Guest

Cisco uBR900 Series Cable Access Routers

cable-modem dhcp-proxy nat on Cisco Cable Modems

Hierarchical Navigation

Document ID: 12176
|More

Downloads

cable-modem dhcp-proxy nat on Cisco Cable Modems

Related Documents


    More...

    Related Products/Technology




    Contents

    Introduction
    Prerequisites
          Requirements
          Components Used
          Conventions
    Dynamic NAT Versus Static NAT
    Configuration Using cable-modem dhcp-proxy nat Command
    Configuration Verification
    Cisco Support Community - Featured Conversations
    Related Information

    Introduction

    This document explains how to use the cable-modem dhcp-proxy nat command. The main function of this command is to configure a Network Address Translation (NAT) address pool with an IP address supplied by the Intrernet Provider’s DHCP server.

    For more information, refer to cable-modem dhcp-proxy in Cable IOS CMTS Commands.

    caution Caution: Be aware of Cisco bug ID CSCdt32356 (registered customers only) , which is fixed in Cisco IOSĀ® Software Release Trains 12.2 and later. Dynamic NAT using the cable-modem dhcp-proxy nat pool-name cable interface command does not function correctly. The IP address or subnet masks and default gateways are not assigned correctly, if at all. After the command is entered, the address that is assigned to the NAT pool does not respond to Address Resolution Protocol (ARP). The IP NAT pool that is created is from the cable modem scope, rather than the customer premises equipment (CPE) scope, so it puts an unroutable IP address in the NAT pool. Notice that this problem occurs in the Cisco IOS Software releases for several cable modems, especially 12.1(5)T. It is recommended that you use Cisco IOS Software Release Train 12.2 on the uBR924 and use Releases 12.2T, 12.3, and later Trains for the uBR905, uBR925, and CVA modems. For additional information, refer to Cisco bug ID CSCdt32356 (registered customers only) .

    Note: Also be aware of these considerations:

    1. Because the uBR904 platforms do not support Cisco IOS Software Release 12.1(1)T, it is not possible to configure the cable-modem dhcp-proxy command on this platform.

    2. To enable the dhcp-proxy feature on the uBR924, it is generally recommended that you use Cisco IOS Software Release 12.2(6j).

    3. For the CVA122, the command is documented as cable dhcp-proxy nat. This command is the same as the cable-modem dhcp-proxy nat command on the uBR900 series cable modems.

      From a CVA122, this output can be seen:

      Router(config)# interface cable 0

Router(config-if)# cable?

cable-modem

    Prerequisites

    Requirements

    Readers of this document should have knowledge of these topics:

    • Basic understanding of Network Address Translation and why it is used

    • Data-over-Cable Service Interface Specifications (DOCSIS) 1.0 protocol

    • The Cisco IOS Software command line interface

    Components Used

    This table shows the Cisco IOS Software releases that support this command for each Cisco cable modem platform:

    Release that introduced the cable-modem dhcp-proxy command

    Platform

    12.1(1)T

    uBR924

    12.1(3)XL

    uBR905

    12.2(2)XA

    uBR925

    12.1(5)XU1

    CVA122

    The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

    Conventions

    Refer to Cisco Technical Tips Conventions for more information on document conventions.

    Dynamic NAT Versus Static NAT

    With dynamic NAT, translations do not exist in the NAT translation table until the router receives traffic that requires translation. Dynamic translations have a time-out period, after which they are purged from the translation table. With static NAT, however, translations exist in the NAT translation table as soon as you configure a static NAT command, and they remain in the translation table until you delete the static NAT command or commands.

    The easiest way to determine that you have dynamic NAT configured in your cable modem is by searching for this command in the configuration of the cable modem:

    ip nat inside source list 100 interface cable-modem0 overload

    By pointing the NAT source to an access list, you are dynamically building the NAT translation table. The cable-modem dhcp-proxy nat command uses this dynamic NAT feature.

    Configuration Using cable-modem dhcp-proxy nat Command

    When using the cable-modem dhcp-proxy nat command, the address used for the NAT pool is automatically allocated from the cable operator’s DHCP server.

    When using this option, include these NAT configuration commands:

    • ip nat inside interface—Use to configure the Ethernet interface as the “inside” interface.

    • ip nat outside interface—Use to configure the cable interface as the “outside” interface.

    • overload—Specify this option with the IP NAT global configuration command because the NAT pool created by the cable-modem dhcp-proxy nat command contains only one IP address.

    After configuring the router with the cable-modem dhcp-proxy nat command, reboot the router. During the DOCSIS provisioning process, the router sends a DHCP client request to obtain an IP address for the cable interface. The router then sends a proxy DHCP request to the DHCP server using the MAC address of the Ethernet interface. The DHCP server replies with a second IP address that the router assigns to a dynamically configured Loopback interface that is pointing to a dynamically configured NAT pool of only one address.

    See the configuration output in this document for the information that is automatically added to the configuration after DHCP is processed.

    To configure NAT so that it creates the pool dynamically, issue these commands on your router. Remember that, in order to configure NAT, your router must be in routing mode.

    Router# config t

Enter configuration commands, one per line.  End with CNTL/Z.

Router(config)# interface ethernet 0

Router(config-if)# ip address 192.168.1.1 255.255.255.0

!--- Assign an IP address to interface Ethernet 0.

Router(config-if)# no bridge-group 59

!--- Remove bridging so that you can configure for routing.

Router(config-if)# no bridge-group 59 spanning

!--- Remove bridging spanning.

Router(config-if)# ip nat inside

!--- Enable NAT inside for the Ethernet interface.

Router(config-if)# exit

Router(config)#

Router(config)# interface cable 0

Router(config-if)# no bridge-group 59

!--- Remove bridging so that you can configure for routing.

Router(config-if)# no bridge-group 59 spanning

!--- Remove bridging spanning.

Router(config-if)# no cable compliant bridge

!--- Remove bridging so that you can configure for routing.

Router(config-if)# ip nat outside

!--- Enable NAT outside for the cable interface.

Router(config-if)# cable-modem dhcp-proxy nat TEST_POOL

!--- Define dhcp-proxy nat for the TEST_POOL pool.

Router(config-if)# exit

Router(config)#

Router(config)# ip routing

!--- Enable routing.

Router(config)# ip nat inside source list 1 pool TEST_POOL overload

!--- Configure dynamic NAT.

Router(config)# access-list 1 permit 192.168.1.0 0.0.0.255

!--- Define interesting traffic for NAT.

    The configuration looks like this:

    router# show run

Building configuration...
Current configuration : 953 bytes
!
version 12.2
no service single-slot-reload-enable
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname router
!
logging rate-limit console 10 except errors
!
ip subnet-zero
no ip finger
!
ip audit notify log
ip audit PO max-events 100
no ip dhcp-client network-discovery
!
interface Ethernet0
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 no ip mroute-cache
!
interface cable-modem0
 ip nat outside
 no ip mroute-cache
 no cable-modem compliant bridge
 cable-modem dhcp-proxy nat TEST_POOL
!
ip nat inside source list 1 pool TEST_POOL overload
ip classless
no ip http server
no ip http cable-monitor
!
access-list 1 permit 192.168.1.0 0.0.0.255
snmp-server packetsize 4096
snmp-server manager
!
voice-port 0
 input gain -2
 output attenuation 0
!
voice-port 1
 input gain -2
 output attenuation 0
!
!
line con 0
 transport input none
line vty 0 4
 login
!
end

router#

    The bold commands are the ones you entered; the others are the defaults. Notice that the NAT pool has not yet been created at this point. The cable modem needs to be reloaded, or the cable interface needs to be reset by issuing the shut command followed by the no shut command.

    router# reload

Proceed with reload? [confirm]
133.CABLEMODEM.CISCO: 00:06:16: %SYS-5-RELOAD: Reload requested
System Bootstrap, Version 12.0(6r)T3, RELEASE SOFTWARE (fc1)
Copyright (c) 1999 by Cisco Systems, Inc.
UBR924 platform with 16384 Kbytes of main memory
program load complete, entry point: 0x80010000, size: 0x398070
Self decompressing the image : #################################
################################################################
################################################################
################################################################
################################################################
################################################################
########################################################## [OK]

!--- Output suppressed.

Press RETURN to get started!

    Note: In the configuration output, information that is automatically added to the configuration after DHCP is processed is noted with comments.

    In this document, a uBR7114 and uBR924 are used as examples. The Cisco IOS Software releases installed on them are 12.1(5)EC1 and 12.1(3a)T4, respectively. The next figure shows the connectivity and IP addresses used.

    Figure 1: Diagram used in the configuration using cable dhcp-proxy nat command

    cable_dhcp_proxy1.gif

    uBR924—Configuration of the NAT address pool with an IP address supplied by the Service Provider’s DHCP server

    		 
    router# show run

Building configuration...
Current configuration : 1273 bytes
!
! Last configuration change at 13:12:52 - Tue Feb 29 2000
!
version 12.2
no service single-slot-reload-enable
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname router
!
logging rate-limit console 10 except errors
!
clock timezone - -8
ip subnet-zero
no ip finger
!
ip audit notify log
ip audit PO max-events 100
no ip dhcp-client network-discovery
!
!
interface Loopback0
 ip address 111.111.111.8 255.255.255.255

!--- Lookback interface added automatically by DHCP configuration.

!
interface Ethernet0
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 no ip mroute-cache
!
interface cable-modem0
 ip nat outside
 no ip mroute-cache
 no cable-modem compliant bridge
 cable-modem dhcp-proxy nat TEST_POOL
 cable-modem boot admin 2
 cable-modem boot oper 5
 cable-modem downstream saved channel 525000000 37 1
!
ip nat pool TEST_POOL 111.111.111.8 111.111.111.8 netmask 255.255.255.0

!--- NAT pool added automatically by DHCP configuration.

ip nat inside source list 1 pool TEST_POOL overload
ip classless
no ip http server
no ip http cable-monitor
!
access-list 1 permit 192.168.1.0 0.0.0.255
snmp-server packetsize 4096
snmp-server manager
!
voice-port 0
 input gain -2
 output attenuation 0
!
voice-port 1
 input gain -2
 output attenuation 0
!
!
line con 0
 transport input none
line vty 0 4
 login
!
end

    Configuration Verification

    This section describes how to use show command output to verify the configuration of the cable modem.

    Certain show commands are supported by the Output Interpreter Tool (registered customers only) , which allows you to view an analysis of show command output.

    Issue the show arp command to display the entries in the ARP table.

    router# show arp

Protocol  Address         Age (min) Hardware Addr   Type   Interface
Internet  111.111.111.111      56   0002.b9ff.8c1c  ARPA   cable-modem0
Internet  10.4.1.1             59   0002.b9ff.8c1c  ARPA   cable-modem0

!--- IP address of the interface cable 1/0
!--- of the cable modem termination system (CMTS).

Internet  192.168.1.1           -   0030.1976.771a  ARPA   Ethernet0
Internet  192.168.1.5          34   00a0.243c.eff5  ARPA   Ethernet0

!--- IP address of the PC behind the cable modem.

Internet  10.4.1.114            -   0030.1976.771b  ARPA   cable-modem0

    The PC behind the cable modem has IP address 192.168.1.5 statically configured. It is very easy, however, to make the cable modem a DHCP server which dynamically assigns an IP address to its LAN hosts; use this configuration:

    ip dhcp excluded-address 192.168.1.1 
ip dhcp pool pool name


   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.1

    To test that NAT works, issue a ping command from the PC connected behind the cable modem to try to reach the cable interface.

    If you look at the NAT translation table, you can see successful translations.

    router# show ip nat translations

Pro  Inside global      Inside local       Outside local    Outside global
icmp 111.111.111.8:512  192.168.1.5:512    10.4.1.114:512   10.4.1.114:512

    For more information, refer to cable-modem dhcp-proxy in Cable IOS CMTS Commands.

    Cisco Support Community - Featured Conversations

    Cisco Support Community is a forum for you to ask and answer questions, share suggestions, and collaborate with your peers. Below are just some of the most recent and relevant conversations happening right now.

     

    Related Information

    Updated: Nov 20, 2006Document ID: 12176