease time for this subnet. |
|||
Specify the offer lease time for this subnet. |
|||
Specify one or more DHCP options for this subnet. |
Enter this command multiple times to specify as many options as you require. |
2.2 Configuring an External DHCPv4 Server
To configure an external DHCP relay or proxy server, perform the tasks described in Table 2; enter all commands in DHCP relay server configuration mode, unless otherwise noted.
Step |
Task |
Root Command |
Notes |
---|---|---|---|
1. |
Configure an external DHCP server, and enter DHCP relay server configuration mode. |
Enter this command in context configuration mode. You can configure only one DHCP server IP address in a single context. | |
2. |
Configure the maximum hop count allowed for DHCP requests. |
Enter the commands in the remaining steps in DHCP relay server configuration mode. | |
3. |
Configure the interval, in seconds, to wait before forwarding requests to the DHCP server. |
||
4. |
Assign the DHCP server to a DHCP server group. |
||
5. |
Specify forwarding for DHCP messages, using one of the following tasks: |
||
Forward packets to all other DHCP servers in the DHCP server group. |
|||
Forward DHCP discover packets to other configured servers in the DHCP server group. |
|||
Forward packets to a standby DHCP server. |
2.3 Configuring a Context for an External DHCPv4 Server
To configure a context for an external DHCP relay or proxy server, perform the tasks described in Table 3; enter all commands in context configuration mode.
Step |
Task |
Root Command |
Notes |
---|---|---|---|
1. |
Specify the number of attempts and the interval to wait for each attempt when trying to reach an external DHCP server before it is marked unreachable. |
||
2. |
Disable the sending of a DHCPNAK message if the SmartEdge router receives a DHCPREQUEST message for which it does not have an entry. |
||
3. |
Optional. Add the DHCP relay information option to packets. |
The DHCP relay information option is described in RFC 3046, DHCP Relay Agent Information Option. |
2.4 Configuring an Interface for an External DHCPv4 Server
To configure an interface for an external DHCP relay or proxy server, perform the tasks described in Table 4; enter all commands in interface configuration mode, unless otherwise noted.
Step |
Task |
Root Command |
Notes |
---|---|---|---|
1. |
Enable the interface for an external DHCP server, using one of the following tasks: |
||
Enable the interface to relay DHCP messages to an external DHCP server, and access DHCP giaddr configuration mode. |
These commands are mutually exclusive. If you are configuring CLIPS, you must use the dhcp proxy command. The value for the max-dhcp-addrs argument used with these commands works in conjunction with the max-sub-addrs value specified in the dhcp max-addr command (in subscriber configuration mode); see Section 3.2. | ||
Enable the interface to act as a proxy between subscribers and an external DHCP server, and access DHCP giaddr configuration mode. |
|||
2. |
Optional. Configure an IP source address. |
The interface address that you specify with this command must be reachable by the external DHCP server. You must specify the dhcp-server keyword. | |
3. |
Specify an IP address for the giaddr field for DHCP packets that match the specified vendor-class-id. |
Enter this command in DHCP giaddr configuration mode. You can enter either of these commands multiple times to specify multiple vendor IDs. |
- Note:
- By default, the IP address of the interface on which DHCP messages are transmitted is sent in DHCP packets. To not publish this IP address, configure an interface (typically loopback) to appear to be the source address for DHCP packets.
2.5 Configuring Subscriber Hosts for DHCPv4 Address Functions
To configure subscriber hosts for DHCP address functions, perform the tasks described in Table 5; enter all commands in subscriber configuration mode.
Step |
Task |
Root Command |
Notes |
---|---|---|---|
1. |
Optional. Configure hosts to use DHCP to dynamically acquire address information for a subscriber circuit and set a maximum number of IP addresses that can be assigned to hosts associated with the circuit. |
You can also configure this information in the subscriber record through the RADIUS database instead of through this command. Use vendor VSA 3 provided by Ericsson AB, DHCP-Max-Leases, for the maximum number of IP addresses; see RADIUS Attributes. | |
2. |
Optional. Configure hosts to use a specific DHCP interface to acquire address information for a subscriber circuit. |
You must configure the subscriber record or profile with the dhcp max-addrs command. You must enable the specified interface for DHCP proxy or DHCP relay; see Section 3.2. You can also configure this information in the subscriber record through the RADIUS database instead of through this command. Use vendor VSA 104 provided by Ericsson AB, IP-Interface-Name; see RADIUS Attributes. |
2.6 Configuring the Router to Prevent DoS Attacks from DHCPv4 Clients
To configure the SmartEdge router to prevent denial of service (DoS) attacks from DHCP clients on a circuit, perform the task described in Table 6; enter the command in global configuration mode.
Task |
Root Command |
Notes |
---|---|---|
Optional. Enable rate limiting DHCP packets on the circuit to prevent DoS attacks. Specify the number of packets allowed on each circuit, the interval during which the system counts the packets, and the drop-interval during which during which packets are dropped, if the allowed number of messages was exceeded in the previous interval. |
You have the option to rate-limit the DHCP packets based on either each MAC address on a circuit or a unique combination of MAC address and DHCP relay server address on a circuit. |
2.7 Configuring Router to Prevent DoS Attacks from DHCPv6 Clients
To configure the router to prevent denial of service (DoS) attacks from DHCPv6 clients on a circuit, perform the task described in Table 7; enter the command in global configuration mode.
Task |
Root Command |
Notes |
---|---|---|
Optional. Enable rate limiting DHCP packets on the circuit to prevent DoS attacks. Specify the number of packets allowed on each circuit, the interval during which the system counts the packets, and the drop-interval during which during which packets are dropped, if the allowed number of messages was exceeded in the previous interval. |
Rate limiting is performed on DHCPv6 packets coming on every circuit (virtual circuit in the case of PPPoE) even though it is configured on the parent circuit at the card level. It supports access link groups but not Ethernet or 802.1Q link groups. |
2.8 Configuring a Traffic Card to Limit Effect of DHCPv4 Packet DoS Attacks
To configure a traffic card to prevent denial of service (DoS) attacks, perform the task described in Table 8; enter the command in card configuration mode.
Task |
Root Command |
Notes |
---|---|---|
Optional. Enable rate limiting and specify the rate and burst limits for DHCP or PADI packets to prevent DoS attacks. |
2.9 Configuring a Traffic Card to Limit Effect of DHCPv6 Packet DoS Attacks
To configure a traffic card to limit the effect of DHCPv6 packet denial of service (DoS) attacks, enter the rate-limit dhcpv6 command as described in Table 9.
Task |
Root Command |
Notes |
---|---|---|
Enable rate limiting and specify the rate and burst limits for DHCPv6 packets. |
Enter in card configuration mode. |
2.10 Configuring DHCPv6-PD for IPv6 Subscriber Support
To configure IPv6 subscriber services on a SmartEdge router, you must configure one or more multibind interfaces to function as DHCPv6-PD servers and configure a DHCPv6 server policy for subscribers.
To configure a multibind interface to be the DHCPv6-PD server, perform the following tasks:
Step |
Task |
Root Command |
Notes |
---|---|---|---|
1. |
Access global configuration mode. |
— | |
2. |
Access context configuration mode. |
— | |
3. |
Create a multibind interface, and access interface configuration mode. |
This is the interface you want to configure to be DHCPv6 enabled. It can, but is not required to be a last-resort interface. | |
4. |
Assign an IPv6 address to the interface. |
— | |
5. |
Configure an interface to be a DHCPv6 server interface. |
You can configure the DHCPv6 server to use the primary IPv6 address of the interface as the server IP address or specify an IP address for it. |
To configure a DHCPv6 PD prefix pool:
Step |
Task |
Root Command |
Notes |
---|---|---|---|
1. |
Access global configuration mode. |
— | |
2. |
Access context configuration mode. |
— | |
3. |
Create a multibind interface, and access interface configuration mode. |
— | |
4. |
Assign an IPv6 address to the interface. |
— | |
5. |
Create a DHCPv6 threshold value for which a crossing event occurs. |
DHCPv6 threshold configuration for a particular pool (in interface configuration mode) takes precedence over DHCPv6 PD threshold configuration in context configuration mode. |
To optionally configure pool thresholds that apply to all DHCPv6 PD prefix pools in the context perform the following tasks:
Step |
Task |
Root Command |
Notes |
---|---|---|---|
1. |
Access global configuration mode. |
— | |
2. |
Access context configuration mode. |
— | |
3. |
Create pool of DHCPv6 PD prefixes under the multibind interface. |
Threshold configuration for a particular pool (in interface configuration mode) takes precedence over threshold configuration in context configuration mode. |
To create and configure a DHCPv6 server policy, perform the following tasks:
Step |
Task |
Root Command |
Notes |
---|---|---|---|
1. |
Configure top-level DHCPv6 service policy attributes: | ||
Access global configuration mode. |
— | ||
Access context configuration mode. |
— | ||
Create a DHCPv6 server policy and access DHCPv6 server policy configuration mode. |
Only one DHCPv6 server policy is allowed for a context. | ||
Specify the IP address of a DNS name server. |
— | ||
Specify a domain name for DNS resolution. |
— | ||
Specify the number of seconds a client waits before refreshing the configuration information received from DHCPv6 server. |
Range is from 600 through 4294967295 seconds. | ||
Configure the preference value for this DHCPv6 server. |
A DHCPv6 server with a lower value is preferred over a server with a higher value. Range is from 0 through 255. | ||
Enable Rapid Commit for faster IPv6 prefix delegation. |
With the RAPID COMMIT option, only two messages (SOLICIT and REPLY messages) are exchanged between the DHCPv6 server and the CPE. Use the RAPID COMMIT option when there is only one server for a client to connect to. | ||
Statically map a specified IPv6 prefix to a DUID or DUID and IAID. |
— | ||
Configure the length of time the subscriber router can use a delegated IPv6 prefix and a given DHCPv6 prefix. |
Set the prefix lifetime with one of the following constructs:
| ||
2. |
If desired, configure a subset of DHCPv6 attributes that apply to a particular subnet only. Options configured for the subnet take precedence over options specified in the top-level DHCPv6 server policy: | ||
If desired, access DHCPv6 server policy subnet configuration mode, where you can configure DHCPv6 server attributes that are applicable only to subscribers in the specified subnet. |
Only those options that are administratively configured for a subnet differ from the options configured in the top-level DHCPv6 server policy (in DHCPv6 server policy configuration mode). If you do not specify a particular DHCPv6 policy option for the subnet (in DHCPv6 server policy subnet configuration mode), the subnet takes its configuration from the top-level DHCPv6 server policy configuration (as specified in DHCPv6 server policy configuration mode). Replace the ipv6-prefix argument with a prefix that does not overlap with any interface configured on the router. | ||
Specify a domain name for DNS resolution. |
— | ||
Specify the IP address of the DNS name server. |
— | ||
Configure the length of time the subscriber router is allowed to use a delegated IPv6 prefix and a given DHCPv6 prefix. |
Set the prefix lifetime as follows:
|
2.11 Operations Tasks
To monitor, troubleshoot, and administer internal and external DHCP servers and their functions, perform the appropriate tasks described in Table 14. Enter the clear and debug commands in exec mode; enter the show commands in any mode.
Task |
Command |
---|---|
Clear DHCP host entries, and corresponding host route and ARP entries, from the routing table. |
|
Clear DHCP statistics. |
|
Enable the generation of DHCP debug messages for external DHCP servers. |
|
Enable the generation of DHCP debug messages for internal DHCP servers. |
|
Display the current DHCP configuration for the context. |
|
Display DHCP relay host information. |
|
Display DHCP information about the DHCP relay server. |
|
Display DHCP relay statistics. |
|
Display a summary of DHCP relay host information. |
|
Display DHCP server host or lease information. |
|
Display DHCP server file information. |
|
Display IP address information for an agent circuit ID. |
|
Display range usage for one or more interfaces configured for a DHCP server. |
|
Display DHCP server process statistics. |
|
Display dropped DHCP packet information one or more traffic cards. |
Task |
Command |
---|---|
Clear DHCPv6 statistics. |
|
Clear DHCPv6 statistics. |
|
Display the DUID that the DHCPv6 server onboard the SmartEdge is using to communicate with its DHCPv6 clients . |
|
Display the DCHPv6-PD log. You can filter the log history by circuit, server or client DUID, or IPv6 prefix. |
|
Display all the active DHCPv6 clients. Display more information with the detail keyword. |
|
Display the active DHCPv6 clients on a circuit. |
|
Display the active DHCPv6 clients that use a prefix. |
|
Display the active DHCPv6 clients on a subnet. |
|
Display DHCPv6 Statistics. Display more information with the detail keyword. |
|
Enable the generation of DHCPv6 debugging messages; see the command description for filtering keywords. |
|
Display information about the IPv6 shared and DHCPv6 PD prefix pools configured under the current context. |
3 Configuration Examples
The following sections provide examples of configuring a DHCP internal server, DHCP proxy and maximum address support, subscriber bindings to DHCP interfaces, DHCP proxy through dynamic subscriber bindings, through static interface bindings, and DHCP proxy through RADIUS.
3.1 DHCPv4 Internal Server
The following example shows how to configure an internal DHCP server and two subnets:
! Create the context and the interface. [local]Redback(config)#context dhcp [local]Redback(config-ctx)#interface dhcp-if multibind ! Assign two subnets to the interface [local]Redback(config-if)#ip address 12.1.1.0/24 [local]Redback(config-if)#ip address 13.1.1.0/24 secondary ! Enable the interface for internal DHCP functions and assign an IP address to it. [local]Redback(config-if)#dhcp server 12.1.1.1 [local]Redback(config-if)#exit ! Enable the context for internal DHCP server functions. [local]Redback(config-ctx)#dhcp server policy ! Specify global settings for the internal DHCP server and all its subnets. [local]Redback(config-dhcp-server)#allow-duplicate-mac [local]Redback(config-dhcp-server)#default-lease-time 14400 [local]Redback(config-dhcp-server)#maximum-lease-time 172800 [local]Redback(config-dhcp-server)#offer-lease-time 300 [local]Redback(config-dhcp-server)#option domain-name ericsson.com ! Specify the boot loader image file and the server IP address where it can be found [local]Redback(config-dhcp-server)#bootp-filename of1267.bin [local]Redback(config-dhcp-server)#bootp-siaddr 200.1.1.0 ! Create an unnamed subnet and configure it. [local]Redback(config-dhcp-server)#subnet 13.1.1.1/24 [local]Redback(config-dhcp-subnet)#range 13.1.1.50 13.1.1.99 ! Override the global settings for these options. [local]Redback(config-dhcp-subnet)#default-lease-time 3600 [local]Redback(config-dhcp-subnet)#maximum-lease-time 14400 [local]Redback(config-dhcp-subnet)#option domain-name cool.com [local]Redback(config-dhcp-subnet)#option domain-name-servers 12.1.1.254 [local]Redback(config-dhcp-subnet)#exit ! Create a named subnet and configure it. [local]Redback(config-dhcp-server)#subnet 13.1.1.100/24 name sub2 [local]Redback(config-dhcp-subnet)#range 13.1.1.150 13.1.1.199 !Create static mappings for this named subnet [local]Redback(config-dhcp-subnet)#mac-address 02:12:34:56:78:90 ip-address 13.1.1.2 [local]Redback(config-dhcp-subnet)#option-82 circuit-id “4:1 vlan 102” offset 3 ip-address 13.1.1.3 [local]Redback(config-dhcp-subnet)#option-82 circuit-id “4:1 vlan 102” offset 3 max-addresses 10 ! Override the global setting for this option. [local]Redback(config-dhcp-subnet)#option domain-name hot.com [local]Redback(config-dhcp-subnet)#exit !Create a static mapping for this named subnet [local]Redback(config-dhcp-server)#vendor-class “abc-client” offset 5 subnet sub2
3.2 DHCPv4 Proxy and Maximum Address Support
The following example illustrates how the value for the max-sub-addr argument for the dhcp max-addr command (in subscriber configuration mode) works in conjunction with the value for the max-dhcp-addr argument for the dhcp proxy command (in interface configuration mode). In this example, the number of DHCP clients that can be supported on the DHCPv4 proxy multibind interface at IP address, 120.1.1.1, is restricted to 10, with the dhcp proxy command. The first four subscribers, each with a value of 1 for max-sub-addrs, can be authenticated and a circuit can be brought up for each of them. However, subscriber sub5 cannot be authenticated because its max-sub-addr value is 10, which exceeds the remaining number of addresses available on the interface, which is now 6:
[local]Redback(config-ctx)#interface subscriber multibind [local]Redback(config-if)#ip address 120.1.1.1/16 [local]Redback(config-if)#dhcp proxy 10 [local]Redback(config-if)#ip arp timeout 120 [local]Redback(config-if)#ip arp delete-expired [local]Redback(config-if)#exit [local]Redback(config-ctx)#interface to-dhcp-server [local]Redback(config-if)#ip address 100.1.1.1/16 [local]Redback(config-if)#exit [local]Redback(config-ctx)#subscriber name sub1 [local]Redback(config-sub)#dhcp max-addrs 1 [local]Redback(config-sub)#exit [local]Redback(config-ctx)#subscriber name sub2 [local]Redback(config-sub)#dhcp max-addrs 1 [local]Redback(config-sub)#exit [local]Redback(config-Ctx)#subscriber name sub3 [local]Redback(config-sub)#dhcp max-addrs 1 [local]Redback(config-sub)#exit [local]Redback(config-ctx)#subscriber name sub4 [local]Redback(config-sub)#dhcp max-addrs 1 [local]Redback(config-sub)#exit [local]Redback(config-ctx)#subscriber name sub5 [local]Redback(config-sub)#dhcp max-addrs 10 [local]Redback(config-sub)#exit [local]Redback(config-ctx)#dhcp relay server 100.1.1.156 [local]Redback(config-dhcp-relay)#exit [local]Redback(config-ctx)#dhcp relay option
3.3 Subscriber Bindings to DHCPv4 Interfaces
This section provides examples of binding subscribers to DHCPv4 interfaces using local authentication and RADIUS.
3.3.1 Using Local Authentication
The following example binds subscribers to DHCPv4 interfaces using the ip interface command (in subscriber configuration mode) with local authentication:
[local]Redback(config)#context atm_subs [local]Redback(config-ctx)#interface bronze multibind [local]Redback(config-if)#ip address 120.1.3.1/24 [local]Redback(config-if)#dhcp proxy 65535 [local]Redback(config-if)#exit [local]Redback(config-ctx)#interface gold multibind [local]Redback(config-if)#ip address 120.1.1.1/24 [local]Redback(config-if)#dhcp proxy 100 [local]Redback(config-if)#exit [local]Redback(config-ctx)#interface silver multibind [local]Redback(config-if)#ip address 120.1.2.1/24 [local]Redback(config-if)#dhcp proxy 10 [local]Redback(config-if)#exit [local]Redback(config-ctx)#subscriber profile gold [local]Redback(config-sub)#ip interface name gold [local]Redback(config-sub)#exit [local]Redback(config-ctx)#subscriber profile silver [local]Redback(config-sub)#ip interface name silver [local]Redback(config-sub)#exit [local]Redback(config-ctx)#subscriber profile bronze [local]Redback(config-sub)#ip interface name bronze [local]Redback(config-sub)#exit [local]Redback(config-ctx)#subscriber name sub1 [local]Redback(config-sub)#profile gold [local]Redback(config-sub)#dhcp max-addrs 10 [local]Redback(config-sub)#exit [local]Redback(config-ctx)#subscriber name sub2 [local]Redback(config-sub)#profile silver [local]Redback(config-sub)#dhcp max-addrs 10 [local]Redback(config-sub)#exit [local]Redback(config-ctx)#subscriber name sub3 [local]Redback(config-sub)#profile bronze [local]Redback(config-sub)#dhcp max-addrs 10 [local]Redback(config-sub)#exit [local]Redback(config-ctx)#exit [local]Redback(config)#port atm 1/4 [local]Redback(config-atm-oc)#no shutdown [local]Redback(config-atm-oc)#atm pvc 0 101 profile a1 encapsulation bridge1483 [local]Redback(config-atm-pvc)#bind subscriber sub1@atm_subs [local]Redback(config-atm-pvc)#exit [local]Redback(config-atm-oc)#atm pvc 0 102 profile a1 encapsulation bridge1483 [local]Redback(config-atm-pvc)#bind subscriber sub2@atm_subs [local]Redback(config-atm-pvc)#exit [local]Redback(config-atm-oc)#atm pvc 0 103 profile a1 encapsulation bridge1483 [local]Redback(config-atm-pvc)#bind subscriber sub3@atm_subs
The following example displays information about these subscriber circuits:
[atm_subs]Redback>show subscribers active sub1@atm_subs Circuit 1/4:1 vpi-vci 0 101 Internal Circuit 1/4:1:63/1/2/24579 Current port-limit unlimited profile gold (applied) dhcp max-addrs 10 (applied) ip interface gold (applied) sub2@atm_subs Circuit 1/4:1 vpi-vci 0 102 Internal Circuit 1/4:1:63/1/2/24580 Current port-limit unlimited profile silver (applied) dhcp max-addrs 10 (applied) ip interface silver (applied) sub3@atm_subs Circuit 1/4:1 vpi-vci 0 103 Internal Circuit 1/4:1:63/1/2/24581 Current port-limit unlimited profile bronze (applied) dhcp max-addrs 10 (applied) ip interface bronze (applied)
The following example displays information about the DHCP hosts after they have been established on the active subscriber circuits:
[atm_subs]Redback>show subscribers active sub1@atm_subs Circuit 1/4:1 vpi-vci 0 101 Internal Circuit 1/4:1:63/1/2/24579 Current port-limit unlimited profile gold (applied) dhcp max-addrs 10 (applied) ip interface gold (applied) IP host entries installed by DHCP: (max_addr 10 cur_enties 10) 120.1.1.199 00:dd:00:00:00:0a 120.1.1.191 00:dd:00:00:00:09 120.1.1.192 00:dd:00:00:00:08 120.1.1.200 00:dd:00:00:00:07 120.1.1.194 00:dd:00:00:00:05 120.1.1.193 00:dd:00:00:00:06 120.1.1.196 00:dd:00:00:00:03 120.1.1.195 00:dd:00:00:00:04 120.1.1.197 00:dd:00:00:00:02 120.1.1.198 00:dd:00:00:00:01 sub2@atm_subs Circuit 1/4:1 vpi-vci 0 102 Internal Circuit 1/4:1:63/1/2/24580 Current port-limit unlimited profile silver (applied) dhcp max-addrs 10 (applied) ip interface silver (applied) IP host entries installed by DHCP: (max_addr 10 cur_enties 10) 120.1.2.191 00:dd:00:00:00:14 120.1.2.192 00:dd:00:00:00:13 120.1.2.193 00:dd:00:00:00:12 120.1.2.194 00:dd:00:00:00:11 120.1.2.195 00:dd:00:00:00:10 120.1.2.196 00:dd:00:00:00:0f 120.1.2.197 00:dd:00:00:00:0e 120.1.2.198 00:dd:00:00:00:0d 120.1.2.199 00:dd:00:00:00:0c 120.1.2.200 00:dd:00:00:00:0b sub3@atm_subs Circuit 1/4:1 vpi-vci 0 103 Internal Circuit 1/4:1:63/1/2/24581 Current port-limit unlimited profile bronze (applied) dhcp max-addrs 10 (applied) ip interface bronze (applied) IP host entries installed by DHCP: (max_addr 10 cur_enties 10) 120.1.3.191 00:dd:00:00:00:1e 120.1.3.192 00:dd:00:00:00:1d 120.1.3.193 00:dd:00:00:00:1c 120.1.3.194 00:dd:00:00:00:1b 120.1.3.195 00:dd:00:00:00:1a 120.1.3.196 00:dd:00:00:00:19 120.1.3.197 00:dd:00:00:00:18 120.1.3.198 00:dd:00:00:00:17 120.1.3.199 00:dd:00:00:00:16 120.1.3.200 00:dd:00:00:00:15
The following example displays DHCPv4 relay host information for this configuration:
[atm_subs]Ericsson>show dhcp relay hosts Circuit Host Hardware address Lease Ttl Timestamp Relay/Proxy Context 1/4:1 vpi-vci 0 101 120.1.1.198 00:dd:00:00:00:01 1800 1709 Thu Nov 8 09:16:21 2005 Proxy atm_subs 1/4:1 vpi-vci 0 101 120.1.1.197 00:dd:00:00:00:02 1800 1710 Thu Nov 8 09:16:22 2005 Proxy atm_subs 1/4:1 vpi-vci 0 101 120.1.1.195 00:dd:00:00:00:04 1800 1713 Thu Nov 8 09:16:24 2005 Proxy atm_subs 1/4:1 vpi-vci 0 101 120.1.1.196 00:dd:00:00:00:03 1800 1713 Thu Nov 8 09:16:24 2005 Proxy atm_subs 1/4:1 vpi-vci 0 101 120.1.1.193 00:dd:00:00:00:06 1800 1711 Thu Nov 8 09:16:22 2005 Proxy atm_subs 1/4:1 vpi-vci 0 101 120.1.1.194 00:dd:00:00:00:05 1800 1712 Thu Nov 8 09:16:23 2005 Proxy atm_subs 1/4:1 vpi-vci 0 101 120.1.1.200 00:dd:00:00:00:07 1800 1712 Thu Nov 8 09:16:23 2005 Proxy atm_subs 1/4:1 vpi-vci 0 101 120.1.1.192 00:dd:00:00:00:08 1800 1711 Thu Nov 8 09:16:22 2005 Proxy atm_subs 1/4:1 vpi-vci 0 101 120.1.1.191 00:dd:00:00:00:09 1800 1711 Thu Nov 8 09:16:22 2005 Proxy atm_subs 1/4:1 vpi-vci 0 101 120.1.1.199 00:dd:00:00:00:0a 1800 1711 Thu Nov 8 09:16:23 2005 Proxy atm_subs 1/4:1 vpi-vci 0 102 120.1.2.197 00:dd:00:00:00:0e 1800 1717 Thu Nov 8 09:16:28 2005 Proxy atm_subs 1/4:1 vpi-vci 0 102 120.1.2.200 00:dd:00:00:00:0b 1800 1713 Thu Nov 8 09:16:25 2005 Proxy atm_subs 1/4:1 vpi-vci 0 102 120.1.2.199 00:dd:00:00:00:0c 1800 1716 Thu Nov 8 09:16:28 2005 Proxy atm_subs 1/4:1 vpi-vci 0 102 120.1.2.198 00:dd:00:00:00:0d 1800 1716 Thu Nov 8 09:16:27 2005 Proxy atm_subs 1/4:1 vpi-vci 0 102 120.1.2.196 00:dd:00:00:00:0f 1800 1716 Thu Nov 8 09:16:27 2005 Proxy atm_subs 1/4:1 vpi-vci 0 102 120.1.2.195 00:dd:00:00:00:10 1800 1715 Thu Nov 8 09:16:27 2005 Proxy atm_subs 1/4:1 vpi-vci 0 102 120.1.2.194 00:dd:00:00:00:11 1800 1717 Thu Nov 8 09:16:28 2005 Proxy atm_subs 1/4:1 vpi-vci 0 102 120.1.2.193 00:dd:00:00:00:12 1800 1718 Thu Nov 8 09:16:29 2005 Proxy atm_subs 1/4:1 vpi-vci 0 102 120.1.2.192 00:dd:00:00:00:13 1800 1717 Thu Nov 8 09:16:29 2005 Proxy atm_subs 1/4:1 vpi-vci 0 102 120.1.2.191 00:dd:00:00:00:14 1800 1719 Thu Nov 8 09:16:30 2005 Proxy atm_subs 1/4:1 vpi-vci 0 103 120.1.3.200 00:dd:00:00:00:15 1800 1718 Thu Nov 8 09:16:30 2005 Proxy atm_subs 1/4:1 vpi-vci 0 103 120.1.3.199 00:dd:00:00:00:16 1800 1720 Thu Nov 8 09:16:32 2005 Proxy atm_subs 1/4:1 vpi-vci 0 103 120.1.3.198 00:dd:00:00:00:17 1800 1721 Thu Nov 8 09:16:32 2005 Proxy atm_subs 1/4:1 vpi-vci 0 103 120.1.3.197 00:dd:00:00:00:18 1800 1721 Thu Nov 8 09:16:32 2005 Proxy atm_subs 1/4:1 vpi-vci 0 103 120.1.3.196 00:dd:00:00:00:19 1800 1722 Thu Nov 8 09:16:33 2005 Proxy atm_subs 1/4:1 vpi-vci 0 103 120.1.3.195 00:dd:00:00:00:1a 1800 1723 Thu Nov 8 09:16:34 2005 Proxy atm_subs 1/4:1 vpi-vci 0 103 120.1.3.194 00:dd:00:00:00:1b 1800 1721 Thu Nov 8 09:16:33 2005 Proxy atm_subs 1/4:1 vpi-vci 0 103 120.1.3.193 00:dd:00:00:00:1c 1800 1722 Thu Nov 8 09:16:33 2005 Proxy atm_subs 1/4:1 vpi-vci 0 103 120.1.3.192 00:dd:00:00:00:1d 1800 1722 Thu Nov 8 09:16:33 2005 Proxy atm_subs 1/4:1 vpi-vci 0 103 120.1.3.191 00:dd:00:00:00:1e 1800 1723 Thu Nov 8 09:16:34 2005 Proxy atm_subs
3.3.2 Using RADIUS Authentication
The following example shows how to bind subscribers to DHCPv4 interfaces, using the ip interface command (in subscriber configuration mode) with RADIUS authentication:
[local]Redback(config)#context atm_subs [local]Redback(config-ctx)#interface bronze multibind [local]Redback(config-if)#ip address 120.1.3.1/24 [local]Redback(config-if)#dhcp proxy 100 [local]Redback(config-if)#exit [local]Redback(config-ctx)#interface gold multibind [local]Redback(config-if)#ip address 120.1.1.1/24 [local]Redback(config-if)#dhcp proxy 100 [local]Redback(config-if)#exit [local]Redback(config-ctx)#interface silver multibind [local]Redback(config-if)#ip address 120.1.2.1/24 [local]Redback(config-if)#dhcp proxy 100 [local]Redback(config-if)#exit [local]Redback(config-ctx)#interface to-linux-server [local]Redback(config-if)#ip address 108.1.1.1/24 [local]Redback(config-if)#exit [local]Redback(config-ctx)#interface to-sms-server [local]Redback(config-if)#ip address 100.1.1.1/24 [local]Redback(config-if)#exit [local]Redback(config-ctx)#radius server 108.1.1.157 key mpls4 [local]Redback(config-ctx)#radius max-retries 5 [local]Redback(config-ctx)#radius timeout 5 [local]Redback(config-ctx)#radius algorithm round-robin [local]Redback(config-ctx)#radius accounting algorithm round-robin [local]Redback(config-ctx)#aaa authentication subscriber radius [local]Redback(config-ctx)#aaa accounting subscriber radius [local]Redback(config-ctx)#aaa accounting event dhcp [local]Redback(config-ctx)#radius accounting server 108.1.1.157 key mpls4 [local]Redback(config-ctx)#subscriber profile gold [local]Redback(config-sub)#ip interface name gold [local]Redback(config-sub)#exit [local]Redback(config-ctx)#subscriber profile silver [local]Redback(config-sub)#ip interface name silver [local]Redback(config-sub)#exit [local]Redback(config-ctx)#subscriber profile bronze [local]Redback(config-sub)#ip interface name bronze [local]Redback(config-sub)#exit [local]Redback(config-ctx)#dhcp relay server 108.1.1.157 [local]Redback(config-dhcp-relay)#exit [local]Redback(config-ctx)#dhcp relay option [local]Redback(config-ctx)#exit [local]Redback(config)#card atm-oc3e-8-port 1 [local]Redback(config)#port atm 1/4 [local]Redback(config-atm-oc)#no shutdown [local]Redback(config-atm-oc)#atm pvc 0 101 profile a1 encapsulation bridge1483 [local]Redback(config-atm-pvc)#bind subscriber sub1@atm_subs password test [local]Redback(config-atm-pvc)#exit [local]Redback(config-atm-oc)#atm pvc 0 102 profile a1 encapsulation bridge1483 [local]Redback(config-atm-pvc)#bind subscriber sub2@atm_subs password test [local]Redback(config-atm-pvc)#exit [local]Redback(config-atm-oc)#atm pvc 0 103 profile a1 encapsulation bridge1483 [local]Redback(config-atm-pvc)#bind subscriber sub3@atm_subs password test
The following example displays the RADIUS subscriber files:
sub1@atm_subs Password = "test" Service-Type = Framed-User, RB-IP-Interface-Name = gold, RB-DHCP-Max-Leases = 10, RB-Context-Name = atm_subs sub2@atm_subs Password = "test" Service-Type = Framed-User, RB-IP-Interface-Name = silver, RB-DHCP-Max-Leases = 10, RB-Context-Name = atm_subs sub3@atm_subs Password = "test" Service-Type = Framed-User, RB-IP-Interface-Name = bronze, RB-DHCP-Max-Leases = 10, RB-Context-Name = atm_subs
In the RADIUS dictionary, the relevant attribute is:
VENDORATTR 2352 RB-IP-Interface-Name 104 string
The following example shows one of the sample Accounting-Alive packets with the RADIUS IP interface attribute:
Code: Accounting-Request Identifier: 38 Authentic: 'l<199>[<151><142><192>@<0><15><175>KCO}<163> Attributes: User-Name = "sub3@atm_subs" Acct-Status-Type = Alive Acct-Session-Id = "0003003F3000601C-40757C65" Service-Type = Framed-User NAS-Identifier = "mpls4" NAS-Port = 17039424 NAS-Port-Type = Sync NAS-Port-Id = "1/4 vpi-vci 0 103" Connect-Info = "a1" RB-Platform-ID = SmartEdge Acct-Authentic = RADIUS RB-IP-Interface-Name = "bronze" RB-DHCP-Max-Leases = 10 Acct-Session-Time = 105 Acct-Input-Packets = 32 Acct-Output-Packets = 26 Acct-Input-Octets = 7733 Acct-Output-Octets = 5388 Acct-Input-Gigawords = 0 Acct-Output-Gigawords = 0 RB-Acct-Input-Packets-64 = 0x20 RB-Acct-Output-Packets-64 = 0x1a RB-Acct-Input-Octets-64 = 0x1e35
3.4 DHCPv4 Proxy Through Dynamic Subscriber Bindings
The following example shows how to configure DHCPv4 proxy through dynamic subscriber bindings:
[local]Redback(config)#context dyn-sub-bindings [local]Redback(config-ctx)#interface dyn-sub-if multibind [local]Redback(config-if)#ip address 100.1.1.1/24 [local]Redback(config-if)#dhcp proxy 251 [local]Redback(config-if)#exit [local]Redback(config-ctx)#interface to-dhcp-server [local]Redback(config-if)#ip address 108.1.1.1/24 [local]Redback(config-if)#exit [local]Redback(config-ctx)#subscriber name sub21 [local]Redback(config-sub)#dhcp max-addrs 1 [local]Redback(config-sub)#exit [local]Redback(config-ctx)#subscriber name sub22 [local]Redback(config-sub)#dhcp max-addrs 1 [local]Redback(config-sub)#exit [local]Redback(config-ctx)#subscriber name sub23 [local]Redback(config-sub)#dhcp max-addrs 1 [local]Redback(config-sub)#exit [local]Redback(config-ctx)#subscriber name sub24 [local]Redback(config-sub)#dhcp max-addrs 1 [local]Redback(config-sub)#exit [local]Redback(config-ctx)#subscriber name sub25 [local]Redback(config-sub)#dhcp max-addrs 1 [local]Redback(config-sub)#exit [local]Redback(config-ctx)#subscriber name sub101 [local]Redback(config-sub)#password test [local]Redback(config-sub)#dhcp max-addrs 1 [local]Redback(config-sub)#exit [local]Redback(config-ctx)#subscriber name sub102 [local]Redback(config-sub)#password test [local]Redback(config-sub)#dhcp max-addrs 1 [local]Redback(config-sub)#exit [local]Redback(config-ctx)#subscriber name sub103 [local]Redback(config-sub)#password test [local]Redback(config-sub)#dhcp max-addrs 1 [local]Redback(config-sub)#exit [local]Redback(config-ctx)#subscriber name sub104 [local]Redback(config-sub)#password test [local]Redback(config-sub)#dhcp max-addrs 1 [local]Redback(config-sub)#exit [local]Redback(config-ctx)#subscriber name sub105 [local]Redback(config-sub)#password test [local]Redback(config-sub)#dhcp max-addrs 1 [local]Redback(config-sub)#exit [local]Redback(config-ctx)#dhcp relay server 108.1.1.156 [local]Redback(config-dhcp-relay)#exit [local]Redback(config-ctx)#dhcp relay option [local]Redback(config-ctx)#exit [local]Redback(config)#atm profile a1 [local]Redback(config-atm-profile)#shaping ubr [local]Redback(config-atm-profile)#exit [local]Redback(config)#card atm-oc3e-8-port 5 [local]Redback(config-card)#exit [local]Redback(config)#port atm 5/2 [local]Redback(config-atm-oc)#no shutdown [local]Redback(config-atm-oc)#atm pvc 0 101 profile a1 encapsulation bridge1483 [local]Redback(config-atm-pvc)#bind subscriber sub101@subscriber password test [local]Redback(config-atm-pvc)#exit [local]Redback(config-atm-oc)#atm pvc 0 102 profile a1 encapsulation bridge1483 [local]Redback(config-atm-pvc)#bind subscriber sub102@subscriber password test [local]Redback(config-atm-pvc)#exit [local]Redback(config-atm-oc)#atm pvc 0 103 profile a1 encapsulation bridge1483 [local]Redback(config-atm-pvc)#bind subscriber sub103@subscriber password test [local]Redback(config-atm-pvc)#exit [local]Redback(config-atm-oc)#atm pvc 0 104 profile a1 encapsulation bridge1483 [local]Redback(config-atm-pvc)#bind subscriber sub104@subscriber password test [local]Redback(config-atm-pvc)#exit [local]Redback(config-atm-oc)#atm pvc 0 105 profile a1 encapsulation bridge1483 [local]Redback(config-atm-pvc)#bind subscriber sub105@subscriber password test [local]Redback(config-atm-pvc)#exit [local]Redback(config-atm-oc)#exit [local]Redback(config)#port ethernet 9/1 [local]Redback(config-port)#no shutdown [local]Redback(config-port)#bind interface to-dhcp-server subscriber [local]Redback(config-port)#exit [local]Redback(config)#port ethernet 9/2 [local]Redback(config-port)#no shutdown [local]Redback(config-port)#encapsulation dot1q [local]Redback(config-port)#dot1q pvc 21 [local]Redback(config-dot1q-pvc)#bind subscriber sub21@subscriber [local]Redback(config-dot1q-pvc)#exit [local]Redback(config-port)#dot1q pvc 22 [local]Redback(config-dot1q-pvc)#bind subscriber sub22@subscriber [local]Redback(config-dot1q-pvc)#exit [local]Redback(config-port)#dot1q pvc 23 [local]Redback(config-dot1q-pvc)#bind subscriber sub23@subscriber [local]Redback(config-dot1q-vc)#exit [local]Redback(config-port)#dot1q pvc 24 [local]Redback(config-dot1q-pvc)#bind subscriber sub24@subscriber [local]Redback(config-dot1q-pvc)#exit [local]Redback(config-port)#dot1q pvc 25 [local]Redback(config-dot1q-pvc)#bind subscriber sub25@subscriber
3.5 DHCPv4 Proxy Through Static Interface Bindings
The following example shows how to configure DHCPv4 proxy through static interface bindings:
[local]Redback(config)#context non-subscriber [local]Redback(config-ctx)#interface non-subscriber multibind [local]Redback(config-if)#ip address 100.1.1.1/16 [local]Redback(config-if)#dhcp proxy 1000 [local]Redback(config-if)#exit [local]Redback(config-ctx)#interface to-dhcp-server [local]Redback(config-if)#ip address 108.1.1.1/24 [local]Redback(config-if)#exit [local]Redback(config-ctx)#interface vlan.1 multibind [local]Redback(config-if)#ip address 121.1.1.1/24 [local]Redback(config-if)#dhcp proxy 250 [local]Redback(config-if)#exit [local]Redback(config-ctx)#interface vlan.10 multibind [local]Redback(config-if)#ip address 130.1.1.1/24 [local]Redback(config-if)#dhcp proxy 250 [local]Redback(config-if)#exit [local]Redback(config-ctx)#dhcp relay server 108.1.1.156 [local]Redback(config-dhcp-relay)#exit [local]Redback(config-ctx)#dhcp relay option [local]Redback(config-ctx)#exit [local]Redback(config)#port ethernet 9/2 [local]Redback(config-port)#no shutdown [local]Redback(config-port)#encapsulation dot1q [local]Redback(config-port)#dot1q pvc 1 [local]Redback(config-dot1q-pvc)#bind interface vlan.1 non-subscriber [local]Redback(config-dot1q-pvc)#exit [local]Redback(config-port)#dot1q pvc 10 [local]Redback(config-dot1q-pvc)#bind interface vlan.10 non-subscriber [local]Redback(config-dot1q-pvc)#exit [local]Redback(config-port)#dot1q pvc 11 encaps multi [local]Redback(config-dot1q-pvc)#bind interface non-subscriber non-subscriber [local]Redback(config-dot1q-pvc)#exit [local]Redback(config-port)#dot1q pvc 12 encaps multi [local]Redback(config-dot1q-pvc)#bind interface non-subscriber non-subscriber [local]Redback(config-dot1q-pvc)#exit [local]Redback(config-port)#dot1q pvc 13 encaps multi [local]Redback(config-dot1q-pvc)#bind interface non-subscriber non-subscriber [local]Redback(config-dot1q-pvc)#exit [local]Redback(config-port)#dot1q pvc 14 encaps multi [local]Redback(config-dot1q-pvc)#bind interface non-subscriber non-subscriber [local]Redback(config-dot1q-pvc)#exit [local]Redback(config-port)#dot1q pvc 15 encaps multi [local]Redback(config-dot1q-pvc)#bind interface non-subscriber non-subscriber [local]Redback(config-dot1q-pvc)#exit [local]Redback(config-port)#dot1q pvc 16 encaps multi [local]Redback(config-dot1q-pvc)#bind interface non-subscriber non-subscriber [local]Redback(config-dot1q-pvc)#exit [local]Redback(config-port)#dot1q pvc 17 encaps multi [local]Redback(config-dot1q-pvc)#bind interface non-subscriber non-subscriber [local]Redback(config-dot1q-pvc)#exit [local]Redback(config-port)#dot1q pvc 18 encaps multi [local]Redback(config-dot1q-pvc)#bind interface non-subscriber non-subscriber [local]Redback(config-dot1q-pvc)#exit [local]Redback(config-port)#dot1q pvc 19 encaps multi [local]Redback(config-dot1q-pvc)#bind interface non-subscriber non-subscriber [local]Redback(config-dot1q-pvc)#exit [local]Redback(config-port)#dot1q pvc 20 encaps multi [local]Redback(config-dot1q-pvc)#bind interface non-subscriber non-subscriber
3.6 DHCPv4 Proxy Through RADIUS
The following example shows how to configure DHCPv4 proxy through RADIUS:
[local]Redback(config)#no service multiple-contexts [local]Redback(config)#context local [local]Redback(config-ctx)#interface loop1 loopback [local]Redback(config-if)#ip address 11.200.1.1/32 [local]Redback(config-if)#ip source-address dhcp-server [local]Redback(config-if)#exit [local]Redback(config-ctx)#interface subscriber multibind [local]Redback(config-if)#ip address 100.1.0.1/16 [local]Redback(config-if)#dhcp proxy 50 [local]Redback(config-if)#exit [local]Redback(config-ctx)#interface to-cisco-dhcp-server [local]Redback(config-if)#ip address 108.1.1.1/24 [local]Redback(config-if)#exit [local]Redback(config-ctx)#radius server 108.1.1.157 key dhcp [local]Redback(config-ctx)#aaa authentication subscriber radius [local]Redback(config-ctx)#dhcp relay server 108.1.1.156 [local]Redback(config-dhcp-relay)#exit [local]Redback(config-ctx)#dhcp relay option [local]Redback(config-ctx)#exit [local]Redback(config)#card ge-10-port 9 [local]Redback(config-card)#exit [local]Redback(config)#port ethernet 9/1 [local]Redback(config-port)#no shutdown [local]Redback(config-port)#bind interface to-cisco-dhcp-server local [local]Redback(config-port)#exit [local]Redback(config)#port ethernet 9/2 [local]Redback(config-port)#no shutdown [local]Redback(config-port)#encapsulation dot1q [local]Redback(config-port)#dot1q pvc 1 [local]Redback(config-dot1q-pvc)#bind subscriber sub1@local password test [local]Redback(config-dot1q-pvc)#exit [local]Redback(config-port)#dot1q pvc 2 [local]Redback(config-dot1q-pvc)#bind subscriber sub2@local password test [local]Redback(config-dot1q-pvc)#exit [local]Redback(config-port)#dot1q pvc 3 [local]Redback(config-dot1q-pvc)#bind subscriber sub3@local password test [local]Redback(config-dot1q-pvc)#exit [local]Redback(config-port)#dot1q pvc 4 [local]Redback(config-dot1q-pvc)#bind subscriber sub4@local password test [local]Redback(config-dot1q-pvc)#exit [local]Redback(config-port)#dot1q pvc 5 [local]Redback(config-dot1q-pvc)#bind subscriber sub5@local password test [local]Redback(config-dot1q-pvc)#exit [local]Redback(config-port)#dot1q pvc 6 [local]Redback(config-dot1q-pvc)#bind subscriber sub6@local password test [local]Redback(config-dot1q-pvc)#exit [local]Redback(config-port)#dot1q pvc 7 [local]Redback(config-dot1q-pvc)#bind subscriber sub7@local password test [local]Redback(config-dot1q-pvc)#exit [local]Redback(config-port)#dot1q pvc 8 [local]Redback(config-dot1q-pvc)#bind subscriber sub8@local password test [local]Redback(config-dot1q-pvc)#exit [local]Redback(config-port)#dot1q pvc 9 [local]Redback(config-dot1q-pvc)#bind subscriber sub9@local password test [local]Redback(config-dot1q-pvc)#exit [local]Redback(config-port)#dot1q pvc 10 [local]Redback(config-dot1q-pvc)#bind subscriber sub10@local password test
The following output displays sample content from the RADIUS server file used in this example:
sub1@local Password = "test" Service-Type = Framed-User, DHCP_Max_Leases = 1 sub2@local Password = "test" Service-Type = Framed-User, DHCP_Max_Leases = 1 sub3@local Password = "test" Service-Type = Framed-User, DHCP_Max_Leases = 1 sub4@local Password = "test" Service-Type = Framed-User, DHCP_Max_Leases = 1
3.7 Loopback Interface as DHCPv4 Source Address
The following example shows that the IP address of the interface connected to the external DHCPv4 server is 108.1.1.1; however, a loopback interface is configured with another IP address, which is sent to the DHCPv4 server as the source IP address for DHCPv4 packets:
[local]Redback(config)#context local [local]Redback(config-ctx)#interface to-dhcp-server [local]Redback(config-if)#ip address 108.1.1.1/24 [local]Redback(config-if)#exit [local]Redback(config-ctx)#interface loop1 loopback [local]Redback(config-if)#ip address 11.200.1.1/32 [local]Redback(config-if)#ip source-address dhcp-server
3.8 Configuring a DHCPv6-PD Server and Server Policy
The following example shows how to configure a last-resort multibind interface called test-last to be the DHCPv6 server. Any subscriber circuit that attempts to come up binds to this interface. The ip unnumbered command enables IP processing on the test-lb interface without assigning it an explicit IP address:
[local]BRAS(context)#interface test-last multibind lastresort [local]BRAS(config-if)#ip unnumbered test-lb [local]BRAS(config-if)#dhcpv6 server interface
The following example configures a DHCPv6 server policy, and adds a different parameters for two subnets:
[local]Redback(config-ctx)#dhcpv6 server [local]Redback(config-dhcpv6-server)#option domain-name-server 2001:db8:4000:1::1 [local]Redback(config-dhcpv6-server)#option domain-search SJ1.com [local]Redback(config-dhcpv6-server)#option preference 128 [local]Redback(config-dhcpv6-server)#option information-refresh-time 10000 [local]Redback(config-dhcpv6-server)#option rapid-commit [local]Redback(config-dhcpv6-server)#prefix lifetime preferred 10000 valid 20000 [local]Redback(config-dhcp6-server)#subnet 2001:db8:2:2::/68 [local]Redback(config-dhcpv6-subnet)#prefix lifetime preferred 20000 valid 40000 [local]Redback(config-dhcp6-server)#subnet 2001:db8:2:2::/72 [local]Redback(config-dhcpv6-subnet)#option domain-name-server 2001:db8:4000:1::2 [local]Redback(config-dhcpv6-subnet)#option domain-search subnet.corp.com [local]Redback(config-dhcpv6-subnet)#prefix lifetime infinite
3.9 Configuring a DHCPv6 PD Pool
The following example shows how to create and configure a DHCPv6 PD pool, and then configure a subscriber to obtain IPv6 prefixes from that pool. In this example, the DHCPv6 PD pool inherits falling threshold values specified for all DHCPv6 PD pools configured within a context.
First, specify falling threshold values applicable to all DHCPv6 pools configured under the context SJ1:
[local]BRAS#configure [local]BRAS(config)#context SJ1 [local]BRAS(config-ctx)#ipv6 pool dhcpv6 threshold percentage falling 20 log 10 trap [local]BRAS(config-ctx)#exit
Configure a DHCPv6 PD pool under a multibind interface test-2. This pool contains IPv6 prefixes in the range from ipv6 pool dhcpv6 2001:db8:1:100::/56 to 2001:db8:1:ff00::/56:
[local]BRAS(config-ctx)#interface test-2 multibind [local]BRAS(config-if)#ipv6 address 2001:db8:b::/48 [local]BRAS(config-if)#ipv6 pool dhcpv6 2001:db8:1:100::/56 2001:db8:1:ff00::/56
Configure the following attributes in a subscriber profile for the subscriber sub_2:
- The Delegated-Max-Prefix attribute (the maximum number of IPv6 prefixes that can be delegated to a subscriber) is 5.
- The subscriber obtains IPv6 prefixes from the shared IPv6 prefix pool configured within the same context (SJ1).
- The subscriber inherits the ND configuration parameters specified by the ND profile abc.
[local]BRAS(config-ctx)#subscriber sub_2 [local]BRAS(config-if)#ipv6 delegated-prefix maximum 5 [local]BRAS(config-if)#ipv6 framed-pool [local]BRAS(config-if)#ipv6 nd-profile abc
3.10 Configuring Statically Mapped DHCPv6 Prefixes
The following example shows how to configure static mapping for IPv6 two prefixes. In this example:
- The IPv6 prefix 3001:db8:c/48 can be assigned to subscribers with a DUID of 00:01:00:01:00:04:93:e0:00:00:00:00:a2:a2.
- The IPv6 prefix 3001:db8:c/48 can be assigned to subscribers with a DUID of 00:01:00:01:00:04:93:e0:00:00:00:00:a2:a2 and an IAID of 0xfedcba98.
[local]BRAS(config-ctx)#dhcpv6 server [local]BRAS(config-dhcpv6-server)#prefix 3001:db8:c/48 duid 00:01:00:01:00:04:93:e0:00:00:00:00:a2:a2 [local]BRAS(config-dhcpv6-server)#prefix 3001:db8:c/48 duid 00:01:00:01:00:04:93:e0:00:00:00:00:a2:a2 iaid 0xfedcba98
Glossary
ARP |
Address Resolution Protocol |
CLIPS |
Clientless IP service selection |
DHCP |
Dynamic Host Configuration Protocol |
DHCPv6 |
Dynamic Host Configuration Protocol version 6 |
DoS |
Denial of Service |
PD |
Prefix Delegation |
RADIUS |
Remote Authentication Dial-In User Service |