Cisco Prime Home User Guide, 5.1
Chapter 5: Working with Services
Downloads: This chapterpdf (PDF - 772.0KB) The complete bookPDF (PDF - 7.68MB) | Feedback

Table of Contents

Working with Services

Monitoring Bandwidth Usage

Launching the Bandwidth Monitor

Analyzing the WAN Interface Chart

Analyzing the LAN Device Traffic Share Chart

LAN Device Table

Setting Chart Options

Managing Wireless Settings

About Wireless Settings

Enabling Wireless Service

Disabling Wireless Service

Managing Port Forwarding

Enabling Port Forwarding

Disabling Port Forwarding

Adding a Port Forward

Deleting a Port Forward

Managing Content Filtering

About Content Filtering Levels

How Content Filtering Works

Enabling the Content Filtering Service

Disabling the Content Filtering Service

Managing Default Content Filtering Settings

Managing Content Filtering for Specific LAN Devices

Managing Time Blocking

Enabling Time Blocking

Disabling Time Blocking

Managing Default Time Blocking Settings

Managing Time Blocking for Specific Devices

Adding Bonus Time

Working with Services

Each account can have multiple services enabled. Some services apply to the entire home network; others apply to specific devices. This chapter explains how to manage:

  • Bandwidth monitoring
  • Wireless networking
  • Port forwarding
  • Content filtering
  • Time blocking

Services appear on the left side of the Customer Support tab. To view services, click Services . To view a specific service, click view .


Note You might see additional services, or services might appear in a different order, depending on how your system administrators configured Prime Home. For information on adding services or changing the order in which services are listed, see Managing Services.


Monitoring Bandwidth Usage

The Cisco Prime Home Bandwidth Monitor allows service providers to troubleshoot problems with degradation of Internet service caused by competition for bandwidth shared by multiple users. The Cisco Prime Home Bandwidth Monitor was developed to enable service providers to troubleshoot these issues and pinpoint their cause. Using intelligence in the CPE device (broadband modem or router), the Bandwidth Monitor routinely collects and reports bandwidth usage data for the whole home, as well as for each individual device behind the CPE device. With this data at their disposal, service providers can identify which devices are using the most bandwidth and resolve a customer’s Internet service issues more quickly.

Launching the Bandwidth Monitor

To launch the Bandwidth Monitor (Figure 5-1):


Step 1 From the Customer Support window, bring up a subscriber’s profile either by doing a search or by clicking the subscriber’s name in the Customer Support table.

Step 2 Expand the Services menu in the left sidebar.

Step 3 Select Bandwidth Monitor.


 

Figure 5-1 Bandwidth Monitor Window

 

Analyzing the WAN Interface Chart

The WAN Interface chart indicates the total amount of bandwidth that has been used by a particular CPE device. By viewing this chart, you can identify any usage patterns that exist and focus on times when bandwidth usage was higher. By default, results are shown for the past hour. To view results for a different period of time, click the appropriate link above the chart. When you place your cursor over any point on the chart, a tooltip displays the average downstream and upstream figures for that point in time. To view results for a specific portion of the current chart, move your cursor to the desired starting point, click, and then move the cursor to the desired end point while holding down the mouse.


Note You can either hide or show downstream and upstream rate data by clicking the appropriate label below the chart.


To enable the collection and reporting of this data, select the Bandwidth Monitoring WAN Collection check box.

Analyzing the LAN Device Traffic Share Chart

The LAN Device Traffic Share chart takes things a step further and indicates the amount of bandwidth used by every device in a customer’s home network. By viewing this chart, you can quickly identify which LAN devices are using the most bandwidth and focus your troubleshooting efforts on them. By default, downstream rate data is shown here. To toggle between downstream and upstream data, click the appropriate link above the chart. When you place your cursor over any point on a device’s line chart, a tooltip displays the name of the LAN device and its average downstream or upstream figure for that point in time. To either hide or show the results for a particular device, click the appropriate label below the chart.


Note This chart will display data for the same period of time covered in the WAN Interface chart.


To enable the collection and reporting of this data, select the Bandwidth Monitoring Collection Per Device check box.

LAN Device Table

The LAN Device table lists every device that the Bandwidth Monitor collects and reports information for. From here, you can view more specific information for those devices. Each entry in this table provides a representative icon, a short description of the device, the device’s IP and MAC addresses, and a graph that indicates the device’s bandwidth usage over the past hour.

Setting Chart Options

To set chart options:


Step 1 From the bottom-left portion of the Bandwidth Monitor, click the Chart Options link.

Step 2 Set the following options:

    • Hide LAN devices averaging below x kbps for the past hour: Devices that have used less bandwidth than the threshold you specify here are not displayed in the LAN Device Traffic Share chart. If you do not specify a threshold, Prime Home sets the default value of 0.1 kbps.
    • Zoom both charts together: When this option is selected and you zoom in on a particular period of time in one of the charts, the other chart automatically updates and displays information for the same period of time.

Step 3 Click Apply , and then click Close .


 

Managing Wireless Settings

Wireless service lets the subscriber connect LAN devices to the CPE device wirelessly. Any device capable of wireless networking—computers, video streaming devices, web cameras, or Wi-Fi-capable phones and tablets—can connect to the subscriber device.

To display the Wireless Settings window (Figure 5-2), click view .

Figure 5-2 Wireless Settings Window

 

About Wireless Settings

To enable wireless service, specify the following parameters in the Wireless Settings window:

  • Channel—Is typically set to Auto to enable the device to select a channel. However, if there are many devices using the same channel in close proximity, performance is enhanced by selecting a specific channel. Channels are numbered 1 through 11.

Note If the subscriber has multiple wireless services, they must all be set to the same channel.


  • Enabled—Turns the CPE device’s wireless capabilities on or off.
  • SSID—Displays the CPE device ID; typically a word, code, or short phrase. Compatible devices can choose from available SSIDs to connect. Administrators can set the SSID, or subscribers can set it for their devices from their control panel.

If the device supports multiple SSIDs, each one has its own interface section where it can be enabled and disabled independently and the SSID and security type can be set.

  • Broadcast SSID—Specifies whether the SSID is broadcast to available devices, or whether users must know the SSID to connect.
  • Restore Factory SSID—Restores the SSID to the original value from the first time the device checked in with the system. This button appears only for devices that support this capability.
  • Security type—Is one of the following:

 

None

No password is needed to connect a LAN device to the network. Anyone can connect. None is the least secure setting for a local network.

WAP

Wi-Fi Access Protected (WAP) provides more security than Wireless Equivalent Privacy (WEP). WAP is backward-compatible with WEP.

WAP2

Wi-Fi Access Protected 2 (WAP2) uses AES encryption and provides the highest level of security available for local networks.

Mixed

Mixed allows devices using WEP, WAP, and WAP2 to connect.

WEP

WEP uses stream cipher RC4 encryption for confidentiality protection and CRC-32 for integrity assurance. WEP is the least secure encryption method.

  • Key—Is a password or phrase used to establish secure communications. You can specify a key, or Prime Home can generate one for you. Subscribers must know the key to connect LAN devices to the wireless access point. All security types except None require a key.

Enabling Wireless Service

To enable wireless service:


Step 1 In the Wireless Settings window, click Enable to enable the wireless function on the device.

Step 2 Check the Enabled check box to enable the wireless service from the provider.

Step 3 Specify the SSID and any SSID options. The SSID is from 1 to 32 characters and cannot contain the following:

’ " & < > \

Step 4 From the Security Type menu, choose a security type.

Step 5 In the Key field, do one of the following:

  • Specify a security key. Depending on the security type selected, passwords must meet the following requirements:

WEP—5 to 13 characters.

WPA/WPA2—8 to 30 characters. Cannot contain ’ " & < > \.

  • Click Generate Wireless Key to generate a key.

Step 6 Click Save .


 

Disabling Wireless Service

To disable wireless service:


Step 1 In the Wireless Settings window, click Disable .

Step 2 Click Save .


 

Managing Port Forwarding

Port forwarding lets you specify ports that are open for communication. By default, the subscriber device blocks access to most ports. If an application requires other ports, you must specifically open them.

If a customer cannot use an application, you must determine which ports need to be open.

Port forwarding is specific to a device. To avoid conflicts, each port forward should be applied to only one device. Some CPE devices do not allow conflicting port forwards to be set; others do. Prime Home allows you to assign conflicting port forwards, but it flags them.

To display the Port Forward window (Figure 5-3), click view .

Figure 5-3 Port Forward Window

 

Enabling Port Forwarding

To enable port forwarding:


Step 1 In the Port Forward window, click Enable .

Step 2 Click Save .


 

Disabling Port Forwarding

To disable port forwarding:


Step 1 In the Port Forward window, click Disable .

Step 2 Click Save .


 

Adding a Port Forward

Before adding a port forward, you must know the following:

  • The specific LAN device for which you are opening a port. If the LAN device is already known, you can choose it from a list of known devices. Otherwise, you must know the IP address of the LAN device.
  • The specific port or range of ports to open and the protocol used (TCP or UDP). Alternatively, you can enter the name or partial name of an application; Prime Home locates the necessary port information.

To add a port forward:


Step 1 In the Port Forward window, click Add Port Forward .

Step 2 In the Add Port Forwards window, choose the LAN device for the port forward. Do one of the following:

  • Choose Select Device , and from the Select Device menu, choose a known LAN device. You can only add port forwards to devices that are currently online.
  • Choose Enter IP Address and enter the IP address of the LAN device.

Step 3 Specify the port by doing one of the following:

  • Choose Enter Custom . Enter the application name and protocol (TCP or UDP). Specify a range of port numbers by entering a starting port number and an ending port number. Specify the target port number.
  • Choose From List . Enter the name or partial name of the application. Once you type three or more characters, a list of potential matches appears. If the application you want is in the list, select its name. The port numbers are displayed.

Step 4 Click OK ; then, click Save .


 

Deleting a Port Forward

To delete a port forward:


Step 1 In the Port Forward window, locate the port forward you want to delete.

Step 2 Click Delete .

Step 3 Click Save to save your changes.


 

Managing Content Filtering

Content filtering lets subscribers block inappropriate web content. You can set content filters at four levels, or specify no content filtering. Subscribers can create lists of specific sites to allow or block. You can apply filter settings to the entire network or to specific devices. Subscribers can change these settings in their control panel.


Note Filter level names and categories are configured in a special configuration file. Configuration options can be set to disallow access if the content rating service is unavailable, if a site is unrated, or if the site is secure (https). For assistance with the content filtering configuration file, contact Cisco Advanced Services.


To display the Content Filtering window (Figure 5-4), click view .

Figure 5-4 Content Filtering Window

 

About Content Filtering Levels

Content filtering uses a third-party service that categorizes websites into specific categories:

  • Kids (6 and under)—Allows access only to sites categorized as appropriate for children 6 and under. All other addresses are blocked. If a subscriber wants to allow access to additional sites, the site addresses can be added to the allow list.
  • Young Children (7-12)—Blocks a wide range of content categorized as inappropriate for young children, as well as web-based communications, including access to webmail systems, chatting and chat sites, and forums and message boards. File sharing is not allowed. Sites that are not categorized as inappropriate are allowed. Subscribers can block additional content by adding specific addresses to the block list.
  • Young Teens (13-16)—Blocks content categorized as inappropriate for young teens. It also blocks file sharing, chatting and chat sites, dating sites, and virtual communities. It does allow access to webmail and blogging. Sites that are not categorized as inappropriate are allowed. Subscribers can block additional content by adding specific addresses to the block list.
  • Mature Teens (17-18)—Blocks sites categorized as pornography, alcohol, anonymizers, drugs, gambling, hate, tobacco, violence, and weapons. There are no restrictions on file sharing, webmail or chat, or virtual communities. Sites that are not categorized as inappropriate are allowed. Subscribers can block additional content by adding specific addresses to the block list, or allow blocked content by adding addresses to the allow list.

Note Content filtering is not infallible. New websites appear constantly online, and it takes time for them to be categorized.


How Content Filtering Works

When content filtering features are enabled, the system goes through a series of checks to determine whether to allow a request from a particular device on the subscriber’s network. The results vary depending on what type of filtering features are enabled, such as allow lists, block lists, content filtering, or time blocking. It is important to understand the interactions among these features to be able to troubleshoot specific site access issues.


Note If an allow list is active, but a category filter has not been applied, access is blocked to all addresses not on the allow list. The assumption is that if an allow list has been provided with no category filter specified, the desire is to limit access to only the addresses specified on the allow list.


If a category filter has been applied, access is allowed to items on the allow list that would normally be blocked by the category filter. In all cases, if a block list is active, access to items on the block list is blocked, regardless of any category filter applied.

When the in-home device receives a request for a web page, it does the following in this order:

1. Checks to see if a block list is active for the device. If a block list is active, it checks the address against the block list. If the address is on the block list, access is blocked.

2. Checks to see if Time Blocking is enabled. If access during the current time is not allowed, access is blocked. (For information about restricting access by time, see Managing Time Blocking.)

3. Checks to see if an allow list is active for the device. If the address is on the allow list, access is allowed.

4. Checks to see if a filter level (Kids, Young Children, and so on) has been applied.

  • If no filter level has been applied, but an allow list is active, access is not allowed unless the address is on the allow list.
  • If a category filter has been applied, the device sends the site address (URL) to the content rating service. The content rating service returns information about the category.

— If the site is in a category banned by the filter, access is blocked.

— If the site is not in a category banned by the filter or is unrated, access is allowed.

— If the Kids filter category is applied, access is allowed only if the site is rated appropriate for children 6 and under.


Note Prime Home can be configured to block access if the content rating service is unavailable, if the site has not been rated or categorized, or if the site is secure (https).


The following examples show how content filtering works.

Example 1: Allow list applied. Category filter set to Kids.

The user requests access to a site.

The device checks the allow list, which contains that site. Access is allowed. Because the site is on the allow list, it does not need to check with the content rating service.

Example 2: Allow list applied. Category filter is not applied.

The user requests access to a site.

The device checks the allow list, which does not contain that site. Because no category filter is applied, it does not send the URL to the content rating service. Because an allow list is active without a category filter, it does not allow access to other sites. Access is blocked.

Example 3: Block list applied. Category filter set to Young Teens.

The user requests access to a chat site.

The device checks the block list, which does not include that site. It then checks time blocking to see if access is allowed at this time. It sends the site address to the content rating service. The service returns a category of Chat, which is not allowed under the Young Teens category. Access is blocked.

Example 4: Allow list applied. Category filter set to Young Teens.

The user requests access to a site.

The device checks the block list, which does not include that site. It then checks time blocking to see if access is allowed at this time. The device checks the allow list, which contains that site. Access is allowed.

Example 5: Allow list applied. Category filter set to Young Teens. Time blocking applied.

The user requests access to a site.

The device checks the block list, which does not include that site. It then checks time blocking, which shows that the device is not available for use at the current time. Access is blocked.

Enabling the Content Filtering Service

To quickly enable content filtering for a subscriber:


Step 1 In the Content Filtering window, click Enable .

Step 2 Click Save .


 

Disabling the Content Filtering Service

To quickly disable content filtering for a subscriber:


Step 1 In the Content Filtering window, click Disable .

Step 2 Click Save .


 

Managing Default Content Filtering Settings

The default settings apply to LAN devices that join the network after the default is applied. They do not affect existing devices already connected unless they are set to use the default setting. You can set a filter level and enable or disable allow and block lists.

You also use the default settings to edit allow and block lists. These lists can then be applied to individual devices. An allow or block list is simply a list of website domains that the subscriber’s device allows or blocks access to. Allow and block lists override the filter-level setting. For example, if the filter allows access to a particular site, but you place it on a block list, that site is blocked.

To set default content filtering settings:


Step 1 In the Default Settings section of the Content Filtering window, choose a default filtering level from the Filter Level menu.

Step 2 From the Allow List menu, choose Enabled to enable the list or Disabled to disable the list.

Step 3 From the Block List menu, choose Enabled to enable the list or Disabled to disable the list.

Step 4 Click Save .

Step 5 Edit the default allow and block lists by doing the following:

a. Click Edit Default Lists .

b. In the allow/block list editor, enter the domain names for allowed and blocked websites. Enter only one domain name per row.

c. Click OK ; then, click Save .


 

Managing Content Filtering for Specific LAN Devices

You can set content filtering for specific LAN devices. For example, a subscriber might want to filter content for computers used by children in the household, but not for computers used by adults. Each device can have its own filter level, and you can enable or disable the allow or block lists for each device. Individual devices use the allow and block lists set up in Default Settings. You cannot create separate lists for each device.

To set content filtering for specific devices:


Step 1 In the Settings by Device section of the Content Filtering window, choose a filter level for each device.

Step 2 Enable or disable the allow list for each device.

Step 3 Enable or disable the block list for each device.

Step 4 Click Save .

Step 5 To reset content filtering for a specific device so it uses the network default, check the Use Default check box for that device.


 

Managing Time Blocking

Time blocking lets subscribers restrict local network access to certain hours. They can also add a bonus time, which is a period of additional time available during periods when access is restricted.

Time blocking settings can be applied to the entire home network or to specific devices on the network. Subscribers can view and change these settings in their control panel.

To display the Internet Time Blocking window (Figure 5-5), click view .

Figure 5-5 Internet Time Blocking Window

 

Enabling Time Blocking

To quickly enable time blocking:


Step 1 In the Internet Time Blocking window, click Enable .

Step 2 Click Save .


 

Disabling Time Blocking

To quickly disable time blocking:


Step 1 In the Internet Time Blocking window, click Disable .

Step 2 Click Save .


 

Managing Default Time Blocking Settings

Default settings specify the local time zone and apply to the entire home network.


Note Time blocking settings for specific devices override the default settings. Any devices that join the network after the default is set up use the default time blocking settings.


To set default time blocking settings:


Step 1 In the Default Settings section of the Internet Time Blocking window, choose a time zone from the Time Zone menu.

Step 2 Under Night Blocking, choose to block or unblock network access during specific hours for weekdays and weekends. If you choose Block, specify the hours during which access is blocked.

Step 3 Click Save .


 

Managing Time Blocking for Specific Devices

You can apply time limits, night blocking, and bonus time to specific LAN devices. Once a LAN device has been recognized by the system, its blocking information continues in effect even if it leaves the network for a period. For example, if a laptop that is night blocked is removed from the network for a week, night blocking resumes when the laptop returns to the network.


Note Time blocking limits apply only when a device is connected to the local network. If the device connects to a different network, the limits do not apply.


To set time blocking for specific devices:


Step 1 In the Settings by Device section of the Internet Time Blocking window, click a device name.

Step 2 In the Edit Time Blocking window (Figure 5-6), uncheck the User Default check box.

Step 3 Use the sliders to choose the number of hours per day the device can access the local network per weekday and per weekend day.

Step 4 For night blocking, choose whether the device is blocked during the night for weekdays or weekends. Specify the time periods for weekday and weekend night blocking.

Step 5 (Optional) Add bonus time.

Step 6 Click OK ; then, click Save .


 

Figure 5-6 Edit Time Blocking Window

 

Adding Bonus Time

Bonus time provides extra time to use the local network when access is blocked. The bonus time period begins immediately. You can add from 30 minutes to 23 hours and 30 minutes of time.

To add local network bonus time:


Step 1 In the Add Bonus Time section (Figure 5-7), choose the amount of time to add.

Step 2 Click Save .


 

Figure 5-7 Add Bonus Time Section