Configuring DHCP

Contents

1	Overview
1.1	DHCPv4 Support
1.2	DHCPv6 Prefix Delegation for IPv6 Subscribers
2	Configuration and Operations Tasks
2.1	Configuring an Internal DHCPv4 Server
2.2	Configuring an External DHCPv4 Server
2.3	Configuring a Context for an External DHCPv4 Server
2.4	Configuring an Interface for an External DHCPv4 Server
2.5	Configuring Subscriber Hosts for DHCPv4 Address Functions
2.6	Configuring the Router to Prevent DoS Attacks from DHCPv4 Clients
2.7	Configuring Router to Prevent DoS Attacks from DHCPv6 Clients
2.8	Configuring a Traffic Card to Limit Effect of DHCPv4 Packet DoS Attacks
2.9	Configuring a Traffic Card to Limit Effect of DHCPv6 Packet DoS Attacks
2.10	Configuring DHCPv6-PD for IPv6 Subscriber Support
2.11	Operations Tasks
3	Configuration Examples
3.1	DHCPv4 Internal Server
3.2	DHCPv4 Proxy and Maximum Address Support
3.3	Subscriber Bindings to DHCPv4 Interfaces
3.4	DHCPv4 Proxy Through Dynamic Subscriber Bindings
3.5	DHCPv4 Proxy Through Static Interface Bindings
3.6	DHCPv4 Proxy Through RADIUS
3.7	Loopback Interface as DHCPv4 Source Address
3.8	Configuring a DHCPv6-PD Server and Server Policy
3.9	Configuring a DHCPv6 PD Pool
3.10	Configuring Statically Mapped DHCPv6 Prefixes
Glossary

Disclaimer

The contents of this document are subject to revision without notice due to continued progress in methodology, design and manufacturing. Ericsson shall have no liability for any error or damage of any kind resulting from the use of this document.

Trademark List

SmartEdge

is a registered trademark of Telefonaktiebolaget LM Ericsson.

1 Overview

This document provides an overview of Dynamic Host Configuration Protocol (DHCP) features supported on the SmartEdge router and describes the tasks performed to configure, monitor, and administer DHCP. This document also provides configuration examples of DHCP.

This document applies to both the Ericsson SmartEdge® and SM family routers. However, the software that applies to the SM family of systems is a subset of the SmartEdge OS; some of the functionality described in this document may not apply to SM family routers.

For information specific to the SM family chassis, including line cards, refer to the SM family chassis documentation.

For specific information about the differences between the SmartEdge and SM family routers, refer to the Technical Product Description SM Family of Systems (part number 5/221 02-CRA 119 1170/1) in the Product Overview folder of this Customer Product Information library.

The SmartEdge router provides general DHCPv4 support and DHCPv6-PD support for PPP subscriber services. You can configure both DHCPv4 and DHCPv6-PD on the router; dual-stack is supported. To configure DHCPv6-PD server and DHCPv6 subscriber profiles, see Section 1.2. For more information about IPv6 subscriber services, see Configuring IPV6 Subscriber Services.

1.1 DHCPv4 Support

DHCPv4 dynamically configures IP address information for IPv4 subscriber hosts. For IPv4 support, the SmartEdge router provides the following types of DHCPv4 support:

DHCPv4 relay server
The SmartEdge router acts as an intermediary between an external DHCPv4 server and the subscriber (client). The router forwards requests from the subscriber to the DHCPv4 server and relays the responses from the server back to the subscriber.
DHCPv4 proxy server
The SmartEdge router provides responses directly to subscriber requests. Each subscriber sees the router as the DHCPv4 server, and as such, sends all DHCPv4 negotiations, including IP address release and renewal, to the router, which then relays the information to the external DHCPv4 server. The proxy feature enables the router to maintain IP address lease timers.
DHCPv4 internal
The SmartEdge router provides the functions of the DHCPv4 server; no communication is sent to an external DHCPv4 server.

DHCPv4 is described in the following RFCs:

RFC 2131—Dynamic Host Configuration Protocol
RFC 2132—DHCP Options and BOOTP Vendor Extensions
RFC 3004—The User Class Option for DHCP

For more information about RADIUS, see Configuring RADIUS. For information about vendor VSAs provided by Ericsson AB, see RADIUS Attributes.

Note:: In all modes, DHCP maintains host entries only for multibind interfaces.

1.1.1 ARP and DHCPv4

For every valid DHCP response received from or transmitted to a subscriber, an entry is created in the Address Resolution Protocol (ARP) table. The entry includes the IP address that is assigned to the requesting medium access control (MAC) address and the incoming circuit on which the DHCP request is received. All entries are secured ARP entries. Because entries are cached in the ARP table, the SmartEdge router can route downstream packets to the correct outgoing interface. For more information about ARP, see Configuring ARP.

1.1.2 CLIPS and DHCPv4

Clientless IP service selection (CLIPS) exclusion allows you to configure DHCPv4 sessions on ports and PVCs that you have also configured for dynamic CLIPS sessions. With CLIPS exclusion, you can specify which sessions are DHCP hosts; all other sessions are dynamic CLIPS sessions. CLIPS exclusion applies only the DHCP proxy and internal servers. For more information about configuring CLIPS exclusion, see Configuring CLIPS.

The SmartEdge router supports residential gateways (RGs) with DHCP relay capability to be used as dynamic CLIPS clients. These RGs can then function as DHCP relay agents for the home network devices connected to an RG. (An RG connects network-enabled devices on a home network to the Internet.) Without this function, you must configure each RG by manually assigning it an IP address, enabling it to be used as a DHCP relay agent.

The following must occur before the can support RGs with DHCP relay capability to be used as dynamic CLIPS clients:

You must configure the RG as a DHCP client.
After the RG is assigned an IP address from a DHCP server, the RG must then operate as a DHCP relay agent.

After the CLIPS session of an RG is established, the home network devices can establish their own CLIPS sessions by using the DHCP relay agent. The CLIPS sessions for the home network devices are independent of the CLIPS session for the RG.

Note:: In this configuration, the DHCP server assigns the IP addresses to the RG and the home network devices on the same subnet.

To configure the SmartEdge router to support an RG as a dynamic CLIPS client, configure dynamic CLIPS circuits on the SmartEdge router. For instructions , follow the steps in the Configuring Dynamic CLIPS Circuits section in Configuring CLIPS.

The SmartEdge router supports DHCP discovery with duplicate MAC addresses for CLIPS subscribers. This enables different CLIPS subscribers to use the same MAC address, if the DHCP discover packet contains a unique GIADDR address. In general, DHCP determines the uniqueness of a subscriber based on both the MAC and GIADDR addresses instead of just the MAC address.

1.1.3 RADIUS and DHCP

When Remote Authentication Dial-In User Service (RADIUS) authentication is enabled, the SmartEdge router sends an accounting record to a RADIUS server each time an IP address is assigned or released.

If the SmartEdge router is acting as a DHCP proxy or internal server for CLIPS subscribers, the vendor class identifier received in the DHCP discover packet for the CLIPS session is sent in the RADIUS Access-Request and Accounting-Request packets to the RADIUS server, using vendor-specific attribute (VSA) 125 provided by Ericsson AB.

1.2 DHCPv6 Prefix Delegation for IPv6 Subscribers

The SmartEdge router can be configured to use DHCPv6 PD to provide IPv6 prefixes to IPv6 subscribers. You can configure IPv6 prefixes for subscribers:

Statically
Using the Delegated-IPv6-Prefix attribute, which can be configured statically, or by using the Delegated-IPv6-Prefix RADIUS attribute.
Through a DHCPv6 PD prefix pool

For detailed information about using DHCPv6 PD to delegate IPv6 prefixes to subscribers, see Configuring IPV6 Subscriber Services.

2 Configuration and Operations Tasks

Note:: In this section, the command syntax in the task tables displays only the root command; for the complete command syntax, see the Command List.

To configure DHCP features, perform the tasks described in the following sections:

2.1 Configuring an Internal DHCPv4 Server

To configure the SmartEdge router to act as an internal DHCP server, perform the tasks described in Table 1.

Table 1 Configure an Internal DHCP Server
Step	Task	Root Command	Notes
1.	Create or select the context for the DHCP internal server and access context configuration mode.	context	Enter this command in global configuration mode.
2.	Create or select the interface for the DHCP internal server and access interface configuration mode.	interface	Enter this command in context configuration mode. Specify the `multibind` keyword.
3.	Assign one or more IP addresses to this interface.	ip address	Enter this command in interface configuration mode.
4.	Enable this interface for internal DHCP server support and assign an IP address for its support.	dhcp server	Enter this command in interface configuration mode.
5.	Enable internal DHCP server functions in this context and access DHCP server configuration mode.	dhcp server policy	Enter this command in context configuration mode.
6.	Specify global settings for the DHCP server and all its subnets, using one or more of the following tasks:		Enter these commands in DHCP server configuration mode.
	Specify either the subscriber absolute timeout or the RADIUS session-timeout as the DHCP lease time for DHCP and CLIPS subscriber sessions.	subscriber dhcp-server-lease absolute-timeout	This command is enabled by default. Use the no form of the command (`no subscriber dhcp-server-lease absolute-timeout`) to override this default behavior and to use the absolute-timeout (session-timeout) value as the session duration rather than as the DHCP lease time.
	Specify the default lease time.	default-lease-time
	Specify the maximum lease time.	max-lease-time
	Specify the offer lease time.	offer-lease-time
	Enable the monitoring and reporting of available DHCP leases at the context level for minimum and maximum threshold values.	threshold
	Enable DHCP clients with the same MAC address to be assigned IP addresses on different circuits.	allow-duplicate-mac	Do not use the `allow-duplicate-mac` command within a context that has CLIPS subscribers.
	Specify one or more DHCP options.	option	Enter this command multiple times to specify as many options as you require.
	Specify the filename of the boot loader image file.	bootp-filename
	Specify the IP address that the boot loader client uses to download the boot loader image file.	bootp-siaddr
7.	Create a static mapping between a subnet and the specified vendor class ID.	vendor-class
8.	Create a subnet for the DHCP server and access DHCP subnet configuration mode.	subnet	Enter this command in DHCP server configuration mode.
	Optional. Configure this subnet, using one or more of the following tasks:		Enter all the following commands in DHCP subnet configuration mode.
	Assign a range of IP addresses to this subnet.	range (DHCP)
	Create a static mapping between a MAC address and an IP address in this subnet.	mac-address (DHCP)
	Create a static mapping between the agent circuit id subfield or the agent remote id subfield in the option 82 field and an IP address.	option-82
	Specify the maximum number of IP addresses allowed for an agent circuit id.	option-82
	Specify the default lease time for this subnet.	default-lease-time	These settings override the global settings for this subnet.
	Specify the maximum lease time for this subnet.	max-lease-time
	Specify the offer lease time for this subnet.	offer-lease-time
	Specify one or more DHCP options for this subnet.	option	Enter this command multiple times to specify as many options as you require.

2.2 Configuring an External DHCPv4 Server

To configure an external DHCP relay or proxy server, perform the tasks described in Table 2; enter all commands in DHCP relay server configuration mode, unless otherwise noted.

Table 2 Configuring an External DHCP Server
Step	Task	Root Command	Notes
1.	Configure an external DHCP server, and enter DHCP relay server configuration mode.	dhcp relay server	Enter this command in context configuration mode. You can configure only one DHCP server IP address in a single context.
2.	Configure the maximum hop count allowed for DHCP requests.	max-hops	Enter the commands in the remaining steps in DHCP relay server configuration mode.
3.	Configure the interval, in seconds, to wait before forwarding requests to the DHCP server.	min-wait
4.	Assign the DHCP server to a DHCP server group.	server-group
5.	Specify forwarding for DHCP messages, using one of the following tasks:
	Forward packets to all other DHCP servers in the DHCP server group.	forward-all
	Forward DHCP discover packets to other configured servers in the DHCP server group.	broadcast-discover
	Forward packets to a standby DHCP server.	standby

2.3 Configuring a Context for an External DHCPv4 Server

To configure a context for an external DHCP relay or proxy server, perform the tasks described in Table 3; enter all commands in context configuration mode.

Table 3 Configure a Context for an External DHCP Server
Step	Task	Root Command	Notes
1.	Specify the number of attempts and the interval to wait for each attempt when trying to reach an external DHCP server before it is marked unreachable.	dhcp relay server retries
2.	Disable the sending of a DHCPNAK message if the SmartEdge router receives a DHCPREQUEST message for which it does not have an entry.	dhcp relay suppress-nak
3.	Optional. Add the DHCP relay information option to packets.	dhcp relay option	The DHCP relay information option is described in RFC 3046, DHCP Relay Agent Information Option.

2.4 Configuring an Interface for an External DHCPv4 Server

To configure an interface for an external DHCP relay or proxy server, perform the tasks described in Table 4; enter all commands in interface configuration mode, unless otherwise noted.

Table 4 Configure an Interface for an External DHCP Server
Step	Task	Root Command	Notes
1.	Enable the interface for an external DHCP server, using one of the following tasks:
	Enable the interface to relay DHCP messages to an external DHCP server, and access DHCP giaddr configuration mode.	dhcp relay	These commands are mutually exclusive. If you are configuring CLIPS, you must use the `dhcp proxy` command. The value for the `max-dhcp-addrs` argument used with these commands works in conjunction with the `max-sub-addrs` value specified in the `dhcp max-addr` command (in subscriber configuration mode); see Section 3.2.
	Enable the interface to act as a proxy between subscribers and an external DHCP server, and access DHCP giaddr configuration mode.	dhcp proxy
2.	Optional. Configure an IP source address.	ip source-address	The interface address that you specify with this command must be reachable by the external DHCP server. You must specify the `dhcp-server` keyword.
3.	Specify an IP address for the giaddr field for DHCP packets that match the specified vendor-class-id.	vendor-class-id	Enter this command in DHCP giaddr configuration mode. You can enter either of these commands multiple times to specify multiple vendor IDs.

Note:: By default, the IP address of the interface on which DHCP messages are transmitted is sent in DHCP packets. To not publish this IP address, configure an interface (typically loopback) to appear to be the source address for DHCP packets.

2.5 Configuring Subscriber Hosts for DHCPv4 Address Functions

To configure subscriber hosts for DHCP address functions, perform the tasks described in Table 5; enter all commands in subscriber configuration mode.

Table 5 Configuring Subscriber Hosts for DHCP Address Functions
Step	Task	Root Command	Notes
1.	Optional. Configure hosts to use DHCP to dynamically acquire address information for a subscriber circuit and set a maximum number of IP addresses that can be assigned to hosts associated with the circuit.	dhcp max-addrs	You can also configure this information in the subscriber record through the RADIUS database instead of through this command. Use vendor VSA 3 provided by Ericsson AB, DHCP-Max-Leases, for the maximum number of IP addresses; see RADIUS Attributes.
2.	Optional. Configure hosts to use a specific DHCP interface to acquire address information for a subscriber circuit.	ip interface	You must configure the subscriber record or profile with the `dhcp max-addrs` command. You must enable the specified interface for DHCP proxy or DHCP relay; see Section 3.2. You can also configure this information in the subscriber record through the RADIUS database instead of through this command. Use vendor VSA 104 provided by Ericsson AB, IP-Interface-Name; see RADIUS Attributes.

2.6 Configuring the Router to Prevent DoS Attacks from DHCPv4 Clients

To configure the SmartEdge router to prevent denial of service (DoS) attacks from DHCP clients on a circuit, perform the task described in Table 6; enter the command in global configuration mode.

Table 6 Configuring the Router to Prevent DoS Attacks from DHCP Clients
Task	Root Command	Notes
Optional. Enable rate limiting DHCP packets on the circuit to prevent DoS attacks. Specify the number of packets allowed on each circuit, the interval during which the system counts the packets, and the drop-interval during which during which packets are dropped, if the allowed number of messages was exceeded in the previous interval.	rate-limit circuit dhcp	You have the option to rate-limit the DHCP packets based on either each MAC address on a circuit or a unique combination of MAC address and DHCP relay server address on a circuit.

2.7 Configuring Router to Prevent DoS Attacks from DHCPv6 Clients

To configure the router to prevent denial of service (DoS) attacks from DHCPv6 clients on a circuit, perform the task described in Table 7; enter the command in global configuration mode.

Table 7 Configure Router to Prevent DoS Attacks from DHCP Clients
Task	Root Command	Notes
Optional. Enable rate limiting DHCP packets on the circuit to prevent DoS attacks. Specify the number of packets allowed on each circuit, the interval during which the system counts the packets, and the drop-interval during which during which packets are dropped, if the allowed number of messages was exceeded in the previous interval.	rate-limit circuit dhcpv6	Rate limiting is performed on DHCPv6 packets coming on every circuit (virtual circuit in the case of PPPoE) even though it is configured on the parent circuit at the card level. It supports access link groups but not Ethernet or 802.1Q link groups.

2.8 Configuring a Traffic Card to Limit Effect of DHCPv4 Packet DoS Attacks

To configure a traffic card to prevent denial of service (DoS) attacks, perform the task described in Table 8; enter the command in card configuration mode.

Table 8 Configuring a Traffic Card to Prevent DoS Attacks
Task	Root Command	Notes
Optional. Enable rate limiting and specify the rate and burst limits for DHCP or PADI packets to prevent DoS attacks.	rate-limit dhcp rate-limit padi

2.9 Configuring a Traffic Card to Limit Effect of DHCPv6 Packet DoS Attacks

To configure a traffic card to limit the effect of DHCPv6 packet denial of service (DoS) attacks, enter the rate-limit dhcpv6 command as described in Table 9.

Table 9 Configuring a Traffic Card to Limit Effect of DHCPv6 DoS Attacks
Task	Root Command	Notes
Enable rate limiting and specify the rate and burst limits for DHCPv6 packets.	rate-limit dhcpv6	Enter in card configuration mode.

2.10 Configuring DHCPv6-PD for IPv6 Subscriber Support

To configure IPv6 subscriber services on a SmartEdge router, you must configure one or more multibind interfaces to function as DHCPv6-PD servers and configure a DHCPv6 server policy for subscribers.

To configure a multibind interface to be the DHCPv6-PD server, perform the following tasks:

Table 10 Configuring a Multibind Interface to be the DCPv6-PD Server
Step	Task	Root Command	Notes
1.	Access global configuration mode.	configure	—
2.	Access context configuration mode.	context	—
3.	Create a multibind interface, and access interface configuration mode.	interface	This is the interface you want to configure to be DHCPv6 enabled. It can, but is not required to be a last-resort interface.
4.	Assign an IPv6 address to the interface.	ipv6 address	—
5.	Configure an interface to be a DHCPv6 server interface.	dhcpv6 server	You can configure the DHCPv6 server to use the primary IPv6 address of the interface as the server IP address or specify an IP address for it.

To configure a DHCPv6 PD prefix pool:

Table 11 Configure a DHCPv6 PD Prefix Pool
Step	Task	Root Command	Notes
1.	Access global configuration mode.	configure	—
2.	Access context configuration mode.	context	—
3.	Create a multibind interface, and access interface configuration mode.	interface	—
4.	Assign an IPv6 address to the interface.	ipv6 address	—
5.	Create a DHCPv6 threshold value for which a crossing event occurs.	ipv6 pool dhcpv6	DHCPv6 threshold configuration for a particular pool (in interface configuration mode) takes precedence over DHCPv6 PD threshold configuration in context configuration mode.

To optionally configure pool thresholds that apply to all DHCPv6 PD prefix pools in the context perform the following tasks:

Table 12 Configure DHCPv6 PD Prefix Pool Thresholds
Step	Task	Root Command	Notes
1.	Access global configuration mode.	configure	—
2.	Access context configuration mode.	context	—
3.	Create pool of DHCPv6 PD prefixes under the multibind interface.	ipv6 pool dhcpv6	Threshold configuration for a particular pool (in interface configuration mode) takes precedence over threshold configuration in context configuration mode.

To create and configure a DHCPv6 server policy, perform the following tasks:

Table 13 Creating and Configuring a DHCPv6 Server Policy
Step	Task	Root Command	Notes
1.	Configure top-level DHCPv6 service policy attributes:
	Access global configuration mode.	configure	—
	Access context configuration mode.	context	—
	Create a DHCPv6 server policy and access DHCPv6 server policy configuration mode.	dhcpv6 server	Only one DHCPv6 server policy is allowed for a context.
	Specify the IP address of a DNS name server.	option domain-name-server	—
	Specify a domain name for DNS resolution.	option domain-search	—
	Specify the number of seconds a client waits before refreshing the configuration information received from DHCPv6 server.	option information-refresh-time	Range is from 600 through 4294967295 seconds.
	Configure the preference value for this DHCPv6 server.	option preference	A DHCPv6 server with a lower value is preferred over a server with a higher value. Range is from 0 through 255.
	Enable Rapid Commit for faster IPv6 prefix delegation.	option rapid-commit	With the RAPID COMMIT option, only two messages (SOLICIT and REPLY messages) are exchanged between the DHCPv6 server and the CPE. Use the RAPID COMMIT option when there is only one server for a client to connect to.
	Statically map a specified IPv6 prefix to a DUID or DUID and IAID.	prefix duid	—
	Configure the length of time the subscriber router can use a delegated IPv6 prefix and a given DHCPv6 prefix.	prefix lifetime	Set the prefix lifetime with one of the following constructs: `preferred seconds` — Length of time the subscriber router is allowed to use the delegated IPv6 prefix. Range is from 600 through 4294967294 seconds. `valid seconds` — Number of seconds a client can use a given DHCPv6 prefix. Range is from 600 through 4294967294 seconds. `infinite` —Configures both the preferred and valid lifetimes to be infinite.
2.	If desired, configure a subset of DHCPv6 attributes that apply to a particular subnet only. Options configured for the subnet take precedence over options specified in the top-level DHCPv6 server policy:
	If desired, access DHCPv6 server policy subnet configuration mode, where you can configure DHCPv6 server attributes that are applicable only to subscribers in the specified subnet.	subnet	Only those options that are administratively configured for a subnet differ from the options configured in the top-level DHCPv6 server policy (in DHCPv6 server policy configuration mode). If you do not specify a particular DHCPv6 policy option for the subnet (in DHCPv6 server policy subnet configuration mode), the subnet takes its configuration from the top-level DHCPv6 server policy configuration (as specified in DHCPv6 server policy configuration mode). Replace the `ipv6-prefix` argument with a prefix that does not overlap with any interface configured on the router.
	Specify a domain name for DNS resolution.	option domain-search	—
	Specify the IP address of the DNS name server.	option domain-name-server	—
	Configure the length of time the subscriber router is allowed to use a delegated IPv6 prefix and a given DHCPv6 prefix.	prefix	Set the prefix lifetime as follows: `preferred seconds` — Length of time the subscriber router is allowed to use the delegated IPv6 prefix. Range is from 600 through 4294967294 seconds. `valid seconds` — Number of seconds a client can use a given DHCPv6 prefix. Range is from 600 through 4294967294 seconds. `infinite` —Configures both the preferred and valid lifetimes to be infinite.

2.11 Operations Tasks

To monitor, troubleshoot, and administer internal and external DHCP servers and their functions, perform the appropriate tasks described in Table 14. Enter the clear and debug commands in exec mode; enter the show commands in any mode.

Table 14 DHCPv4 Operations Tasks
Task	Command
Clear DHCP host entries, and corresponding host route and ARP entries, from the routing table.	clear dhcp host
Clear DHCP statistics.	clear dhcp stats
Enable the generation of DHCP debug messages for external DHCP servers.	debug dhcp-relay
Enable the generation of DHCP debug messages for internal DHCP servers.	debug dhcp-server
Display the current DHCP configuration for the context.	show configuration dhcp
Display DHCP relay host information.	show dhcp relay hosts
Display DHCP information about the DHCP relay server.	show dhcp relay server
Display DHCP relay statistics.	show dhcp relay stats
Display a summary of DHCP relay host information.	show dhcp relay summary
Display DHCP server host or lease information.	show dhcp server
Display DHCP server file information.	show dhcp server file
Display IP address information for an agent circuit ID.	show dhcp server option-82
Display range usage for one or more interfaces configured for a DHCP server.	show dhcp server range
Display DHCP server process statistics.	show dhcp server stats
Display dropped DHCP packet information one or more traffic cards.	show rate-limit card

Table 15 DHCPv6-PD Operations Commands
Task	Command
Clear DHCPv6 statistics.	clear dhcpv6 log
Clear DHCPv6 statistics.	clear dhcpv6 statistics
Display the DUID that the DHCPv6 server onboard the SmartEdge is using to communicate with its DHCPv6 clients .	show dhcpv6 server duid
Display the DCHPv6-PD log. You can filter the log history by circuit, server or client DUID, or IPv6 prefix.	show dhcpv6 log
Display all the active DHCPv6 clients. Display more information with the detail keyword.	show dhcpv6 server host
Display the active DHCPv6 clients on a circuit.	show dhcpv6 server host circuit
Display the active DHCPv6 clients that use a prefix.	show dhcpv6 server host prefix
Display the active DHCPv6 clients on a subnet.	show dhcpv6 server host subnet
Display DHCPv6 Statistics. Display more information with the detail keyword.	show dhcpv6 statistics
Enable the generation of DHCPv6 debugging messages; see the command description for filtering keywords.	debug dhcpv6
Display information about the IPv6 shared and DHCPv6 PD prefix pools configured under the current context.	show ipv6 pool

3 Configuration Examples

The following sections provide examples of configuring a DHCP internal server, DHCP proxy and maximum address support, subscriber bindings to DHCP interfaces, DHCP proxy through dynamic subscriber bindings, through static interface bindings, and DHCP proxy through RADIUS.

3.1 DHCPv4 Internal Server

The following example shows how to configure an internal DHCP server and two subnets:

! Create the context and the interface.

[local]Redback(config)#context dhcp
[local]Redback(config-ctx)#interface dhcp-if multibind


! Assign two subnets to the interface

[local]Redback(config-if)#ip address 12.1.1.0/24
[local]Redback(config-if)#ip address 13.1.1.0/24 secondary


! Enable the interface for internal DHCP functions and assign an IP address to it.

[local]Redback(config-if)#dhcp server 12.1.1.1
[local]Redback(config-if)#exit


! Enable the context for internal DHCP server functions.

[local]Redback(config-ctx)#dhcp server policy


! Specify global settings for the internal DHCP server and all its subnets.

[local]Redback(config-dhcp-server)#allow-duplicate-mac
[local]Redback(config-dhcp-server)#default-lease-time 14400
[local]Redback(config-dhcp-server)#maximum-lease-time 172800
[local]Redback(config-dhcp-server)#offer-lease-time 300
[local]Redback(config-dhcp-server)#option domain-name ericsson.com


! Specify the boot loader image file and the server IP address where it can be found

[local]Redback(config-dhcp-server)#bootp-filename of1267.bin
[local]Redback(config-dhcp-server)#bootp-siaddr 200.1.1.0


! Create an unnamed subnet and configure it. 

[local]Redback(config-dhcp-server)#subnet 13.1.1.1/24
[local]Redback(config-dhcp-subnet)#range 13.1.1.50 13.1.1.99


! Override the global settings for these options.

[local]Redback(config-dhcp-subnet)#default-lease-time 3600
[local]Redback(config-dhcp-subnet)#maximum-lease-time 14400
[local]Redback(config-dhcp-subnet)#option domain-name cool.com
[local]Redback(config-dhcp-subnet)#option domain-name-servers 12.1.1.254
[local]Redback(config-dhcp-subnet)#exit


! Create a named subnet and configure it. 

[local]Redback(config-dhcp-server)#subnet 13.1.1.100/24 name sub2
[local]Redback(config-dhcp-subnet)#range 13.1.1.150 13.1.1.199

!Create static mappings for this named subnet

[local]Redback(config-dhcp-subnet)#mac-address 02:12:34:56:78:90 
ip-address 13.1.1.2
[local]Redback(config-dhcp-subnet)#option-82 circuit-id “4:1 vlan 102”
 offset 3 ip-address 13.1.1.3 
[local]Redback(config-dhcp-subnet)#option-82 circuit-id “4:1 vlan 102” 
offset 3 max-addresses 10


! Override the global setting for this option.

[local]Redback(config-dhcp-subnet)#option domain-name hot.com
[local]Redback(config-dhcp-subnet)#exit


!Create a static mapping for this named subnet

[local]Redback(config-dhcp-server)#vendor-class “abc-client” 
offset 5 subnet sub2

3.2 DHCPv4 Proxy and Maximum Address Support

The following example illustrates how the value for the max-sub-addr argument for the dhcp max-addr command (in subscriber configuration mode) works in conjunction with the value for the max-dhcp-addr argument for the dhcp proxy command (in interface configuration mode). In this example, the number of DHCP clients that can be supported on the DHCPv4 proxy multibind interface at IP address, 120.1.1.1, is restricted to 10, with the dhcp proxy command. The first four subscribers, each with a value of 1 for max-sub-addrs, can be authenticated and a circuit can be brought up for each of them. However, subscriber sub5 cannot be authenticated because its max-sub-addr value is 10, which exceeds the remaining number of addresses available on the interface, which is now 6:

[local]Redback(config-ctx)#interface subscriber multibind
[local]Redback(config-if)#ip address 120.1.1.1/16
[local]Redback(config-if)#dhcp proxy 10
[local]Redback(config-if)#ip arp timeout 120
[local]Redback(config-if)#ip arp delete-expired
[local]Redback(config-if)#exit
[local]Redback(config-ctx)#interface to-dhcp-server
[local]Redback(config-if)#ip address 100.1.1.1/16
[local]Redback(config-if)#exit
[local]Redback(config-ctx)#subscriber name sub1
[local]Redback(config-sub)#dhcp max-addrs 1
[local]Redback(config-sub)#exit
[local]Redback(config-ctx)#subscriber name sub2
[local]Redback(config-sub)#dhcp max-addrs 1
[local]Redback(config-sub)#exit
[local]Redback(config-Ctx)#subscriber name sub3
[local]Redback(config-sub)#dhcp max-addrs 1
[local]Redback(config-sub)#exit
[local]Redback(config-ctx)#subscriber name sub4
[local]Redback(config-sub)#dhcp max-addrs 1
[local]Redback(config-sub)#exit
[local]Redback(config-ctx)#subscriber name sub5
[local]Redback(config-sub)#dhcp max-addrs 10
[local]Redback(config-sub)#exit
[local]Redback(config-ctx)#dhcp relay server 100.1.1.156
[local]Redback(config-dhcp-relay)#exit
[local]Redback(config-ctx)#dhcp relay option

3.3 Subscriber Bindings to DHCPv4 Interfaces

This section provides examples of binding subscribers to DHCPv4 interfaces using local authentication and RADIUS.

3.3.1 Using Local Authentication

The following example binds subscribers to DHCPv4 interfaces using the ip interface command (in subscriber configuration mode) with local authentication:

[local]Redback(config)#context atm_subs
[local]Redback(config-ctx)#interface bronze multibind
[local]Redback(config-if)#ip address 120.1.3.1/24
[local]Redback(config-if)#dhcp proxy 65535
[local]Redback(config-if)#exit
[local]Redback(config-ctx)#interface gold multibind
[local]Redback(config-if)#ip address 120.1.1.1/24
[local]Redback(config-if)#dhcp proxy 100
[local]Redback(config-if)#exit
[local]Redback(config-ctx)#interface silver multibind
[local]Redback(config-if)#ip address 120.1.2.1/24
[local]Redback(config-if)#dhcp proxy 10
[local]Redback(config-if)#exit
[local]Redback(config-ctx)#subscriber profile gold
[local]Redback(config-sub)#ip interface name gold
[local]Redback(config-sub)#exit
[local]Redback(config-ctx)#subscriber profile silver
[local]Redback(config-sub)#ip interface name silver
[local]Redback(config-sub)#exit
[local]Redback(config-ctx)#subscriber profile bronze
[local]Redback(config-sub)#ip interface name bronze
[local]Redback(config-sub)#exit
[local]Redback(config-ctx)#subscriber name sub1
[local]Redback(config-sub)#profile gold
[local]Redback(config-sub)#dhcp max-addrs 10
[local]Redback(config-sub)#exit
[local]Redback(config-ctx)#subscriber name sub2
[local]Redback(config-sub)#profile silver
[local]Redback(config-sub)#dhcp max-addrs 10
[local]Redback(config-sub)#exit
[local]Redback(config-ctx)#subscriber name sub3
[local]Redback(config-sub)#profile bronze
[local]Redback(config-sub)#dhcp max-addrs 10
[local]Redback(config-sub)#exit
[local]Redback(config-ctx)#exit
[local]Redback(config)#port atm 1/4
[local]Redback(config-atm-oc)#no shutdown
[local]Redback(config-atm-oc)#atm pvc 0 101 profile a1 encapsulation bridge1483
[local]Redback(config-atm-pvc)#bind subscriber sub1@atm_subs
[local]Redback(config-atm-pvc)#exit
[local]Redback(config-atm-oc)#atm pvc 0 102 profile a1 encapsulation bridge1483
[local]Redback(config-atm-pvc)#bind subscriber sub2@atm_subs
[local]Redback(config-atm-pvc)#exit
[local]Redback(config-atm-oc)#atm pvc 0 103 profile a1 encapsulation bridge1483
[local]Redback(config-atm-pvc)#bind subscriber sub3@atm_subs

The following example displays information about these subscriber circuits:

[atm_subs]Redback>show subscribers active



sub1@atm_subs

        Circuit   1/4:1 vpi-vci 0 101

        Internal Circuit   1/4:1:63/1/2/24579

        Current port-limit unlimited

        profile gold (applied)

        dhcp max-addrs 10 (applied)

        ip interface gold (applied)

sub2@atm_subs

        Circuit   1/4:1 vpi-vci 0 102

        Internal Circuit   1/4:1:63/1/2/24580

        Current port-limit unlimited

        profile silver (applied)

        dhcp max-addrs 10 (applied)

        ip interface silver (applied)

sub3@atm_subs

        Circuit   1/4:1 vpi-vci 0 103

        Internal Circuit   1/4:1:63/1/2/24581

        Current port-limit unlimited

        profile bronze (applied)

        dhcp max-addrs 10 (applied)

        ip interface bronze (applied)

The following example displays information about the DHCP hosts after they have been established on the active subscriber circuits:

[atm_subs]Redback>show subscribers active



sub1@atm_subs

        Circuit   1/4:1 vpi-vci 0 101

        Internal Circuit   1/4:1:63/1/2/24579

        Current port-limit unlimited

        profile gold (applied)

        dhcp max-addrs 10 (applied)

        ip interface gold (applied)

          IP host entries installed by DHCP: (max_addr 10 cur_enties 10)



                120.1.1.199    00:dd:00:00:00:0a

                120.1.1.191    00:dd:00:00:00:09

                120.1.1.192    00:dd:00:00:00:08

                120.1.1.200    00:dd:00:00:00:07

                120.1.1.194    00:dd:00:00:00:05

                120.1.1.193    00:dd:00:00:00:06

                120.1.1.196    00:dd:00:00:00:03

                120.1.1.195    00:dd:00:00:00:04

                120.1.1.197    00:dd:00:00:00:02

                120.1.1.198    00:dd:00:00:00:01



sub2@atm_subs

        Circuit   1/4:1 vpi-vci 0 102

        Internal Circuit   1/4:1:63/1/2/24580

        Current port-limit unlimited

        profile silver (applied)

        dhcp max-addrs 10 (applied)

        ip interface silver (applied)

          IP host entries installed by DHCP: (max_addr 10 cur_enties 10)



                120.1.2.191    00:dd:00:00:00:14

                120.1.2.192    00:dd:00:00:00:13

                120.1.2.193    00:dd:00:00:00:12

                120.1.2.194    00:dd:00:00:00:11

                120.1.2.195    00:dd:00:00:00:10

                120.1.2.196    00:dd:00:00:00:0f

                120.1.2.197    00:dd:00:00:00:0e

                120.1.2.198    00:dd:00:00:00:0d

                120.1.2.199    00:dd:00:00:00:0c

                120.1.2.200    00:dd:00:00:00:0b

sub3@atm_subs

        Circuit   1/4:1 vpi-vci 0 103

        Internal Circuit   1/4:1:63/1/2/24581

        Current port-limit unlimited

        profile bronze (applied)

        dhcp max-addrs 10 (applied)

        ip interface bronze (applied)

          IP host entries installed by DHCP: (max_addr 10 cur_enties 10)

                120.1.3.191    00:dd:00:00:00:1e

                120.1.3.192    00:dd:00:00:00:1d

                120.1.3.193    00:dd:00:00:00:1c

                120.1.3.194    00:dd:00:00:00:1b

                120.1.3.195    00:dd:00:00:00:1a

                120.1.3.196    00:dd:00:00:00:19

                120.1.3.197    00:dd:00:00:00:18

                120.1.3.198    00:dd:00:00:00:17

                120.1.3.199    00:dd:00:00:00:16

                120.1.3.200    00:dd:00:00:00:15

The following example displays DHCPv4 relay host information for this configuration:

[atm_subs]Ericsson>show dhcp relay hosts



Circuit                            Host              Hardware address

Lease     Ttl       Timestamp                 Relay/Proxy Context

1/4:1 vpi-vci 0 101                120.1.1.198       00:dd:00:00:00:01

1800      1709      Thu Nov  8 09:16:21 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 101                120.1.1.197       00:dd:00:00:00:02

1800      1710      Thu Nov  8 09:16:22 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 101                120.1.1.195       00:dd:00:00:00:04

1800      1713      Thu Nov  8 09:16:24 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 101                120.1.1.196       00:dd:00:00:00:03

1800      1713      Thu Nov  8 09:16:24 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 101                120.1.1.193       00:dd:00:00:00:06

1800      1711      Thu Nov  8 09:16:22 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 101                120.1.1.194       00:dd:00:00:00:05

1800      1712      Thu Nov  8 09:16:23 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 101                120.1.1.200       00:dd:00:00:00:07

1800      1712      Thu Nov  8 09:16:23 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 101                120.1.1.192       00:dd:00:00:00:08

1800      1711      Thu Nov  8 09:16:22 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 101                120.1.1.191       00:dd:00:00:00:09

1800      1711      Thu Nov  8 09:16:22 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 101                120.1.1.199       00:dd:00:00:00:0a

1800      1711      Thu Nov  8 09:16:23 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 102                120.1.2.197       00:dd:00:00:00:0e

1800      1717      Thu Nov  8 09:16:28 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 102                120.1.2.200       00:dd:00:00:00:0b

1800      1713      Thu Nov  8 09:16:25 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 102                120.1.2.199       00:dd:00:00:00:0c

1800      1716      Thu Nov  8 09:16:28 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 102                120.1.2.198       00:dd:00:00:00:0d

1800      1716      Thu Nov  8 09:16:27 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 102                120.1.2.196       00:dd:00:00:00:0f

1800      1716      Thu Nov  8 09:16:27 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 102                120.1.2.195       00:dd:00:00:00:10

1800      1715      Thu Nov  8 09:16:27 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 102                120.1.2.194       00:dd:00:00:00:11

1800      1717      Thu Nov  8 09:16:28 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 102                120.1.2.193       00:dd:00:00:00:12

1800      1718      Thu Nov  8 09:16:29 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 102                120.1.2.192       00:dd:00:00:00:13

1800      1717      Thu Nov  8 09:16:29 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 102                120.1.2.191       00:dd:00:00:00:14

1800      1719      Thu Nov  8 09:16:30 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 103                120.1.3.200       00:dd:00:00:00:15

1800      1718      Thu Nov  8 09:16:30 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 103                120.1.3.199       00:dd:00:00:00:16

1800      1720      Thu Nov  8 09:16:32 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 103                120.1.3.198       00:dd:00:00:00:17

1800      1721      Thu Nov  8 09:16:32 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 103                120.1.3.197       00:dd:00:00:00:18

1800      1721      Thu Nov  8 09:16:32 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 103                120.1.3.196       00:dd:00:00:00:19

1800      1722      Thu Nov  8 09:16:33 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 103                120.1.3.195       00:dd:00:00:00:1a

1800      1723      Thu Nov  8 09:16:34 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 103                120.1.3.194       00:dd:00:00:00:1b

1800      1721      Thu Nov  8 09:16:33 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 103                120.1.3.193       00:dd:00:00:00:1c

1800      1722      Thu Nov  8 09:16:33 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 103                120.1.3.192       00:dd:00:00:00:1d

1800      1722      Thu Nov  8 09:16:33 2005  Proxy       atm_subs

1/4:1 vpi-vci 0 103                120.1.3.191       00:dd:00:00:00:1e

1800      1723      Thu Nov  8 09:16:34 2005  Proxy       atm_subs

3.3.2 Using RADIUS Authentication

The following example shows how to bind subscribers to DHCPv4 interfaces, using the ip interface command (in subscriber configuration mode) with RADIUS authentication:

[local]Redback(config)#context atm_subs
[local]Redback(config-ctx)#interface bronze multibind
[local]Redback(config-if)#ip address 120.1.3.1/24
[local]Redback(config-if)#dhcp proxy 100
[local]Redback(config-if)#exit
[local]Redback(config-ctx)#interface gold multibind
[local]Redback(config-if)#ip address 120.1.1.1/24
[local]Redback(config-if)#dhcp proxy 100
[local]Redback(config-if)#exit
[local]Redback(config-ctx)#interface silver multibind
[local]Redback(config-if)#ip address 120.1.2.1/24
[local]Redback(config-if)#dhcp proxy 100
[local]Redback(config-if)#exit
[local]Redback(config-ctx)#interface to-linux-server
[local]Redback(config-if)#ip address 108.1.1.1/24
[local]Redback(config-if)#exit
[local]Redback(config-ctx)#interface to-sms-server
[local]Redback(config-if)#ip address 100.1.1.1/24
[local]Redback(config-if)#exit
[local]Redback(config-ctx)#radius server 108.1.1.157 key mpls4
[local]Redback(config-ctx)#radius max-retries 5
[local]Redback(config-ctx)#radius timeout 5
[local]Redback(config-ctx)#radius algorithm round-robin
[local]Redback(config-ctx)#radius accounting algorithm round-robin
[local]Redback(config-ctx)#aaa authentication subscriber radius
[local]Redback(config-ctx)#aaa accounting subscriber radius
[local]Redback(config-ctx)#aaa accounting event dhcp
[local]Redback(config-ctx)#radius accounting server 108.1.1.157 key mpls4
[local]Redback(config-ctx)#subscriber profile gold
[local]Redback(config-sub)#ip interface name gold
[local]Redback(config-sub)#exit
[local]Redback(config-ctx)#subscriber profile silver
[local]Redback(config-sub)#ip interface name silver
[local]Redback(config-sub)#exit
[local]Redback(config-ctx)#subscriber profile bronze
[local]Redback(config-sub)#ip interface name bronze
[local]Redback(config-sub)#exit
[local]Redback(config-ctx)#dhcp relay server 108.1.1.157
[local]Redback(config-dhcp-relay)#exit
[local]Redback(config-ctx)#dhcp relay option
[local]Redback(config-ctx)#exit
[local]Redback(config)#card atm-oc3e-8-port 1
[local]Redback(config)#port atm 1/4
[local]Redback(config-atm-oc)#no shutdown
[local]Redback(config-atm-oc)#atm pvc 0 101 profile a1 encapsulation bridge1483
[local]Redback(config-atm-pvc)#bind subscriber sub1@atm_subs password test
[local]Redback(config-atm-pvc)#exit
[local]Redback(config-atm-oc)#atm pvc 0 102 profile a1 encapsulation bridge1483
[local]Redback(config-atm-pvc)#bind subscriber sub2@atm_subs password test
[local]Redback(config-atm-pvc)#exit
[local]Redback(config-atm-oc)#atm pvc 0 103 profile a1 encapsulation bridge1483
[local]Redback(config-atm-pvc)#bind subscriber sub3@atm_subs password test

The following example displays the RADIUS subscriber files:

sub1@atm_subs   Password = "test"

           Service-Type = Framed-User,

           RB-IP-Interface-Name = gold,

           RB-DHCP-Max-Leases = 10,

           RB-Context-Name = atm_subs



sub2@atm_subs   Password = "test"

           Service-Type = Framed-User,

           RB-IP-Interface-Name = silver,

           RB-DHCP-Max-Leases = 10,

           RB-Context-Name = atm_subs



sub3@atm_subs   Password = "test"

           Service-Type = Framed-User,

           RB-IP-Interface-Name = bronze,

           RB-DHCP-Max-Leases = 10,

           RB-Context-Name = atm_subs

In the RADIUS dictionary, the relevant attribute is:

VENDORATTR    2352       RB-IP-Interface-Name          104     string

The following example shows one of the sample Accounting-Alive packets with the RADIUS IP interface attribute:

Code:       Accounting-Request

Identifier: 38

Authentic:  'l<199>[<151><142><192>@<0><15><175>KCO}<163>

Attributes:

        User-Name = "sub3@atm_subs"

        Acct-Status-Type = Alive

        Acct-Session-Id = "0003003F3000601C-40757C65"

        Service-Type = Framed-User

        NAS-Identifier = "mpls4"

        NAS-Port = 17039424

        NAS-Port-Type = Sync

        NAS-Port-Id = "1/4 vpi-vci 0 103"

        Connect-Info = "a1"

        RB-Platform-ID = SmartEdge

        Acct-Authentic = RADIUS

        RB-IP-Interface-Name = "bronze"

        RB-DHCP-Max-Leases = 10

        Acct-Session-Time = 105

        Acct-Input-Packets = 32

        Acct-Output-Packets = 26

        Acct-Input-Octets = 7733

        Acct-Output-Octets = 5388

        Acct-Input-Gigawords = 0

        Acct-Output-Gigawords = 0

        RB-Acct-Input-Packets-64 = 0x20

        RB-Acct-Output-Packets-64 = 0x1a

        RB-Acct-Input-Octets-64 = 0x1e35

3.4 DHCPv4 Proxy Through Dynamic Subscriber Bindings

The following example shows how to configure DHCPv4 proxy through dynamic subscriber bindings:

[local]Redback(config)#context dyn-sub-bindings
[local]Redback(config-ctx)#interface dyn-sub-if multibind
[local]Redback(config-if)#ip address 100.1.1.1/24
[local]Redback(config-if)#dhcp proxy 251
[local]Redback(config-if)#exit
[local]Redback(config-ctx)#interface to-dhcp-server
[local]Redback(config-if)#ip address 108.1.1.1/24
[local]Redback(config-if)#exit
[local]Redback(config-ctx)#subscriber name sub21
[local]Redback(config-sub)#dhcp max-addrs 1
[local]Redback(config-sub)#exit
[local]Redback(config-ctx)#subscriber name sub22 
[local]Redback(config-sub)#dhcp max-addrs 1
[local]Redback(config-sub)#exit
[local]Redback(config-ctx)#subscriber name sub23
[local]Redback(config-sub)#dhcp max-addrs 1
[local]Redback(config-sub)#exit
[local]Redback(config-ctx)#subscriber name sub24
[local]Redback(config-sub)#dhcp max-addrs 1
[local]Redback(config-sub)#exit
[local]Redback(config-ctx)#subscriber name sub25
[local]Redback(config-sub)#dhcp max-addrs 1
[local]Redback(config-sub)#exit
[local]Redback(config-ctx)#subscriber name sub101
[local]Redback(config-sub)#password test
[local]Redback(config-sub)#dhcp max-addrs 1 
[local]Redback(config-sub)#exit
[local]Redback(config-ctx)#subscriber name sub102
[local]Redback(config-sub)#password test    
[local]Redback(config-sub)#dhcp max-addrs 1
[local]Redback(config-sub)#exit
[local]Redback(config-ctx)#subscriber name sub103
[local]Redback(config-sub)#password test
[local]Redback(config-sub)#dhcp max-addrs 1 
[local]Redback(config-sub)#exit
[local]Redback(config-ctx)#subscriber name sub104
[local]Redback(config-sub)#password test    
[local]Redback(config-sub)#dhcp max-addrs 1 
[local]Redback(config-sub)#exit
[local]Redback(config-ctx)#subscriber name sub105
[local]Redback(config-sub)#password test    
[local]Redback(config-sub)#dhcp max-addrs 1 
[local]Redback(config-sub)#exit
[local]Redback(config-ctx)#dhcp relay server 108.1.1.156
[local]Redback(config-dhcp-relay)#exit
[local]Redback(config-ctx)#dhcp relay option
[local]Redback(config-ctx)#exit
[local]Redback(config)#atm profile a1
[local]Redback(config-atm-profile)#shaping ubr
[local]Redback(config-atm-profile)#exit
[local]Redback(config)#card atm-oc3e-8-port 5
[local]Redback(config-card)#exit
[local]Redback(config)#port atm 5/2
[local]Redback(config-atm-oc)#no shutdown
[local]Redback(config-atm-oc)#atm pvc 0 101 profile a1 encapsulation bridge1483
[local]Redback(config-atm-pvc)#bind subscriber sub101@subscriber password test
[local]Redback(config-atm-pvc)#exit
[local]Redback(config-atm-oc)#atm pvc 0 102 profile a1 encapsulation bridge1483
[local]Redback(config-atm-pvc)#bind subscriber sub102@subscriber password test
[local]Redback(config-atm-pvc)#exit
[local]Redback(config-atm-oc)#atm pvc 0 103 profile a1 encapsulation bridge1483
[local]Redback(config-atm-pvc)#bind subscriber sub103@subscriber password test
[local]Redback(config-atm-pvc)#exit
[local]Redback(config-atm-oc)#atm pvc 0 104 profile a1 encapsulation bridge1483
[local]Redback(config-atm-pvc)#bind subscriber sub104@subscriber password test
[local]Redback(config-atm-pvc)#exit
[local]Redback(config-atm-oc)#atm pvc 0 105 profile a1 encapsulation bridge1483
[local]Redback(config-atm-pvc)#bind subscriber sub105@subscriber password test
[local]Redback(config-atm-pvc)#exit
[local]Redback(config-atm-oc)#exit
[local]Redback(config)#port ethernet 9/1
[local]Redback(config-port)#no shutdown
[local]Redback(config-port)#bind interface to-dhcp-server subscriber
[local]Redback(config-port)#exit
[local]Redback(config)#port ethernet 9/2
[local]Redback(config-port)#no shutdown
[local]Redback(config-port)#encapsulation dot1q
[local]Redback(config-port)#dot1q pvc 21
[local]Redback(config-dot1q-pvc)#bind subscriber sub21@subscriber
[local]Redback(config-dot1q-pvc)#exit
[local]Redback(config-port)#dot1q pvc 22
[local]Redback(config-dot1q-pvc)#bind subscriber sub22@subscriber
[local]Redback(config-dot1q-pvc)#exit
[local]Redback(config-port)#dot1q pvc 23
[local]Redback(config-dot1q-pvc)#bind subscriber sub23@subscriber
[local]Redback(config-dot1q-vc)#exit
[local]Redback(config-port)#dot1q pvc 24
[local]Redback(config-dot1q-pvc)#bind subscriber sub24@subscriber
[local]Redback(config-dot1q-pvc)#exit
[local]Redback(config-port)#dot1q pvc 25
[local]Redback(config-dot1q-pvc)#bind subscriber sub25@subscriber

3.5 DHCPv4 Proxy Through Static Interface Bindings

The following example shows how to configure DHCPv4 proxy through static interface bindings:

[local]Redback(config)#context non-subscriber 
[local]Redback(config-ctx)#interface non-subscriber multibind
[local]Redback(config-if)#ip address 100.1.1.1/16
[local]Redback(config-if)#dhcp proxy 1000   
[local]Redback(config-if)#exit
[local]Redback(config-ctx)#interface to-dhcp-server
[local]Redback(config-if)#ip address 108.1.1.1/24
[local]Redback(config-if)#exit
[local]Redback(config-ctx)#interface vlan.1 multibind
[local]Redback(config-if)#ip address 121.1.1.1/24
[local]Redback(config-if)#dhcp proxy 250 
[local]Redback(config-if)#exit
[local]Redback(config-ctx)#interface vlan.10 multibind
[local]Redback(config-if)#ip address 130.1.1.1/24
[local]Redback(config-if)#dhcp proxy 250
[local]Redback(config-if)#exit
[local]Redback(config-ctx)#dhcp relay server 108.1.1.156
[local]Redback(config-dhcp-relay)#exit
[local]Redback(config-ctx)#dhcp relay option
[local]Redback(config-ctx)#exit
[local]Redback(config)#port ethernet 9/2 
[local]Redback(config-port)#no shutdown
[local]Redback(config-port)#encapsulation dot1q
[local]Redback(config-port)#dot1q pvc 1
[local]Redback(config-dot1q-pvc)#bind interface vlan.1 non-subscriber
[local]Redback(config-dot1q-pvc)#exit
[local]Redback(config-port)#dot1q pvc 10
[local]Redback(config-dot1q-pvc)#bind interface vlan.10 non-subscriber
[local]Redback(config-dot1q-pvc)#exit
[local]Redback(config-port)#dot1q pvc 11 encaps multi
[local]Redback(config-dot1q-pvc)#bind interface non-subscriber non-subscriber
[local]Redback(config-dot1q-pvc)#exit
[local]Redback(config-port)#dot1q pvc 12 encaps multi
[local]Redback(config-dot1q-pvc)#bind interface non-subscriber non-subscriber
[local]Redback(config-dot1q-pvc)#exit
[local]Redback(config-port)#dot1q pvc 13 encaps multi
[local]Redback(config-dot1q-pvc)#bind interface non-subscriber non-subscriber
[local]Redback(config-dot1q-pvc)#exit
[local]Redback(config-port)#dot1q pvc 14 encaps multi
[local]Redback(config-dot1q-pvc)#bind interface non-subscriber non-subscriber
[local]Redback(config-dot1q-pvc)#exit
[local]Redback(config-port)#dot1q pvc 15 encaps multi
[local]Redback(config-dot1q-pvc)#bind interface non-subscriber non-subscriber
[local]Redback(config-dot1q-pvc)#exit
[local]Redback(config-port)#dot1q pvc 16 encaps multi
[local]Redback(config-dot1q-pvc)#bind interface non-subscriber non-subscriber
[local]Redback(config-dot1q-pvc)#exit
[local]Redback(config-port)#dot1q pvc 17 encaps multi
[local]Redback(config-dot1q-pvc)#bind interface non-subscriber non-subscriber
[local]Redback(config-dot1q-pvc)#exit
[local]Redback(config-port)#dot1q pvc 18 encaps multi
[local]Redback(config-dot1q-pvc)#bind interface non-subscriber non-subscriber
[local]Redback(config-dot1q-pvc)#exit
[local]Redback(config-port)#dot1q pvc 19 encaps multi
[local]Redback(config-dot1q-pvc)#bind interface non-subscriber non-subscriber
[local]Redback(config-dot1q-pvc)#exit
[local]Redback(config-port)#dot1q pvc 20 encaps multi
[local]Redback(config-dot1q-pvc)#bind interface non-subscriber non-subscriber

3.6 DHCPv4 Proxy Through RADIUS

The following example shows how to configure DHCPv4 proxy through RADIUS:

[local]Redback(config)#no service multiple-contexts
[local]Redback(config)#context local
[local]Redback(config-ctx)#interface loop1 loopback
[local]Redback(config-if)#ip address 11.200.1.1/32
[local]Redback(config-if)#ip source-address dhcp-server
[local]Redback(config-if)#exit
[local]Redback(config-ctx)#interface subscriber multibind
[local]Redback(config-if)#ip address 100.1.0.1/16
[local]Redback(config-if)#dhcp proxy 50
[local]Redback(config-if)#exit
[local]Redback(config-ctx)#interface to-cisco-dhcp-server
[local]Redback(config-if)#ip address 108.1.1.1/24
[local]Redback(config-if)#exit
[local]Redback(config-ctx)#radius server 108.1.1.157 key dhcp
[local]Redback(config-ctx)#aaa authentication subscriber radius
[local]Redback(config-ctx)#dhcp relay server 108.1.1.156
[local]Redback(config-dhcp-relay)#exit
[local]Redback(config-ctx)#dhcp relay option
[local]Redback(config-ctx)#exit
[local]Redback(config)#card ge-10-port 9
[local]Redback(config-card)#exit
[local]Redback(config)#port ethernet 9/1
[local]Redback(config-port)#no shutdown
[local]Redback(config-port)#bind interface to-cisco-dhcp-server local
[local]Redback(config-port)#exit
[local]Redback(config)#port ethernet 9/2
[local]Redback(config-port)#no shutdown
[local]Redback(config-port)#encapsulation dot1q
[local]Redback(config-port)#dot1q pvc 1 
[local]Redback(config-dot1q-pvc)#bind subscriber sub1@local password test
[local]Redback(config-dot1q-pvc)#exit
[local]Redback(config-port)#dot1q pvc 2 
[local]Redback(config-dot1q-pvc)#bind subscriber sub2@local password test
[local]Redback(config-dot1q-pvc)#exit
[local]Redback(config-port)#dot1q pvc 3 
[local]Redback(config-dot1q-pvc)#bind subscriber sub3@local password test
[local]Redback(config-dot1q-pvc)#exit
[local]Redback(config-port)#dot1q pvc 4 
[local]Redback(config-dot1q-pvc)#bind subscriber sub4@local password test
[local]Redback(config-dot1q-pvc)#exit
[local]Redback(config-port)#dot1q pvc 5 
[local]Redback(config-dot1q-pvc)#bind subscriber sub5@local password test
[local]Redback(config-dot1q-pvc)#exit
[local]Redback(config-port)#dot1q pvc 6 
[local]Redback(config-dot1q-pvc)#bind subscriber sub6@local password test
[local]Redback(config-dot1q-pvc)#exit
[local]Redback(config-port)#dot1q pvc 7 
[local]Redback(config-dot1q-pvc)#bind subscriber sub7@local password test
[local]Redback(config-dot1q-pvc)#exit
[local]Redback(config-port)#dot1q pvc 8 
[local]Redback(config-dot1q-pvc)#bind subscriber sub8@local password test
[local]Redback(config-dot1q-pvc)#exit
[local]Redback(config-port)#dot1q pvc 9 
[local]Redback(config-dot1q-pvc)#bind subscriber sub9@local password test
[local]Redback(config-dot1q-pvc)#exit
[local]Redback(config-port)#dot1q pvc 10 
[local]Redback(config-dot1q-pvc)#bind subscriber sub10@local password test

The following output displays sample content from the RADIUS server file used in this example:

sub1@local      Password = "test"
        Service-Type = Framed-User,
        DHCP_Max_Leases = 1
sub2@local      Password = "test"
        Service-Type = Framed-User,
        DHCP_Max_Leases = 1
sub3@local      Password = "test"
        Service-Type = Framed-User,
        DHCP_Max_Leases = 1
sub4@local      Password = "test"
        Service-Type = Framed-User,
        DHCP_Max_Leases = 1

3.7 Loopback Interface as DHCPv4 Source Address

The following example shows that the IP address of the interface connected to the external DHCPv4 server is 108.1.1.1; however, a loopback interface is configured with another IP address, which is sent to the DHCPv4 server as the source IP address for DHCPv4 packets:

[local]Redback(config)#context local
[local]Redback(config-ctx)#interface to-dhcp-server
[local]Redback(config-if)#ip address 108.1.1.1/24
[local]Redback(config-if)#exit
[local]Redback(config-ctx)#interface loop1 loopback
[local]Redback(config-if)#ip address 11.200.1.1/32
[local]Redback(config-if)#ip source-address dhcp-server

3.8 Configuring a DHCPv6-PD Server and Server Policy

The following example shows how to configure a last-resort multibind interface called test-last to be the DHCPv6 server. Any subscriber circuit that attempts to come up binds to this interface. The ip unnumbered command enables IP processing on the test-lb interface without assigning it an explicit IP address:

[local]BRAS(context)#interface test-last multibind lastresort
[local]BRAS(config-if)#ip unnumbered test-lb
[local]BRAS(config-if)#dhcpv6 server interface

The following example configures a DHCPv6 server policy, and adds a different parameters for two subnets:

[local]Redback(config-ctx)#dhcpv6 server
[local]Redback(config-dhcpv6-server)#option domain-name-server 2001:db8:4000:1::1
[local]Redback(config-dhcpv6-server)#option domain-search SJ1.com
[local]Redback(config-dhcpv6-server)#option preference 128
[local]Redback(config-dhcpv6-server)#option information-refresh-time 10000
[local]Redback(config-dhcpv6-server)#option rapid-commit
[local]Redback(config-dhcpv6-server)#prefix lifetime preferred 10000 valid 20000
[local]Redback(config-dhcp6-server)#subnet 2001:db8:2:2::/68
[local]Redback(config-dhcpv6-subnet)#prefix lifetime preferred 20000 valid 40000
[local]Redback(config-dhcp6-server)#subnet 2001:db8:2:2::/72
[local]Redback(config-dhcpv6-subnet)#option domain-name-server 2001:db8:4000:1::2
[local]Redback(config-dhcpv6-subnet)#option domain-search subnet.corp.com
[local]Redback(config-dhcpv6-subnet)#prefix lifetime infinite

3.9 Configuring a DHCPv6 PD Pool

The following example shows how to create and configure a DHCPv6 PD pool, and then configure a subscriber to obtain IPv6 prefixes from that pool. In this example, the DHCPv6 PD pool inherits falling threshold values specified for all DHCPv6 PD pools configured within a context.

First, specify falling threshold values applicable to all DHCPv6 pools configured under the context SJ1:

[local]BRAS#configure

[local]BRAS(config)#context SJ1

[local]BRAS(config-ctx)#ipv6 pool dhcpv6 threshold percentage falling 20 log 10 trap

[local]BRAS(config-ctx)#exit

Configure a DHCPv6 PD pool under a multibind interface test-2. This pool contains IPv6 prefixes in the range from ipv6 pool dhcpv6 2001:db8:1:100::/56 to 2001:db8:1:ff00::/56:

[local]BRAS(config-ctx)#interface test-2 multibind

[local]BRAS(config-if)#ipv6 address 2001:db8:b::/48

[local]BRAS(config-if)#ipv6 pool dhcpv6 2001:db8:1:100::/56 2001:db8:1:ff00::/56

Configure the following attributes in a subscriber profile for the subscriber sub_2:

The Delegated-Max-Prefix attribute (the maximum number of IPv6 prefixes that can be delegated to a subscriber) is 5.
The subscriber obtains IPv6 prefixes from the shared IPv6 prefix pool configured within the same context (SJ1).
The subscriber inherits the ND configuration parameters specified by the ND profile abc.

[local]BRAS(config-ctx)#subscriber sub_2

[local]BRAS(config-if)#ipv6 delegated-prefix maximum 5

[local]BRAS(config-if)#ipv6 framed-pool

[local]BRAS(config-if)#ipv6 nd-profile abc

3.10 Configuring Statically Mapped DHCPv6 Prefixes

The following example shows how to configure static mapping for IPv6 two prefixes. In this example:

The IPv6 prefix 3001:db8:c/48 can be assigned to subscribers with a DUID of 00:01:00:01:00:04:93:e0:00:00:00:00:a2:a2.
The IPv6 prefix 3001:db8:c/48 can be assigned to subscribers with a DUID of 00:01:00:01:00:04:93:e0:00:00:00:00:a2:a2 and an IAID of 0xfedcba98.

[local]BRAS(config-ctx)#dhcpv6 server

[local]BRAS(config-dhcpv6-server)#prefix 3001:db8:c/48 duid 00:01:00:01:00:04:93:e0:00:00:00:00:a2:a2

[local]BRAS(config-dhcpv6-server)#prefix 3001:db8:c/48 duid 00:01:00:01:00:04:93:e0:00:00:00:00:a2:a2 iaid 0xfedcba98

Glossary

ARP

Address Resolution Protocol

CLIPS

Clientless IP service selection

DHCP

Dynamic Host Configuration Protocol

DHCPv6

Dynamic Host Configuration Protocol version 6

DoS

Denial of Service

Prefix Delegation

RADIUS

Remote Authentication Dial-In User Service