Configuration Workflows
This chapter is divided into two sections, each of which defines the process to follow when configuring Cisco Broadband Access Center (Cisco BAC) components to support various technologies. These sections are:
•Component Workflows
•Technology Workflows
Note You can also use the application programming interface (API) to perform all the configuration tasks outlined in this chapter. See the 4.1 API Javadoc for more details.
Component Workflows
This section describes the workflows that you must follow to configure each Cisco BAC component for the technologies that Cisco BAC supports. You must perform these configuration tasks before configuring Cisco BAC to support specific technologies.
You must configure the Cisco BAC components in the order specified below.
1. RDU Workflow
2. DPE Workflow
3. Network Registrar Workflow
RDU Workflow
Table 3-1 identifies the workflow to follow when configuring the RDU.
DPE Workflow
You perform the tasks described in this workflow only after configuring the tasks described in Table 3-1. You can configure the DPE to support:
•IPv4. See Table 3-2.
•IPv6. See Table 3-3.
Note Tasks marked with an asterisk (*) are mandatory.
Table 3-2 identifies the workflow to follow when configuring the DPE for IPv4.
Table 3-2 DPE Configuration Workflow for IPv4
|
|
|
Step 1 |
Configure the system syslog service for use with Cisco BAC. |
Installation and Setup Guide for Cisco Broadband Access Center 4.1 |
Step 2 |
Change the passwords. |
The password command described in the Cisco Broadband Access Center DPE CLI Reference 4.1 |
Step 3 |
Configure the provisioning interface.* |
The interface ip ipv4_address provisioning command described in the Cisco Broadband Access Center DPE CLI Reference 4.1 |
Step 4 |
Configure the provisioning FQDN. |
The interface ip ipv4_address provisioning fqdn command described in the Cisco Broadband Access Center DPE CLI Reference 4.1 |
Step 5 |
Configure the interface that communicates with Cisco Network Registrar extensions. |
The interface ip ipv4_address pg-communication command described in the Cisco Broadband Access Center DPE CLI Reference 4.1 |
Step 6 |
Configure the Cisco BAC shared secret.* |
The dpe shared-secret command described in the Cisco Broadband Access Center DPE CLI Reference 4.1 |
Step 7 |
Configure the DPE to connect to the RDU.* |
The dpe rdu-server port command described in the Cisco Broadband Access Center DPE CLI Reference 4.1 |
Step 8 |
Configure the Network Time Protocol (NTP). |
Solaris documentation for configuration information |
Step 9 |
Configure the primary provisioning group.* |
The dpe provisioning-group primary command described in the Cisco Broadband Access Center DPE CLI Reference 4.1 |
Step 10 |
Configure the DPE SNMP agent. |
The SNMP agent commands in the Cisco Broadband Access Center DPE CLI Reference 4.1 |
|
Note You can configure the SNMP agent using either the DPE command-line interface or the snmpAgentCfgUtil.sh tool (see Using the snmpAgentCfgUtil.sh Tool). |
Step 11 |
Verify that you are connected to RDU. |
Viewing Servers |
Step 12 |
Enable provisioning-group capabilities for v4. |
Viewing Provisioning Groups |
Table 3-3 identifies the workflow to follow when configuring the DPE for IPv6. The tasks that are described here relate to IPv6 alone. To perform basic configuration of the DPE, complete the tasks described in Table 3-2, then additionally complete the steps described in this table.
Table 3-3 DPE Configuration Workflow for IPv6
|
|
|
Step 1 |
Configure the provisioning interface.* |
The interface ip ipv6_address provisioning command described in the Cisco Broadband Access Center DPE CLI Reference 4.1 |
Step 2 |
Configure the provisioning FQDN. |
The interface ip ipv6_address provisioning fqdn command described in the Cisco Broadband Access Center DPE CLI Reference 4.1 |
Step 3 |
Enable TFTP. |
The service tftp 1..1 ipv6 enabled true command described in the Cisco Broadband Access Center DPE CLI Reference 4.1 |
Step 4 |
Enable ToD. |
The service tod 1..1 ipv6 enabled true command described in the Cisco Broadband Access Center DPE CLI Reference 4.1 |
Step 5 |
Reload the DPE. |
The dpe reload command described in the Cisco Broadband Access Center DPE CLI Reference 4.1 |
Step 6 |
Enable provisioning-group capabilities for v6. |
Viewing Provisioning Groups |
Network Registrar Workflow
You perform the activities described in this workflow only after configuring the tasks described in Table 3-2.
Caution
The Cisco BAC DHCP option settings always replace any DHCP option values set within Cisco Network Registrar.
To configure Network Registrar for:
•DHCPv4, see Table 3-4.
•DHCPv6, see Table 3-5.
Note Tasks marked with an asterisk (*) are mandatory.
Table 3-4 identifies the workflow to follow when configuring Network Registrar for DHCPv4.
Table 3-4 Network Registrar Workflow for DHCPv4
|
|
|
Step 1 |
Validate the Network Registrar extensions. |
Installation and Setup Guide for Cisco Broadband Access Center 4.1 |
Step 2 |
Configure the system syslog service for use with Cisco BAC. |
Installation and Setup Guide for Cisco Broadband Access Center 4.1 |
Step 3 |
Configure client classes/selection tags that match those defined in the RDU. * |
User Guide for Cisco Network Registrar 7.1 |
Step 4 |
Configure policies.* |
User Guide for Cisco Network Registrar 7.1 |
Step 5 |
Configure scopes.* |
User Guide for Cisco Network Registrar 7.1 |
Step 6 |
Back up the Network Registrar database. |
User Guide for Cisco Network Registrar 7.1 |
Step 7 |
Verify that you are connected to the correct RDU. |
Viewing Servers |
Step 8 |
Reload the DHCP server. |
User Guide for Cisco Network Registrar 7.1 |
Table 3-5 identifies the workflow to follow when configuring Network Registrar for DHCPv6. Follow this task list for each category of provisioned and unprovisioned devices, including DOCSIS cable modems, computers, and PacketCable MTAs.
Table 3-5 Network Registrar Workflow for DHCPv6
|
|
|
Step 1 |
Validate the Network Registrar extensions. |
Installation and Setup Guide for Cisco Broadband Access Center 4.1 |
Step 2 |
Configure the system syslog service for use with Cisco BAC. |
Installation and Setup Guide for Cisco Broadband Access Center 4.1 |
Step 3 |
Configure client classes/selection tags that match those defined in the RDU. * |
User Guide for Cisco Network Registrar 7.1 |
Step 4 |
Configure policies.* |
User Guide for Cisco Network Registrar 7.1 |
Step 5 |
Configure links.* |
User Guide for Cisco Network Registrar 7.1 |
Step 6 |
Configure prefixes. For each prefix, ensure that you configure the appropriate policy, link, and selection tag.* Note Some DHCP clients, such as cable modems, reject Offers that contain multiple IPv6 addresses. While defining prefixes, configure Network Registrar such that it does not assign more than one IPv6 address to a client. Ensure that you do not add the same selection tag to two prefixes, because doing so makes Network Registrar pick one IP address from each prefix, thus assigning two IP addresses to the client. |
User Guide for Cisco Network Registrar 7.1 |
Step 7 |
Back up the Network Registrar database. |
User Guide for Cisco Network Registrar 7.1 |
Step 8 |
Verify that you are connected to the correct RDU. |
Viewing Servers |
Step 9 |
Reload the DHCP server. |
User Guide for Cisco Network Registrar 7.1 |
Technology Workflows
This section describes the tasks that you must perform when configuring Cisco BAC to support specific technologies and include:
•DOCSIS Workflow
•PacketCable workflows:
–PacketCable Secure
–PacketCable Basic
•CableHome Workflow
Note Tasks marked with an asterisk (*) are mandatory.
DOCSIS Workflow
Cisco BAC supports these versions of the DOCSIS specifications: 1.0, 1.1, 2.0, and 3.0.
To successfully configure Cisco BAC for DOCSIS operations, you must perform the tasks described in Component Workflows, in addition to those described in this section.
Table 3-6 identifies the workflow to follow when configuring Cisco BAC to support DOCSIS.
Table 3-6 DOCSIS Workflow
|
|
|
Step 1 |
Configure the RDU |
|
a. Configure all provisioned DHCP Criteria. |
Configuring DHCP Criteria |
|
b. Configure provisioned Class of Service. |
Configuring Class of Service |
|
c. Configure the promiscuous mode of operation. |
System Defaults |
Step 2 |
Configure the DPE |
|
a. Enable the TFTP service. |
The service tftp 1..1 ipv4 | ipv6 enabled true command described in the Cisco Broadband Access Center DPE CLI Reference 4.1 |
|
b. Optionally, enable the ToD service. |
The service tod 1..1 ipv4 | ipv6 enabled true command described in the Cisco Broadband Access Center DPE CLI Reference 4.1 |
Step 3 |
Configure Network Registrar |
|
Configure client classes/selection tags to match those added for the provisioned DOCSIS modem DHCP Criteria. |
User Guide for Cisco Network Registrar 7.1 |
PacketCable Workflows
Cisco BAC supports these versions of the PacketCable specifications: 1.0, 1.1, and 1.5.
Cisco BAC also supports two variants of PacketCable voice services: the default Secure mode and the non-secure Basic mode. PacketCable Basic is much the same as the standard PacketCable, except for the lack of security found in the non-secure variant.
This section identifies the tasks that you must perform for each variant.
•PacketCable Secure
•PacketCable Basic
Note The workflows in this section assume that you have loaded an appropriate PacketCable configuration file and the correct MIBs.
PacketCable Secure
Cisco BAC supports two variants of PacketCable Secure:
•North American PacketCable
•European PacketCable
Euro-PacketCable services are the European equivalent of the North American PacketCable standard. The only significant difference between the two is that Euro PacketCable uses different MIBs. For details, see Euro-PacketCable MIBs.
You perform the PacketCable-related tasks described in this section only after completing the tasks described in Component Workflows.
Note For PacketCable-compliant operations, the maximum allowable clock skew between the MTA, KDC, and DPE is 300 seconds (5 minutes). This value is the default setting.
Table 3-7 identifies the workflow to follow when configuring Cisco BAC to support PacketCable Secure.
Note Tasks marked with an asterisk (*) are mandatory.
Table 3-7 PacketCable Secure Workflow
|
|
|
Step 1 |
Configure the RDU |
|
a. Enable the autogeneration of Multimedia Terminal Adapter (MTA) FQDNs. |
Automatic FQDN Generation |
|
b. Configure all provisioned DHCP Criteria. |
Configuring DHCP Criteria |
|
c. Configure all provisioned Class of Service. |
Configuring Class of Service |
|
d. Configure an SNMPv3 cloning key.* |
Configuring SNMPv3 Cloning on the RDU and DPE for Secure Communication with PacketCable MTAs |
|
e. If you are using Euro PacketCable, configure the RDU to use Euro-PacketCable MIBs. |
Configuring Euro-PacketCable MIBs |
Step 2 |
Configure the DPE |
|
a. Configure a KDC service key.* |
The service packetcable 1..1 registration kdc-service-key command described in the Cisco Broadband Access Center DPE CLI Reference 4.1 |
|
b. Configure a privacy policy.* |
The service packetcable 1..1 registration policy-privacy command described in the Cisco Broadband Access Center DPE CLI Reference 4.1 |
|
c. Configure an SNMPv3 cloning key.* |
The service packetcable 1..1 snmp key-material command described in the Cisco Broadband Access Center DPE CLI Reference 4.1 |
|
d. Enable PacketCable.* |
The service packetcable 1..1 enable command described in the Cisco Broadband Access Center DPE CLI Reference 4.1 |
|
e. Enable the TFTP service. |
The service tftp ipv4 enabled true command described in the Cisco Broadband Access Center DPE CLI Reference 4.1 |
|
f. Optionally, enable the ToD service. |
The service tod ipv4 enabled true command described in the Cisco Broadband Access Center DPE CLI Reference 4.1 |
|
g. Optionally, configure MTA file encryption. |
The service packetcable 1..1 registration encryption enable command described in the Cisco Broadband Access Center DPE CLI Reference 4.1 |
Step 3 |
Configure the KDC |
|
a. Obtain a KDC license from your Cisco representative. |
KDC Licenses |
|
b. Configure a certificate chain using the PKCert.sh tool. For Euro PacketCable, use the -e option. |
Using the PKCert.sh Tool |
|
c. Configure a service key pair for each DPE's provisioning FQDN. |
Using the KeyGen Tool |
|
d. Configure service keys for the ticket-granting-ticket (TGT). |
Using the KeyGen Tool |
|
e. Configure Network Time Protocol (NTP). |
Solaris documentation for information on configuring NTP for Solaris |
Step 4 |
Configure DHCP |
|
a. Configure all necessary PacketCable properties. |
Using the KeyGen Tool |
|
b. Configure dynamic DNS for the MTA scopes. |
User Guide for Cisco Network Registrar 7.1 |
|
c. Configure client classes/scope-selection tags to match those added for provisioned PacketCable MTA DHCP criteria.* |
User Guide for Cisco Network Registrar 7.1 |
Step 5 |
Configure DNS |
|
a. Configure dynamic DNS for each DHCP server. |
User Guide for Cisco Network Registrar 7.1 |
|
b. Configure a zone for the KDC realm. |
User Guide for Cisco Network Registrar 7.1 |
PacketCable Basic
You perform the PacketCable-related tasks described in this section only after completing those described in Component Workflows.
Table 3-8 identifies the workflow to follow when configuring PacketCable Basic on Cisco BAC.
Note Tasks marked with an asterisk (*) are mandatory.
Table 3-8 PacketCable Basic Workflow
|
|
|
Step 1 |
Configure the DPE |
|
a. Enable PacketCable.* |
The service packetcable 1..1 enable command described in the Cisco Broadband Access Center DPE CLI Reference 4.1 |
|
b. Enable the TFTP service. |
The service tftp 1..1 ipv4 enabled true command described in the Cisco Broadband Access Center DPE CLI Reference 4.1 |
|
c. Optionally, enable the ToD service. |
The service tod 1..1 ipv4 enabled true command described in the Cisco Broadband Access Center DPE CLI Reference 4.1 |
Step 2 |
Configure DHCP |
|
a. Configure dynamic DNS for the MTA scopes. |
User Guide for Cisco Network Registrar 7.1 |
|
b. Configure client classes/scope-selection tags that match those added for provisioned PacketCable MTA DHCP criteria.* |
User Guide for Cisco Network Registrar 7.1 |
Step 3 |
Configure DNS |
|
Configure dynamic DNS for each DHCP server. |
User Guide for Cisco Network Registrar 7.1 |
Step 4 |
Configure a Class of Service, which must contain the following properties: |
|
a. /pktcbl/prov/flow/mode This property commands the specific flow that an MTA uses. Set this property to either: –BASIC.1—Executes the BASIC.1 flow. –BASIC.2—Executes the BASIC.2 flow. Note You can configure this property anywhere on the device-property hierarchy. |
Configuring Class of Service |
|
b. /cos/packetCableMTA/file This property contains the name of the configuration file that is to be presented to the MTA. The configuration file is stored as a file in Cisco BAC. The configuration file presented to a Basic MTA must contain the Basic integrity hash. If you are using a dynamic configuration template, the hash is inserted transparently during template processing. You can use the dynamic template for provisioning in both Secure and Basic modes. However, if the file is a Secure static configuration file, you must convert this file to a Basic static configuration file because Secure and Basic static configuration files are not interoperable. For details on how to perform this conversion, see Activating PacketCable Basic Flow. |
Configuring Class of Service |
CableHome Workflow
To successfully configure Cisco BAC for provisioning using the non-secure CableHome technology, you must perform the tasks described in Component Workflows, in addition to those described in this section.
Table 3-9 describes the tasks you must perform on Cisco BAC to support CableHome.
Table 3-9 CableHome Workflow
|
|
|
Step 1 |
Configure the RDU |
|
a. Configure provisioned DHCP Criteria. Add all the DHCP Criteria that will be used by the non-secure CableHome devices that you will provision. |
Configuring DHCP Criteria |
|
b. Configure provisioned Class of Service. Add the Class of Service that may be used by any provisioned non-secure CableHome device. |
Configuring Class of Service |
|
c. Configure the promiscuous mode of operation. |
System Defaults |
Step 2 |
Configure the DPE |
|
a. Enable the TFTP service. |
The service tftp 1..1 ipv4 enabled true command described in the Cisco Broadband Access Center DPE CLI Reference 4.1 |
|
b. Optionally, enable the ToD service. |
The service tod 1..1 ipv4 enabled true command described in the Cisco Broadband Access Center DPE CLI Reference 4.1 |
Step 3 |
Configure Network Registrar |
|
Configure the client classes/scope-selection tags to match those added for the provisioned non-secure CableHome DHCP Criteria. |
User Guide for Cisco Network Registrar 7.1 |