Configuration Workflows and Checklists
This chapter is divided into two major sections that define the processes to follow when configuring BAC components to support various technologies. These sections are:
•Component Workflows
•Technology Workflows
Component Workflows
This section describes the workflows you must follow to configure each BAC component for the technologies that BAC supports. You must perform these configuration tasks before configuring BAC to support specific technologies.
In some instances, certain procedures may only be applicable to a lab or component installation. In these cases that appropriate indication is made.
The component workflows described in this section are arranged in a checklist format and include:
•RDU Checklist
•DPE Checklists, including:
–Hardware DPE Checklist
–Solaris DPE Checklist
•Network Registrar Checklist
Note Tasks marked with an asterisk (*) are mandatory.
RDU Checklist
Table 3-1 identifies the workflow to follow when configuring the RDU.
Hardware DPE Checklist
You must perform the activities described in Table 3-2 after those described in Table 3-1.
Note Tasks marked with an asterisk (*) are mandatory.
Table 3-2 identifies the workflow to follow when configuring the hardware DPE.
Table 3-2 Hardware DPE Configuration Checklist
|
|
|
1. Change the passwords. |
The password command described in the Cisco Broadband Access Center DPE CLI Reference, 2.7.1. |
Component Only |
2. Configure the system syslog service for use with BAC. |
Installation and Setup Guide for Cisco Broadband Access Center, 2.7.1. |
Both |
3. Configure your IP address.* |
The interface ethernet ip address command described in the Cisco Broadband Access Center DPE CLI Reference, 2.7.1. |
Component Only |
4. Configure the provisioning interface.* |
The interface ethernet provisioning enabled command described in the Cisco Broadband Access Center DPE CLI Reference, 2.7.1. |
Component Only |
5. Configure the default hardware gateway.* |
The ip default-gateway command described in the Cisco Broadband Access Center DPE CLI Reference, 2.7.1. |
Component Only |
6. Configure the provisioning FQDN. |
The interface ethernet provisioning fqdn command described in the Cisco Broadband Access Center DPE CLI Reference, 2.7.1. |
Component Only |
7. Configure the BAC shared secret.* |
The dpe shared-secret command described in the Cisco Broadband Access Center DPE CLI Reference, 2.7.1. |
Component Only |
8. Configure the DPE to connect to the desired RDU.* |
The dpe rdu-server command described in the Cisco Broadband Access Center DPE CLI Reference, 2.7.1. |
Component Only |
9. Configure the Network Time Protocol (NTP). |
The ntp server command described in the Cisco Broadband Access Center DPE CLI Reference, 2.7.1. |
Component Only |
10. Configure the primary provisioning group.* |
The dpe provisioning-group primary command described in the Cisco Broadband Access Center DPE CLI Reference, 2.7.1. |
Component Only |
11. Configure a hostname.* |
The hostname command described in the Cisco Broadband Access Center DPE CLI Reference, 2.7.1. |
Component Only |
12. Configure a domain name.* |
The ip domain-name command described in the Cisco Broadband Access Center DPE CLI Reference, 2.7.1. |
Component Only |
13. Configure a minimum of one name server.* |
The ip name-server command described in the Cisco Broadband Access Center DPE CLI Reference, 2.7.1. |
Component Only |
14. Configure the required routes to the other BAC components as well as to the devices in the network. |
The ip route command described in the Cisco Broadband Access Center DPE CLI Reference, 2.7.1. |
Component Only |
15. Configure the DPE SNMP agent. |
The SNMP agent commands in the Cisco Broadband Access Center DPE CLI Reference, 2.7.1. |
Component Only |
16. Verify that you are connected to RDU. |
Viewing Servers, page 10-19 |
Component Only |
Solaris DPE Checklist
You must perform the activities described in Table 3-3 after those described in Table 3-1.
Note This checklist applies to component installation of the Solaris DPE. A lab installation prompts for the required parameters, and automatically configures the selected technologies. Lab installations also use a single SNMP agent to monitor the DPE and the RDU. You can configure this agent from the DPE CLI or the snmpAgentCfgUtil.sh tool. See Using the snmpAgentCfgUtil.sh Tool, page 13-15.
Note Tasks marked with an asterisk (*) are mandatory.
Table 3-3 identifies the workflow to follow when configuring the Solaris DPE.
Table 3-3 Solaris DPE Configuration Checklist
|
|
|
1. Configure the system syslog service for use with BAC. |
Installation and Setup Guide for Cisco Broadband Access Center, 2.7.1. |
Both |
2. Change the passwords. |
The password command described in the Cisco Broadband Access Center DPE CLI Reference, 2.7.1. |
Both |
3. Configure the provisioning interface.* |
The interface ethernet provisioning enabled command described in the Cisco Broadband Access Center DPE CLI Reference, 2.7.1. |
Component Only |
4. Configure the provisioning FQDN. |
The interface ethernet provisioning fqdn command described in the Cisco Broadband Access Center DPE CLI Reference, 2.7.1. |
Component Only |
5. Configure the BAC shared secret.* |
The dpe shared-secret command described in the Cisco Broadband Access Center DPE CLI Reference, 2.7.1. |
Component Only |
6. Configure the DPE to connect to the desired RDU.* |
The dpe rdu-server command described in the Cisco Broadband Access Center DPE CLI Reference, 2.7.1. |
Component Only |
7. Configure the Network Time Protocol (NTP). |
Solaris documentation for configuration information. |
Component Only |
8. Configure the primary provisioning group.* |
The dpe provisioning-group primary command described in the Cisco Broadband Access Center DPE CLI Reference, 2.7.1. |
Component Only |
9. Configure the required routes to the other BAC components as well as to the devices in the network. |
The ip route command described in the Cisco Broadband Access Center DPE CLI Reference, 2.7.1. |
Component Only |
10. Configure the DPE SNMP agent. |
The SNMP agent commands in the Cisco Broadband Access Center DPE CLI Reference, 2.7.1. |
Component Only |
11. Verify that you are connected to RDU. |
Viewing Servers, page 10-19 |
Both |
Network Registrar Checklist
You must perform the activities described in Table 3-4 after those described in Table 3-2 or Table 3-3.
Caution
The BAC DHCP option settings always replace any DHCP option values set within Network Registrar.
Note Tasks marked with an asterisk (*) are mandatory.
Table 3-4 identifies the workflow to follow when configuring Network Registrar.
Table 3-4 Network Registrar Workflow Checklist
|
|
|
1. Validate the Network Registrar extensions. |
Installation and Setup Guide for Cisco Broadband Access Center, 2.7.1, for information on configuring valid extensions. |
Both |
2. Configure the system syslog service for use with BAC. |
Installation and Setup Guide for Cisco Broadband Access Center, 2.7.1, for information on configuring the system BAC syslog service. |
Both |
3. Configure client classes/scope-selection tags that match those defined in the RDU.* |
Cisco Network Registrar User's Guide, 6.2.1, for information on configuring client classes and scope-selection tags. |
Both |
4. Configure scopes.* |
Cisco Network Registrar User's Guide, 6.2.1, for information on configuring scopes. |
Both |
5. Configure policies.* |
Cisco Network Registrar User's Guide, 6.2.1, for information on configuring policies. |
Both |
6. Configure the backup procedure for the Network Registrar database. |
Cisco Network Registrar User's Guide, 6.2.1, for information on backing up the Network Registrar database. |
Component Only |
7. Verify that you are connected to the correct RDU. |
Viewing Servers, page 10-19 |
Both |
Technology Workflows
This section describes the activities that you must perform when configuring BAC to support specific technologies.
The technology workflows described in this section are arranged in a checklist format and include:
•DOCSIS Checklist
•PacketCable Checklists including:
–PacketCable Secure
–PacketCable Basic
•Non-Secure CableHome Provisioning Checklist
Note Tasks marked with an asterisk (*) are mandatory.
DOCSIS Checklist
You must perform the activities described in Component Workflows, in addition to those described in Table 3-5 to successfully configure BAC for DOCSIS operations.
Table 3-5 DOCSIS Checklist
|
|
1. Configure the RDU |
a. Configure all provisioned DHCP criteria. |
Configuring DHCP Criteria, page 11-24 |
b. Configure provisioned Class of Service. Add the Class of Service that may be used by any provisioned DOCSIS modem. |
Configuring Class of Service, page 11-1 |
c. Configure the promiscuous mode of operation. |
System Defaults, page 11-21 |
2. Configure Network Registrar |
Configure client classes/scope-selection tags to match those added for the provisioned DOCSIS modem DHCP criteria. |
Cisco Network Registrar User's Guide, 6.2.1, for information on configuring client classes and scope-selection tags. |
PacketCable Checklists
BAC supports two variations of PacketCable. This section identifies the tasks that must be performed for each, including:
•PacketCable Secure
•PacketCable Basic
Note The checklists in this section assume that an appropriate PacketCable configuration file and the correct MIBs are loaded.
PacketCable Secure
BAC supports two variants of PacketCable Secure:
•North American PacketCable
•Euro PacketCable
You must perform the PacketCable-related tasks described in Table 3-6 after those described in Component Workflows.
The Secure PacketCable checklists involve working with every BAC component.
Note For PacketCable-compliant operations, the maximum allowable clock skew between the MTA and KDC is 300 seconds (5 minutes). This value is the default setting.
Table 3-6 identifies the workflow to follow when configuring PacketCable Secure on BAC.
Note Tasks marked with an asterisk (*) are mandatory.
Table 3-6 PacketCable Secure Checklist
|
|
|
|
|
1. Configure the RDU |
a. Enable the autogeneration of Media Terminal Adapter (MTA) FQDNs. |
P |
P |
Automatic FQDN Generation, page 11-38, for information on enabling and configuring autogeneration of FQDNs. |
b. Configure all provisioned DHCP criteria. |
P |
P |
Configuring DHCP Criteria, page 11-24 |
c. Configure all provisioned Class of Service. |
P |
P |
Configuring Class of Service, page 11-1 |
d. Configure an SNMPv3 cloning key.* |
P |
P |
Configuring SNMPv3 Cloning on the RDU and DPE for Secure Communication with PacketCable MTAs, page 11-37 |
e. Configure the RDU to use Euro PacketCable MIBs. |
|
P |
Configuring Euro PacketCable MIBs, page 5-30 |
2. Configure the DPE |
a. Configure a KDC service key.* |
P |
P |
The packetcable registration kdc-service-key command described in the: •Cisco Broadband Access Center DPE CLI Reference, 2.7.1 •Installation and Setup Guide for Cisco Broadband Access Center, 2.7.1 |
b. Configure a privacy policy.* |
P |
P |
The packetcable registration policy-privacy command described in the: •Cisco Broadband Access Center DPE CLI Reference, 2.7.1 •Installation and Setup Guide for Cisco Broadband Access Center, 2.7.1 |
c. Configure an SNMPv3 cloning key.* |
P |
P |
The packetcable snmp key-material command described in the: •Cisco Broadband Access Center DPE CLI Reference, 2.7.1 •Installation and Setup Guide for Cisco Broadband Access Center, 2.7.1 Note On a hardware DPE, you must run this command from the console mode. |
d. Enable PacketCable.* |
P |
P |
The packetcable enable command described in the: •Cisco Broadband Access Center DPE CLI Reference, 2.7.1 •Installation and Setup Guide for Cisco Broadband Access Center, 2.7.1 |
e. Configure the optional MTA file encryption. |
P |
P |
The packetcable registration encryption command described in the: •Cisco Broadband Access Center DPE CLI Reference, 2.7.1 •Installation and Setup Guide for Cisco Broadband Access Center, 2.7.1 |
3. Configure the KDC |
a. Obtain a KDC license from your Cisco representative and copy that file to the BPR_HOME/kdc directory. |
P |
P |
KDC Licenses, page 5-9 |
b. Configure a certificate chain using the PKCert.sh tool. For Euro PacketCable, use the -e option. |
P |
P |
Using the PKCert.sh Tool, page 13-5 |
c. Configure a service key pair for each DPE's provisioning FQDN. |
P |
P |
Using the KeyGen Tool, page 13-11 |
d. Configure service keys for the ticket-granting-ticket (TGT). |
P |
P |
Using the KeyGen Tool, page 13-11 |
e. Configure service keys for the Call Management Server. |
P |
P |
Using the KeyGen Tool, page 13-11 |
f. Configure Network Time Protocol (NTP). |
P |
P |
Solaris documentation for information on configuring NTP for Solaris. |
4. Configure DHCP |
a. Configure all necessary PacketCable voice technology properties. |
P |
P |
Using the KeyGen Tool, page 13-11 |
b. Configure dynamic DNS for the MTA scopes. |
P |
P |
Cisco Network Registrar User's Guide, 6.2.1, for information on configuring dynamic DNS. |
c. Configure client classes/scope-selection tags that match those defined in the RDU.* |
P |
P |
Cisco Network Registrar User's Guide, 6.2.1, for information on configuring client classes and scope-selection tags. |
5. Configure DNS |
a. Configure dynamic DNS for each DHCP server. |
P |
P |
Cisco Network Registrar User's Guide, 6.2.1, for information on configuring dynamic DNS. |
b. Configure a zone for the KDC realm. |
P |
P |
Cisco Network Registrar User's Guide, 6.2.1, for information on configuring zones. |
c. Configure an SRV record for the KDC. |
P |
P |
Configuring SRV Records in the Network Registrar DNS Server, page 11-36, and the Cisco Network Registrar User's Guide, 6.2.1, for information on configuring SRV records. |
d. Configure records for the KDC and DPE provisioning interface names. |
P |
P |
Cisco Network Registrar User's Guide, 6.2.1, for information on configuring records. |
Note We recommend that you use the DNS procedure to configure a reverse zone for the DNS server IP address. Some DNS clients, including nslookup, attempt to resolve the DNS server IP address to an FQDN. This attempt may fail to retrieve any records from the DNS unless the reverse zone is present and properly configured. |
PacketCable Basic
You must perform the PacketCable-related tasks described in Table 3-7 after those described in Component Workflows. The PacketCable Basic checklist involves working with almost every BAC component.
Table 3-6 identifies the workflow to follow when configuring PacketCable Basic on BAC.
Note Tasks marked with an asterisk (*) are mandatory.
Table 3-7 PacketCable Basic Checklist
|
|
1. Configure the DPE |
Enable PacketCable.* |
The packetcable enable command described in the: •Cisco Broadband Access Center DPE CLI Reference, 2.7.1 •Installation and Setup Guide for Cisco Broadband Access Center, 2.7.1. |
2. Configure DHCP |
a. Configure dynamic DNS for the MTA scopes. |
Cisco Network Registrar User's Guide, 6.2.1, for information on configuring dynamic DNS. |
b. Configure client classes/scope-selection tags that match those defined in the RDU.* |
Cisco Network Registrar User's Guide, 6.2.1, for information on configuring client classes and scope-selection tags. |
3. Configure DNS |
Configure dynamic DNS for each DHCP server. |
Cisco Network Registrar User's Guide, 6.2.1, for information on configuring dynamic DNS. |
Note We recommend that you use the DNS procedure to configure a reverse zone for the DNS server IP address. Some DNS clients, including nslookup, attempt to resolve the DNS server IP address to an FQDN. This attempt may fail to retrieve any records from the DNS unless the reverse zone is present and properly configured. |
4. Configure a Class of Service, which must contain the following properties: Note You can configure these properties anywhere on the device property hierarchy. |
a. /pktcbl/prov/flow/mode
This property commands the specific flow that an MTA uses. Set this property to either: –BASIC.1—Executes the BASIC.1 flow. –BASIC.2—Executes the BASIC.2 flow. |
Configuring Class of Service, page 11-1 |
b. /cos/packetCableMTA/file : This property contains the name of the configuration file that is to be presented to the MTA. The configuration file is stored as an external file in BAC. The configuration file presented to a Basic MTA must contain the Basic integrity hash. If you are using a dynamic configuration template, the hash is inserted transparently during template processing. You can use the dynamic template for provisioning in both Secure and Basic modes. However, if the file is a Secure static configuration file, you must convert this file to a Basic static configuration file because Secure and Basic static configuration files are not interoperable. For details on how to perform this conversion, see Activating PacketCable Basic Flow, page 8-39. |
Configuring Class of Service, page 11-1 |
Non-Secure CableHome Provisioning Checklist
You must perform the tasks described in Component Workflows, in addition to those described in Table 3-8 to successfully configure BAC for non-secure CableHome provisioning.
Table 3-8 Non-Secure CableHome Provisioning Checklist
|
|
1. Configure the RDU |
a. Configure provisioned DHCP criteria. Add all the DHCP criteria that will be used by the non-secure CableHome devices that you will provision. |
Configuring DHCP Criteria, page 11-24 |
b. Configure provisioned Class of Service. Add the Class of Service that may be used by any provisioned non-secure CableHome device. |
Configuring Class of Service, page 11-1 |
c. Configure the promiscuous mode of operation. |
System Defaults, page 11-21 |
2. Configure Network Registrar |
Configure the client classes/scope-selection tags to match those added for the provisioned non-secure CableHome DHCP criteria. |
Cisco Network Registrar User's Guide, 6.2.1, for information on configuring client classes and scope-selection tags. |