Cisco Systems UBR900 User Manual

0 (0)

Configuring the Cisco uBR900 Series

Cable Access Routers

This document addresses the following topics:

Feature Overview on page 1

Supported Platforms on page 32

Prerequisites on page 32

Supported MIBs and RFCs on page 33

Configuration Tasks on page 36

Configuration Examples on page 46

VoIP Bridging Configuration Using SGCP on page 52

Debug Commands on page 118

Glossary on page 135

Feature Overview

Cisco uBR900 series cable access routers are fully-functional Cisco IOS routers and standards-based bidirectional cable modems that give a residential or small office/home office (SOHO) subscriber high-speed Internet or Intranet access and packet telephone services via a shared two-way cable system and IP backbone network. Cisco uBR900 series cable access routers are based on the current Data-Over-Cable Service Interface Specifications (DOCSIS) standards, and interoperate with any bidirectional, DOCSIS-qualified headend cable modem termination system (CMTS).

Cisco uBR900 series routers connect computers, telephone equipment, and other customer premises devices at a subscriber site to the service provider’s Hybrid/Fiber Coax (HFC) and IP backbone network. Functioning as cable modems, the Cisco uBR900 series routers transport data and voice traffic on the same cable system that delivers broadcast TV signals.

Cisco uBR900 series cable access routers typically ship from the Cisco factory with a Cisco Internetwork Operating System (IOS) software image stored in nonvolatile memory (NVRAM). The standard Cisco IOS software image supports DOCSIS-compliant bridging operation for data as the default.

Based on the feature licenses purchased, other Cisco IOS images can be downloaded from Cisco Connection Online (CCO). Each Cisco uBR900 series router in your network can then be configured to support Voice over IP (VoIP) and/or other special operating modes based on your service offering and the practices in place for your network. A Cisco uBR900 series device can function as an advanced router, providing wide area network (WAN) data connectivity in a variety of configurations.

Configuring the Cisco uBR900 Series Cable Access Routers 1

Feature Overview

Cisco IOS Software Feature Sets

This section briefly describes the common feature sets supported by the Cisco uBR900 series cable access routers. Each feature set contains a number of features that provide a specific functionality such as Voice over IP (VoIP) or virtual private network (VPN) access.

The following feature set categories are currently available:

Data Operations

Data and Voice Operations

The data and voice feature sets add Voice over IP (VoIP) support to the same base features contained in the data only feature sets. Telephones that are connected to the uBR924 cable access router can make voice calls over the Internet using either the H.323 (Gateway/Gatekeeper) voice control protocol or Simple Gateway Control Protocol (SGCP). (For more information on these protocols, refer to H.323 Protocol Stack and SGCP Protocol Stack in this document.)

Because voice calls are real-time traffic, the Cisco uBR924 cable access router supports the DOCSIS Quality of Service (QoS) enhancements to give higher priority to IP packets containing voice traffic.

Note Voice features are available only on the Cisco uBR924 cable access router.

Note Feature sets and software images vary depending on the cable access router model you are using and the Cisco IOS software release that is running. For a list of the available software images for your application, and the specific features contained in each image, refer to the release notes for the Cisco uBR900 series cable access router and Cisco IOS software release you are using. This document describes the features available for the Cisco uBR904 and uBR924 cable access routers in Cisco IOS Release 12.0(7)T.

The following feature sets are available in data and voice versions as well as in data only versions:

Base IP Bridging – provides full DOCSIS 1.0-compliant cable modem support for users who want a basic high-speed connection to the Internet.

Home Office (Easy IP) – provides a high-speed connection to the Internet, along with server functions that simplify the administration of IP addresses, so that the Cisco uBR900 series cable access router can connect a small number of computers to the Internet through the cable interface.

Small Office – provides a firewall feature set in addition to the high-speed Internet connection and server functions provided by the Home Office feature set. You can protect your office network from intrusion and interference while still having high-speed access to the Internet.

Telecommuter – provides encryption and layer 2 tunneling support in addition to the high-speed Internet connection and server functions provided by the Home Office feature set. Businesses can establish secure high-speed Internet connections between employees’ homes and the office local network.

These feature sets are described in the following sections.

2 Cisco IOS Release 12.0(7)T

Cisco IOS Software Feature Sets

Base IP Bridging

Base IP Bridging includes full and DOCSIS-compliant bridging and DOCSIS Baseline Privacy. The Base IP Bridging feature set allows the Cisco uBR900 series cable access router to function as a DOCSIS 1.0 cable modem and to interoperate with any DOCSIS 1.0-qualified CMTS. It provides basic high-speed Internet connectivity for users who want to connect only one computer to the cable network.

DOCSIS-compliant bridging (also referred to as “plug-and-play” bridging) is the default configuration for Cisco uBR900 series cable access routers. While in plug-and-play bridging mode, the router locates a downstream and upstream channel; finds ToD, TFTP, and DHCP servers; obtains an IP address; downloads a DOCSIS configuration file; and obtains DHCP parameters to work in bridging mode.

Note This feature set does not include Easy IP and Routing.

In DOCSIS-compliant bridging mode, the Cisco uBR900 series cable access router acts as a transparent bridge for the following device combinations:

3 CPE devices when using Cisco IOS Release 12.0(4) XI1 or higher

254 CPE devices when using Cisco IOS Release 12.0(5)T or higher images, or Cisco IOS Release 12.1.

Note The ability of the Cisco uBR900 series cable access router to grant access to CPE devices is controlled by the MAX CPE field in the DOCSIS configuration file. The MAX CPE field defaults to one CPE device unless otherwise set to a higher number.

Home Office (Easy IP)

The Home Office feature set provides high-speed Internet connectivity for customers who have a small home network (typically 2-4 computers). In addition to full DOCSIS 1.0 support and all of the functionality of the Base IP Bridging feature set, the Home Office feature set (also known as Easy IP) supports intelligent Dynamic Host Configuration Protocol (DHCP) server functions, including DHCP Relay Agent and DHCP Client functionality. It also supports Easy IP (NAT/PAT).

This feature set allows the Cisco uBR900 series cable access router great flexibility in administering IP addresses for the PCs and other customer premises equipment it is connecting to the cable network. The DHCP functionality allows intelligent use of the IP addresses that allow customer premises computers and other equipment to connect to the Internet. The NAT/PAT functionality allows you to use private IP addresses on the local network, while still maintaining connectivity to the Internet.

Small Office

In addition to full DOCSIS 1.0 support and all of the functionality of the Easy IP feature set, the Small Office feature set supports the Cisco IOS firewall feature set which provides a wide range of security features for Cisco uBR900 series cable access routers. Using the firewall feature set, Cisco uBR900 series cable access routers act as buffers between the customer’s private enterprise network and the Internet and other connected public networks.

Configuring the Cisco uBR900 Series Cable Access Routers 3

Feature Overview

In firewall mode, the Cisco uBR900 series cable access router provides a high-speed Internet connection for an office’s local network while protecting the computers on the office network from common attacks such as denial of service attacks and destructive Java applets, as well as real-time alerts of such attacks.

The Small Office feature set can be optionally extended with support for IPSec encryption to ensure that the traffic passed over the Internet cannot be intercepted. You can select either standard 56-bit IPSec Network Security encryption or high-security 168-bit Triple Data Encryption Standard (DES) encryption.

Telecommuter

In addition to full DOCSIS 1.0 support and all of the functionality of the Easy IP feature set, the Telecommuter feature set supports IPSec encryption and the Layer 2 Tunneling Protocol (L2TP), which can establish secure high-speed Internet connections between employees’ homes and the office local network.

IPSec is an IP security feature that provides robust authentications and encryption of IP packets for the secure transmission of sensitive information over unprotected networks such as the Internet. You can select either standard 56-bit IPSec Network Security encryption or high-security 168-bit Triple Data Encryption Standard (DES) encryption.

L2TP is an extension of the Point-to-Point Protocol (PPP) that allows computers on different physical networks to interoperate as if they were on the same local area network (LAN). These features are important components for Virtual Private Networks (VPNs).

Note The Telecommuter feature set does not require the firewall feature set because the individual telecommuter has a secure connection to the office network. The office network, however, should implement a firewall for its own connection to the Internet.

Data Operations

Figure 1 illustrates a typical broadband data cable system. Data transmitted to a Cisco uBR900 series cable access router from the service provider’s CMTS shares a 27 or 26 Mbps, 6 MHz data channel in the 88 to 860 MHz range. The Cisco uBR900 series cable access router shares an upstream data rate of up to 10 Mbps on a 200 kHz-wide to 3.2 MHz-wide channel in the 5 to 42 MHz range.

Note End-to-end throughput varies based on the design and loading of network components, the mix of traffic, the processing speed and interface of the host server(s), the processing speed and local Ethernet performance of the subscriber’s computer, as well as other parameters. Since the network can be configured to support multiple levels of service to meet differing market price/performance requirements, the subscriber’s service level agreement also affects throughput. DOCSIS further contains some fundamental performance limitations because standards are designed to give a larger number of customers good performance, rather than permitting a few users to consume the entire capacity.

4 Cisco IOS Release 12.0(7)T

Data Operations

Figure 1 Typical Cisco Broadband Data Cable System

WAN

 

 

 

 

 

CMTS

 

Combiner

 

Tx

 

 

 

 

 

Switch/router

 

 

rack equipment

 

 

 

Rx

 

Fiber

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Servers

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Cisco uBR900 series cable access router

Internal backbone and

worldwide internet

HFC cable plant

Cable System Headend

Upstream and downstream data interfaces Operation support system interface Downstream RF interface

Upstream RF interface

18197

Residence or SOHO subscriber site: subscriber RF interface Ethernet interface

Operating Modes

The broadband data cable system uses multiple types of access control to ensure efficient use of bandwidth over a wide range of loading conditions. Advanced queuing techniques and service algorithms are used to define the acquisition and release of channels.

Cisco uBR900 series cable access routers support 64 or 256 Quadrature Amplitude Modulation (QAM) downstream, and Quadrature Phase Shift Keying (QPSK) or 16 QAM upstream transmission. This allows the CMTS system administrator to set the preferred modulation scheme based on the quality of the cable plant.

Note In noisy plant environments, 16 QAM upstream and 256 QAM downstream modulation may not be viable. In high-quality HFC networks capable of supporting 16 QAM formats in the upstream direction, Cisco recommends using QPSK for fixed-slot short packets like maintenance or data requests, and 16 QAM for variable length data packets. This results in the most efficient use of the available upstream timeslots or minislots.

The system uses Transmission Control Protocol/Internet Protocol (TCP/IP) to transmit data. TCP/IP transmits data in segments encased in IP datagrams, along with checksums to detect data corruption and sequence numbers to ensure an ordered byte stream on the TCP connection between the Cisco cable access router and the CMTS.

Cisco cable access routers also support multicast services—data streams sent to groups of subscribers. These applications utilize the User Datagram Protocol (UDP) instead of TCP. Since UDP does not mandate upstream acknowledgments, these applications can be very efficient in the network. Additionally, restricting upstream throughput will have no effect on downstream UDP streaming throughput.

Configuring the Cisco uBR900 Series Cable Access Routers 5

Feature Overview

Note Interactive games are the exception. Although low latency is required in gaming applications, high upstream data throughput is not demanded since the volume of data transmitted upstream is typically small.

Data Specifications

Table 1

Cisco uBR900 Series Cable Access Router Data Specifications

 

 

 

Description

Downstream Values

Upstream Values

 

 

 

Frequency Range

88 to 860 MHz

5 to 42 MHz

 

 

 

Modulation

64 QAM

QPSK

 

256 QAM

16 QAM

 

 

 

Data Rate

30 Mbps/64 QAM

QPSK—320 Kbit/sec to 5 Mbit/sec

 

(27 Mbit/sec after FEC overhead)

 

 

42.8 Mbps/256 QAM

16 QAM—640 Kbit/sec to 10 Mbit/sec

 

(36 Mbit/sec after FEC overhead)

 

 

 

 

Bandwidth

6 MHz

200K, 400K, 800K, 1.6M,

 

 

3.2 MHz

 

 

 

FEC

RS (122, 128) Trellis

Reed Solomon

 

 

 

One Channel

Receive level of digital signal

QPSK— +8 to +58 dBmV

 

-15 to +15 dBmV

 

Note Most field measurements are of nearby

16 QAM— +8 to +55 dBmV

 

or adjacent analog signal which is normally

 

+6 to +10 dB (system specific) above the

 

digital signal level

 

Signal-to-Noise Ratio

64 QAM:

(SNR)

>23.5 dB @ BER<10^8

 

256 QAM*:

 

>30 dB @ BER <10^-8

 

(For input level between +15 and -8 dBmV,

 

SNR must be greater than 30 dB. For input

 

level between -8 and -15 dBmV, SNR must be

 

greater than 33 dB.)

 

Note These performance numbers are in

 

laboratory-controlled conditions against

 

statistically pure noise sources (AWGN). Since

 

such conditions do not exist in practise, a 6 dB

 

or more SNR margin is required for reliable

 

operation. Check with your local system

 

guidelines.

QPSK:

>15 dB @ BER<10^-8

(QPSK will work at 98% successful ping rate for SNR>13 dB. A SNR of 15 dB will be needed to get almost optimal packets per minute transition.)

16 QAM:

>22 dB @ BER <10^-8

(For 16 QAM, a SNR>22 dB makes the grade for 98% ping efficiency. To get good packet rate, you need

SNR>25 dB)

Note These measurements were made for 0 and -10 dBmV input to the CMTS, 1280 ksym/sec and 64 bytes packet size with a Cisco uBR904 cable access router and laboratory-controlled conditions.

6 Cisco IOS Release 12.0(7)T

 

 

 

Data Operations

Table 1

Cisco uBR900 Series Cable Access Router Data Specifications (continued)

 

 

 

 

 

Description

Downstream Values

Upstream Values

 

 

 

 

 

Security

DES decryption: DOCSIS Baseline Privacy

DES encryption

(BPI), 40 bit-, 56 bitand 168 bit DES encryption, as controlled by the headend and configuration files.

Note Cisco IOS images must contain encryption software at both the CMTS and the Cisco uBR900 series. Both routers must be enabled and properly configured to support encryption.

Service Assignments

Each Cisco uBR900 series cable access router on the network is configured to receive data on a particular downstream channel. A downstream channel contains upstream segment(s). Each upstream segment typically serves more than one fiber node.

Partitioning the upstream plant into smaller segments significantly reduces the number of potential ingress sources and failure points. The CMTS divides the cable plant into downstream channels and upstream segments or clusters of nodes.

Downstream and Upstream Data Transfer

When operating normally, the Cisco uBR900 series cable access router receives data addressed to it from the CMTS. The router reads the address in the header of the message, filters the message and forwards it to the appropriate device at the subscriber site.

Note Bandwidth at the subscriber site is shared by the active data users connected to the network segment.

For upstream data transfer, the Cisco cable access router uses a request/grant mechanism to obtain upstream bandwidth. The CMTS configures, via MAC messages, upstream parameters associated with transmissions from all Cisco cable access routers on the system. Service class registration is granted based on class assignment and load provisioning. Upstream channels are time slotted and divided into basic scheduling time units.

The CMTS informs the Cisco cable access router of minislot structures on the upstream channel. Some minislots are marked as contention-based—shared by routers to make bandwidth (timeslot) requests with the CMTS. Others are grouped together into unicast grants for specific routers to send their data bursts. Yet others are grouped together into maintenance slots for “keep alive” messages from routers to the CMTS.

Bridging Applications

In bridging applications, the Cisco uBR900 series cable access router acts as a transparent bridge for up to 254 devices depending on the version of Cisco IOS software you are using. Older versions of software allow a maximum of 3 CPE devices to be bridged. The cable access router is connected to the Internet through the coaxial cable interface. All four 10BaseT Ethernet ports are treated as one Ethernet interface by the Cisco IOS software. The IP addresses for the CPE devices and the coaxial cable interface are typically in the same subnet, although this is not a requirement.

Configuring the Cisco uBR900 Series Cable Access Routers 7

Feature Overview

The Cisco uBR900 series complies with the DOCSIS standards for interoperable cable access routers; it supports full transparent bridging as well as DOCSIS-compliant transparent bridging.

Note If the attached CPE devices and the coaxial cable interface are in different IP subnets, the cable interface must have a secondary address.

Figure 2 Cisco uBR900 Series Cable Access Router in a Bridging Configuration

 

 

Ethernet

 

CATV

Ethernet

 

coaxial cable

Cisco uBR7200 series

Cisco uBR900 series

 

CMTS

 

cable access router

Ethernet

 

HFC network

 

 

 

 

 

Ethernet

PC

PC

PC

PC or hub

13305

DOCSIS-compliant transparent bridging is the factory default configuration of the Cisco uBR900 series cable access router. If your cable service provider is using a DHCP server, all you need to do is connect the cables and power on the cable access router; your service provider’s configuration program will automatically configure both the coaxial cable interface and the bridging functionality. You do not need to set up IP addresses for the attached PCs or enter any Command Line Interface (CLI) configuration commands. This type of operation is called plug-and-play bridging.

In DOCSIS-compliant bridging mode, the cable access router is able to locate a downstream and upstream channel; find the TOD, TFTP, and DHCP server(s); obtain an IP address; download a DOCSIS configuration file; and obtain DHCP parameters to work in a bridging mode.

You can configure a customized bridging application on the Cisco uBR900 series using a downloadable configuration file or the CLI. See the sections “Configuring Bridging” on page 41 and “Customizing the Cable Access Router Interface” on page 44 for details.

Routing Applications

The Cisco uBR900 series cable access router can be configured to act as a router to preserve IP address space and limit broadcasts that can impact the performance of the network. A typical use would be if you are connecting the cable access router to an internal Ethernet hub that is connected to an existing PC network. The Cisco uBR900 series supports Routing Information Protocol Version 2 (RIP V2) for this application.

When configured in routing mode, the Cisco uBR900 series is automatically configured to use the headend’s IP address as its IP default gateway. This allows the cable access router to send packets not intended for the Ethernet interface to the headend when IP host-routing is configured.

RIP V2 routing is useful for small internetworks in that it enables optimization of Network Interface Center (NIC)-assigned IP addresses by defining variable-length subnet masks (VLSMs) for network addresses, and it allows classless interdomain routing (CIDR) addressing schema.

8 Cisco IOS Release 12.0(7)T

Data Operations

Figure 3 Cisco uBR900 Series Cable Access Router in a Routing Configuration with a Hub

CATV

 

 

 

coaxial cable

Cable

Ethernet

Ethernet

 

 

 

 

Modem

 

 

Cisco uBR7246

 

 

HUB

CMTS

 

 

 

 

 

HFC network

 

 

 

LAN

13306

Layer 2 Tunneling Protocol

Layer 2 Tunneling Protocol (L2TP) is an emerging Internet Engineering Task Force (IETF) standard that combines the best features of two existing tunneling protocols: Cisco’s Layer 2 Forwarding (L2F) and Microsoft’s Point-to-Point Tunneling Protocol (PPTP). L2TP is an extension of the Point-to-Point Protocol (PPP), which is an important component for Access Virtual Private Networks (VPNs).

Traditional dial-up networking services only supported registered IP addresses, which limited the types of applications that could be implemented over VPNs. L2TP supports multiple protocols and unregistered and privately administered IP addresses over the Internet. This allows the existing access infrastructure such as the Internet, modems, access servers, and ISDN terminal adapters (TAs) to be used.

L2TP can be initiated wherever PPTP or L2F is currently deployed, and can be operated as a client initiated tunnel such as PPTP, or a network access server (NAS) initiated tunnel such as L2F.

The current implementation of L2TP in Cisco IOS software is dependent on a PPP connection supported on one of the directly attached interfaces. A dial-up PPP connection is required in order to initiate an L2TP Tunnel connection. This is a requirement of the L2TP Access Concentrator (LAC). Currently the Cisco uBR900 series cable access router cannot function as the LAC; it can only function as the L2TP Network Server (LNS), which terminates a tunnel created elsewhere in the network.

Easy IP

Dynamic Host Configuration Protocol (DHCP) Server

Cisco uBR900 series cable access routers support Intelligent DHCP Relay and DHCP Client functionality. A DHCP Relay Agent is any host that forwards DHCP packets between clients and servers. A DHCP Relay Agent enables the client and server to reside on separate subnets. If the Cisco IOS DHCP server cannot satisfy a DHCP request from its own database, it can forward the DHCP request to one or more secondary DHCP servers defined by the network administrator using standard Cisco IOS IP helper-address functionality.

Network Address Translation and Port Address Translation (NAT/PAT)

Network Address Translation (NAT) reduces the need for globally unique IP addresses. NAT allows an organization with addresses that are not globally unique to connect to the Internet by translating those addresses into globally routable address space.

Configuring the Cisco uBR900 Series Cable Access Routers 9

Feature Overview

Port Address Translation (PAT) is a similar mechanism that enables all internal hosts to share a single registered IP address (many-to-one translation). NAT/PAT:

Allows customers to maintain their own private networks while giving them full Internet access through the use of one or more global IP addresses

Allows several private IP addresses to use the same global IP address by using address overloading

Facilitates configuration and permits a large network of users to reach the network by using one Cisco uBR900 series cable access router and the same DOCSIS cable interface IP address

Eliminates the need to readdress all hosts with existing private network addresses (one-to-one translation) or by enabling all internal hosts to share a single registered IP address (many-to-one translation, also known as Port Address Translation [PAT])

Enables packets to be routed correctly to and from the outside world by using the Cisco uBR900 series cable access router

Allows personal computers on the Ethernet interface to have IP addresses to be mapped to the cable interface’s IP address

Routing protocols will run on the Ethernet interface instead of the cable interface, and all packets received are translated to the correct private network IP address and routed out the Ethernet interface. This eliminates the need to run RIP on the cable interface.

To implement NAT on the Cisco uBR900 series, the Ethernet interface is configured with an “inside” address and the cable interface is configured with an “outside” address. The Cisco uBR900 series also supports configuration of static connections, dynamic connections, and address pools.

Voice Over IP Operations

Note Voice features are available only on the Cisco uBR924 cable access router.

The Cisco uBR924 cable access router uses packets to transmit and receive digitized voice over an IP network. Voice signals are packetized and transported in compliance with H.323 or Simple Gateway Control Protocol (SGCP). H.323 is an International Telecommunications Union (ITU) standard that specifies call signaling and control protocols for a shared IP data network. SGCP is a Cisco/Bellcore-developed, out-of-band signaling protocol under review by the Internet Engineering Task Force (IETF).

Figure 4 illustrates a broadband cable system that supports VoIP transmission. Quality of Service (QoS) and prioritization schemes are used to enable real-time (voice) and non-real-time traffic to coexist on the same channel. The CMTS routes IP telephony calls intermixed with other data traffic.

10 Cisco IOS Release 12.0(7)T

Voice Over IP Operations

Figure 4

Simplified VoIP Over Cable Network

 

Gateway/PSTN

 

Service

 

provider

 

backbone

CMTS rack

CMTS rack

equipment

equipment

Gatekeeper or

Policy

calling agents

server

HFC

HFC

cable plant

cable plant

Cisco uBR924

Cisco uBR924

 

Calling party

Called party

 

 

 

 

 

 

 

 

 

 

Residence or SOHO

Residence or SOHO

 

subscriber site 1

subscriber site 2

18194

Your company can then deploy IP telephony as a local-loop bypass service where voice packets are transferred from the CMTS to:

A telephony gatekeeper when using H.323; the Cisco uBR924 acts as an H.323 gateway.

A call agent when using SGCP.

The gatekeeper or call agents manage voice calls. The gateway interconnects the IP network to the public switched telephone network (PSTN).

Voice calls are digitized, encoded, compressed, and packetized in the originating gateway, then decompressed, decoded, and reassembled in the destination gateway. A server maintains subscriber profiles and policy information.

You can place and receive calls without using the local exchange carrier. Two simultaneous voice and fax calls are supported to and from each subscriber site. Multiple telephones and fax devices can be connected to each of the two VoIP telephone lines at a subscriber site, providing the 5 REN limit is adhered to for each telephone line.

Note the following requirements and characteristics of VoIP applications using the Cisco uBR924 cable access router:

The telephones at each subscriber site must support touch-tone dialing; rotary dialing is not supported.

Special telephone features such as call waiting, call forwarding, and conferencing are not supported.

A two-line telephone can be connected to the V1+V2 port on the Cisco uBR924.

Fax devices—standard Group III and computer-based Group III machines up to 14,400 baud—are supported in Cisco IOS images that support VoIP.

Configuring the Cisco uBR900 Series Cable Access Routers 11

Feature Overview

In general, fax/modem cards are not supported over VoIP links.

Contact your network management, provisioning, or operations team to determine what your network supports.

Voice Handling

The Cisco uBR924 cable access router supports the following compression and decompression algorithms (CODECs):

G.711 A Law 64000 bps

G.711 u Law 64000 bps

G.723.1 5300 bps

G.723.1 6300 bps

G.726 16000 bps

G.726 24000 bps

G.726 32000 bps

G.728 16000 bps

G.729 Annex-A 8000 bps

G.729 8000 bps — Default CODEC for telephone calls

Caution Because voice transmission is delay-sensitive, a well-engineered network is critical. Fine-tuning your network to adequately support VoIP typically involves a series of protocols and features geared to support Quality of Service (QoS).

To achieve acceptable voice quality and reduce network bandwidth usage, several voice processing techniques and services are employed, including echo cancellation, voice compression, Voice Activity Detection (VAD) or silence compression, and Dual Tone MultiFrequency (DTMF) tone detection and generation.

The Cisco uBR924 cable access router supports multiple QoS service IDs (SIDs), enabling multiple classes of service on the cable interface. This enables VoIP and data traffic to be treated separately, with all data assigned to a default class of service, while VoIP traffic is assigned to a different class of service. Thus, voice traffic from the Cisco uBR924’s telephone ports can take precedence over the data traffic coming from the Ethernet interfaces.

Note Separate class of service (CoS) streams are only available when the Cisco uBR924 is connected to a CMTS that supports multiple classes of service per router. In addition, the router’s configuration file must specify the use of multiple classes of service.

If the Cisco uBR924 interoperates with a DOCSIS 1.0 CMTS that does not support multiple CoS per router, voice traffic will be transmitted on a “best effort” basis along with data traffic. This may cause poorer voice quality and lower data throughput when calls are being made from the router’s telephone ports.

12 Cisco IOS Release 12.0(7)T

Voice Over IP Operations

The Cisco uBR924 cable access router supports the following service classes:

The first CoS in the router’s configuration file is configured as the “Tiered Best Effort Type Class” used by the router as the primary QoS for all regular data traffic. The class has no minimum upstream rate specified for the channel.

This service class results in the assignment of a primary SID for the router. In addition to being used as a data SID, the router uses this SID for all MAC message exchanges with the CMTS. Any SNMP management traffic from the network to the Cisco uBR924 will also use this SID.

While this class is strictly “best effort,” data traffic within this class can be prioritized into eight different priority levels. The CMTS system administrator, however, must define the supported upstream traffic priority levels and include the traffic priority fields in the configuration file downloaded to the Cisco uBR924.

When creating a configuration for the Cisco uBR924, the CMTS system administrator typically configures extra classes of service. These secondary classes of service are expected to be higher QoS classes and are used by higher priority traffic such as voice. These classes have a minimum upstream rate specified for the channel.

The multiple SID-per-router feature enables the Cisco uBR924 to use multiple SID queues for differentiated services. The Cisco uBR924 diverts voice call traffic to the higher QoS secondary SID, while forwarding “best effort” data from the Ethernet interface and MAC messages on the primary SID.

H.323 Protocol Stack

H.323 is an International Telecommunications Union (ITU) standard that specifies call signaling and control protocols for a shared IP data network. The Cisco uBR924 cable access router acts as an H.323 gateway. In architectures using the VoIP H.323 protocol stack, the session application manages two call legs for each call: (1) a telephony leg managed by the voice telephony service provider; (2) the VoIP leg managed by the cable system operator—the VoIP service provider. Use of the H.323 protocol typically requires a dial plan and mapper at the headend or other server location to map IP addresses to telephone numbers.

When both legs of the call have been set up, the session application creates a conference between them. The opposite leg’s transmit routine for voice packets is given to each provider. The CMTS router passes data to the gateway and gatekeeper. The H.323 stack provides signalling via H.225 and feature negotiation via H.245.

To make and receive H.323 calls, the Cisco uBR924 cable access router must know:

The IP address of the gateway for the destination dialed. You can configure these IP addresses statically using the voip dial peer group CLI commands, or you can obtain these addresses dynamically from the gatekeeper using Registration, Admission, and Status (RAS).

The telephone numbers of the attached devices. You can configure the telephone numbers attached to the Cisco uBR924 by configuring the IP addresses statically using the pots port CLI commands. When using Cisco Network Registrar (CNR) version 3.0 or higher with the relay.tcl and setrouter.tcl scripts, you can obtain these addresses dynamically from CNR. The telephone numbers of attached devices are then sent in DHCP response messages. When the Cisco uBR924 processes the DHCP response, it automatically creates the pots dial peer for each port, creates the voip dial peer for the RAS target, and starts the H.323 RAS gateway support.

Configuring the Cisco uBR900 Series Cable Access Routers 13

Feature Overview

Note To support voice configurations involving Cisco gatekeeper products using RAS, the headend must have IP multicast enabled. The cable interface must be designated as the default for RAS to discover the gatekeeper. The gatekeeper then resolves all dialed destinations sent to the RAS protocol.

SGCP Protocol Stack

The Cisco uBR924 cable access router supports Simple Gateway Control Protocol (SGCP), an out-of-band signaling protocol that interacts with an external call agent (CA) to provide call setup and teardown for VoIP calls made through the Internet or a local intranet. Using the call control agent, SGCP communicates with the voice gateways, allowing you to create a distributed system that enhances performance, reliability, and scalability while still appearing as a single VoIP gateway to external clients. SGCP eliminates the need for a dial plan mapper and static configuration on the router to map IP addresses to telephone numbers because this function is provided by the external call agent.

In architectures using the SGCP protocol stack, the session application implements the gateway functionality defined to support both trunk and residential gateways. The Cisco uBR924 functions in this mode as a residential gateway with two endpoints.

SGCP can preserve Signaling System 7 (SS7) style call control information as well as additional network information such as routing information and authentication, authorization, and accounting (AAA) security information. SGCP allows voice calls to originate and terminate on the Internet, as well as allowing one end to terminate on the Internet and the other to terminate on a telephone or PBX on the PSTN.

Note The uBR924 cable access router supports both H.323 and SGCP call control, but only one method can be active at a time.

Voice Specifications

Table 2

Cisco uBR924 Cable Access Router Voice Specifications

 

 

 

Metric

 

Value

 

 

Loss (between DCS and BTI gateway)

Nominal: 4 dB ±.5 dB (off hook)

 

 

Nominal: 9 dB ±.5 dB (on hook)

 

 

Attenuation distortion:

Nominal:

DCS <> BTI (200Hz-3.5kHz)

+1 dB/-3 dB

BTI<> DCS (304 Hz-3004Hz)

±0.5 dB

DCS -> BTI (204 Hz-3004 Hz)

±0.5 dB0

 

 

 

Idle channel noise

 

<= 18 dBmC (noise shall not exceed)

 

 

Signal to C-notched noise

>= 35 dB

 

 

Inter-modulation distortion:

 

R2

 

>= 52 dB

R3

 

>= 52 dB

 

 

Single frequency interference:

 

0 to 12 kHz

 

<= -28 dBmO

0 to 4 kHz

 

<= -40 dBmO

 

 

 

14 Cisco IOS Release 12.0(7)T

 

 

 

 

Voice Over IP Operations

 

Table 2

Cisco uBR924 Cable Access Router Voice Specifications (continued)

 

 

 

 

 

 

Metric

 

Value

 

 

 

 

 

 

Frequency shift (offset)

<= ±0.2 Hz (max)

 

 

 

 

<= ±0.1 Hz (99.5%)

 

 

 

 

 

Amplitude tracking (input Level, dBmO):

Max Dev.

Ave. Dev.

 

-37 to 0 (on-hook)

 

<= ±.5 dB

 

 

-37 to +3 (off hook)

<= ±.5 dB

<= ± .25 dB

 

-50 to -37 (off-hook)

<= ±1.0dB

<= ±.5 dB

 

-55 to -50 (off-hook)

<= ± 3.0 dB

<= ±1.5 dB

 

 

 

 

 

 

Crosstalk

 

<= -65 dBmO

 

 

 

 

 

 

 

Amplitude jitter

 

 

 

 

20-300 Hz

 

<= 2.5% Peak

 

 

4-300 Hz

 

<= 2.9% Peak

 

 

 

 

 

 

 

Phase jitter

 

<= 1.5 P-P

 

 

20 to 300 Hz

 

<= 1.8 P-P

 

 

4 to 300 Hz

 

 

 

 

 

 

 

 

 

 

 

Envelope delay distortion:

<= 350 usec

 

 

1704 Hz to 604 Hz

 

<= 195 usec

 

 

1704 Hz to 2804 Hz

<= 580 usec

 

 

1704 Hz to 204 Hz

 

<= 400 usec

 

 

1704 Hz to 3404 Hz

 

 

 

 

 

 

 

 

Hybrid balance:

 

 

 

 

Echo Return Loss (ERL)

> 26 dB (standard test line)

 

 

 

> 14 dB (station off hook)

 

SRL

 

> 21 dB (standard test line)

 

 

 

> 11 dB (station off hook)

 

 

 

 

 

 

Clipping:

 

 

 

 

Speech segments <5 ms

< 0.5%

 

 

Speech segments > 5ms

0.0%

 

 

 

 

 

 

 

Impulse noise:

 

 

 

 

(>= 6 dB below receive signal)

0 in 93% of all 15 min intervals

 

 

 

<= 1 count in all 30 min intervals

Phase hits (>= 10 deg)

0 in 99.75% of all 15 min intervals <= 1 count in all 30 min intervals

Gain hits (>= ± 3dB)

0 in 99.9% of all 15 min intervals <= 1 count in all 30 min intervals

Dropouts (>= 12)

0 in 99.9% of all 15 min intervals

 

<= 1 count in all 60 min intervals

 

 

Backup POTS Connection

The Cisco uBR924 cable access router provides an RJ-11 port (Line) that connects to a standard analog telephone wall jack. In the event of a building power failure or a Cisco uBR924 power problem, the cutover port lets you dial out using the backup PSTN line. If the Cisco uBR924 loses power while VoIP calls are in progress, you can reestablish one of the two connections—dialing out over the PSTN.

Configuring the Cisco uBR900 Series Cable Access Routers 15

Feature Overview

Note The backup POTS connection enables only one of the VoIP ports on the Cisco uBR924 to function during a power outage. Calls in progress prior to the power outage will be disconnected. If power is reestablished while a cutover call is in progress, the connection will remain in place until the call is terminated. Once the cutover call is terminated, the router automatically reboots.

Security Features

Cisco uBR900 series cable access routers support the security features described in the paragraphs below.

DOCSIS Baseline Privacy

Support for DOCSIS Baseline Privacy in the Cisco uBR900 series is based on the DOCSIS Baseline Privacy Interface Specification (SP-BPI-I01-970922). It provides data privacy across the HFC network by encrypting traffic flows between the cable access router and the CMTS.

Baseline Privacy security services are defined as a set of extended services within the DOCSIS MAC sublayer. Two new MAC management message types, BPKM-REQ and BPKM-RSP, are employed to support the Baseline Privacy Key Management (BPKM) protocol.

The BPKM protocol does not use authentication mechanisms such as passwords or digital signatures; it provides basic protection of service by ensuring that a cable modem, uniquely identified by its 48-bit IEEE MAC address, can only obtain keying material for services it is authorized to access. The Cisco uBR900 series cable access router is able to obtain two types of keys from the CMTS: the Traffic Exchange Key (TEK), which is used to encrypt and decrypt data packets, and the Key Exchange Key (KEK), which is used to decrypt the TEK.

IPSec Network Security

IPSec Network Security (IPSec) is an IP security feature that provides robust authentication and encryption of IP packets. IPSec is a framework of open standards developed by the Internet Engineering Task Force (IETF) providing security for transmission of sensitive information over unprotected networks such as the Internet. IPSec acts at the network layer (Layer 3), protecting and authenticating IP packets between participating IPSec devices (“peers”) such as the Cisco uBR900 series cable access router.

IPSec provides the following network security services:

Privacy—IPSec can encrypt packets before transmitting them across a network.

Integrity—IPSec authenticates packets at the destination peer to ensure that the data has not been altered during transmission.

Authentication—Peers authenticate the source of all IPSec-protected packets.

Anti-replay protection—Prevents capture and replay of packets; helps protect against denial-of-service attacks.

Triple Data Encryption Standard

The Data Encryption Standard (DES) is a standard cryptographic algorithm developed by the United States National Bureau of Standards. The Triple DES (3DES) Cisco IOS Software Release images increase the security from the standard 56-bit IPSec encryption to 168-bit encryption, which is used for highly sensitive and confidential information such as financial transactions and medical records.

16 Cisco IOS Release 12.0(7)T

Security Features

Firewall

Cisco uBR900 series cable access routers act as buffers between any connected public and private networks. In firewall mode, Cisco cable access routers use access lists and other methods to ensure the security of the private network.

Cisco IOS firewall-specific security features include:

Context-based Access Control (CBAC). This intelligently filters TCP and UDP packets based on the application-layer protocol. Java applets can be blocked completely, or allowed only from known and trusted sources.

Detection and prevention of the most common denial of service (DoS) attacks such as ICMP and UDP echo packet flooding, SYN packet flooding, half-open or other unusual TCP connections, and deliberate mis-fragmentation of IP packets.

Support for a broad range of commonly used protocols, including H.323 and NetMeeting, FTP, HTTP, MS Netshow, RPC, SMTP, SQL*Net, and TFTP.

Authentication Proxy for authentication and authorization of web clients on a per-user basis.

Dynamic Port Mapping. Maps the default port numbers for well-known applications to other port numbers. This can be done on a host-by-host basis or for an entire subnet, providing a large degree of control over which users can access different applications.

Intrusion Detection System (IDS) that recognizes the signatures of 59 common attack profiles. When an intrusion is detected, IDS can either send an alarm to a syslog server or to a NetRanger Director, drop the packet, or reset the TCP connection.

User-configurable audit rules.

Configurable real-time alerts and audit trail logs.

For additional information, see the description of the Cisco IOS Firewall Feature Set in the Cisco Product Catalog, or refer to the sections on Traffic Filtering and Firewalls in the Security Configuration Guide and Security Command Reference available on Cisco Connection Online (CCO) and the Documentation CD-ROM.

NetRanger Support—IOS Intrusion Detection

NetRanger is an Intrusion Detection System (IDS) composed of three parts:

A management console (director) that is used to view the alarms as well as to manage the sensors.

A sensor that monitors traffic. This traffic is matched against a list of known signatures to detect misuse of the network. This is usually in the form of scanning for vulnerabilities or for attacking systems. When a signature is matched, the sensor can track certain actions. In the case of the appliance sensor, it can reset (via TCP/rst) sessions, or enable “shuns” of further traffic. In the case of the IOS-IDS, it can drop traffic. In all cases, the sensor can send alarms to the director.

Communications through automated report generation of standardized and customizable reports and QoS/CoS monitoring capabilities.

Configuring the Cisco uBR900 Series Cable Access Routers 17

Feature Overview

Configuration Options

The Cisco uBR900 series cable access router typically ships from the factory ready to work in the Base IP Bridging (DOCSIS-compliant bridging) data-only mode. The cable access router is configured automatically at startup by one or more configuration files generated by the cable service provider and downloaded to the router; no configuration or setup is required other than to connect the router to the cable system. The CMTS provides a path from the cable access router to the DHCP server for PC address assignment.

The PCs connected to the Cisco uBR900 series must be configured for Internet Protocol (IP). Using DHCP, the CMTS assigns an IP subnet address to the cable access router each time it connects to the network. The IP addresses of the cable access router and the individual PCs attached to it enable the CMTS to route data to and from the PCs.

Note When the Cisco uBR900 series cable access router is shipped from the factory, it is configured by default for DOCSIS-compliant bridging.

The configuration file or files downloaded to the Cisco uBR900 series by the CMTS at the headend are dependent on the services purchased by the individual cable service subscriber. The cable access router is provisioned in the following manner:

When the cable access router is first brought online, the CMTS downloads a binary file to the router that is in DOCSIS-specified format. This file configures the router for the desired level of service and sets other parameters as needed.

If additional features are required beyond basic DOCSIS-compliant bridging, the DOCSIS configuration file can specify a Cisco IOS image that the CMTS should also download to the router. (To speed up the time required to bring the router online, the cable service provider can optionally preload the Cisco uBR900 series with the appropriate image at the warehouse.)

To customize the cable access router’s configuration further, the DOCSIS configuration file can also specify a Cisco IOS configuration file that the CMTS should download to the router. This second configuration file is an ASCII text file that contains the Cisco IOS commands needed to further configure the router as desired.

Note The CMTS typically downloads the DOCSIS configuration file, Cisco IOS image (if needed), and the Cisco IOS configuration file (if needed) only once when the router is initially brought online. However, a new configuration file or image can be downloaded whenever necessary, such as when the cable service provider offers new services or subscribers upgrade their services.

To ensure that you obtain the exact services that you have ordered, the Cisco uBR900 series arrives from the factory with a unique identifier (UID) that consists of a serial number and MAC address. These factory-assigned values are on a label at the bottom of the cable access router; for convenience, these values are also in a barcode label that can be easily scanned for entry into the service provider’s provisioning and billing system.

Using the MAC address of the cable access router as the key, the CMTS downloads the DOCSIS configuration file and Cisco IOS image that will provide the services that you have purchased. Service technicians at the headend typically create a number of standard configuration files to match the range of services offered by the provider; these configuration files can be created manually or with tools provided for this purpose by Cisco Systems.

18 Cisco IOS Release 12.0(7)T

Configuration Options

The following sections describe the initial power-on and provisioning sequences in more detail, as well as the requirements that must be met by both the cable access router and the CMTS before provisioning can be successful.

Initial Power-On Sequence

When connected and first powered on, the Cisco uBR900 series cable access router performs the following boot procedures:

Boots the Read Only Memory (ROM) from the ROMMON partition of its flash memory.

Performs a self-test, initializes processor hardware, and boots the main operating system software—the Cisco IOS release image stored in NVRAM.

Next, the Cisco uBR900 series performs a series of DOCSIS-mandated procedures for automatic installation and configuration. These procedures are summarized in Table 3 and in Figure 5.

.

Table 3

Cable Access Router Initialization Sequences and Events

 

 

 

Sequence

Event

Description

 

 

 

1

Scan for a downstream channel and

The Cisco uBR900 series acquires a downstream channel by

 

establish synchronization with the

matching the clock sync signal that is regularly sent out by the

 

CMTS.

CMTS on the downstream channel. The cable access router

 

 

saves the last operational frequency in non-volatile memory

 

 

and tries to reacquire the saved downstream channel the next

 

 

time a request is made.

 

 

Note An ideal downstream signal is one that synchronizes

 

 

QAM symbol timing, FEC framing, MPEG packetization, and

 

 

recognizes downstream sync MAC layer messages.

 

 

 

2

Obtain upsteam channel parameters.

The cable access router waits for an upstream channel

 

 

descriptor (UCD) message from the CMTS and configures

 

 

itself for the upstream frequence specified in that message.

 

 

 

3

Start ranging for power adjustments.

The cable access router waits for the next upstream bandwidth

 

 

allocation map message (MAP) from the CMTS to find the

 

 

next shared request timeslot. The router then sends a ranging

 

 

request message on the next available shared request timeslot,

communicating its UID (its unique MAC address) using a temporary Service Identifier (SID) of 0 (zero) to indicate it has not yet been allocated an upstream channel.

In reply to the cable access router’s ranging request, the CMTS sends a ranging response containing a temporary SID to be used for the initial router configuration and bandwidth allocation. As needed, the router adjusts its transmit power levels using the power increment value given by the CMTS in its ranging response message.

Note At this point, the cable access router has established connectivity with the CMTS but is not yet online. The next steps allocate “permanent” upstream and downstream frequencies, as well as the configuration required for IP network connectivity.

Configuring the Cisco uBR900 Series Cable Access Routers 19

Feature Overview

Table 3

Cable Access Router Initialization Sequences and Events (continued)

 

 

 

Sequence

Event

Description

 

 

 

4

Establish IP connectivity.

After the next MAP message broadcast, the router uses a

 

 

shared require timeslot to invoke Dynamic Host Configuration

 

 

Protocol (DHCP) to establish IP connectivity with the TCP/IP

 

 

network at the headend.

 

 

The DHCP server sends a response containing the router’s IP

 

 

address as well as the IP addresses for the default gateway,

 

 

time of day (TOD) server, and Trivial File Transfer Protocol

 

 

(TFTP) server, and the DOCSIS configuration file to be

 

 

downloaded. Depending on the particular network

 

 

configuration, other information could be provided, such as

 

 

the IP addresses for a syslog server or security server.

 

 

Note The DHCP server is typically a dedicated server at the

 

 

headend, but it could also be a CMTS such as a Cisco uBR7200

 

 

series universal broadband router.

 

 

The router configures itself for the specified IP address and

 

 

gets the current date and time from the specified TOD server.

 

 

 

5

Establish the time of day.

The cable access router accesses the TOD server for the

 

 

current date and time, which is used to create time stamps for

 

 

logged events (such as those displayed in the MAC log file).

 

 

 

6

Establish security.

Full Security, a planned enhancement to Baseline Privacy, is

 

 

not fully defined nor currently supported by the DOCSIS

 

 

specification, and is therefore not supported by the

 

 

Cisco uBR900 series.

 

 

 

7

Transfer operational parameters.

Using TFTP, the router downloads the specified DOCSIS

 

 

configuration file and configures itself for the appropriate

 

 

parameters. The DOCSIS configuration file defines the

 

 

router’s operating mode such as the provisioned downstream

 

 

and upstream service assignments, including assigned

 

 

frequencies, data rates, modulation schemes, Class of Service

 

 

(CoS), type of services to support, and other parameters. Cisco

 

 

provides tools to help automate the creation of configuration

 

 

files.

 

 

Note The DOCSIS configuration file must be in the exact

 

 

format given by the DOCSIS specification. An incorrect

 

 

DOCSIS configuration file can cause the Cisco uBR900 series

 

 

to constantly cycle offline. Such errors include wrong

 

 

downstream frequency, wrong UCD, wrong downstream

 

 

Channel ID, invalid CoS, incorrect BPI privacy configurations

 

 

or shared secret strings.

 

 

The cable access router sends another registration request to

 

 

the CMTS containing the CoS parameters given in the

 

 

DOCSIS configuration file.

 

 

The CMTS verifies that the router is using the appropriate CoS

 

 

profile and converts the temporary SID into a data SID with a

 

 

service class index that points to the applicable CoS profile.

 

 

 

8

Perform registration.

The router completes its secondary ranging and is then online,

 

 

passing data between the HFC network and the PCs and other

 

 

CPE devices that are connected to the router.

 

 

 

20 Cisco IOS Release 12.0(7)T

 

 

 

Configuration Options

 

Table 3

Cable Access Router Initialization Sequences and Events (continued)

 

 

 

 

 

Sequence

Event

Description

 

 

 

 

9

Comply with baseline privacy.

If baseline privacy is configured and enabled on both the

 

 

 

router and CMTS, the router and CMTS negotiate the

 

 

 

appropriate encryption/decryption parameters and exchange

 

 

 

keys for privacy. After encryption is enabled, all information

 

 

 

sent within Ethernet packets is encrypted to prevent

 

 

 

interception or modification by an unauthorized party.

 

 

 

 

10

Enter the operational maintenance

As soon as the Cisco uBR900 series cable access router has

 

 

state.

successfully completed the above sequence, it enters

 

 

 

operational maintenance state.

 

 

 

 

At this point the router is online and operational in the basic DOCSIS bridging (“plug and play”) mode. If the DOCSIS configuration file specifies that the router must download a Cisco IOS image and a Cisco IOS configuration file, the router uses TFTP to download the image and configuration file into its local memory. It then installs the new IOS image and runs the configuration file.

Downloading a DOCSIS configuration file to a Cisco uBR900 series cable access router automatically:

ends all telnet sessions

disables the cable access router’s console port, preventing local access to the router’s CLI

performs a “write erase” on the cable access router’s local configuration parameters

Telnet access to the router from the headend is still allowed, but only if the Cisco IOS configuration file includes enable and line vty passwords; if the configuration file does not include enable and line vty commands to specify these passwords, Telnet access and console access are both disabled.

Configuring the Cisco uBR900 Series Cable Access Routers 21

Cisco Systems UBR900 User Manual

Feature Overview

The sequence numbers shown in Table 3 are also shown in Figure 5 below. The Cisco uBR900 series cable access router will complete all the steps shown in the table and flowchart each time it needs to reregister with the CMTS.

Figure 5

Cable Modem Initialization Flowchart

Power

on

1

2

3

4

5

Scan for downstream channel

Downstream sync established

Obtain upstream parameters

Upstream parameter acquired

Start

Ranging

Ranging and auto adjust completed

Establish

IP connectivety

IP complete

Establish time of day

Time of day established

Establish

security 6

Security established

Transfer operational 7 parameters

Transfer complete

Register with

the Cisco 8 uBR7246

Registration

complete

Baseline

privacy 9 initialization

Baseline privacy initialized

Operational 10

12960

22 Cisco IOS Release 12.0(7)T

wait_for_link_up_state.
maintenance_state

Basic Troubleshooting

Figure 6 illustrates the traffic flow during the initialization process.

Figure 6 Cisco uBR900 Series Cable Access Router Provisioning Overview

CMTS Interface

Cisco uBR900 series Cable Access Router

MAP Broadcast

Power on

 

Contains timesharing info

Establish synch and wait for UCD

Send UCD

 

 

 

Obtain upstream parameters

 

Use temporary SID

 

Extract slot info and upstream

 

channel to use

 

Start ranging

DHCP Response: Contains IP addresses

Default gateway, TOD server TFTP server address

TFTP boot config file name

ToD Response

Registration Response Contains Assigned SID

Cisco uBR900 series registered Fail if QoS not available

or authentication failed

Transmit ranging packet with SID

DHCP request/TFTP boot request Now in allocated slots

ToD Request

 

Registration Request

 

Send QoS Parameters

 

Now in allocated slots

 

Cisco uBR900 series online

18195

Note For more detail on the provisioning process, see the DOCSIS 1.0 Radio Frequency Interface (RFI) specification (SP-RFII01-990731 or later revision).

After the Cisco uBR900 series cable access router goes online, it begins transferring data between the attached CPE devices and the network (internet, intranet, VoIP). The cable service provider typically uses DHCP to assign IP addresses to the CPE devices. The number of IP addresses each subscriber can obtain depends on the services purchased from the provider.

Basic Troubleshooting

A MAC-layer circular log file is stored inside the Cisco uBR900 series cable access router. This file contains a history of the log messages such as state event activities and timestamps. This is the most valuable information for troubleshooting the cable interface.

The MAC log file is displayed by entering the show controllers cable-modem 0 mac log command from privileged EXEC mode.

The most useful display fields in this output are the reported state changes. These fields are preceded by the message CMAC_LOG_STATE_CHANGE. These fields show how the Cisco uBR900 series progresses through the various processes involved in establishing communication and registration with the CMTS. The normal operational state is ; the normal state when the interface is shut down is

Note Because the MAC log file holds only a snapshot of 1023 entries at a time, you should try to display the file within 5 minutes after the reset or problem occurs.

Configuring the Cisco uBR900 Series Cable Access Routers 23

Feature Overview

The following is the normal progression of states as the Cisco uBR900 series registers with the CMTS:

wait_for_link_up_state ds_channel_scanning_state wait_ucd_state wait_map_state ranging_1_state ranging_2_state dhcp_state establish_tod_state security_association_state configuration_file_state registration_state establish_privacy_state maintenance_state

Following is an example of a MAC log file for a cable access router that has successfully registered with the headend CMTS. The output that is displayed is directly related to the messages that are exchanged between the Cisco uBR900 series and the CMTS.

uBR924# show controllers cable-modem 0 mac log

 

 

508144.340

CMAC_LOG_DRIVER_INIT_IDB_RESET

0x08098FEA

508144.342

CMAC_LOG_LINK_DOWN

 

 

508144.344

CMAC_LOG_LINK_UP

 

 

508144.348

CMAC_LOG_STATE_CHANGE

ds_channel_scanning_state

508144.350

CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND

88/453000000/855000000/6000000

508144.354

CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND

89/93000000/105000000/6000000

508144.356

CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND

90/111250000/117250000/6000000

508144.360

CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND

91/231012500/327012500/6000000

508144.362

CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND

92/333015000/333015000/6000000

508144.366

CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND

93/339012500/399012500/6000000

508144.370

CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND

94/405000000/447000000/6000000

508144.372

CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND

95/123015000/129015000/6000000

508144.376

CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND

96/135012500/135012500/6000000

508144.380

CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND

97/141000000/171000000/6000000

508144.382

CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND

98/219000000/225000000/6000000

508144.386

CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND

99/177000000/213000000/6000000

508144.390

CMAC_LOG_WILL_SEARCH_SAVED_DS_FREQUENCY

699000000

508145.540

CMAC_LOG_UCD_MSG_RCVD

3

 

508146.120

CMAC_LOG_DS_64QAM_LOCK_ACQUIRED

699000000

508146.122

CMAC_LOG_DS_CHANNEL_SCAN_COMPLETED

 

 

508146.124

CMAC_LOG_STATE_CHANGE

wait_ucd_state

508147.554

CMAC_LOG_UCD_MSG_RCVD

3

 

508147.558

CMAC_LOG_UCD_NEW_US_FREQUENCY

20000000

508147.558

CMAC_LOG_SLOT_SIZE_CHANGED

8

 

508147.622

CMAC_LOG_FOUND_US_CHANNEL

1

 

508147.624

CMAC_LOG_STATE_CHANGE

wait_map_state

508148.058

CMAC_LOG_MAP_MSG_RCVD

 

 

508148.060

CMAC_LOG_INITIAL_RANGING_MINISLOTS

40

 

508148.062

CMAC_LOG_STATE_CHANGE

ranging_1_state

508148.064

CMAC_LOG_RANGING_OFFSET_SET_TO

9610

 

508148.066

CMAC_LOG_POWER_LEVEL_IS

28.0

dBmV (commanded)

508148.068

CMAC_LOG_STARTING_RANGING

 

 

508148.070

CMAC_LOG_RANGING_BACKOFF_SET

0

 

508148.072

CMAC_LOG_RNG_REQ_QUEUED

0

 

508148.562

CMAC_LOG_RNG_REQ_TRANSMITTED

 

 

508148.566

CMAC_LOG_RNG_RSP_MSG_RCVD

 

 

508148.568

CMAC_LOG_RNG_RSP_SID_ASSIGNED

2

 

508148.570

CMAC_LOG_ADJUST_RANGING_OFFSET

2408

 

508148.572

CMAC_LOG_RANGING_OFFSET_SET_TO

12018

 

508148.574

CMAC_LOG_ADJUST_TX_POWER

20

 

508148.576

CMAC_LOG_POWER_LEVEL_IS

33.0

dBmV (commanded)

508148.578

CMAC_LOG_STATE_CHANGE

ranging_2_state

24 Cisco IOS Release 12.0(7)T

Basic Troubleshooting

508148.580

CMAC_LOG_RNG_REQ_QUEUED

2

508155.820

CMAC_LOG_RNG_REQ_TRANSMITTED

 

508155.824

CMAC_LOG_RNG_RSP_MSG_RCVD

 

508155.826

CMAC_LOG_ADJUST_RANGING_OFFSET

-64

508155.826

CMAC_LOG_RANGING_OFFSET_SET_TO

11954

508155.828

CMAC_LOG_RANGING_CONTINUE

 

508165.892

CMAC_LOG_RNG_REQ_TRANSMITTED

 

508165.894

CMAC_LOG_RNG_RSP_MSG_RCVD

 

508165.896

CMAC_LOG_ADJUST_TX_POWER

-9

508165.898

CMAC_LOG_POWER_LEVEL_IS

31.0 dBmV (commanded)

508165.900

CMAC_LOG_RANGING_CONTINUE

 

508175.962

CMAC_LOG_RNG_REQ_TRANSMITTED

 

508175.964

CMAC_LOG_RNG_RSP_MSG_RCVD

 

508175.966

CMAC_LOG_RANGING_SUCCESS

 

508175.968

CMAC_LOG_STATE_CHANGE

dhcp_state

508176.982

CMAC_LOG_DHCP_ASSIGNED_IP_ADDRESS

188.188.1.62

508176.984

CMAC_LOG_DHCP_TFTP_SERVER_ADDRESS

4.0.0.1

508176.986

CMAC_LOG_DHCP_TOD_SERVER_ADDRESS

4.0.0.32

508176.988

CMAC_LOG_DHCP_SET_GATEWAY_ADDRESS

 

508176.988

CMAC_LOG_DHCP_TZ_OFFSET

360

508176.990

CMAC_LOG_DHCP_CONFIG_FILE_NAME

platinum.cm

508176.992

CMAC_LOG_DHCP_ERROR_ACQUIRING_SEC_SVR_ADDR

 

508176.996

CMAC_LOG_DHCP_COMPLETE

 

508177.120

CMAC_LOG_STATE_CHANGE

establish_tod_state

508177.126

CMAC_LOG_TOD_REQUEST_SENT

 

508177.154

CMAC_LOG_TOD_REPLY_RECEIVED

3107617539

508177.158

CMAC_LOG_TOD_COMPLETE

 

508177.160

CMAC_LOG_STATE_CHANGE

security_association_state

508177.162

CMAC_LOG_SECURITY_BYPASSED

 

508177.164

CMAC_LOG_STATE_CHANGE

configuration_file_state

508177.166

CMAC_LOG_LOADING_CONFIG_FILE

platinum.cm

508178.280

CMAC_LOG_CONFIG_FILE_PROCESS_COMPLETE

 

508178.300

CMAC_LOG_STATE_CHANGE

registration_state

508178.302

CMAC_LOG_REG_REQ_MSG_QUEUED

 

508178.306

CMAC_LOG_REG_REQ_TRANSMITTED

 

508178.310

CMAC_LOG_REG_RSP_MSG_RCVD

 

508178.312

CMAC_LOG_COS_ASSIGNED_SID

5/19

508178.314

CMAC_LOG_COS_ASSIGNED_SID

6/20

508178.316

CMAC_LOG_COS_ASSIGNED_SID

7/21

508178.318

CMAC_LOG_RNG_REQ_QUEUED

19

508178.320

CMAC_LOG_REGISTRATION_OK

 

508178.322

CMAC_LOG_REG_RSP_ACK_MSG_QUEUED

0

508178.324

CMAC_LOG_STATE_CHANGE

establish_privacy_state

508178.326

CMAC_LOG_NO_PRIVACY

 

508178.328

CMAC_LOG_STATE_CHANGE

maintenance_state

You can display other aspects of the MAC layer by adding the following keywords to the show controllers cable-modem 0 mac command:

uBR924# show controllers cable-modem 0 mac ?

errors

Mac Error

Log data

hardware

All

CM Mac Hardware registers

log

Mac

log data

resets

Resets of

the MAC

state

Current MAC state

For examples and descriptions of how to use these keywords, see the show controllers cable-modem mac command reference page.

The MAC log file gives a detailed history of initialization events that occur in the Cisco uBR900 series cable access router. All pertinent troubleshooting information is stored here.

Configuring the Cisco uBR900 Series Cable Access Routers 25

Feature Overview

In the following paragraphs, a sample log file is broken down into the chronological sequence of events listed below. Sample comments are also included in the log file.

Event 1—Wait for the Link to Come Up

Event 2—Scan for a Downstream Channel, then Synchronize

Event 3—Obtain Upstream Parameters

Event 4—Start Ranging for Power Adjustments

Event 5—Establish IP Connectivity

Event 6—Establish the Time of Day

Event 7—Establish Security

Event 8—Transfer Operational Parameters

Event 9—Perform Registration

Event 10—Comply with Baseline Privacy

Event 11—Enter the Maintenance State

Event 1—Wait for the Link to Come Up

When the Cisco uBR900 series cable access router is powered on and begins initialization, the MAC layer first informs the cable access router drivers that it needs to reset. The LINK_DOWN and LINK_UP fields are similar to the shut and no shut conditions on a standard Cisco interface.

uBR924# show controllers cable-modem 0 mac log

 

528302.040

CMAC_LOG_LINK_DOWN

 

528302.042

CMAC_LOG_RESET_FROM_DRIVER

 

528302.044

CMAC_LOG_STATE_CHANGE

wait_for_link_up_state

528302.046

CMAC_LOG_DRIVER_INIT_IDB_SHUTDOWN

0x08098D02

528302.048

CMAC_LOG_LINK_DOWN

 

528308.428

CMAC_LOG_DRIVER_INIT_IDB_RESET

0x08098E5E

528308.432

CMAC_LOG_LINK_DOWN

 

528308.434

CMAC_LOG_LINK_UP

 

Event 2Scan for a Downstream Channel, then Synchronize

Different geographical regions and different cable plants use different RF frequency bands. A frequency band is a group of adjacent 6 MHz-wide channels. These bands are numbered from 88 to 99. Each band has starting and ending digital carrier frequencies and a 6 MHz step size. For example, a search of EIA channels 95-97 is specified using band 89. The starting frequency of band 89 is 93 MHz; the ending frequency is 105 MHz.

The Cisco uBR900 series’ default frequency bands correspond to the North American EIA CATV channel plan for 6 MHz channel slots between 90 and 858 MHz. For example, EIA channel 95 occupies the 90-96 MHz slot. The digital carrier frequency is specified as the center frequency of the slot, which is 93 MHz. Channel 95 is usually specified using the analog video carrier frequency of 91.25 MHz, which lies 1.75 MHz below the center of the slot.

Some CATV systems use alternative frequency plans such as the IRC (Incrementally Related Carrier) plan and HRC (Harmonically Related Carrier) plan. Cisco uBR900 series cable access routers support both of these plans. Most of the IRC channel slots overlap the EIA plan.

The Cisco uBR900 series uses a built-in default frequency scanning feature to find and lock onto a downstream channel. After the cable access router successfully finds a downstream frequency channel, it saves the channel to NVRAM. The router recalls this value the next time it needs to synchronize its frequency.

26 Cisco IOS Release 12.0(7)T

Basic Troubleshooting

The downstream frequency search table is arranged so that the first frequencies that are scanned are above 450 MHz. Because many CATV systems have been upgraded from 450 MHz to 750 MHz coaxial cable, digital channels have a high chance of being assigned in the new spectrum. The search table omits channels below 90 MHz and above 860 MHz since the DOCSIS specification does not mandate their coverage.

The CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND field tells you what frequencies the cable access router will scan. The CMAC_LOG_WILL_SEARCH_SAVED_DS_FREQUENCY field tells you the frequency the router locked onto and saved to NVRAM for future recall. The CMAC_LOG_DS_64QAM_LOCK_ACQUIRED field communicates the same information. The CMAC_LOG_DS_CHANNEL_SCAN_COMPLETED field indicates that the scanning and synchronization was successful.

508144.348

CMAC_LOG_STATE_CHANGE

ds_channel_scanning_state

508144.350

CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND

88/453000000/855000000/6000000

508144.354

CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND

89/93000000/105000000/6000000

508144.356

CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND

90/111250000/117250000/6000000

508144.360

CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND

91/231012500/327012500/6000000

508144.362

CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND

92/333015000/333015000/6000000

508144.366

CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND

93/339012500/399012500/6000000

508144.370

CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND

94/405000000/447000000/6000000

508144.372

CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND

95/123015000/129015000/6000000

508144.376

CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND

96/135012500/135012500/6000000

508144.380

CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND

97/141000000/171000000/6000000

508144.382

CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND

98/219000000/225000000/6000000

508144.386

CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND

99/177000000/213000000/6000000

508144.390

CMAC_LOG_WILL_SEARCH_SAVED_DS_FREQUENCY

699000000

508145.540

CMAC_LOG_UCD_MSG_RCVD

3

508146.120

CMAC_LOG_DS_64QAM_LOCK_ACQUIRED

699000000

508146.122

CMAC_LOG_DS_CHANNEL_SCAN_COMPLETED

 

Event 3—Obtain Upstream Parameters

The Cisco uBR900 series waits for an upstream channel descriptor (UCD) message from the CMTS. The UCD provides transmission parameters for the upstream channel.

508146.124

CMAC_LOG_STATE_CHANGE

wait_ucd_state

508147.554

CMAC_LOG_UCD_MSG_RCVD

3

508147.558

CMAC_LOG_UCD_NEW_US_FREQUENCY

20000000

508147.558

CMAC_LOG_SLOT_SIZE_CHANGED

8

508147.622

CMAC_LOG_FOUND_US_CHANNEL

1

508147.624

CMAC_LOG_STATE_CHANGE

wait_map_state

508148.058

CMAC_LOG_MAP_MSG_RCVD

 

508148.060

CMAC_LOG_INITIAL_RANGING_MINISLOTS

40

Event 4—Start Ranging for Power Adjustments

The ranging process adjusts the transmit power of the cable access router. Ranging is performed in two stages: ranging state 1 and ranging state 2.

The CMAC_LOG_POWER_LEVEL_IS field is the power level that the CMTS told the Cisco uBR900 series to adjust to. The CMAC_LOG_RANGING_SUCCESS field indicates that the ranging adjustment was successful.

508148.062

CMAC_LOG_STATE_CHANGE

ranging_1_state

508148.064

CMAC_LOG_RANGING_OFFSET_SET_TO

9610

 

508148.066

CMAC_LOG_POWER_LEVEL_IS

28.0

dBmV (commanded)

508148.068

CMAC_LOG_STARTING_RANGING

 

 

508148.070

CMAC_LOG_RANGING_BACKOFF_SET

0

 

508148.072

CMAC_LOG_RNG_REQ_QUEUED

0

 

508148.562

CMAC_LOG_RNG_REQ_TRANSMITTED

 

 

508148.566

CMAC_LOG_RNG_RSP_MSG_RCVD

 

 

Configuring the Cisco uBR900 Series Cable Access Routers 27

CMAC_LOG_TOD_COMPLETE
CMAC_LOG_DHCP_COMPLETE

Feature Overview

508148.568

CMAC_LOG_RNG_RSP_SID_ASSIGNED

2

 

508148.570

CMAC_LOG_ADJUST_RANGING_OFFSET

2408

 

508148.572

CMAC_LOG_RANGING_OFFSET_SET_TO

12018

 

508148.574

CMAC_LOG_ADJUST_TX_POWER

20

 

508148.576

CMAC_LOG_POWER_LEVEL_IS

33.0

dBmV (commanded)

508148.578

CMAC_LOG_STATE_CHANGE

ranging_2_state

508148.580

CMAC_LOG_RNG_REQ_QUEUED

2

 

508155.820

CMAC_LOG_RNG_REQ_TRANSMITTED

 

 

508155.824

CMAC_LOG_RNG_RSP_MSG_RCVD

 

 

508155.826

CMAC_LOG_ADJUST_RANGING_OFFSET

-64

 

508155.826

CMAC_LOG_RANGING_OFFSET_SET_TO

11954

 

508155.828

CMAC_LOG_RANGING_CONTINUE

 

 

508165.892

CMAC_LOG_RNG_REQ_TRANSMITTED

 

 

508165.894

CMAC_LOG_RNG_RSP_MSG_RCVD

 

 

508165.896

CMAC_LOG_ADJUST_TX_POWER

-9

 

508165.898

CMAC_LOG_POWER_LEVEL_IS

31.0

dBmV (commanded)

508165.900

CMAC_LOG_RANGING_CONTINUE

 

 

508175.962

CMAC_LOG_RNG_REQ_TRANSMITTED

 

 

508175.964

CMAC_LOG_RNG_RSP_MSG_RCVD

 

 

508175.966

CMAC_LOG_RANGING_SUCCESS

 

 

Event 5—Establish IP Connectivity

After ranging is complete, the cable interface on the cable access router is UP. Now the cable access router accesses a remote DHCP server to get an IP address. The DHCP server sends a response containing the router’s IP address plus the TFTP server’s address, the Time of Day (TOD) server’s address, and the name of a configuration file containing additional configuration parameters. The

field shows that the IP connectivity was successful.

508175.968

CMAC_LOG_STATE_CHANGE

dhcp_state

508176.982

CMAC_LOG_DHCP_ASSIGNED_IP_ADDRESS

188.188.1.62

508176.984

CMAC_LOG_DHCP_TFTP_SERVER_ADDRESS

4.0.0.1

508176.986

CMAC_LOG_DHCP_TOD_SERVER_ADDRESS

4.0.0.32

508176.988

CMAC_LOG_DHCP_SET_GATEWAY_ADDRESS

 

508176.988

CMAC_LOG_DHCP_TZ_OFFSET

360

508176.990

CMAC_LOG_DHCP_CONFIG_FILE_NAME

platinum.cm

508176.992

CMAC_LOG_DHCP_ERROR_ACQUIRING_SEC_SVR_ADDR

 

508176.996

CMAC_LOG_DHCP_COMPLETE

 

Event 6Establish the Time of Day

The Cisco uBR900 series accesses the Time of Day server for the current date and time, which is used to create time stamps for logged events. The field indicates a successful time of day sequence.

508177.120

CMAC_LOG_STATE_CHANGE

establish_tod_state

508177.126

CMAC_LOG_TOD_REQUEST_SENT

 

508177.154

CMAC_LOG_TOD_REPLY_RECEIVED

3107617539

508177.158

CMAC_LOG_TOD_COMPLETE

 

Event 7Establish Security

This event is currently bypassed by the Cisco uBR900 series because “full security” has not been fully defined by DOCSIS and is therefore not yet supported.

508177.160

CMAC_LOG_STATE_CHANGE

security_association_state

508177.162

CMAC_LOG_SECURITY_BYPASSED

 

28 Cisco IOS Release 12.0(7)T

Note “Full security” was a request made by cable service providers for a very strong authorization and authentication check by the CMTS. The Cisco uBR900 series supports DOCSIS baseline privacy (Event 10), which protects your data from being “sniffed” on the cable network.
Event 8Transfer Operational Parameters
After completing the DHCP and security operations, the Cisco uBR900 series downloads operational parameters by downloading a configuration file located on the TFTP server. The CMAC_LOG_DHCP_CONFIG_FILE_NAME field shows the filename containing the transmission parameters.

Basic Troubleshooting

508177.164

CMAC_LOG_STATE_CHANGE

configuration_file_state

508177.166

CMAC_LOG_LOADING_CONFIG_FILE

platinum.cm

508178.280

CMAC_LOG_CONFIG_FILE_PROCESS_COMPLETE

 

Event 9Perform Registration

After the Cisco uBR900 series is initialized, authenticated, and configured, it requests to be registered with the headend CMTS. The CMAC_LOG_COS_ASSIGNED_SID field assigns a class of service (CoS) number and a service ID (SID). Multiple CoS entries in the configuration file imply that multiple SIDs are supported by the cable access router. If several cable access routers use the same configuration file, they will have the same CoS numbers but will be assigned different SIDs.

A successful registration is indicated by the CMAC_LOG_REGISTRATION_OK field.

508178.300

CMAC_LOG_STATE_CHANGE

registration_state

508178.302

CMAC_LOG_REG_REQ_MSG_QUEUED

 

508178.306

CMAC_LOG_REG_REQ_TRANSMITTED

 

508178.310

CMAC_LOG_REG_RSP_MSG_RCVD

 

508178.312

CMAC_LOG_COS_ASSIGNED_SID

5/19

508178.314

CMAC_LOG_COS_ASSIGNED_SID

6/20

508178.316

CMAC_LOG_COS_ASSIGNED_SID

7/21

508178.318

CMAC_LOG_RNG_REQ_QUEUED

19

508178.320

CMAC_LOG_REGISTRATION_OK

 

Event 10Comply with Baseline Privacy

During this event, keys for baseline privacy are exchanged between the Cisco uBR900 series and the headend CMTS. A link level encryption is performed so that your data cannot be “sniffed” by anyone else on the cable network.

Following is a trace showing baseline privacy enabled. The key management protocol is responsible for exchanging two types of keys: KEKs and TEKs. The KEK (key exchange key, also referred to as the authorization key) is used by the CMTS to encrypt the TEKs (traffic encryption keys) it sends to the Cisco uBR900 series. The TEKs are used to encrypt/decrypt the data. There is a TEK for each SID that is configured to use privacy.

Configuring the Cisco uBR900 Series Cable Access Routers 29

Benefits

851.088

CMAC_LOG_STATE_CHANGE

establish_privacy_state

851.094

CMAC_LOG_PRIVACY_FSM_STATE_CHANGE

machine: KEK, event/state:

EVENT_1_PROVISIONED/STATE_A_START, new state: STATE_B_AUTH_WAIT

851.102

CMAC_LOG_BPKM_REQ_TRANSMITTED

 

851.116

CMAC_LOG_BPKM_RSP_MSG_RCVD

 

851.120

CMAC_LOG_PRIVACY_FSM_STATE_CHANGE

machine: KEK, event/state:

EVENT_3_AUTH_REPLY/STATE_B_AUTH_WAIT, new state: STATE_C_AUTHORIZED

856.208

CMAC_LOG_PRIVACY_FSM_STATE_CHANGE

machine: TEK, event/state:

EVENT_2_AUTHORIZED/STATE_A_START, new state: STATE_B_OP_WAIT

856.220

CMAC_LOG_BPKM_REQ_TRANSMITTED

 

856.224

CMAC_LOG_BPKM_RSP_MSG_RCVD

 

856.230

CMAC_LOG_PRIVACY_FSM_STATE_CHANGE

machine: TEK, event/state:

EVENT_8_KEY_REPLY/STATE_B_OP_WAIT, new state: STATE_D_OPERATIONAL

856.326

CMAC_LOG_PRIVACY_INSTALLED_KEY_FOR_SID

2

856.330

CMAC_LOG_PRIVACY_ESTABLISHED

 

Note In order for baseline privacy to work, you must use a code image name on the Cisco uBR900 series that contains the characters k1. In addition, baseline privacy must be supported on the headend CMTS, and it must be turned on in the configuration file that is downloaded to the cable access router.

Event 11Enter the Maintenance State

As soon as the Cisco uBR900 series has successfully completed the above events, it enters the operational maintenance state and is authorized to forward traffic into the cable network.

508178.322 CMAC_LOG_STATE_CHANGE

maintenance_state

Benefits

The Cisco uBR900 series cable access router provides the following benefits for data-over-cable applications:

Allows telecommuters and small office/home office customers to leverage the high-bandwidth, low-cost, IP-based data and voice services offered by cable service providers

Enables the cost-effective deployment of advanced routing capabilities to the small office or home office site

Prioritizes voice traffic ahead of data traffic, ensuring quality of service (QoS) over a shared cable infrastructure

Leverages Cisco’s industry-standard routing hardware and Cisco IOS software to deliver advanced networking services and applications such as virtual private networks (VPNs), support for multi-protocol networks, firewall security, and the ability to cost-effectively deploy local area networks (LANs)

30 Cisco IOS Release 12.0(7)T

Loading...
+ 108 hidden pages