Configuring the Cisco uBR900 Series
Cable Access Routers
This document addresses the following topics:
•
•
•
•
•
•
•
•
•
Feature Overview on page 1
Supported Platforms on page 32
Prerequisites on page 32
Supported MIBs and RFCs on page 33
Configuration Tasks on page 36
Configuration Examples on page 46
VoIP Bridging Configuration Using SGCP on page 52
Debug Commands on page 118
Glossary on page 135
Feature Overview
Cisco uBR900 series cable access routers are fully-functional Cisco IOS routers and standards-based bidirectional cable modems that give a residential or small office/home office (SOHO) subscriber high-speed Internet or Intranet access and packet telephone services via a shared two-way cable system and IP backbone network. Cisco uBR900 series cable access routers are based on the current Data-Over-Cable Service Interface Specifications (DOCSIS) standards, and interoperate with any bidirectional, DOCSIS-qualified headend cable modem termination system (CMTS).
Cisco uBR900 series routers connect computers, telephone equipment, and other customer premises devices at a subscriber site to the service provider’s Hybrid/Fiber Coax (HFC) and IP backbone network. Functioning as cable modems, the Cisco uBR900 series routers transport data and voice traffic on the same cable system that delivers broadcast TV signals.
Cisco uBR900 series cable access routers typically ship from the Cisco factory with a Cisco Internetwork Operating System (IOS) software image stored in nonvolatile memory (NVRAM). The standard Cisco IOS software image supports DOCSIS-compliant bridging operation for data as the default.
Based on the feature licenses purchased, other Cisco IOS images can be downloaded from Cisco Connection Online (CCO). Each Cisco uBR900 series router in your network can then be configured to support Voice over IP (VoIP) and/or other special operating modes based on your service offering and the practices in place for your network. A Cisco uBR900 series device can function as an advanced router, providing wide area network (WAN) data connectivity in a variety of configurations.
Configuring the Cisco uBR900 Series Cable Access Routers 1
Feature Overview
Cisco IOS Software Feature Sets
This section briefly describes the common feature sets supported by the Cisco uBR900 series cable access routers. Each feature set contains a number of features that provide a specific functionality such as Voice over IP (VoIP) or virtual private network (VPN) access.
The following feature set categories are currently available:
•
•
Data Operations
Data and Voice Operations
The data and voice feature sets add Voice over IP (VoIP) support to the same base features contained in the data only feature sets. Telephones that are connected to the uBR924 cable access router can make voice calls over the Internet using either the H.323 (Gateway/Gatekeeper) voice control protocol or Simple Gateway Control Protocol (SGCP). (For more information on these protocols, refer to H.323 Protocol Stack and SGCP Protocol Stack in this document.)
Because voice calls are real-time traffic, the Cisco uBR924 cable access router supports the DOCSIS Quality of Service (QoS) enhancements to give higher priority to IP packets containing voice traffic.
Note Voice features are available only on the Cisco uBR924 cable access router.
Note Feature sets and software images vary depending on the cable access router model you are using and the Cisco IOS software release that is running. For a list of the available software images for your application, and the specific features contained in each image, refer to the release notes for the Cisco uBR900 series cable access router and Cisco IOS software release you are using. This document describes the features available for the Cisco uBR904 and uBR924 cable access routers in Cisco IOS Release 12.0(7)T.
The following feature sets are available in data and voice versions as well as in data only versions:
•Base IP Bridging – provides full DOCSIS 1.0-compliant cable modem support for users who want a basic high-speed connection to the Internet.
•Home Office (Easy IP) – provides a high-speed connection to the Internet, along with server functions that simplify the administration of IP addresses, so that the Cisco uBR900 series cable access router can connect a small number of computers to the Internet through the cable interface.
•Small Office – provides a firewall feature set in addition to the high-speed Internet connection and server functions provided by the Home Office feature set. You can protect your office network from intrusion and interference while still having high-speed access to the Internet.
•Telecommuter – provides encryption and layer 2 tunneling support in addition to the high-speed Internet connection and server functions provided by the Home Office feature set. Businesses can establish secure high-speed Internet connections between employees’ homes and the office local network.
These feature sets are described in the following sections.
2 Cisco IOS Release 12.0(7)T
Cisco IOS Software Feature Sets
Base IP Bridging includes full and DOCSIS-compliant bridging and DOCSIS Baseline Privacy. The Base IP Bridging feature set allows the Cisco uBR900 series cable access router to function as a DOCSIS 1.0 cable modem and to interoperate with any DOCSIS 1.0-qualified CMTS. It provides basic high-speed Internet connectivity for users who want to connect only one computer to the cable network.
DOCSIS-compliant bridging (also referred to as “plug-and-play” bridging) is the default configuration for Cisco uBR900 series cable access routers. While in plug-and-play bridging mode, the router locates a downstream and upstream channel; finds ToD, TFTP, and DHCP servers; obtains an IP address; downloads a DOCSIS configuration file; and obtains DHCP parameters to work in bridging mode.
Note This feature set does not include Easy IP and Routing.
In DOCSIS-compliant bridging mode, the Cisco uBR900 series cable access router acts as a transparent bridge for the following device combinations:
•3 CPE devices when using Cisco IOS Release 12.0(4) XI1 or higher
•254 CPE devices when using Cisco IOS Release 12.0(5)T or higher images, or Cisco IOS Release 12.1.
Note The ability of the Cisco uBR900 series cable access router to grant access to CPE devices is controlled by the MAX CPE field in the DOCSIS configuration file. The MAX CPE field defaults to one CPE device unless otherwise set to a higher number.
The Home Office feature set provides high-speed Internet connectivity for customers who have a small home network (typically 2-4 computers). In addition to full DOCSIS 1.0 support and all of the functionality of the Base IP Bridging feature set, the Home Office feature set (also known as Easy IP) supports intelligent Dynamic Host Configuration Protocol (DHCP) server functions, including DHCP Relay Agent and DHCP Client functionality. It also supports Easy IP (NAT/PAT).
This feature set allows the Cisco uBR900 series cable access router great flexibility in administering IP addresses for the PCs and other customer premises equipment it is connecting to the cable network. The DHCP functionality allows intelligent use of the IP addresses that allow customer premises computers and other equipment to connect to the Internet. The NAT/PAT functionality allows you to use private IP addresses on the local network, while still maintaining connectivity to the Internet.
In addition to full DOCSIS 1.0 support and all of the functionality of the Easy IP feature set, the Small Office feature set supports the Cisco IOS firewall feature set which provides a wide range of security features for Cisco uBR900 series cable access routers. Using the firewall feature set, Cisco uBR900 series cable access routers act as buffers between the customer’s private enterprise network and the Internet and other connected public networks.
Configuring the Cisco uBR900 Series Cable Access Routers 3
Feature Overview
In firewall mode, the Cisco uBR900 series cable access router provides a high-speed Internet connection for an office’s local network while protecting the computers on the office network from common attacks such as denial of service attacks and destructive Java applets, as well as real-time alerts of such attacks.
The Small Office feature set can be optionally extended with support for IPSec encryption to ensure that the traffic passed over the Internet cannot be intercepted. You can select either standard 56-bit IPSec Network Security encryption or high-security 168-bit Triple Data Encryption Standard (DES) encryption.
In addition to full DOCSIS 1.0 support and all of the functionality of the Easy IP feature set, the Telecommuter feature set supports IPSec encryption and the Layer 2 Tunneling Protocol (L2TP), which can establish secure high-speed Internet connections between employees’ homes and the office local network.
IPSec is an IP security feature that provides robust authentications and encryption of IP packets for the secure transmission of sensitive information over unprotected networks such as the Internet. You can select either standard 56-bit IPSec Network Security encryption or high-security 168-bit Triple Data Encryption Standard (DES) encryption.
L2TP is an extension of the Point-to-Point Protocol (PPP) that allows computers on different physical networks to interoperate as if they were on the same local area network (LAN). These features are important components for Virtual Private Networks (VPNs).
Note The Telecommuter feature set does not require the firewall feature set because the individual telecommuter has a secure connection to the office network. The office network, however, should implement a firewall for its own connection to the Internet.
Data Operations
Figure 1 illustrates a typical broadband data cable system. Data transmitted to a Cisco uBR900 series cable access router from the service provider’s CMTS shares a 27 or 26 Mbps, 6 MHz data channel in the 88 to 860 MHz range. The Cisco uBR900 series cable access router shares an upstream data rate of up to 10 Mbps on a 200 kHz-wide to 3.2 MHz-wide channel in the 5 to 42 MHz range.
Note End-to-end throughput varies based on the design and loading of network components, the mix of traffic, the processing speed and interface of the host server(s), the processing speed and local Ethernet performance of the subscriber’s computer, as well as other parameters. Since the network can be configured to support multiple levels of service to meet differing market price/performance requirements, the subscriber’s service level agreement also affects throughput. DOCSIS further contains some fundamental performance limitations because standards are designed to give a larger number of customers good performance, rather than permitting a few users to consume the entire capacity.
4 Cisco IOS Release 12.0(7)T
Data Operations
Figure 1 Typical Cisco Broadband Data Cable System
WAN |
|
|
|
|
|
CMTS |
|
Combiner |
|
Tx |
|
|
|
|||
|
|
Switch/router |
|
|
rack equipment |
|
|
|
Rx |
|
Fiber |
|||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Servers |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Cisco uBR900 series cable access router
Internal backbone and
worldwide internet
HFC cable plant
Cable System Headend
Upstream and downstream data interfaces Operation support system interface Downstream RF interface
Upstream RF interface
18197
Residence or SOHO subscriber site: subscriber RF interface Ethernet interface
The broadband data cable system uses multiple types of access control to ensure efficient use of bandwidth over a wide range of loading conditions. Advanced queuing techniques and service algorithms are used to define the acquisition and release of channels.
Cisco uBR900 series cable access routers support 64 or 256 Quadrature Amplitude Modulation (QAM) downstream, and Quadrature Phase Shift Keying (QPSK) or 16 QAM upstream transmission. This allows the CMTS system administrator to set the preferred modulation scheme based on the quality of the cable plant.
Note In noisy plant environments, 16 QAM upstream and 256 QAM downstream modulation may not be viable. In high-quality HFC networks capable of supporting 16 QAM formats in the upstream direction, Cisco recommends using QPSK for fixed-slot short packets like maintenance or data requests, and 16 QAM for variable length data packets. This results in the most efficient use of the available upstream timeslots or minislots.
The system uses Transmission Control Protocol/Internet Protocol (TCP/IP) to transmit data. TCP/IP transmits data in segments encased in IP datagrams, along with checksums to detect data corruption and sequence numbers to ensure an ordered byte stream on the TCP connection between the Cisco cable access router and the CMTS.
Cisco cable access routers also support multicast services—data streams sent to groups of subscribers. These applications utilize the User Datagram Protocol (UDP) instead of TCP. Since UDP does not mandate upstream acknowledgments, these applications can be very efficient in the network. Additionally, restricting upstream throughput will have no effect on downstream UDP streaming throughput.
Configuring the Cisco uBR900 Series Cable Access Routers 5
Feature Overview
Note Interactive games are the exception. Although low latency is required in gaming applications, high upstream data throughput is not demanded since the volume of data transmitted upstream is typically small.
Table 1 |
Cisco uBR900 Series Cable Access Router Data Specifications |
|
|
|
|
Description |
Downstream Values |
Upstream Values |
|
|
|
Frequency Range |
88 to 860 MHz |
5 to 42 MHz |
|
|
|
Modulation |
64 QAM |
QPSK |
|
256 QAM |
16 QAM |
|
|
|
Data Rate |
30 Mbps/64 QAM |
QPSK—320 Kbit/sec to 5 Mbit/sec |
|
(27 Mbit/sec after FEC overhead) |
|
|
42.8 Mbps/256 QAM |
16 QAM—640 Kbit/sec to 10 Mbit/sec |
|
(36 Mbit/sec after FEC overhead) |
|
|
|
|
Bandwidth |
6 MHz |
200K, 400K, 800K, 1.6M, |
|
|
3.2 MHz |
|
|
|
FEC |
RS (122, 128) Trellis |
Reed Solomon |
|
|
|
One Channel |
Receive level of digital signal |
QPSK— +8 to +58 dBmV |
|
-15 to +15 dBmV |
|
Note Most field measurements are of nearby |
16 QAM— +8 to +55 dBmV |
|
|
or adjacent analog signal which is normally |
|
+6 to +10 dB (system specific) above the |
|
digital signal level |
|
Signal-to-Noise Ratio |
64 QAM: |
(SNR) |
>23.5 dB @ BER<10^8 |
|
256 QAM*: |
|
>30 dB @ BER <10^-8 |
|
(For input level between +15 and -8 dBmV, |
|
SNR must be greater than 30 dB. For input |
|
level between -8 and -15 dBmV, SNR must be |
|
greater than 33 dB.) |
|
Note These performance numbers are in |
|
laboratory-controlled conditions against |
|
statistically pure noise sources (AWGN). Since |
|
such conditions do not exist in practise, a 6 dB |
|
or more SNR margin is required for reliable |
|
operation. Check with your local system |
|
guidelines. |
QPSK:
>15 dB @ BER<10^-8
(QPSK will work at 98% successful ping rate for SNR>13 dB. A SNR of 15 dB will be needed to get almost optimal packets per minute transition.)
16 QAM:
>22 dB @ BER <10^-8
(For 16 QAM, a SNR>22 dB makes the grade for 98% ping efficiency. To get good packet rate, you need
SNR>25 dB)
Note These measurements were made for 0 and -10 dBmV input to the CMTS, 1280 ksym/sec and 64 bytes packet size with a Cisco uBR904 cable access router and laboratory-controlled conditions.
6 Cisco IOS Release 12.0(7)T
|
|
|
Data Operations |
Table 1 |
Cisco uBR900 Series Cable Access Router Data Specifications (continued) |
||
|
|
|
|
|
Description |
Downstream Values |
Upstream Values |
|
|
|
|
|
Security |
DES decryption: DOCSIS Baseline Privacy |
DES encryption |
(BPI), 40 bit-, 56 bitand 168 bit DES encryption, as controlled by the headend and configuration files.
Note Cisco IOS images must contain encryption software at both the CMTS and the Cisco uBR900 series. Both routers must be enabled and properly configured to support encryption.
Each Cisco uBR900 series cable access router on the network is configured to receive data on a particular downstream channel. A downstream channel contains upstream segment(s). Each upstream segment typically serves more than one fiber node.
Partitioning the upstream plant into smaller segments significantly reduces the number of potential ingress sources and failure points. The CMTS divides the cable plant into downstream channels and upstream segments or clusters of nodes.
When operating normally, the Cisco uBR900 series cable access router receives data addressed to it from the CMTS. The router reads the address in the header of the message, filters the message and forwards it to the appropriate device at the subscriber site.
Note Bandwidth at the subscriber site is shared by the active data users connected to the network segment.
For upstream data transfer, the Cisco cable access router uses a request/grant mechanism to obtain upstream bandwidth. The CMTS configures, via MAC messages, upstream parameters associated with transmissions from all Cisco cable access routers on the system. Service class registration is granted based on class assignment and load provisioning. Upstream channels are time slotted and divided into basic scheduling time units.
The CMTS informs the Cisco cable access router of minislot structures on the upstream channel. Some minislots are marked as contention-based—shared by routers to make bandwidth (timeslot) requests with the CMTS. Others are grouped together into unicast grants for specific routers to send their data bursts. Yet others are grouped together into maintenance slots for “keep alive” messages from routers to the CMTS.
In bridging applications, the Cisco uBR900 series cable access router acts as a transparent bridge for up to 254 devices depending on the version of Cisco IOS software you are using. Older versions of software allow a maximum of 3 CPE devices to be bridged. The cable access router is connected to the Internet through the coaxial cable interface. All four 10BaseT Ethernet ports are treated as one Ethernet interface by the Cisco IOS software. The IP addresses for the CPE devices and the coaxial cable interface are typically in the same subnet, although this is not a requirement.
Configuring the Cisco uBR900 Series Cable Access Routers 7
Feature Overview
The Cisco uBR900 series complies with the DOCSIS standards for interoperable cable access routers; it supports full transparent bridging as well as DOCSIS-compliant transparent bridging.
Note If the attached CPE devices and the coaxial cable interface are in different IP subnets, the cable interface must have a secondary address.
Figure 2 Cisco uBR900 Series Cable Access Router in a Bridging Configuration
|
|
Ethernet |
|
|
CATV |
Ethernet |
|
|
coaxial cable |
||
Cisco uBR7200 series |
Cisco uBR900 series |
|
|
CMTS |
|
||
cable access router |
Ethernet |
||
|
|||
HFC network |
|
||
|
|
||
|
|
Ethernet |
PC
PC
PC
PC or hub
13305
DOCSIS-compliant transparent bridging is the factory default configuration of the Cisco uBR900 series cable access router. If your cable service provider is using a DHCP server, all you need to do is connect the cables and power on the cable access router; your service provider’s configuration program will automatically configure both the coaxial cable interface and the bridging functionality. You do not need to set up IP addresses for the attached PCs or enter any Command Line Interface (CLI) configuration commands. This type of operation is called plug-and-play bridging.
In DOCSIS-compliant bridging mode, the cable access router is able to locate a downstream and upstream channel; find the TOD, TFTP, and DHCP server(s); obtain an IP address; download a DOCSIS configuration file; and obtain DHCP parameters to work in a bridging mode.
You can configure a customized bridging application on the Cisco uBR900 series using a downloadable configuration file or the CLI. See the sections “Configuring Bridging” on page 41 and “Customizing the Cable Access Router Interface” on page 44 for details.
The Cisco uBR900 series cable access router can be configured to act as a router to preserve IP address space and limit broadcasts that can impact the performance of the network. A typical use would be if you are connecting the cable access router to an internal Ethernet hub that is connected to an existing PC network. The Cisco uBR900 series supports Routing Information Protocol Version 2 (RIP V2) for this application.
When configured in routing mode, the Cisco uBR900 series is automatically configured to use the headend’s IP address as its IP default gateway. This allows the cable access router to send packets not intended for the Ethernet interface to the headend when IP host-routing is configured.
RIP V2 routing is useful for small internetworks in that it enables optimization of Network Interface Center (NIC)-assigned IP addresses by defining variable-length subnet masks (VLSMs) for network addresses, and it allows classless interdomain routing (CIDR) addressing schema.
8 Cisco IOS Release 12.0(7)T
Data Operations
Figure 3 Cisco uBR900 Series Cable Access Router in a Routing Configuration with a Hub
CATV |
|
|
|
coaxial cable |
Cable |
Ethernet |
Ethernet |
|
|
|
|
|
Modem |
|
|
Cisco uBR7246 |
|
|
HUB |
CMTS |
|
|
|
|
|
|
|
HFC network |
|
|
|
LAN
13306
Layer 2 Tunneling Protocol (L2TP) is an emerging Internet Engineering Task Force (IETF) standard that combines the best features of two existing tunneling protocols: Cisco’s Layer 2 Forwarding (L2F) and Microsoft’s Point-to-Point Tunneling Protocol (PPTP). L2TP is an extension of the Point-to-Point Protocol (PPP), which is an important component for Access Virtual Private Networks (VPNs).
Traditional dial-up networking services only supported registered IP addresses, which limited the types of applications that could be implemented over VPNs. L2TP supports multiple protocols and unregistered and privately administered IP addresses over the Internet. This allows the existing access infrastructure such as the Internet, modems, access servers, and ISDN terminal adapters (TAs) to be used.
L2TP can be initiated wherever PPTP or L2F is currently deployed, and can be operated as a client initiated tunnel such as PPTP, or a network access server (NAS) initiated tunnel such as L2F.
The current implementation of L2TP in Cisco IOS software is dependent on a PPP connection supported on one of the directly attached interfaces. A dial-up PPP connection is required in order to initiate an L2TP Tunnel connection. This is a requirement of the L2TP Access Concentrator (LAC). Currently the Cisco uBR900 series cable access router cannot function as the LAC; it can only function as the L2TP Network Server (LNS), which terminates a tunnel created elsewhere in the network.
Dynamic Host Configuration Protocol (DHCP) Server
Cisco uBR900 series cable access routers support Intelligent DHCP Relay and DHCP Client functionality. A DHCP Relay Agent is any host that forwards DHCP packets between clients and servers. A DHCP Relay Agent enables the client and server to reside on separate subnets. If the Cisco IOS DHCP server cannot satisfy a DHCP request from its own database, it can forward the DHCP request to one or more secondary DHCP servers defined by the network administrator using standard Cisco IOS IP helper-address functionality.
Network Address Translation and Port Address Translation (NAT/PAT)
Network Address Translation (NAT) reduces the need for globally unique IP addresses. NAT allows an organization with addresses that are not globally unique to connect to the Internet by translating those addresses into globally routable address space.
Configuring the Cisco uBR900 Series Cable Access Routers 9
Feature Overview
Port Address Translation (PAT) is a similar mechanism that enables all internal hosts to share a single registered IP address (many-to-one translation). NAT/PAT:
•Allows customers to maintain their own private networks while giving them full Internet access through the use of one or more global IP addresses
•Allows several private IP addresses to use the same global IP address by using address overloading
•Facilitates configuration and permits a large network of users to reach the network by using one Cisco uBR900 series cable access router and the same DOCSIS cable interface IP address
•Eliminates the need to readdress all hosts with existing private network addresses (one-to-one translation) or by enabling all internal hosts to share a single registered IP address (many-to-one translation, also known as Port Address Translation [PAT])
•Enables packets to be routed correctly to and from the outside world by using the Cisco uBR900 series cable access router
•Allows personal computers on the Ethernet interface to have IP addresses to be mapped to the cable interface’s IP address
Routing protocols will run on the Ethernet interface instead of the cable interface, and all packets received are translated to the correct private network IP address and routed out the Ethernet interface. This eliminates the need to run RIP on the cable interface.
To implement NAT on the Cisco uBR900 series, the Ethernet interface is configured with an “inside” address and the cable interface is configured with an “outside” address. The Cisco uBR900 series also supports configuration of static connections, dynamic connections, and address pools.
Voice Over IP Operations
Note Voice features are available only on the Cisco uBR924 cable access router.
The Cisco uBR924 cable access router uses packets to transmit and receive digitized voice over an IP network. Voice signals are packetized and transported in compliance with H.323 or Simple Gateway Control Protocol (SGCP). H.323 is an International Telecommunications Union (ITU) standard that specifies call signaling and control protocols for a shared IP data network. SGCP is a Cisco/Bellcore-developed, out-of-band signaling protocol under review by the Internet Engineering Task Force (IETF).
Figure 4 illustrates a broadband cable system that supports VoIP transmission. Quality of Service (QoS) and prioritization schemes are used to enable real-time (voice) and non-real-time traffic to coexist on the same channel. The CMTS routes IP telephony calls intermixed with other data traffic.
10 Cisco IOS Release 12.0(7)T
Voice Over IP Operations
Figure 4 |
Simplified VoIP Over Cable Network |
|
Gateway/PSTN |
|
Service |
|
provider |
|
backbone |
CMTS rack |
CMTS rack |
equipment |
equipment |
Gatekeeper or |
Policy |
calling agents |
server |
HFC |
HFC |
cable plant |
cable plant |
Cisco uBR924 |
Cisco uBR924 |
|
Calling party |
Called party |
|
|
|
|
|||
|
|
|||
|
|
|
|
|
Residence or SOHO |
Residence or SOHO |
|||
|
subscriber site 1 |
subscriber site 2 |
18194
Your company can then deploy IP telephony as a local-loop bypass service where voice packets are transferred from the CMTS to:
•A telephony gatekeeper when using H.323; the Cisco uBR924 acts as an H.323 gateway.
•A call agent when using SGCP.
The gatekeeper or call agents manage voice calls. The gateway interconnects the IP network to the public switched telephone network (PSTN).
Voice calls are digitized, encoded, compressed, and packetized in the originating gateway, then decompressed, decoded, and reassembled in the destination gateway. A server maintains subscriber profiles and policy information.
You can place and receive calls without using the local exchange carrier. Two simultaneous voice and fax calls are supported to and from each subscriber site. Multiple telephones and fax devices can be connected to each of the two VoIP telephone lines at a subscriber site, providing the 5 REN limit is adhered to for each telephone line.
Note the following requirements and characteristics of VoIP applications using the Cisco uBR924 cable access router:
•The telephones at each subscriber site must support touch-tone dialing; rotary dialing is not supported.
•Special telephone features such as call waiting, call forwarding, and conferencing are not supported.
•A two-line telephone can be connected to the V1+V2 port on the Cisco uBR924.
•Fax devices—standard Group III and computer-based Group III machines up to 14,400 baud—are supported in Cisco IOS images that support VoIP.
Configuring the Cisco uBR900 Series Cable Access Routers 11
Feature Overview
• In general, fax/modem cards are not supported over VoIP links.
Contact your network management, provisioning, or operations team to determine what your network supports.
The Cisco uBR924 cable access router supports the following compression and decompression algorithms (CODECs):
•
•
•
•
•
•
•
•
•
•
G.711 A Law 64000 bps
G.711 u Law 64000 bps
G.723.1 5300 bps
G.723.1 6300 bps
G.726 16000 bps
G.726 24000 bps
G.726 32000 bps
G.728 16000 bps
G.729 Annex-A 8000 bps
G.729 8000 bps — Default CODEC for telephone calls
Caution Because voice transmission is delay-sensitive, a well-engineered network is critical. Fine-tuning your network to adequately support VoIP typically involves a series of protocols and features geared to support Quality of Service (QoS).
To achieve acceptable voice quality and reduce network bandwidth usage, several voice processing techniques and services are employed, including echo cancellation, voice compression, Voice Activity Detection (VAD) or silence compression, and Dual Tone MultiFrequency (DTMF) tone detection and generation.
The Cisco uBR924 cable access router supports multiple QoS service IDs (SIDs), enabling multiple classes of service on the cable interface. This enables VoIP and data traffic to be treated separately, with all data assigned to a default class of service, while VoIP traffic is assigned to a different class of service. Thus, voice traffic from the Cisco uBR924’s telephone ports can take precedence over the data traffic coming from the Ethernet interfaces.
Note Separate class of service (CoS) streams are only available when the Cisco uBR924 is connected to a CMTS that supports multiple classes of service per router. In addition, the router’s configuration file must specify the use of multiple classes of service.
If the Cisco uBR924 interoperates with a DOCSIS 1.0 CMTS that does not support multiple CoS per router, voice traffic will be transmitted on a “best effort” basis along with data traffic. This may cause poorer voice quality and lower data throughput when calls are being made from the router’s telephone ports.
12 Cisco IOS Release 12.0(7)T
Voice Over IP Operations
The Cisco uBR924 cable access router supports the following service classes:
•The first CoS in the router’s configuration file is configured as the “Tiered Best Effort Type Class” used by the router as the primary QoS for all regular data traffic. The class has no minimum upstream rate specified for the channel.
This service class results in the assignment of a primary SID for the router. In addition to being used as a data SID, the router uses this SID for all MAC message exchanges with the CMTS. Any SNMP management traffic from the network to the Cisco uBR924 will also use this SID.
While this class is strictly “best effort,” data traffic within this class can be prioritized into eight different priority levels. The CMTS system administrator, however, must define the supported upstream traffic priority levels and include the traffic priority fields in the configuration file downloaded to the Cisco uBR924.
•When creating a configuration for the Cisco uBR924, the CMTS system administrator typically configures extra classes of service. These secondary classes of service are expected to be higher QoS classes and are used by higher priority traffic such as voice. These classes have a minimum upstream rate specified for the channel.
The multiple SID-per-router feature enables the Cisco uBR924 to use multiple SID queues for differentiated services. The Cisco uBR924 diverts voice call traffic to the higher QoS secondary SID, while forwarding “best effort” data from the Ethernet interface and MAC messages on the primary SID.
H.323 is an International Telecommunications Union (ITU) standard that specifies call signaling and control protocols for a shared IP data network. The Cisco uBR924 cable access router acts as an H.323 gateway. In architectures using the VoIP H.323 protocol stack, the session application manages two call legs for each call: (1) a telephony leg managed by the voice telephony service provider; (2) the VoIP leg managed by the cable system operator—the VoIP service provider. Use of the H.323 protocol typically requires a dial plan and mapper at the headend or other server location to map IP addresses to telephone numbers.
When both legs of the call have been set up, the session application creates a conference between them. The opposite leg’s transmit routine for voice packets is given to each provider. The CMTS router passes data to the gateway and gatekeeper. The H.323 stack provides signalling via H.225 and feature negotiation via H.245.
To make and receive H.323 calls, the Cisco uBR924 cable access router must know:
•The IP address of the gateway for the destination dialed. You can configure these IP addresses statically using the voip dial peer group CLI commands, or you can obtain these addresses dynamically from the gatekeeper using Registration, Admission, and Status (RAS).
•The telephone numbers of the attached devices. You can configure the telephone numbers attached to the Cisco uBR924 by configuring the IP addresses statically using the pots port CLI commands. When using Cisco Network Registrar (CNR) version 3.0 or higher with the relay.tcl and setrouter.tcl scripts, you can obtain these addresses dynamically from CNR. The telephone numbers of attached devices are then sent in DHCP response messages. When the Cisco uBR924 processes the DHCP response, it automatically creates the pots dial peer for each port, creates the voip dial peer for the RAS target, and starts the H.323 RAS gateway support.
Configuring the Cisco uBR900 Series Cable Access Routers 13
Feature Overview
Note To support voice configurations involving Cisco gatekeeper products using RAS, the headend must have IP multicast enabled. The cable interface must be designated as the default for RAS to discover the gatekeeper. The gatekeeper then resolves all dialed destinations sent to the RAS protocol.
The Cisco uBR924 cable access router supports Simple Gateway Control Protocol (SGCP), an out-of-band signaling protocol that interacts with an external call agent (CA) to provide call setup and teardown for VoIP calls made through the Internet or a local intranet. Using the call control agent, SGCP communicates with the voice gateways, allowing you to create a distributed system that enhances performance, reliability, and scalability while still appearing as a single VoIP gateway to external clients. SGCP eliminates the need for a dial plan mapper and static configuration on the router to map IP addresses to telephone numbers because this function is provided by the external call agent.
In architectures using the SGCP protocol stack, the session application implements the gateway functionality defined to support both trunk and residential gateways. The Cisco uBR924 functions in this mode as a residential gateway with two endpoints.
SGCP can preserve Signaling System 7 (SS7) style call control information as well as additional network information such as routing information and authentication, authorization, and accounting (AAA) security information. SGCP allows voice calls to originate and terminate on the Internet, as well as allowing one end to terminate on the Internet and the other to terminate on a telephone or PBX on the PSTN.
Note The uBR924 cable access router supports both H.323 and SGCP call control, but only one method can be active at a time.
Table 2 |
Cisco uBR924 Cable Access Router Voice Specifications |
|
|
|
|
Metric |
|
Value |
|
|
|
Loss (between DCS and BTI gateway) |
Nominal: 4 dB ±.5 dB (off hook) |
|
|
|
Nominal: 9 dB ±.5 dB (on hook) |
|
|
|
Attenuation distortion: |
Nominal: |
|
DCS <> BTI (200Hz-3.5kHz) |
+1 dB/-3 dB |
|
BTI<> DCS (304 Hz-3004Hz) |
±0.5 dB |
|
DCS -> BTI (204 Hz-3004 Hz) |
±0.5 dB0 |
|
|
|
|
Idle channel noise |
|
<= 18 dBmC (noise shall not exceed) |
|
|
|
Signal to C-notched noise |
>= 35 dB |
|
|
|
|
Inter-modulation distortion: |
|
|
R2 |
|
>= 52 dB |
R3 |
|
>= 52 dB |
|
|
|
Single frequency interference: |
|
|
0 to 12 kHz |
|
<= -28 dBmO |
0 to 4 kHz |
|
<= -40 dBmO |
|
|
|
14 Cisco IOS Release 12.0(7)T
|
|
|
|
Voice Over IP Operations |
|
Table 2 |
Cisco uBR924 Cable Access Router Voice Specifications (continued) |
||
|
|
|
|
|
|
Metric |
|
Value |
|
|
|
|
|
|
|
Frequency shift (offset) |
<= ±0.2 Hz (max) |
|
|
|
|
|
<= ±0.1 Hz (99.5%) |
|
|
|
|
|
|
|
Amplitude tracking (input Level, dBmO): |
Max Dev. |
Ave. Dev. |
|
|
-37 to 0 (on-hook) |
|
<= ±.5 dB |
|
|
-37 to +3 (off hook) |
<= ±.5 dB |
<= ± .25 dB |
|
|
-50 to -37 (off-hook) |
<= ±1.0dB |
<= ±.5 dB |
|
|
-55 to -50 (off-hook) |
<= ± 3.0 dB |
<= ±1.5 dB |
|
|
|
|
|
|
|
Crosstalk |
|
<= -65 dBmO |
|
|
|
|
|
|
|
Amplitude jitter |
|
|
|
|
20-300 Hz |
|
<= 2.5% Peak |
|
|
4-300 Hz |
|
<= 2.9% Peak |
|
|
|
|
|
|
|
Phase jitter |
|
<= 1.5 P-P |
|
|
20 to 300 Hz |
|
<= 1.8 P-P |
|
|
4 to 300 Hz |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Envelope delay distortion: |
<= 350 usec |
|
|
|
1704 Hz to 604 Hz |
|
<= 195 usec |
|
|
1704 Hz to 2804 Hz |
<= 580 usec |
|
|
|
1704 Hz to 204 Hz |
|
<= 400 usec |
|
|
1704 Hz to 3404 Hz |
|
|
|
|
|
|
|
|
|
Hybrid balance: |
|
|
|
|
Echo Return Loss (ERL) |
> 26 dB (standard test line) |
||
|
|
|
> 14 dB (station off hook) |
|
|
SRL |
|
> 21 dB (standard test line) |
|
|
|
|
> 11 dB (station off hook) |
|
|
|
|
|
|
|
Clipping: |
|
|
|
|
Speech segments <5 ms |
< 0.5% |
|
|
|
Speech segments > 5ms |
0.0% |
|
|
|
|
|
|
|
|
Impulse noise: |
|
|
|
|
(>= 6 dB below receive signal) |
0 in 93% of all 15 min intervals |
||
|
|
|
<= 1 count in all 30 min intervals |
Phase hits (>= 10 deg)
0 in 99.75% of all 15 min intervals <= 1 count in all 30 min intervals
Gain hits (>= ± 3dB)
0 in 99.9% of all 15 min intervals <= 1 count in all 30 min intervals
Dropouts (>= 12) |
0 in 99.9% of all 15 min intervals |
|
<= 1 count in all 60 min intervals |
|
|
The Cisco uBR924 cable access router provides an RJ-11 port (Line) that connects to a standard analog telephone wall jack. In the event of a building power failure or a Cisco uBR924 power problem, the cutover port lets you dial out using the backup PSTN line. If the Cisco uBR924 loses power while VoIP calls are in progress, you can reestablish one of the two connections—dialing out over the PSTN.
Configuring the Cisco uBR900 Series Cable Access Routers 15
Feature Overview
Note The backup POTS connection enables only one of the VoIP ports on the Cisco uBR924 to function during a power outage. Calls in progress prior to the power outage will be disconnected. If power is reestablished while a cutover call is in progress, the connection will remain in place until the call is terminated. Once the cutover call is terminated, the router automatically reboots.
Security Features
Cisco uBR900 series cable access routers support the security features described in the paragraphs below.
Support for DOCSIS Baseline Privacy in the Cisco uBR900 series is based on the DOCSIS Baseline Privacy Interface Specification (SP-BPI-I01-970922). It provides data privacy across the HFC network by encrypting traffic flows between the cable access router and the CMTS.
Baseline Privacy security services are defined as a set of extended services within the DOCSIS MAC sublayer. Two new MAC management message types, BPKM-REQ and BPKM-RSP, are employed to support the Baseline Privacy Key Management (BPKM) protocol.
The BPKM protocol does not use authentication mechanisms such as passwords or digital signatures; it provides basic protection of service by ensuring that a cable modem, uniquely identified by its 48-bit IEEE MAC address, can only obtain keying material for services it is authorized to access. The Cisco uBR900 series cable access router is able to obtain two types of keys from the CMTS: the Traffic Exchange Key (TEK), which is used to encrypt and decrypt data packets, and the Key Exchange Key (KEK), which is used to decrypt the TEK.
IPSec Network Security (IPSec) is an IP security feature that provides robust authentication and encryption of IP packets. IPSec is a framework of open standards developed by the Internet Engineering Task Force (IETF) providing security for transmission of sensitive information over unprotected networks such as the Internet. IPSec acts at the network layer (Layer 3), protecting and authenticating IP packets between participating IPSec devices (“peers”) such as the Cisco uBR900 series cable access router.
IPSec provides the following network security services:
•Privacy—IPSec can encrypt packets before transmitting them across a network.
•Integrity—IPSec authenticates packets at the destination peer to ensure that the data has not been altered during transmission.
•Authentication—Peers authenticate the source of all IPSec-protected packets.
•Anti-replay protection—Prevents capture and replay of packets; helps protect against denial-of-service attacks.
The Data Encryption Standard (DES) is a standard cryptographic algorithm developed by the United States National Bureau of Standards. The Triple DES (3DES) Cisco IOS Software Release images increase the security from the standard 56-bit IPSec encryption to 168-bit encryption, which is used for highly sensitive and confidential information such as financial transactions and medical records.
16 Cisco IOS Release 12.0(7)T
Security Features
Cisco uBR900 series cable access routers act as buffers between any connected public and private networks. In firewall mode, Cisco cable access routers use access lists and other methods to ensure the security of the private network.
Cisco IOS firewall-specific security features include:
•Context-based Access Control (CBAC). This intelligently filters TCP and UDP packets based on the application-layer protocol. Java applets can be blocked completely, or allowed only from known and trusted sources.
•Detection and prevention of the most common denial of service (DoS) attacks such as ICMP and UDP echo packet flooding, SYN packet flooding, half-open or other unusual TCP connections, and deliberate mis-fragmentation of IP packets.
•Support for a broad range of commonly used protocols, including H.323 and NetMeeting, FTP, HTTP, MS Netshow, RPC, SMTP, SQL*Net, and TFTP.
•Authentication Proxy for authentication and authorization of web clients on a per-user basis.
•Dynamic Port Mapping. Maps the default port numbers for well-known applications to other port numbers. This can be done on a host-by-host basis or for an entire subnet, providing a large degree of control over which users can access different applications.
•Intrusion Detection System (IDS) that recognizes the signatures of 59 common attack profiles. When an intrusion is detected, IDS can either send an alarm to a syslog server or to a NetRanger Director, drop the packet, or reset the TCP connection.
•User-configurable audit rules.
•Configurable real-time alerts and audit trail logs.
For additional information, see the description of the Cisco IOS Firewall Feature Set in the Cisco Product Catalog, or refer to the sections on Traffic Filtering and Firewalls in the Security Configuration Guide and Security Command Reference available on Cisco Connection Online (CCO) and the Documentation CD-ROM.
NetRanger Support—IOS Intrusion Detection
NetRanger is an Intrusion Detection System (IDS) composed of three parts:
•A management console (director) that is used to view the alarms as well as to manage the sensors.
•A sensor that monitors traffic. This traffic is matched against a list of known signatures to detect misuse of the network. This is usually in the form of scanning for vulnerabilities or for attacking systems. When a signature is matched, the sensor can track certain actions. In the case of the appliance sensor, it can reset (via TCP/rst) sessions, or enable “shuns” of further traffic. In the case of the IOS-IDS, it can drop traffic. In all cases, the sensor can send alarms to the director.
•Communications through automated report generation of standardized and customizable reports and QoS/CoS monitoring capabilities.
Configuring the Cisco uBR900 Series Cable Access Routers 17
Feature Overview
Configuration Options
The Cisco uBR900 series cable access router typically ships from the factory ready to work in the Base IP Bridging (DOCSIS-compliant bridging) data-only mode. The cable access router is configured automatically at startup by one or more configuration files generated by the cable service provider and downloaded to the router; no configuration or setup is required other than to connect the router to the cable system. The CMTS provides a path from the cable access router to the DHCP server for PC address assignment.
The PCs connected to the Cisco uBR900 series must be configured for Internet Protocol (IP). Using DHCP, the CMTS assigns an IP subnet address to the cable access router each time it connects to the network. The IP addresses of the cable access router and the individual PCs attached to it enable the CMTS to route data to and from the PCs.
Note When the Cisco uBR900 series cable access router is shipped from the factory, it is configured by default for DOCSIS-compliant bridging.
The configuration file or files downloaded to the Cisco uBR900 series by the CMTS at the headend are dependent on the services purchased by the individual cable service subscriber. The cable access router is provisioned in the following manner:
•When the cable access router is first brought online, the CMTS downloads a binary file to the router that is in DOCSIS-specified format. This file configures the router for the desired level of service and sets other parameters as needed.
•If additional features are required beyond basic DOCSIS-compliant bridging, the DOCSIS configuration file can specify a Cisco IOS image that the CMTS should also download to the router. (To speed up the time required to bring the router online, the cable service provider can optionally preload the Cisco uBR900 series with the appropriate image at the warehouse.)
•To customize the cable access router’s configuration further, the DOCSIS configuration file can also specify a Cisco IOS configuration file that the CMTS should download to the router. This second configuration file is an ASCII text file that contains the Cisco IOS commands needed to further configure the router as desired.
Note The CMTS typically downloads the DOCSIS configuration file, Cisco IOS image (if needed), and the Cisco IOS configuration file (if needed) only once when the router is initially brought online. However, a new configuration file or image can be downloaded whenever necessary, such as when the cable service provider offers new services or subscribers upgrade their services.
To ensure that you obtain the exact services that you have ordered, the Cisco uBR900 series arrives from the factory with a unique identifier (UID) that consists of a serial number and MAC address. These factory-assigned values are on a label at the bottom of the cable access router; for convenience, these values are also in a barcode label that can be easily scanned for entry into the service provider’s provisioning and billing system.
Using the MAC address of the cable access router as the key, the CMTS downloads the DOCSIS configuration file and Cisco IOS image that will provide the services that you have purchased. Service technicians at the headend typically create a number of standard configuration files to match the range of services offered by the provider; these configuration files can be created manually or with tools provided for this purpose by Cisco Systems.
18 Cisco IOS Release 12.0(7)T
Configuration Options
The following sections describe the initial power-on and provisioning sequences in more detail, as well as the requirements that must be met by both the cable access router and the CMTS before provisioning can be successful.
When connected and first powered on, the Cisco uBR900 series cable access router performs the following boot procedures:
•Boots the Read Only Memory (ROM) from the ROMMON partition of its flash memory.
•Performs a self-test, initializes processor hardware, and boots the main operating system software—the Cisco IOS release image stored in NVRAM.
Next, the Cisco uBR900 series performs a series of DOCSIS-mandated procedures for automatic installation and configuration. These procedures are summarized in Table 3 and in Figure 5.
.
Table 3 |
Cable Access Router Initialization Sequences and Events |
|
|
|
|
Sequence |
Event |
Description |
|
|
|
1 |
Scan for a downstream channel and |
The Cisco uBR900 series acquires a downstream channel by |
|
establish synchronization with the |
matching the clock sync signal that is regularly sent out by the |
|
CMTS. |
CMTS on the downstream channel. The cable access router |
|
|
saves the last operational frequency in non-volatile memory |
|
|
and tries to reacquire the saved downstream channel the next |
|
|
time a request is made. |
|
|
Note An ideal downstream signal is one that synchronizes |
|
|
QAM symbol timing, FEC framing, MPEG packetization, and |
|
|
recognizes downstream sync MAC layer messages. |
|
|
|
2 |
Obtain upsteam channel parameters. |
The cable access router waits for an upstream channel |
|
|
descriptor (UCD) message from the CMTS and configures |
|
|
itself for the upstream frequence specified in that message. |
|
|
|
3 |
Start ranging for power adjustments. |
The cable access router waits for the next upstream bandwidth |
|
|
allocation map message (MAP) from the CMTS to find the |
|
|
next shared request timeslot. The router then sends a ranging |
|
|
request message on the next available shared request timeslot, |
communicating its UID (its unique MAC address) using a temporary Service Identifier (SID) of 0 (zero) to indicate it has not yet been allocated an upstream channel.
In reply to the cable access router’s ranging request, the CMTS sends a ranging response containing a temporary SID to be used for the initial router configuration and bandwidth allocation. As needed, the router adjusts its transmit power levels using the power increment value given by the CMTS in its ranging response message.
Note At this point, the cable access router has established connectivity with the CMTS but is not yet online. The next steps allocate “permanent” upstream and downstream frequencies, as well as the configuration required for IP network connectivity.
Configuring the Cisco uBR900 Series Cable Access Routers 19
Feature Overview
Table 3 |
Cable Access Router Initialization Sequences and Events (continued) |
|
|
|
|
Sequence |
Event |
Description |
|
|
|
4 |
Establish IP connectivity. |
After the next MAP message broadcast, the router uses a |
|
|
shared require timeslot to invoke Dynamic Host Configuration |
|
|
Protocol (DHCP) to establish IP connectivity with the TCP/IP |
|
|
network at the headend. |
|
|
The DHCP server sends a response containing the router’s IP |
|
|
address as well as the IP addresses for the default gateway, |
|
|
time of day (TOD) server, and Trivial File Transfer Protocol |
|
|
(TFTP) server, and the DOCSIS configuration file to be |
|
|
downloaded. Depending on the particular network |
|
|
configuration, other information could be provided, such as |
|
|
the IP addresses for a syslog server or security server. |
|
|
Note The DHCP server is typically a dedicated server at the |
|
|
headend, but it could also be a CMTS such as a Cisco uBR7200 |
|
|
series universal broadband router. |
|
|
The router configures itself for the specified IP address and |
|
|
gets the current date and time from the specified TOD server. |
|
|
|
5 |
Establish the time of day. |
The cable access router accesses the TOD server for the |
|
|
current date and time, which is used to create time stamps for |
|
|
logged events (such as those displayed in the MAC log file). |
|
|
|
6 |
Establish security. |
Full Security, a planned enhancement to Baseline Privacy, is |
|
|
not fully defined nor currently supported by the DOCSIS |
|
|
specification, and is therefore not supported by the |
|
|
Cisco uBR900 series. |
|
|
|
7 |
Transfer operational parameters. |
Using TFTP, the router downloads the specified DOCSIS |
|
|
configuration file and configures itself for the appropriate |
|
|
parameters. The DOCSIS configuration file defines the |
|
|
router’s operating mode such as the provisioned downstream |
|
|
and upstream service assignments, including assigned |
|
|
frequencies, data rates, modulation schemes, Class of Service |
|
|
(CoS), type of services to support, and other parameters. Cisco |
|
|
provides tools to help automate the creation of configuration |
|
|
files. |
|
|
Note The DOCSIS configuration file must be in the exact |
|
|
format given by the DOCSIS specification. An incorrect |
|
|
DOCSIS configuration file can cause the Cisco uBR900 series |
|
|
to constantly cycle offline. Such errors include wrong |
|
|
downstream frequency, wrong UCD, wrong downstream |
|
|
Channel ID, invalid CoS, incorrect BPI privacy configurations |
|
|
or shared secret strings. |
|
|
The cable access router sends another registration request to |
|
|
the CMTS containing the CoS parameters given in the |
|
|
DOCSIS configuration file. |
|
|
The CMTS verifies that the router is using the appropriate CoS |
|
|
profile and converts the temporary SID into a data SID with a |
|
|
service class index that points to the applicable CoS profile. |
|
|
|
8 |
Perform registration. |
The router completes its secondary ranging and is then online, |
|
|
passing data between the HFC network and the PCs and other |
|
|
CPE devices that are connected to the router. |
|
|
|
20 Cisco IOS Release 12.0(7)T
|
|
|
Configuration Options |
|
Table 3 |
Cable Access Router Initialization Sequences and Events (continued) |
|
|
|
|
|
|
Sequence |
Event |
Description |
|
|
|
|
9 |
Comply with baseline privacy. |
If baseline privacy is configured and enabled on both the |
|
|
|
|
router and CMTS, the router and CMTS negotiate the |
|
|
|
appropriate encryption/decryption parameters and exchange |
|
|
|
keys for privacy. After encryption is enabled, all information |
|
|
|
sent within Ethernet packets is encrypted to prevent |
|
|
|
interception or modification by an unauthorized party. |
|
|
|
|
10 |
Enter the operational maintenance |
As soon as the Cisco uBR900 series cable access router has |
|
|
|
state. |
successfully completed the above sequence, it enters |
|
|
|
operational maintenance state. |
|
|
|
|
At this point the router is online and operational in the basic DOCSIS bridging (“plug and play”) mode. If the DOCSIS configuration file specifies that the router must download a Cisco IOS image and a Cisco IOS configuration file, the router uses TFTP to download the image and configuration file into its local memory. It then installs the new IOS image and runs the configuration file.
Downloading a DOCSIS configuration file to a Cisco uBR900 series cable access router automatically:
•ends all telnet sessions
•disables the cable access router’s console port, preventing local access to the router’s CLI
•performs a “write erase” on the cable access router’s local configuration parameters
Telnet access to the router from the headend is still allowed, but only if the Cisco IOS configuration file includes enable and line vty passwords; if the configuration file does not include enable and line vty commands to specify these passwords, Telnet access and console access are both disabled.
Configuring the Cisco uBR900 Series Cable Access Routers 21
Feature Overview
The sequence numbers shown in Table 3 are also shown in Figure 5 below. The Cisco uBR900 series cable access router will complete all the steps shown in the table and flowchart each time it needs to reregister with the CMTS.
Figure 5 |
Cable Modem Initialization Flowchart |
Power
on
1
2
3
4
5
Scan for downstream channel
Downstream sync established
Obtain upstream parameters
Upstream parameter acquired
Start
Ranging
Ranging and auto adjust completed
Establish
IP connectivety
IP complete
Establish time of day
Time of day established
Establish
security 6
Security established
Transfer operational 7 parameters
Transfer complete
Register with
the Cisco 8 uBR7246
Registration
complete
Baseline
privacy 9 initialization
Baseline privacy initialized
Operational 10
12960
22 Cisco IOS Release 12.0(7)T
Basic Troubleshooting
Figure 6 illustrates the traffic flow during the initialization process.
Figure 6 Cisco uBR900 Series Cable Access Router Provisioning Overview
CMTS Interface |
Cisco uBR900 series Cable Access Router |
|
MAP Broadcast |
Power on |
|
Contains timesharing info |
Establish synch and wait for UCD |
|
Send UCD |
|
|
|
Obtain upstream parameters |
|
|
Use temporary SID |
|
|
Extract slot info and upstream |
|
|
channel to use |
|
|
Start ranging |
DHCP Response: Contains IP addresses
Default gateway, TOD server TFTP server address
TFTP boot config file name
ToD Response
Registration Response Contains Assigned SID
Cisco uBR900 series registered Fail if QoS not available
or authentication failed
Transmit ranging packet with SID
DHCP request/TFTP boot request Now in allocated slots
ToD Request |
|
Registration Request |
|
Send QoS Parameters |
|
Now in allocated slots |
|
Cisco uBR900 series online |
18195 |
Note For more detail on the provisioning process, see the DOCSIS 1.0 Radio Frequency Interface (RFI) specification (SP-RFII01-990731 or later revision).
After the Cisco uBR900 series cable access router goes online, it begins transferring data between the attached CPE devices and the network (internet, intranet, VoIP). The cable service provider typically uses DHCP to assign IP addresses to the CPE devices. The number of IP addresses each subscriber can obtain depends on the services purchased from the provider.
Basic Troubleshooting
A MAC-layer circular log file is stored inside the Cisco uBR900 series cable access router. This file contains a history of the log messages such as state event activities and timestamps. This is the most valuable information for troubleshooting the cable interface.
The MAC log file is displayed by entering the show controllers cable-modem 0 mac log command from privileged EXEC mode.
The most useful display fields in this output are the reported state changes. These fields are preceded by the message CMAC_LOG_STATE_CHANGE. These fields show how the Cisco uBR900 series progresses through the various processes involved in establishing communication and registration with the CMTS. The normal operational state is ; the normal state when the interface is shut down is
Note Because the MAC log file holds only a snapshot of 1023 entries at a time, you should try to display the file within 5 minutes after the reset or problem occurs.
Configuring the Cisco uBR900 Series Cable Access Routers 23
Feature Overview
The following is the normal progression of states as the Cisco uBR900 series registers with the CMTS:
wait_for_link_up_state ds_channel_scanning_state wait_ucd_state wait_map_state ranging_1_state ranging_2_state dhcp_state establish_tod_state security_association_state configuration_file_state registration_state establish_privacy_state maintenance_state
Following is an example of a MAC log file for a cable access router that has successfully registered with the headend CMTS. The output that is displayed is directly related to the messages that are exchanged between the Cisco uBR900 series and the CMTS.
uBR924# show controllers cable-modem 0 mac log |
|
|
|
508144.340 |
CMAC_LOG_DRIVER_INIT_IDB_RESET |
0x08098FEA |
|
508144.342 |
CMAC_LOG_LINK_DOWN |
|
|
508144.344 |
CMAC_LOG_LINK_UP |
|
|
508144.348 |
CMAC_LOG_STATE_CHANGE |
ds_channel_scanning_state |
|
508144.350 |
CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND |
88/453000000/855000000/6000000 |
|
508144.354 |
CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND |
89/93000000/105000000/6000000 |
|
508144.356 |
CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND |
90/111250000/117250000/6000000 |
|
508144.360 |
CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND |
91/231012500/327012500/6000000 |
|
508144.362 |
CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND |
92/333015000/333015000/6000000 |
|
508144.366 |
CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND |
93/339012500/399012500/6000000 |
|
508144.370 |
CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND |
94/405000000/447000000/6000000 |
|
508144.372 |
CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND |
95/123015000/129015000/6000000 |
|
508144.376 |
CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND |
96/135012500/135012500/6000000 |
|
508144.380 |
CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND |
97/141000000/171000000/6000000 |
|
508144.382 |
CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND |
98/219000000/225000000/6000000 |
|
508144.386 |
CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND |
99/177000000/213000000/6000000 |
|
508144.390 |
CMAC_LOG_WILL_SEARCH_SAVED_DS_FREQUENCY |
699000000 |
|
508145.540 |
CMAC_LOG_UCD_MSG_RCVD |
3 |
|
508146.120 |
CMAC_LOG_DS_64QAM_LOCK_ACQUIRED |
699000000 |
|
508146.122 |
CMAC_LOG_DS_CHANNEL_SCAN_COMPLETED |
|
|
508146.124 |
CMAC_LOG_STATE_CHANGE |
wait_ucd_state |
|
508147.554 |
CMAC_LOG_UCD_MSG_RCVD |
3 |
|
508147.558 |
CMAC_LOG_UCD_NEW_US_FREQUENCY |
20000000 |
|
508147.558 |
CMAC_LOG_SLOT_SIZE_CHANGED |
8 |
|
508147.622 |
CMAC_LOG_FOUND_US_CHANNEL |
1 |
|
508147.624 |
CMAC_LOG_STATE_CHANGE |
wait_map_state |
|
508148.058 |
CMAC_LOG_MAP_MSG_RCVD |
|
|
508148.060 |
CMAC_LOG_INITIAL_RANGING_MINISLOTS |
40 |
|
508148.062 |
CMAC_LOG_STATE_CHANGE |
ranging_1_state |
|
508148.064 |
CMAC_LOG_RANGING_OFFSET_SET_TO |
9610 |
|
508148.066 |
CMAC_LOG_POWER_LEVEL_IS |
28.0 |
dBmV (commanded) |
508148.068 |
CMAC_LOG_STARTING_RANGING |
|
|
508148.070 |
CMAC_LOG_RANGING_BACKOFF_SET |
0 |
|
508148.072 |
CMAC_LOG_RNG_REQ_QUEUED |
0 |
|
508148.562 |
CMAC_LOG_RNG_REQ_TRANSMITTED |
|
|
508148.566 |
CMAC_LOG_RNG_RSP_MSG_RCVD |
|
|
508148.568 |
CMAC_LOG_RNG_RSP_SID_ASSIGNED |
2 |
|
508148.570 |
CMAC_LOG_ADJUST_RANGING_OFFSET |
2408 |
|
508148.572 |
CMAC_LOG_RANGING_OFFSET_SET_TO |
12018 |
|
508148.574 |
CMAC_LOG_ADJUST_TX_POWER |
20 |
|
508148.576 |
CMAC_LOG_POWER_LEVEL_IS |
33.0 |
dBmV (commanded) |
508148.578 |
CMAC_LOG_STATE_CHANGE |
ranging_2_state |
24 Cisco IOS Release 12.0(7)T
Basic Troubleshooting
508148.580 |
CMAC_LOG_RNG_REQ_QUEUED |
2 |
508155.820 |
CMAC_LOG_RNG_REQ_TRANSMITTED |
|
508155.824 |
CMAC_LOG_RNG_RSP_MSG_RCVD |
|
508155.826 |
CMAC_LOG_ADJUST_RANGING_OFFSET |
-64 |
508155.826 |
CMAC_LOG_RANGING_OFFSET_SET_TO |
11954 |
508155.828 |
CMAC_LOG_RANGING_CONTINUE |
|
508165.892 |
CMAC_LOG_RNG_REQ_TRANSMITTED |
|
508165.894 |
CMAC_LOG_RNG_RSP_MSG_RCVD |
|
508165.896 |
CMAC_LOG_ADJUST_TX_POWER |
-9 |
508165.898 |
CMAC_LOG_POWER_LEVEL_IS |
31.0 dBmV (commanded) |
508165.900 |
CMAC_LOG_RANGING_CONTINUE |
|
508175.962 |
CMAC_LOG_RNG_REQ_TRANSMITTED |
|
508175.964 |
CMAC_LOG_RNG_RSP_MSG_RCVD |
|
508175.966 |
CMAC_LOG_RANGING_SUCCESS |
|
508175.968 |
CMAC_LOG_STATE_CHANGE |
dhcp_state |
508176.982 |
CMAC_LOG_DHCP_ASSIGNED_IP_ADDRESS |
188.188.1.62 |
508176.984 |
CMAC_LOG_DHCP_TFTP_SERVER_ADDRESS |
4.0.0.1 |
508176.986 |
CMAC_LOG_DHCP_TOD_SERVER_ADDRESS |
4.0.0.32 |
508176.988 |
CMAC_LOG_DHCP_SET_GATEWAY_ADDRESS |
|
508176.988 |
CMAC_LOG_DHCP_TZ_OFFSET |
360 |
508176.990 |
CMAC_LOG_DHCP_CONFIG_FILE_NAME |
platinum.cm |
508176.992 |
CMAC_LOG_DHCP_ERROR_ACQUIRING_SEC_SVR_ADDR |
|
508176.996 |
CMAC_LOG_DHCP_COMPLETE |
|
508177.120 |
CMAC_LOG_STATE_CHANGE |
establish_tod_state |
508177.126 |
CMAC_LOG_TOD_REQUEST_SENT |
|
508177.154 |
CMAC_LOG_TOD_REPLY_RECEIVED |
3107617539 |
508177.158 |
CMAC_LOG_TOD_COMPLETE |
|
508177.160 |
CMAC_LOG_STATE_CHANGE |
security_association_state |
508177.162 |
CMAC_LOG_SECURITY_BYPASSED |
|
508177.164 |
CMAC_LOG_STATE_CHANGE |
configuration_file_state |
508177.166 |
CMAC_LOG_LOADING_CONFIG_FILE |
platinum.cm |
508178.280 |
CMAC_LOG_CONFIG_FILE_PROCESS_COMPLETE |
|
508178.300 |
CMAC_LOG_STATE_CHANGE |
registration_state |
508178.302 |
CMAC_LOG_REG_REQ_MSG_QUEUED |
|
508178.306 |
CMAC_LOG_REG_REQ_TRANSMITTED |
|
508178.310 |
CMAC_LOG_REG_RSP_MSG_RCVD |
|
508178.312 |
CMAC_LOG_COS_ASSIGNED_SID |
5/19 |
508178.314 |
CMAC_LOG_COS_ASSIGNED_SID |
6/20 |
508178.316 |
CMAC_LOG_COS_ASSIGNED_SID |
7/21 |
508178.318 |
CMAC_LOG_RNG_REQ_QUEUED |
19 |
508178.320 |
CMAC_LOG_REGISTRATION_OK |
|
508178.322 |
CMAC_LOG_REG_RSP_ACK_MSG_QUEUED |
0 |
508178.324 |
CMAC_LOG_STATE_CHANGE |
establish_privacy_state |
508178.326 |
CMAC_LOG_NO_PRIVACY |
|
508178.328 |
CMAC_LOG_STATE_CHANGE |
maintenance_state |
You can display other aspects of the MAC layer by adding the following keywords to the show controllers cable-modem 0 mac command:
uBR924# show controllers cable-modem 0 mac ?
errors |
Mac Error |
Log data |
|
hardware |
All |
CM Mac Hardware registers |
|
log |
Mac |
log data |
|
resets |
Resets of |
the MAC |
|
state |
Current MAC state |
For examples and descriptions of how to use these keywords, see the show controllers cable-modem mac command reference page.
The MAC log file gives a detailed history of initialization events that occur in the Cisco uBR900 series cable access router. All pertinent troubleshooting information is stored here.
Configuring the Cisco uBR900 Series Cable Access Routers 25
Feature Overview
In the following paragraphs, a sample log file is broken down into the chronological sequence of events listed below. Sample comments are also included in the log file.
•
•
•
•
•
•
•
•
•
•
•
Event 1—Wait for the Link to Come Up
Event 2—Scan for a Downstream Channel, then Synchronize
Event 3—Obtain Upstream Parameters
Event 4—Start Ranging for Power Adjustments
Event 5—Establish IP Connectivity
Event 6—Establish the Time of Day
Event 7—Establish Security
Event 8—Transfer Operational Parameters
Event 9—Perform Registration
Event 10—Comply with Baseline Privacy
Event 11—Enter the Maintenance State
Event 1—Wait for the Link to Come Up
When the Cisco uBR900 series cable access router is powered on and begins initialization, the MAC layer first informs the cable access router drivers that it needs to reset. The LINK_DOWN and LINK_UP fields are similar to the shut and no shut conditions on a standard Cisco interface.
uBR924# show controllers cable-modem 0 mac log |
|
|
528302.040 |
CMAC_LOG_LINK_DOWN |
|
528302.042 |
CMAC_LOG_RESET_FROM_DRIVER |
|
528302.044 |
CMAC_LOG_STATE_CHANGE |
wait_for_link_up_state |
528302.046 |
CMAC_LOG_DRIVER_INIT_IDB_SHUTDOWN |
0x08098D02 |
528302.048 |
CMAC_LOG_LINK_DOWN |
|
528308.428 |
CMAC_LOG_DRIVER_INIT_IDB_RESET |
0x08098E5E |
528308.432 |
CMAC_LOG_LINK_DOWN |
|
528308.434 |
CMAC_LOG_LINK_UP |
|
Event 2—Scan for a Downstream Channel, then Synchronize
Different geographical regions and different cable plants use different RF frequency bands. A frequency band is a group of adjacent 6 MHz-wide channels. These bands are numbered from 88 to 99. Each band has starting and ending digital carrier frequencies and a 6 MHz step size. For example, a search of EIA channels 95-97 is specified using band 89. The starting frequency of band 89 is 93 MHz; the ending frequency is 105 MHz.
The Cisco uBR900 series’ default frequency bands correspond to the North American EIA CATV channel plan for 6 MHz channel slots between 90 and 858 MHz. For example, EIA channel 95 occupies the 90-96 MHz slot. The digital carrier frequency is specified as the center frequency of the slot, which is 93 MHz. Channel 95 is usually specified using the analog video carrier frequency of 91.25 MHz, which lies 1.75 MHz below the center of the slot.
Some CATV systems use alternative frequency plans such as the IRC (Incrementally Related Carrier) plan and HRC (Harmonically Related Carrier) plan. Cisco uBR900 series cable access routers support both of these plans. Most of the IRC channel slots overlap the EIA plan.
The Cisco uBR900 series uses a built-in default frequency scanning feature to find and lock onto a downstream channel. After the cable access router successfully finds a downstream frequency channel, it saves the channel to NVRAM. The router recalls this value the next time it needs to synchronize its frequency.
26 Cisco IOS Release 12.0(7)T
Basic Troubleshooting
The downstream frequency search table is arranged so that the first frequencies that are scanned are above 450 MHz. Because many CATV systems have been upgraded from 450 MHz to 750 MHz coaxial cable, digital channels have a high chance of being assigned in the new spectrum. The search table omits channels below 90 MHz and above 860 MHz since the DOCSIS specification does not mandate their coverage.
The CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND field tells you what frequencies the cable access router will scan. The CMAC_LOG_WILL_SEARCH_SAVED_DS_FREQUENCY field tells you the frequency the router locked onto and saved to NVRAM for future recall. The CMAC_LOG_DS_64QAM_LOCK_ACQUIRED field communicates the same information. The CMAC_LOG_DS_CHANNEL_SCAN_COMPLETED field indicates that the scanning and synchronization was successful.
508144.348 |
CMAC_LOG_STATE_CHANGE |
ds_channel_scanning_state |
508144.350 |
CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND |
88/453000000/855000000/6000000 |
508144.354 |
CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND |
89/93000000/105000000/6000000 |
508144.356 |
CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND |
90/111250000/117250000/6000000 |
508144.360 |
CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND |
91/231012500/327012500/6000000 |
508144.362 |
CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND |
92/333015000/333015000/6000000 |
508144.366 |
CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND |
93/339012500/399012500/6000000 |
508144.370 |
CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND |
94/405000000/447000000/6000000 |
508144.372 |
CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND |
95/123015000/129015000/6000000 |
508144.376 |
CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND |
96/135012500/135012500/6000000 |
508144.380 |
CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND |
97/141000000/171000000/6000000 |
508144.382 |
CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND |
98/219000000/225000000/6000000 |
508144.386 |
CMAC_LOG_WILL_SEARCH_DS_FREQUENCY_BAND |
99/177000000/213000000/6000000 |
508144.390 |
CMAC_LOG_WILL_SEARCH_SAVED_DS_FREQUENCY |
699000000 |
508145.540 |
CMAC_LOG_UCD_MSG_RCVD |
3 |
508146.120 |
CMAC_LOG_DS_64QAM_LOCK_ACQUIRED |
699000000 |
508146.122 |
CMAC_LOG_DS_CHANNEL_SCAN_COMPLETED |
|
Event 3—Obtain Upstream Parameters
The Cisco uBR900 series waits for an upstream channel descriptor (UCD) message from the CMTS. The UCD provides transmission parameters for the upstream channel.
508146.124 |
CMAC_LOG_STATE_CHANGE |
wait_ucd_state |
508147.554 |
CMAC_LOG_UCD_MSG_RCVD |
3 |
508147.558 |
CMAC_LOG_UCD_NEW_US_FREQUENCY |
20000000 |
508147.558 |
CMAC_LOG_SLOT_SIZE_CHANGED |
8 |
508147.622 |
CMAC_LOG_FOUND_US_CHANNEL |
1 |
508147.624 |
CMAC_LOG_STATE_CHANGE |
wait_map_state |
508148.058 |
CMAC_LOG_MAP_MSG_RCVD |
|
508148.060 |
CMAC_LOG_INITIAL_RANGING_MINISLOTS |
40 |
Event 4—Start Ranging for Power Adjustments
The ranging process adjusts the transmit power of the cable access router. Ranging is performed in two stages: ranging state 1 and ranging state 2.
The CMAC_LOG_POWER_LEVEL_IS field is the power level that the CMTS told the Cisco uBR900 series to adjust to. The CMAC_LOG_RANGING_SUCCESS field indicates that the ranging adjustment was successful.
508148.062 |
CMAC_LOG_STATE_CHANGE |
ranging_1_state |
|
508148.064 |
CMAC_LOG_RANGING_OFFSET_SET_TO |
9610 |
|
508148.066 |
CMAC_LOG_POWER_LEVEL_IS |
28.0 |
dBmV (commanded) |
508148.068 |
CMAC_LOG_STARTING_RANGING |
|
|
508148.070 |
CMAC_LOG_RANGING_BACKOFF_SET |
0 |
|
508148.072 |
CMAC_LOG_RNG_REQ_QUEUED |
0 |
|
508148.562 |
CMAC_LOG_RNG_REQ_TRANSMITTED |
|
|
508148.566 |
CMAC_LOG_RNG_RSP_MSG_RCVD |
|
|
Configuring the Cisco uBR900 Series Cable Access Routers 27
Feature Overview
508148.568 |
CMAC_LOG_RNG_RSP_SID_ASSIGNED |
2 |
|
508148.570 |
CMAC_LOG_ADJUST_RANGING_OFFSET |
2408 |
|
508148.572 |
CMAC_LOG_RANGING_OFFSET_SET_TO |
12018 |
|
508148.574 |
CMAC_LOG_ADJUST_TX_POWER |
20 |
|
508148.576 |
CMAC_LOG_POWER_LEVEL_IS |
33.0 |
dBmV (commanded) |
508148.578 |
CMAC_LOG_STATE_CHANGE |
ranging_2_state |
|
508148.580 |
CMAC_LOG_RNG_REQ_QUEUED |
2 |
|
508155.820 |
CMAC_LOG_RNG_REQ_TRANSMITTED |
|
|
508155.824 |
CMAC_LOG_RNG_RSP_MSG_RCVD |
|
|
508155.826 |
CMAC_LOG_ADJUST_RANGING_OFFSET |
-64 |
|
508155.826 |
CMAC_LOG_RANGING_OFFSET_SET_TO |
11954 |
|
508155.828 |
CMAC_LOG_RANGING_CONTINUE |
|
|
508165.892 |
CMAC_LOG_RNG_REQ_TRANSMITTED |
|
|
508165.894 |
CMAC_LOG_RNG_RSP_MSG_RCVD |
|
|
508165.896 |
CMAC_LOG_ADJUST_TX_POWER |
-9 |
|
508165.898 |
CMAC_LOG_POWER_LEVEL_IS |
31.0 |
dBmV (commanded) |
508165.900 |
CMAC_LOG_RANGING_CONTINUE |
|
|
508175.962 |
CMAC_LOG_RNG_REQ_TRANSMITTED |
|
|
508175.964 |
CMAC_LOG_RNG_RSP_MSG_RCVD |
|
|
508175.966 |
CMAC_LOG_RANGING_SUCCESS |
|
|
Event 5—Establish IP Connectivity
After ranging is complete, the cable interface on the cable access router is UP. Now the cable access router accesses a remote DHCP server to get an IP address. The DHCP server sends a response containing the router’s IP address plus the TFTP server’s address, the Time of Day (TOD) server’s address, and the name of a configuration file containing additional configuration parameters. The
field shows that the IP connectivity was successful.
508175.968 |
CMAC_LOG_STATE_CHANGE |
dhcp_state |
508176.982 |
CMAC_LOG_DHCP_ASSIGNED_IP_ADDRESS |
188.188.1.62 |
508176.984 |
CMAC_LOG_DHCP_TFTP_SERVER_ADDRESS |
4.0.0.1 |
508176.986 |
CMAC_LOG_DHCP_TOD_SERVER_ADDRESS |
4.0.0.32 |
508176.988 |
CMAC_LOG_DHCP_SET_GATEWAY_ADDRESS |
|
508176.988 |
CMAC_LOG_DHCP_TZ_OFFSET |
360 |
508176.990 |
CMAC_LOG_DHCP_CONFIG_FILE_NAME |
platinum.cm |
508176.992 |
CMAC_LOG_DHCP_ERROR_ACQUIRING_SEC_SVR_ADDR |
|
508176.996 |
CMAC_LOG_DHCP_COMPLETE |
|
Event 6—Establish the Time of Day
The Cisco uBR900 series accesses the Time of Day server for the current date and time, which is used to create time stamps for logged events. The field indicates a successful time of day sequence.
508177.120 |
CMAC_LOG_STATE_CHANGE |
establish_tod_state |
508177.126 |
CMAC_LOG_TOD_REQUEST_SENT |
|
508177.154 |
CMAC_LOG_TOD_REPLY_RECEIVED |
3107617539 |
508177.158 |
CMAC_LOG_TOD_COMPLETE |
|
Event 7—Establish Security
This event is currently bypassed by the Cisco uBR900 series because “full security” has not been fully defined by DOCSIS and is therefore not yet supported.
508177.160 |
CMAC_LOG_STATE_CHANGE |
security_association_state |
508177.162 |
CMAC_LOG_SECURITY_BYPASSED |
|
28 Cisco IOS Release 12.0(7)T
Basic Troubleshooting
508177.164 |
CMAC_LOG_STATE_CHANGE |
configuration_file_state |
508177.166 |
CMAC_LOG_LOADING_CONFIG_FILE |
platinum.cm |
508178.280 |
CMAC_LOG_CONFIG_FILE_PROCESS_COMPLETE |
|
Event 9—Perform Registration
After the Cisco uBR900 series is initialized, authenticated, and configured, it requests to be registered with the headend CMTS. The CMAC_LOG_COS_ASSIGNED_SID field assigns a class of service (CoS) number and a service ID (SID). Multiple CoS entries in the configuration file imply that multiple SIDs are supported by the cable access router. If several cable access routers use the same configuration file, they will have the same CoS numbers but will be assigned different SIDs.
A successful registration is indicated by the CMAC_LOG_REGISTRATION_OK field.
508178.300 |
CMAC_LOG_STATE_CHANGE |
registration_state |
508178.302 |
CMAC_LOG_REG_REQ_MSG_QUEUED |
|
508178.306 |
CMAC_LOG_REG_REQ_TRANSMITTED |
|
508178.310 |
CMAC_LOG_REG_RSP_MSG_RCVD |
|
508178.312 |
CMAC_LOG_COS_ASSIGNED_SID |
5/19 |
508178.314 |
CMAC_LOG_COS_ASSIGNED_SID |
6/20 |
508178.316 |
CMAC_LOG_COS_ASSIGNED_SID |
7/21 |
508178.318 |
CMAC_LOG_RNG_REQ_QUEUED |
19 |
508178.320 |
CMAC_LOG_REGISTRATION_OK |
|
Event 10—Comply with Baseline Privacy
During this event, keys for baseline privacy are exchanged between the Cisco uBR900 series and the headend CMTS. A link level encryption is performed so that your data cannot be “sniffed” by anyone else on the cable network.
Following is a trace showing baseline privacy enabled. The key management protocol is responsible for exchanging two types of keys: KEKs and TEKs. The KEK (key exchange key, also referred to as the authorization key) is used by the CMTS to encrypt the TEKs (traffic encryption keys) it sends to the Cisco uBR900 series. The TEKs are used to encrypt/decrypt the data. There is a TEK for each SID that is configured to use privacy.
Configuring the Cisco uBR900 Series Cable Access Routers 29
Benefits
851.088 |
CMAC_LOG_STATE_CHANGE |
establish_privacy_state |
851.094 |
CMAC_LOG_PRIVACY_FSM_STATE_CHANGE |
machine: KEK, event/state: |
EVENT_1_PROVISIONED/STATE_A_START, new state: STATE_B_AUTH_WAIT |
||
851.102 |
CMAC_LOG_BPKM_REQ_TRANSMITTED |
|
851.116 |
CMAC_LOG_BPKM_RSP_MSG_RCVD |
|
851.120 |
CMAC_LOG_PRIVACY_FSM_STATE_CHANGE |
machine: KEK, event/state: |
EVENT_3_AUTH_REPLY/STATE_B_AUTH_WAIT, new state: STATE_C_AUTHORIZED |
||
856.208 |
CMAC_LOG_PRIVACY_FSM_STATE_CHANGE |
machine: TEK, event/state: |
EVENT_2_AUTHORIZED/STATE_A_START, new state: STATE_B_OP_WAIT |
||
856.220 |
CMAC_LOG_BPKM_REQ_TRANSMITTED |
|
856.224 |
CMAC_LOG_BPKM_RSP_MSG_RCVD |
|
856.230 |
CMAC_LOG_PRIVACY_FSM_STATE_CHANGE |
machine: TEK, event/state: |
EVENT_8_KEY_REPLY/STATE_B_OP_WAIT, new state: STATE_D_OPERATIONAL |
||
856.326 |
CMAC_LOG_PRIVACY_INSTALLED_KEY_FOR_SID |
2 |
856.330 |
CMAC_LOG_PRIVACY_ESTABLISHED |
|
Note In order for baseline privacy to work, you must use a code image name on the Cisco uBR900 series that contains the characters k1. In addition, baseline privacy must be supported on the headend CMTS, and it must be turned on in the configuration file that is downloaded to the cable access router.
Event 11—Enter the Maintenance State
As soon as the Cisco uBR900 series has successfully completed the above events, it enters the operational maintenance state and is authorized to forward traffic into the cable network.
508178.322 CMAC_LOG_STATE_CHANGE |
maintenance_state |
Benefits
The Cisco uBR900 series cable access router provides the following benefits for data-over-cable applications:
•Allows telecommuters and small office/home office customers to leverage the high-bandwidth, low-cost, IP-based data and voice services offered by cable service providers
•Enables the cost-effective deployment of advanced routing capabilities to the small office or home office site
•Prioritizes voice traffic ahead of data traffic, ensuring quality of service (QoS) over a shared cable infrastructure
•Leverages Cisco’s industry-standard routing hardware and Cisco IOS software to deliver advanced networking services and applications such as virtual private networks (VPNs), support for multi-protocol networks, firewall security, and the ability to cost-effectively deploy local area networks (LANs)
30 Cisco IOS Release 12.0(7)T