Table Of Contents
Cisco Cable Modem Termination System Feature Guide
Contents
Prerequisites for DHCP, ToD, and TFTP Services
Restrictions for DHCP, ToD, and TFTP Services
Information About DHCP, ToD, and TFTP Services
Feature Overview
Internal DHCP Server
DHCP Field Options
DHCP Security Options
Multiple DHCP Pools
External DHCP Servers
Cable Source Verify Feature
Smart Relay Feature
Giaddr Field
Time-of-Day Server
TFTP Server
Benefits
How to Configure DHCP, ToD, and TFTP Services
Configuring DHCP Service
Creating and Configuring a DHCP Address Pool for Cable Modems
Creating and Configuring a DHCP Address Pool for CPE Devices (optional)
Configuring Time-of-Day Service
Prerequisites
Enabling Time-of-Day Service
Disabling Time-of-Day Service
Configuring TFTP Service
Configuring A Basic All-in-One Configuration (optional)
Configuring an Advanced All-in-One Configuration (optional)
Optimizing the Use of an External DHCP Server
Configuring Cable Source Verify Option (optional)
Restrictions
Configuring Optional DHCP Parameters (optional)
Configuring the DHCP MAC Address Exclusion List for the cable-source verify dhcp Command
Configuration Examples
DHCP Server Examples
DHCP Pools for Cable Modems
DHCP Pools for Disabling Cable Modems
DHCP Pools for CPE Devices
ToD Server Example
TFTP Server Example
Basic All-in-One Configuration Example
Advanced All-in-One Configuration Example
Additional References
Related Documents
Standards
MIBs
RFCs
Technical Assistance
Cisco Cable Modem Termination System Feature Guide
Revised: February 5, 2007, 0L-1467-08
This chapter describes how to configure Cisco Cable Modem Termination System (CMTS) platforms so that they support onboard servers that provide Dynamic Host Configuration Protocol (DHCP), Time-of-Day (ToD), and Trivial File Transfer Protocol (TFTP) services for use in Data-over-Cable Service Interface Specifications (DOCSIS) networks. In addition, this chapter provides information about optional configurations that can be used with external DHCP servers.
Feature Specifications for DHCP, ToD, and TFTP Services
Feature History
|
Release
|
Modification
|
Release 11.3 NA
|
The cable source-verify and ip dhcp commands are now supported on the Cisco uBR7200 series routers.
|
Release 12.0(4)XI
|
The cable time-server command is now supported.
|
Release 12.1(2)EC1
|
The following commands are now supported on the Cisco IOS Release 12.1 EC train:
• cable config-file
•cable dhcp-giaddr
•cable helper-address
The cable source-verify command has been expanded to include the dhcp keyword.
|
Release 12.1(5)EC1
|
The Cisco uBR7100 series routers are now supported
|
Release 12.2(4)BC1
|
The Cisco uBR7100 series, Cisco uBR7200 series, and Cisco uBR10012 routers now support the above commands.
|
Release 12.1(11b)EC1, Release 12.2(8)BC2
|
The cable tftp-enforce command is now supported.
|
Release 12.1(13)EC, Release 12.2(11)BC1
|
The cable source-verify command has been expanded to include the leasetimer keyword.
|
Release 12.3(13)BC
|
The cable source-verify dhcp command has been expanded to allow exclusion of MAC addresses.
|
Release 12.3(21)BC
|
The cable helper-address command has been expanded to further specify where to forward DHCP packets based on origin: from a cable modem, MTA, STB, or other cable devices.
The cable dhcp-insert command allows users to configure the CMTS to insert descriptors into DHCP packets using option 82. DHCP servers can then detect cable modem clones and extract geographical information.
The show cable modem docsis device-class command is now supported.
|
Supported Platforms
|
Cisco uBR7100 series, Cisco uBR7200 series, Cisco uBR10012 universal broadband routers.
|
Finding Support Information for Platforms and Cisco IOS Software Images
Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.
Contents
•Prerequisites for DHCP, ToD, and TFTP Services
•Restrictions for DHCP, ToD, and TFTP Services
•Information About DHCP, ToD, and TFTP Services
•How to Configure DHCP, ToD, and TFTP Services
•Configuration Examples
•Additional References
Prerequisites for DHCP, ToD, and TFTP Services
•Cisco recommends the most current Cisco IOS Release 12.1 EC software release for DOCSIS 1.0 operations. For DOCSIS 1.1 operations, Cisco recommends the most current Cisco IOS Release 12.2 BC software release.
•A separate DOCSIS configuration file editor is required to build DOCSIS 1.1 configuration files, because the internal DOCSIS configuration file editor that is onboard the Cisco CMTS router supports only DOCSIS 1.0 configuration files.
•To be able to use the Cisco CMTS as the ToD server, either alone or along with other, external ToD servers, you must configure the DHCP server to provide the IP address Cisco CMTS as one of the valid ToD servers (DHCP option 4) for cable modems.
Restrictions for DHCP, ToD, and TFTP Services
•The "all-in-one" configuration should not be used as the only set of servers except for small cable plants (approximately 2,500 cable modems, lab environments, initial testing, small deployments, and troubleshooting. The "all-in-one" configuration can be used in larger networks, however, to supplement other redundant and backup servers.
•The ToD server must use the UDP protocol to conform to DOCSIS specifications.
•For proper operation of the DOCSIS network, especially a DOCSIS 1.1 network using BPI+ encryption and authentication, the system clock on the Cisco CMTS must be set accurately. You can achieve this by manually using the set clock command, or by configuring the CMTS to use either the Network Time Protocol (NTP) or the Simple Network Time Protocol (SNTP).
•The internal DHCP server that is onboard the Cisco CMTS router does not support the cable source-verify command.
Information About DHCP, ToD, and TFTP Services
This section provides the following information about the DHCP, ToD, and TFTP Services feature, and its individual components:
•Feature Overview
•Internal DHCP Server
•External DHCP Servers
•Time-of-Day Server
•TFTP Server
Feature Overview
All Cisco CMTS platforms support onboard servers that provide DHCP, ToD, and TFTP services for use in DOCSIS cable networks. These servers provide the registration services needed by DOCSIS 1.0- and 1.1-compliant cable modems:
•Internal DHCP Server—Provides the cable modem with an IP address, a subnet mask, default gateway, and other IP related parameters. The cable modem connects with the DHCP server when it initially powers on and logs on to the cable network.
•External DHCP Servers—Provides the same functionality as the onboard DHCP server, but external DHCP servers are usually part of an integrated provisioning system that is more suitable when managing large cable networks.
•Time-of-Day Server—Provides an RFC 868-compliant ToD service so that cable modems can obtain the current date and time during the registration process. The cable modem connects with the ToD server after it has obtained its IP address and other DHCP-provided IP parameters.
Although cable modems do not need to successfully complete the ToD request before coming online, this allows them to add accurate timestamps to their event logs so that these logs are coordinated to the clock used on the CMTS. In addition, having the accurate date and time is essential if the cable modem is trying to register with Baseline Privacy Interface Plus (BPI+) encryption and authentication.
•TFTP Server—Downloads the DOCSIS configuration file to the cable modem. The DOCSIS configuration file contains the operational parameters for the cable modem. The cable modem downloads its DOCSIS configuration file after connecting with the ToD server.
You can configure and use each server separately, or you can configure an "all-in-one" configuration so that the CMTS acts as a DHCP, ToD, and TFTP server. With this configuration, you do not need any additional servers, although additional servers provide redundancy, load-balancing, and scalability.
Note You can add additional servers in a number of ways. For example, most cable operators use Cisco Network Registrar (CNR) to provide the DHCP and TFTP servers. ToD servers are freely available for most workstations and PCs. You can install the additional servers on one workstation or PC or on different workstations and PCs.
Internal DHCP Server
At power-up, DOCSIS cable modems send a broadcast message through the cable interface to find a DHCP server that can provide the information needed for IP connectivity across the network. After the cable modem comes online, the CPE devices connected to the cable modem can also make their own DHCP requests. You can configure all Cisco CMTS platforms to act as DHCP servers that provide the IP addressing and other networking information that is needed by DOCSIS cable modems and their CPE devices.
DHCP Field Options
In its DHCP request message, the cable modem identifies itself by its MAC hardware address. In reply, a DOCSIS-compatible DHCP server should provide, at minimum, the following fields when replying to cable modems that are authorized to access the cable network:
•yiaddr—IP address for the cable modem.
•Subnet Mask (option 1)—IP subnet mask for the cable modem.
•siaddr—IP address for the TFTP server that will provide the DOCSIS configuration file.
•file—Filename for the DOCSIS configuration file that the cable modem must download.
•Router Option (option 3)—IP addresses for one or more gateways that will forward the cable modem traffic.
•Time Server Option (option 4)—One or more ToD servers from which the cable modem can obtain its current date and time.
•Time Offset (option 2)—Universal Coordinated Time (UTC) that the cable modem should use in calculating local time.
•giaddr—IP address for a DHCP relay agent, if the DHCP server is on a different network from the cable modem.
•Log Server Option (option 7)—IP address for one or more SYSLOG servers that the cable modem should send error messages and other logging information (optional).
•IP Address Lease Time (option 51)—Number of seconds for which the IP address is valid, at which point the cable modem must make another DHCP request.
If you decide to also provide IP addresses to the CPE devices connected to the cable modems, the DHCP server must also provide the following information for CPE devices:
•yiaddr—IP address for the CPE device.
•Subnet Mask (option 1)—IP subnet mask for the CPE device.
•Router Option, option 3—IP addresses for one or more gateways that will forward the CPE traffic.
•Domain Name Server Option (option 6)—IP addresses for the domain name system (DNS) servers that will resolve hostnames to IP addresses for the CPE devices.
•Domain Name (option 15)—Fully-qualified domain name that the CPE devices should add to their hostnames.
•IP Address Lease Time (option 51)—Number of seconds for which the IP address is valid, at which point the CPE device must make another DHCP request.
The DHCP server on the Cisco CMTS can also provide a number of options beyond the minimum that are required for network operation. A basic configuration is suitable for small installations as well as lab and experimental networks.
You can also configure the CMTS in a more complex configuration that uses the functionality of DHCP pools. DHCP pools are configured in a hierarchical fashion, according to their network numbers. A DHCP pool with a network number that is a subset of another pool's network number inherits all of the characteristics of the larger pool.
DHCP Security Options
Because the DOCSIS specification requires cable modems to obtain their IP addresses from a DHCP server, cable networks are susceptible to certain types of configuration errors and theft-of-service attacks, including:
•Duplicate IP addresses being assigned to two or more cable modems or CPE devices
•Duplicate MAC addresses being reported by two or more cable modems or CPE devices
•Unauthorized use of a DHCP-assigned IP address as a permanent static address
•One user hijacking a valid IP address from another user and using it on a different network device
•Configuring IP addresses with network addresses that are not authorized for a cable segment
•Unauthorized ARP requests on behalf of a cable segment, typically as part of a theft-of-service attack
To help combat these attacks, the Cisco CMTS dynamically maintains a database that links the MAC and IP addresses of known CPE devices with the cable modems that are providing network access for those CPE devices. The CMTS builds this database using information from both internal and external DHCP servers:
•When using the internal DHCP server, the CMTS automatically populates the database from the DHCP requests and replies that are processed by the server.
•When using an external server, the CMTS populates the database by inspecting all broadcast DCHP transactions that are sent over a cable interface between the cable modems and CPE devices on that interface and the DHCP servers.
Note The Cisco CMTS also monitors IP traffic coming from CPE devices to associate their IP and MAC addresses with the cable modem that is providing their Internet connection.
The CMTS can also use the DHCP Relay Agent Information option (DHCP option 82) to send particular information about a cable modem, such as its MAC address and the cable interface to which it is connected. If the DHCP server cannot match the information with that belonging to a cable modem in its database, the CMTS knows that the device is a CPE device. This allows the CMTS and DHCP server to retain accurate information about which CPE devices are using which cable modems and whether the devices should be allowed network access.
The DHCP Relay Agent can also be used to identify cloned modems or gather geographical information for E911 and other applications. Using the cable dhcp-insert command, users configure the CMTS to insert downstream, upstream, or hostname descriptors into DHCP packets. A DHCP server can then utilize such information to detect cloned modems or extract geographical information. Multiple types of strings can be configured as long as the maximum relay information option size is not exceeded.
Multiple DHCP Pools
You can also configure any number of DHCP pools for the DHCP server to use in assigning IP addresses. A single pool can be used for a basic configuration, or you can optionally create separate pools for cable modems and CPE devices. You can also use DHCP address pools to provide special services, such as static IP addresses, to customers who are paying for those service.
When creating multiple DHCP pools, you can configure them independently, or you can optionally create a hierarchical structure of pools that are organized according to their network numbers. A DHCP pool that has a network number that is a subset of another pool's network number inherits all of the characteristics of the larger pool. In addition to the inherited characteristics, you can further customize each pool with any number of options.
The advantage of DHCP pools is that you can create a number of different DHCP configurations for particular customers or applications, without having to repeat CLI commands for the parameters that the pools have in common. You can also change the configuration of one pool without affecting customers in other pools.
External DHCP Servers
The Cisco CMTS router provides the following optional configurations that can enhance the operation and security of external DHCP servers that you are using on the DOCSIS cable network:
•Cable Source Verify Feature
•Smart Relay Feature
•Giaddr Field
Cable Source Verify Feature
To combat theft-of-service attacks, you can enable the cable source-verify command on the cable interfaces on the Cisco CMTS router. This feature uses the router's internal database to verify the validity of the IP packets that the CMTS receives on the cable interfaces, and provides three levels of protection:
•At the most basic level of protection, the Cable Source Verify feature examines every IP upstream packet to prevent duplicate IP addresses from appearing on the cable network. If a conflict occurs, the CMTS recognizes only packets coming from the device that was assigned the IP address by the DHCP server. The devices with the duplicate addresses are not allowed network address. The CMTS also refuses to recognize traffic from devices with IP addresses that have network addresses that are unauthorized for that particular cable segment.
•Adding the dhcp option to the cable source-verify command provides a more comprehensive level of protection by preventing users from statically assigning currently-unused IP addresses to their devices. When the Cisco CMTS receives a packet with an unknown IP address on a cable interface, the CMTS drops the packet but also issues a DHCP LEASEQUERY message that asks the DHCP servers for any information about that device's IP and MAC addresses. If the DHCP servers do not return any information about the device, the CMTS continues to block network access for the device.
•When you use the dhcp option, you can also enable the leasetimer option, which instructs the CMTS to periodically check its internal CPE database for IP addresses whose lease times have expired. CPE devices that are using expired IP addresses are denied further access to the network until they renew their IP addresses from a valid DHCP server. This can prevent users from taking DHCP-assigned IP addresses and assigning them as static addresses to their CPE devices.
Smart Relay Feature
The Cisco CMTS supports a Smart Relay feature (the ip dhcp smart-relay command), which automatically switches a cable modem or CPE device to secondary DHCP servers or address pools if the primary server runs out of IP addresses or otherwise fails to respond with an IP address. The relay agent attempts to forward DHCP requests to the primary server three times. After three attempts with no successful response from the primary, the relay agent automatically switches to the secondary server.
When you are using the cable dhcp-giaddr policy command to specify that CPE devices should use secondary DHCP pools corresponding to the secondary addresses on a cable interface, the smart relay agent automatically rotates through the available secondary in a round robin fashion until an available pool of addresses is found. This ensures that clients are not locked out of the network because a particular pool has been exhausted.
Giaddr Field
When using separate IP address pools for cable modems and CPE devices, you can use the cable dhcp-giaddr policy command to specify that cable modems should use address from the primary pool and that CPE devices should use addresses from the secondary pool. The default is for the CMTS to send all DHCP requests to the primary DHCP server, and the secondary servers are used only if the primary server does not respond.
Time-of-Day Server
The Cisco CMTS can function as a ToD server that provides the current date and time to the cable modems and other customer premises equipment (CPE) devices connected to its cable interfaces. This allows the cable modems and CPE devices to accurately timestamp their Simple Network Management Protocol (SNMP) messages and error log entries, as well as ensure that all of the system clocks on the cable network are synchronized to the same system time.
Tip The initial ToD server on the Cisco CMTS did not work with some cable modems that used an incompatible packet format. This problem was resolved in Cisco IOS Release 12.1(8)EC1 and later 12.1 EC releases, and in Cisco IOS Release 12.2(4)BC1 and later 12.2 BC releases.
The current DOCSIS 1.0 and 1.1 specifications require that all DOCSIS cable modems request the following time-related fields in the DHCP request they send during their initial power-on provisioning:
•Time Offset (option 2)—Specifies the time zone for the cable modem or CPE device, in the form of the number of seconds that the device's timestamp is offset from Greenwich Mean Time (GMT).
•Time Server Option (option 4)—Specifies one or more IP addresses for a ToD server.
After a cable modem successfully acquires a DHCP lease time, it then attempts to contact one of the ToD servers provided in the list provided by the DHCP server. If successful, the cable modem updates its system clock with the time offset and timestamp received from the ToD server.
If a ToD server cannot be reached or if it does not respond, the cable modem eventually times out, logs the failure with the CMTS, and continues on with the initialization process. The cable modem can come online without receiving a reply from a ToD server, but it must periodically continue to reach the ToD server at least once in every five-minute period until it successfully receives a ToD reply. Until it reaches a ToD server, the cable modem must initialize its system clock to midnight on January 1, 1970 GMT.
Note Initial versions of the DOCSIS 1.0 specification specified that the cable device must obtain a valid response from a ToD server before continuing with the initialization process. This requirement was removed in the released DOCSIS 1.0 specification and in the DOCSIS 1.1 specifications. Cable devices running older firmware that is compliant with the initial DOCSIS 1.0 specification, however, might require receiving a reply from a ToD server before being able to come online.
Because cable modems will repeatedly retry connecting with a ToD server until they receive a successful reply, you should consider activating the ToD server on the Cisco CMTS, even if you have one or more other ToD servers at the headend. This ensures that an online cable modem will always be able to connect with the ToD server on the Cisco CMTS, even if the other servers go down or are unreachable because of network congestion, and therefore will not send repeated ToD requests.
Tip To be able to use the Cisco CMTS as the ToD server, either alone or with other, external servers, you must configure the DHCP server to provide the IP address Cisco CMTS as one of the valid ToD servers (DHCP option 4) for cable modems. See "Creating and Configuring a DHCP Address Pool for Cable Modems" section for details on this configuration.
In addition, although the DOCSIS specifications do not require that a cable modem successfully obtain a response from a ToD server before coming online, not obtaining a timestamp could prevent the cable modem from coming online in the following situations:
•If DOCSIS configuration files are being timestamped, to prevent cable modems from caching the files and replaying them, the clocks on the cable modem and CMTS must be synchronized. Otherwise, the cable modem cannot determine whether a DOCSIS configuration file has the proper timestamp.
•If cable modems register using Baseline Privacy Interface Plus (BPI+) authentication and encryption, the clocks on the cable modem and CMTS must be synchronized. This is because BPI+ authorization requires that the CMTS and cable modem verify the timestamps on the digital certificates being used for authentication. If the timestamps on the CMTS and cable modem are not synchronized, the cable modem cannot come online using BPI+ encryption.
Note DOCSIS cable modems must use RFC 868-compliant ToD server to obtain the current system time. They cannot use the Network Time Protocol (NTP) or Simple Network Time Protocol (SNTP) service for this purpose. However, the Cisco CMTS can use an NTP or SNTP server to set its own system clock, which can then be used by the ToD server. Otherwise, you must manually set the clock on the CMTS using the clock set command each time that the CMTS boots up.
Tip Additional servers can be provided by workstations or PCs installed at the cable headend. UNIX and Solaris systems typically include a ToD server as part of the operating system, which can be enabled by putting the appropriate line in the inetd.conf file. Windows systems can use shareware servers such as Greyware and Tardis. The DOCSIS specifications require that the ToD servers use the User Datagram Protocol (UDP) protocol instead of the TCP protocol for its packets.
TFTP Server
All Cisco CMTS platforms can be configured to provide a TFTP server that can provide the following types of files to DOCSIS cable modems:
•DOCSIS Configuration File—After a DOCSIS cable modem has acquired a DHCP lease and attempted to contact a ToD server, the cable modem uses TFTP to download a DOCSIS configuration file from an authorized TFTP server. The DHCP server is responsible for providing the name of the DOCSIS configuration file and IP address of the TFTP server to the cable modem.
•Software Upgrade File—If the DOCSIS configuration file specifies that the cable modem must be running a specific version of software, and the cable modem is not already running that software, the cable modem must download that software file. For security, the cable operator can use different TFTP servers for downloading DOCSIS configuration files and for downloading new software files.
•Cisco IOS Configuration File—The DOCSIS configuration file for Cisco cable devices can also specify that the cable modem should download a Cisco IOS configuration file that contains command-line interface (CLI) configuration commands. Typically this is done to configure platform-specific features such as voice ports or IPSec encryption.
Note Do not confuse the DOCSIS configuration file with the Cisco IOS configuration file. The DOCSIS configuration file is a binary file in the particular format that is specified by the DOCSIS specifications, and each DOCSIS cable modem must download a valid file before coming online. In contrast, the Cisco IOS configuration file is an ASCII text file that contains one or more Cisco IOS CLI configuration commands. Only Cisco cable devices can download a Cisco IOS file.
All Cisco CMTS platforms can be configured as TFTP servers that can upload these files to the cable modem. The files can reside on any valid device but typically should be copied to the Flash memory device inserted into the Flash disk slot on the Cisco CMTS.
In addition, the Cisco CMTS platform supports an internal DOCSIS configuration file editor in Cisco IOS Release 12.1(2)EC, Cisco IOS Release 12.2(4)BC1, and later releases. When you create a DOCSIS configuration file using the internal configuration file editor, the CMTS stores the configuration file in the form of CLI commands. When a cable modem requests the DOCSIS configuration file, the CMTS then dynamically creates the binary version of the file and uploads it to the cable modem.
Note The internal DOCSIS configuration file editor supports only DOCSIS 1.0 configuration files. For more information, see the "Internal DOCSIS Configurator File Generator for the Cisco CMTS" document at the following URL:
/en/US/docs/cable/cmts/feature/guide/ufgCFile.html
To create DOCSIS 1.1 configuration files, you must use a separate configuration editor, such as the Cisco DOCSIS Configurator tool, which at the time of this document's publication is available on Cisco.com at the following URL:
http://www.cisco.com/pcgi-bin/tablebuild.pl/cpe-conf
For enhanced security, current versions of Cisco IOS software for Cisco CMTS platforms include a "TFTP Enforce" feature (cable tftp-enforce command) that allows you to require that all cable modems must attempt a TFTP download through the cable interface before being allowed to come online. This prevents a common theft-of-service attack in which hackers reconfigure their local network so that a local TFTP server downloads an unauthorized DOCSIS configuration file to the cable modem. This ensures that cable modems download only a DOCSIS configuration file that provides the services they are authorized to use.
Benefits
•The "all-in-one" configuration allows you to set up a basic cable modem network without having to invest in additional servers and software. This configuration can also help troubleshoot plant and cable modem problems.
•The DHCP configuration can more effectively assigns and manages IP addresses from specified address pools within the CMTS to the cable modems and their CPE devices.
•The Cisco CMTS can act as a primary or backup ToD server to ensure that all cable modems are synchronized with the proper date and time before coming online. This also enables cable modems to come online more quickly because they will not have to wait for the ToD timeout period before coming online.
•The ToD server on the Cisco CMTS ensures that all devices connected to the cable network are using the same system clock, making it easier for you to troubleshoot system problems when you analyze the debugging output and error logs generated by many cable modems, CPE devices, the Cisco CMTS, and other services.
•The Cisco CMTS can act as a TFTP server for DOCSIS configuration files, software upgrade files, and Cisco IOS configuration files.
•You do not need a separate workstation or PC to create and store DOCSIS configuration files.
•The "TFTP Enforce" feature ensures that users download only an authorized DOCSIS configuration file and prevents one of the most common theft-of-service attacks.
How to Configure DHCP, ToD, and TFTP Services
See the following configuration tasks required to configure DHCP service, time-of-day service, and TFTP service on a Cisco CMTS:
•Configuring DHCP Service
•Configuring Time-of-Day Service
•Configuring TFTP Service
•Configuring A Basic All-in-One Configuration (optional)
•Configuring an Advanced All-in-One Configuration (optional)
•Optimizing the Use of an External DHCP Server
All procedures are required unless marked as optional (depending on the desired network configuration and applications).
Configuring DHCP Service
To configure the DHCP server on the Cisco CMTS, use the following procedures to create the required address pools for the server to use. You can create one pool for all DHCP requests (cable modems and CPE devices), or separate pools for cable modems and for CPE devices, as desired.
•Creating and Configuring a DHCP Address Pool for Cable Modems
•Creating and Configuring a DHCP Address Pool for CPE Devices (optional)
•Configuring the DHCP MAC Address Exclusion List for the cable-source verify dhcp Command
Creating and Configuring a DHCP Address Pool for Cable Modems
To use the DHCP server on the Cisco CMTS, you must create at least one address pool that defines the IP addresses and other network parameters that are given to cable modems that make DHCP requests. To create an address pool, use the following procedure, beginning in EXEC mode. Repeat this procedure as needed to create additional address pools.
SUMMARY STEPS
1. enable
2. configure terminal
3. ip dhcp pool name
4. network network-number [mask]
5. bootfile filename
6. next-server address [address2...address8]
7. default-router address [address2...address8]
8. option 2 hex gmt-offset
9. option 4 ip address [address2...address8]
10. option 7 ip address [address2...address8]
11. lease {days [hours][minutes] | infinite}
12. client-identifier unique-identifier
13. cable dhcp-insert {downstream-description | hostname | upstream-description}
14. exit
15. exit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
Router#
|
Enables privileged EXEC mode. Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
Router(config)#
|
Enters global configuration mode.
|
Step 3
|
ip dhcp pool name
Example:
Router(config)# ip dhcp pool local
Router(dhcp-config)#
|
Creates a DHCP address pool and enters DHCP pool configuration file mode. The name can be either an arbitrary string, such as service, or a number, such as 1.
|
Step 4
|
network network-number [mask]
Example:
Router(dhcp-config)# network 10.10.10.0
255.255.0.0
Router(dhcp-config)#
|
Configures the address pool with the specified network-number and subnet mask, which are the DHCP yiaddr field and Subnet Mask (DHCP option 1) field. If you do not specify the mask value, it s to 255.255.255.255.
Note To create an address pool with a single IP address, use the host command instead of network.
|
Step 5
|
bootfile filename
Example:
Router(dhcp-config)# bootfile platinum.cm
Router(dhcp-config)#
|
Specifies the name of the default DOCSIS configuration file (the DHCP file field) for the cable modems that are assigned IP addresses from this pool. The filename should be the exact name (including path) that is used to request the file from the TFTP server.
|
Step 6
|
next-server address [address2...address8]
Example:
Router(dhcp-config)# next-server 10.10.11.1
Router(dhcp-config)#
|
Specifies the IP address (the DHCP siaddr field) for the next server in the boot process of a DHCP client. For DOCSIS cable modems, this is the IP address for the TFTP server that provides the DOCSIS configuration file. You must specify at least one IP address, and can optionally specify up to eight IP addresses, in order of preference.
|
Step 7
|
default-router address [address2...address8]
Example:
Router(dhcp-config)# default-router 10.10.10.12
Router(dhcp-config)#
|
Specifies the IP address for the Router Option (DHCP option 3) field, which is the default router for the cable modems in this address pool. You must specify at least one IP address, and can optionally specify up to eight IP addresses, where the default routers are listed in their order of preference (address is the most preferred server, address2 is the next most preferred, and so on).
Note The first IP address must be the IP address for the cable interface that is connected to cable modems using this DHCP pool.
|
Step 8
|
option 2 hex gmt-offset
Example:
Router(dhcp-config)# option 2 hex FFFF.8F80
Router(dhcp-config)#
|
Specifies the Time Offset field (DHCP option 2), which is the local time zone, specified as the number of seconds, in hexadecimal, offset from Greenwich Mean Time (GMT). The following are some sample values for gmt-offset:
FFFF.8F80 = Offset of -8 hours (-28800 seconds, Pacific Time)
FFFF.9D90 = Offset of -7 hours (Mountain Time)
FFFF.ABA0 = Offset of -6 hours (Central Time)
FFFF.B9B0 = Offset of -5 hours (Eastern Time)
|
Step 9
|
option 4 ip address [address2...address8]
Example:
Router(dhcp-config)# option 4 ip 10.10.10.13
10.10.11.2
Router(dhcp-config)#
|
Specifies the Time Server Option field (DHCP option 4), which is the IP address of the time-of-day (ToD) server from which the cable modem can obtain its current date and time.
You must specify at least one IP address, and can optionally specify up to eight IP addresses, listed in their order of preference.
Note If you want to use the Cisco CMTS as the ToD server, you must enter its IP address as part of this command.
|
Step 10
|
option 7 ip address [address2...address8]
Example:
Router(dhcp-config)# option 7 ip 10.10.10.13
Router(dhcp-config)#
|
(Optional) Specifies the Log Server Option field (DHCP option 7), which is the IP address for a System Log (SYSLOG) server that the cable modem should send error messages and other logging information.
You can optionally specify up to eight IP addresses, listed in their order of preference.
|
Step 11
|
lease {days [hours][minutes]|infinite}
Example:
Router(dhcp-config)# lease 0 12 30
Router(dhcp-config)#
|
Specifies the IP Address Lease Time (option 51), which is the duration of the lease for the IP address that is assigned to the cable modem. Before the lease expires, the cable modem must make another DHCP request to remain online. The default is one day.
You can specify the lease time as follows:
•days =Duration of the lease in numbers of days (0 to 365).
•hours = Number of hours in the lease (0 to 23, optional). A days value must be supplied before you can configure an hours value.
•minutes = Number of minutes in the lease (0 to 59, optional). A days value and an hours value must be supplied before you can configure a minutes value.
•infinite = Unlimited lease duration.
Note In most cable networks, cable modems cannot come online if the lease time is less than 3 minutes. For stability in most cable networks, the minimum lease time should be 5 minutes.
|
Step 12
|
client-identifier unique-identifier
Example:
Router(dhcp-config)# client-identifier
0100.0C01.0203.04
Router(dhcp-config)#
|
(Optional) Specifies the MAC address that identifies the particular cable modem that should receive the parameters from this pool. The unique-identifier is created by combining the one-byte Ethernet identifier ("01") with the six-byte MAC address for the cable modem. For example, to specify a cable modem with the MAC address of 9988.7766.5544, specify a unique-identifier of 0199.8877.6655.44.
Note This option should be used only for DHCP pools that assign a static address to a single cable modem.
|
Step 13
|
cable dhcp-insert {downstream-description |
hostname | upstream-description}
|
(Optional) Specifies which descriptors to append to DHCP packets. The DHCP server can then use these descriptors to identify cable modem clones and extract geographical information:
•downstream-description = Received DHCP packets are appended with downstream port descriptors.
•hostname = Received DHCP packets are appended with the router host names.
•upstream-description = Received DHCP packets are appended with upstream port descriptors.
Note Multiple types of descriptor strings can be configured as long as the maximum relay information option size is not exceeded.
|
Step 14
|
exit
Example:
Router(dhcp-config)# exit
Router(config)#
|
Exits DHCP configuration mode.
|
Step 15
|
exit
Example:
Router(config)# exit
Router#
|
Exits global configuration mode.
|
Creating and Configuring a DHCP Address Pool for CPE Devices (optional)
In addition to providing IP addresses for cable modems, the DHCP server on the Cisco CMTS server can optionally provide IP addresses and other network parameters to the customer premises equipment (CPE) devices that are connected to the cable modems on the network. To do so, create a DHCP address pool for those CPE devices, using the following procedure, beginning in EXEC mode. Repeat this procedure as needed to create additional address pools.
Note You can use the same address pools for cable modems and CPE devices, but it simplifies network management to maintain separate pools.
SUMMARY STEPS
1. enable
2. configure terminal
3. ip dhcp pool name
4. network network-number [mask]
5. default-router address [address2...address8]
6. dns-server address [address2...address8]
7. domain-name domain
8. lease {days [hours][minutes] | infinite}
9. client-identifier unique-identifier
10. exit
11. exit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
Router#
|
Enables privileged EXEC mode. Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
Router(config)#
|
Enters global configuration mode.
|
Step 3
|
ip dhcp pool name
Example:
Router(config)# ip dhcp pool local
Router(dhcp-config)#
|
Creates a DHCP address pool and enters DHCP pool configuration file mode. The name can be either an arbitrary string, such as service, or a number, such as 1.
|
Step 4
|
network network-number [mask]
Example:
Router(dhcp-config)# network 10.10.10.0
255.255.0.0
Router(dhcp-config)#
|
Configures the address pool with the specified network-number and subnet mask, which are the DHCP yiaddr field and Subnet Mask (DHCP option 1) field. If you do not specify the mask value, it defaults to 255.255.255.255.
Note To create an address pool with a single IP address, use the host command instead of network.
|
Step 5
|
default-router address [address2...address8]
Example:
Router(dhcp-config)# default-router 10.10.10.12
Router(dhcp-config)#
|
Specifies the IP address for the Router Option (DHCP option 3) field, which is the default router for the cable modems and CPE devices in this address pool. You must specify at least one IP address, and can optionally specify up to eight IP addresses, where the default routers are listed in order of preference (address is the most preferred server, address2 is the next most preferred, and so on).
|
Step 6
|
dns-server address [address2...address8]
Example:
Router(dhcp-config)# dns-server 10.10.10.13
Router(dhcp-config)#
|
Specifies one or more IP address for the Domain Name Server Option (DHCP option 6) field, which are the domain name system (DNS) servers that will resolve hostnames to IP addresses for the CPE devices. You must specify at least one IP address, and can optionally specify up to eight IP addresses, listed in order of preference.
|
Step 7
|
domain-name domain
Example:
Router(dhcp-config)# domain-name cisco.com
Router(dhcp-config)#
|
Specifies the Domain Name (DHCP option 15) field, which is the fully-qualified domain name that the CPE devices should add to their hostnames. The domain parameter should be the domain name used by devices on the cable network.
|
Step 8
|
lease {days [hours][minutes]|infinite}
Example:
Router(dhcp-config)# lease 0 12 30
Router(dhcp-config)#
|
Specifies the IP Address Lease Time (option 51), which is the duration of the lease for the IP address that is assigned to the CPE device. Before the lease expires, the CPE device must make another DHCP request to remain online. The default is one day.
You can specify the lease time as follows:
•days =Duration of the lease in numbers of days (0 to 365).
•hours = Number of hours in the lease (0 to 23, optional). A days value must be supplied before you can configure an hours value.
•minutes = Number of minutes in the lease (0 to 59, optional). A days value and an hours value must be supplied before you can configure a minutes value.
•infinite = Unlimited lease duration.
|
Step 9
|
client-identifier unique-identifier
Example:
Router(dhcp-config)# client-identifier
0100.0C01.0203.04
Router(dhcp-config)#
|
(Optional) Specifies the MAC address that identifies a particular CPE device that should receive the parameters from this pool. The unique-identifier is created by combining the one-byte Ethernet identifier ("01") with the six-byte MAC address for the device. For example, so specify a device with the MAC address of 9988.7766.5544, specify a unique-identifier of 0199.8877.6655.44.
Note This option should be used only for DHCP pools that assign a static address to a single CPE device.
|
Step 10
|
exit
Example:
Router(dhcp-config)# exit
Router(config)#
|
Exits DHCP configuration mode.
|
Step 11
|
exit
Example:
Router(config)# exit
Router#
|
Exits global configuration mode.
|
Configuring Time-of-Day Service
This section provides procedures for enabling and disabling the time-of-day (ToD) server on the Cisco CMTS routers.
Prerequisites
•To be able to use the Cisco CMTS as the ToD server, either alone or with other, external servers, you must configure the DHCP server to provide the IP address Cisco CMTS as one of the valid ToD servers (DHCP option 4) for cable modems. See "Creating and Configuring a DHCP Address Pool for Cable Modems" section for details on this configuration when using the internal DHCP server.
Enabling Time-of-Day Service
To enable the ToD server on a Cisco CMTS, use the following procedure, beginning in EXEC mode.
SUMMARY STEPS
1. enable
2. configure terminal
3. service udp-small-servers max-servers no-limit
4. cable time-server
5. exit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
Router#
|
Enables privileged EXEC mode. Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
Router(config)#
|
Enters global configuration mode.
|
Step 3
|
service udp-small-servers max-servers no-limit
Example:
Router(config)# service udp-small-servers
max-servers no-limit
Router(config)#
|
Enables use of minor servers that use the UDP protocol (such as ToD, echo, chargen, and discard).
The max-servers no-limit option allows a large number of cable modems to obtain the ToD server at one time, in the event that a cable or power failure forces many cable modems offline. When the problem has been resolved, the cable modems can quickly reconnect.
|
Step 4
|
cable time-server
Example:
Router(config)# cable time-server
Router(config)#
|
Enables the ToD server on the Cisco CMTS.
|
Step 5
|
exit
Example:
Router(config)# exit
Router#
|
Exits global configuration mode.
|
Disabling Time-of-Day Service
To disable the ToD server, use the following procedure, beginning in EXEC mode.
SUMMARY STEPS
1. enable
2. configure terminal
3. no cable time-server
4. no service udp-small-servers
5. exit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
Router#
|
Enables privileged EXEC mode. Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
Router(config)#
|
Enters global configuration mode.
|
Step 3
|
no cable time-server
Example:
Router(config)# cable time-server
Router(config)#
|
Disables the ToD server on the Cisco CMTS.
|
Step 4
|
no service udp-small-servers
Example:
Router(config)# no service udp-small-servers
Router(config)#
|
(Optional) Disables the use of all minor UDP servers.
Note Do not disable the minor UDP servers if you are also enabling the other DHCP or TFTP servers.
|
Step 5
|
exit
Example:
Router(config)# exit
Router#
|
Exits global configuration mode.
|
Configuring TFTP Service
To configure TFTP service on a Cisco CMTS where the CMTS can act as a TFTP server and download a DOCSIS configuration file to cable modems, perform the following steps:
•Create the DOCSIS configuration files using the DOCSIS configuration editor of your choice. You can also use the internal DOCSIS configuration file editor on the Cisco CMTS to create DOCSIS configuration files.
•Copy all desired files (DOCSIS configuration files, software upgrade files, and Cisco IOS configuration files) to the Flash memory device on the Cisco CMTS. Typically, this is done by placing the files first on an external TFTP server, and then using TFTP commands to transfer them to the router's Flash memory.
Note If you are using the internal DOCSIS configuration editor on the Cisco CMTS to create the DOCSIS configuration files, you do not need to copy the files to a Flash memory device because they are already part of the router's configuration.
•Enable the TFTP server on the Cisco CMTS with the tftp-server command.
•Optionally enable the TFTP enforce feature so that cable modems must attempt a TFTP download of the DOCSIS configuration file through the cable interface with the CMTS before being allowed to come online.
Each configuration task is required unless otherwise listed as optional.
Step 1 Use the show file systems command to display the Flash memory cards that are available on your CMTS, along with the free space on each card and the appropriate device names to use to access each card.
Most configurations of the Cisco CMTS platforms support both linear Flash and Flash disk memory cards. Linear Flash memory is accessed using the slot0 (or flash) and slot1 device names. Flash disk memory is accessed using the disk0 and disk1 device names.
For example, the following command shows a Cisco uBR7200 series router that has two linear Flash memory cards installed. The cards can be accessed by the slot0 (or flash) and slot1 device names.
Router# show file systems
Size(b) Free(b) Type Flags Prefixes
48755200 48747008 flash rw slot0: flash:
16384000 14284000 flash rw slot1:
32768000 31232884 flash rw bootflash:
522232 507263 nvram rw nvram:
The following example shows a Cisco uBR10012 router that has two Flash disk cards installed. These cards can be accessed by the disk0 and sec-disk0 device names.
Router# show file systems
Size(b) Free(b) Type Flags Prefixes
- - flash rw slot0: flash:
32768000 29630876 flash rw bootflash:
* 128094208 95346688 disk rw disk0:
* 128094208 95346688 disk rw sec-disk0:
32768000 29630876 flash rw sec-bootflash:
522232 505523 nvram rw nvram:
Tip The Cisco uBR10012 router supports redundant processors, a primary and a secondary, and each processor contains its own Flash memory devices. You typically do not have to copy files to the secondary Flash memory devices (which have the sec prefix) because the Cisco uBR10012 router synchronizes the secondary processor to the primary one.
Step 2 Verify that the desired Flash memory card has sufficient free space for all of the files that you want to copy to the CMTS.
Step 3 Use the ping command to verify that the remote TFTP server that contains the desired files is reachable. For example, the following shows a ping command being given to an external TFTP server with the IP address of 10.10.10.1:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.1, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 5/6/6 ms
Step 4 Use the copy tftp devname command to copy each file from the external TFTP server to the appropriate Flash memory car
