Cisco uBR10012 Universal Broadband Router Software Configuration Guide - Chapter 2: Configuring the Cable Modem Termination System for the First Time [Cisco uBR10000 Series Universal Broadband Routers]

Table Of Contents

Configuring the Cable Modem Termination System for the First Time

Preparing for Configuration

Understanding Cisco uBR10012 Router Configuration Fundamentals

Using the Enable Secret and the Enable Passwords

Setting Password Protection

Replacing or Recovering a Lost Password

Configuring the Cisco uBR10012 Router Using AutoInstall

Preparing for the AutoInstall Process

Configuring the Cisco uBR10012 Router Using the Setup Facility

Configuring Global Parameters

Configuring Upstream Frequencies

Configuring Individual Upstream Modulation Profiles

Configuring the Cisco uBR10012 Router Manually Using Configuration Mode

Configuring the Cable Interface with the Extended Setup Facility

MAC-Layer Addressing

Identifying the Cable Interface Line Card

Identifying CM Line Cards

Identifying CM Line Card Slots

Configuring Global Parameters

Saving Your Configuration Settings

Reviewing Your Settings and Configurations

Viewing Sample Configuration Files

Baseline Privacy Interface Configuration Files

Configuring the Cable Modem Termination System for the First Time

This chapter describes how to start up and configure the Cisco uBR10000 series Cable Modem Termination System (CMTS) for the first time. The chapter contains the following sections:

Section

Purpose

"Preparing for Configuration" section

Identifies tasks and analysis that you must complete prior to powering on and configuring the Cisco uBR10012 router.

"Understanding Cisco uBR10012 Router Configuration Fundamentals" section

Describes the basic principles of using passwords and summarizes the initial router configuration utilities that are available to you. The remainder of this chapter provides instructions for each utility.

"Configuring the Cisco uBR10012 Router Using AutoInstall" section

Describes how to use the AutoInstall process, which is designed to configure the Cisco uBR10012 router automatically after connection to your WAN.

"Configuring the Cisco uBR10012 Router Using the Setup Facility" section

Describes how to use the Setup facility (also called the System Configuration dialog) for configuring your CMTS, an alternative to AutoInstall. The Setup facility supports several functions so that cable interfaces and cable interface line cards are fully operational (after initial setup). Use the Setup facility prior to completing a WAN or LAN connection to your router.

"Configuring the Cisco uBR10012 Router Manually Using Configuration Mode" section

Describes how to configure the Cisco uBR10012 router manually if you prefer not to use the Setup or AutoInstall facilities.

"Configuring the Cable Interface with the Extended Setup Facility" section

Provides instructions for using the Setup facility to create an initial configuration. The extended setup prompts you to configure each interface on the system.

"Reviewing Your Settings and Configurations" section

Provides commands to check your settings and review any changes to your configuration.

Preparing for Configuration

Complete these prerequisite steps before you power on and configure the Cisco uBR10012 router:

•Ensure that your network supports reliable broadband data transmission. Your plant must be swept, balanced, and certified based on National Television Standards Committee (NTSC) or appropriate international cable plant recommendations. Ensure your plant meets all Data-over-Cable Service Interface Specifications (DOCSIS) downstream and upstream radio frequency (RF) requirements.

•Ensure that your Cisco uBR10012 router is installed according to the instructions in the hardware installation guide that came with your CMTS.

•Ensure that all other required headend or distribution hub routing and network interface equipment is installed, configured, and operational (based on the supported services). This includes:

–All routers

–Servers (Dynamic Host Configuration Protocol (DHCP) servers, Trivial File Transfer Protocol (TFTP) servers, and time-of-day (ToD) servers)

–Network management systems

–Other configuration or billing systems

•Ensure that DHCP and DOCSIS configuration files have been created and pushed to appropriate servers so that each CM, when initialized, can:

–Transmit a DHCP request

–Receive an IP address

–Obtain TFTP and ToD server addresses

–Download a DOCSIS configuration file (or updated software image if using Cisco uBR924 cable access routers or Cisco uBR910 cable data service units (DSUs) in your network)

•Ensure that customer premises equipment (CPE)—CMs or set-top boxes (STBs), PCs, telephones, or facsimile machines—meet requirements for your network and service offerings.

•Be familiar with your channel plan to assign appropriate frequencies. Outline your strategies for setting up bundling, if applicable to your headend or distribution hub. As appropriate, obtain:

–Passwords

–IP addresses

–Subnet masks

–Device names

After these prerequisites are met, you are ready to configure the Cisco uBR10012 router. This includes, at a minimum:

•Configuring a host name and password for the Cisco uBR10012 router

•Configuring the CMTS to support IP over the cable plant and network backbone

Caution If you plan to use service-class-based provisioning, the service classes must be configured at the CMTS before CMs attempt to make a connection.

Understanding Cisco uBR10012 Router Configuration Fundamentals

This section describes the basic parameters of using passwords.

Note These sections provide minimal configuration instructions. For additional configuration information, refer to subsequent chapters in this guide. For examples of Cisco uBR10000 series CMTS configuration files, refer to the "Viewing Sample Configuration Files" section.

Tip Be sure that you have appropriate addresses and values based on your network before you attempt to configure the router. Enter the show version command to display the release of Cisco IOS software on your router.

Using the Enable Secret and the Enable Passwords

The Cisco uBR10012 router is administered using the Cisco command interpreter, called the EXEC. You must boot and log in to the router before you can enter an EXEC command.

Step 1 Connect a terminal to the I/O controller console port of the Cisco uBR10012 router and establish a terminal session. You can open a Terminal application (Hyper Terminal) on a PC as follows:

a. Connect using: Direct to Com 1

b. Set bits per second: 9600

c. Set data bits: 8

d. Set parity: none

e. Set stop bit: 1

f. Set flow control: none

Step 2 Power on the Cisco uBR10000 series. Enter no to choose the normal operating mode of the router. The user EXEC prompt appears:
Would you like to enter the initial dialog?[yes]: no
Router> 
Setting Password Protection

Note For security purposes, the EXEC has two levels of access to commands: user EXEC mode and privileged EXEC mode. The commands available at the user level are a subset of those available at the privileged level.

Tip Because many privileged-level EXEC commands are used to set operating parameters, password-protect these commands to prevent unauthorized use.

At the EXEC prompt, enter one of the following two commands to set password protection:

•enable secret password (which is a very secure, encrypted password)

•enable password (which is a less secure, nonencrypted password)

To gain access to privileged-level commands, enter the desired password.

Note An enable secret password can contain from 1 to 25 uppercase and lowercase alphanumeric characters. An enable password can contain any number of uppercase and lowercase alphanumeric characters. A number cannot be the first character. Spaces are valid password characters; for example, "two words" is a valid password. Leading spaces are ignored. Trailing spaces are recognized. Alphanumeric characters are recognized as uppercase or lowercase.

Passwords should be different for maximum security. If you enter the same password for both during the setup script, the system accepts it, but you receive a warning message indicating that you should enter a different password.

Replacing or Recovering a Lost Password

This section describes how to recover a lost enable or console login password and how to replace a lost enable secret password on your Cisco uBR10012 router.

Note It is possible to recover the enable or console login password. The enable secret password is encrypted, however, and must be replaced with a new enable secret password.

Overview of the Password Recovery Process

Following is an overview of the general steps in the password recovery procedure:

Step 1 If you can log in to the router, enter the show version command to determine the existing configuration register value.

Step 2 Press the Break key to get to the bootstrap program prompt (ROM monitor). You might need to reload the system image by power cycling the router.

Step 3 Change the configuration register so that the following functions are enabled:

•Break

•Ignore startup configuration

•Boot from Flash memory

Note The key to recovering a lost password is to set the configuration register bit 6 (0x0040) so that the startup configuration (usually in NVRAM) is ignored. This allows you to log in without using a password and to display the startup configuration passwords. Cisco recommends setting the configuration register to 0x142.

Step 4 Power cycle the router by turning power off and then back on.

Step 5 Log in to the router and enter the privileged EXEC mode.

Step 6 Enter the show startup-config command to display the passwords.

Step 7 Recover or replace the displayed passwords.

Step 8 Change the configuration register back to its original setting.

Note To recover a lost password if Break is disabled on the router, you must have physical access to the router.

Replacing or Recovering Passwords

Complete the following steps to recover or replace a lost enable, enable secret, or console login password:

Step 1 Attach an ASCII terminal to the console port on your Cisco uBR10012 router.

Step 2 Configure the terminal to operate at 9600 baud, 8 data bits, no parity, and 2 stop bits.

Step 3 If you can log in to the router as a nonprivileged user, enter the show version command to display the existing configuration register value. Note the value for later use. If you cannot log in to the router at all, continue with the next step.

Step 4 Press the Break key or send a Break from the console terminal.

•If Break is enabled, the router enters the ROM monitor, indicated by the ROM monitor prompt (rommon n>), where n is the number of the command line. Proceed to Step 6.

•If Break is disabled, power cycle the router (turn the router off or unplug the power cord, and then restore power). Proceed to Step 5.

Step 5 Within 60 seconds of restoring the power to the router, press the Break key or send a Break. This action causes the router to enter the ROM monitor and display the ROM monitor prompt (rommon 1>).

Step 6 To set the configuration register on a Cisco uBR10012 router, use the configuration register utility by entering the confreg command at the ROM monitor prompt as follows:
rommon 1> confreg
Answer yes to the enable ignore system config info? prompt and note the current configuration register settings.

Step 7 Initialize the router by entering the reset command as follows:
rommon 2> reset
The router initializes, the configuration register is set to 0x142, the router boots the system image from Flash memory and enters the System Configuration dialog (setup), as follows:
--- System Configuration Dialog --
Step 8 Enter no in response to the System Configuration dialog prompts until the following message appears:
Press RETURN to get started!
Step 9 Press Return. The user EXEC prompt appears as follows:
Router>
Step 10 Enter the enable command to enter privileged EXEC mode.

Step 11 Enter the show startup-config command to display the passwords in the configuration file as follows:
Router# show startup-config
Step 12 Scan the configuration file display looking for the passwords; the enable passwords are usually near the beginning of the file, and the console login or user EXEC password is near the end. The passwords displayed will look something like this:
enable secret 5 $1$ORPP$s9syZt4uKn3SnpuLDrhuei 
enable password 23skiddoo 
. 
. 
line con 0 
 password onramp
Note The enable secret password is encrypted and cannot be recovered; it must be replaced. The enable and console passwords can be encrypted text or clear text.

Proceed to the next step to replace an enable secret, console login, or enable password. If there is no enable secret password, note the enable and console login passwords if they are not encrypted and proceed to Step 17.

Caution Do not perform the next step unless you have determined that you must change or replace the enable, enable secret, or console login passwords. Failure to follow the steps as presented here could cause your router configuration to be erased.

Step 13 Enter the configure memory command to load the startup configuration file into running memory. This action allows you to modify or replace passwords in the configuration.
Router# configure memory
Step 14 Enter the configure terminal command for configuration mode:
Router# configure terminal
Step 15 To change all three passwords, enter the following commands:
Router(config)# enable secret newpassword1 
Router(config)# enable password newpassword2
Router(config)# line con 0 
Router(config)# password newpassword3
Change only the passwords necessary for your configuration. You can remove individual passwords by using the no form of the previous commands. For example, entering the no enable secret command removes the enable secret password.

Step 16 You must configure all interfaces to not be administratively shut down as follows:
Router(config)# interface fast ethernet 0/0/0 
Router(config)# no shutdown
Enter the equivalent commands for all interfaces that were originally configured. If you omit this step, all interfaces are administratively shut down and unavailable when the router is restarted.

Step 17 Use the config-register command to set the configuration register to the original value noted in Step 3 or Step 7.

Step 18 Press Ctrl-Z or type end to exit configuration mode:
Router(config)# end
Caution Do not perform the next step unless you have changed or replaced a password. If you have skipped Step 13 through Step 16 previously, then proceed now to Step 20. Failure to observe this sequence causes the system to erase your router configuration file.

Step 19 Enter the copy running-config startup-config command to save the new configuration to nonvolatile memory:
Router# copy running-config startup-config
Step 20 Enter the reload command to reboot the router:
Router# reload
Step 21 Log in to the router with the new or recovered passwords.

Configuring the Cisco uBR10012 Router Using AutoInstall

The AutoInstall process is designed to configure the Cisco uBR10012 router automatically after connection to your WAN.

For AutoInstall to work properly, a TCP/IP host on your network must be preconfigured to provide the required configuration files. The TCP/IP host can exist anywhere on the network as long as the following conditions are maintained:

•The host must be on the LAN or WAN side of the router's line card connection to the WAN.

•The User Datagram Protocol (UDP) broadcasts to and from the router.

•The TCP/IP host is enabled.

This functionality is coordinated by your system administrator at the site where the TCP/IP host is located. You should not use AutoInstall unless the required files are available on the TCP/IP host. Refer to the following publications for more information about AutoInstall:

•Cisco IOS Configuration Fundamentals Configuration Guide, Release 12.2 at http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/ffun_c/index.htm

•Cisco IOS Configuration Fundamentals Command Reference, Release 12.2 at http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/ffun_r/index.htm

Preparing for the AutoInstall Process

Complete the following steps to prepare your Cisco uBR10012 router for the AutoInstall process:

Step 1 Attach the appropriate synchronous serial cable to the synchronous serial interface 0 on the router.

Step 2 Turn the power switch on each power supply to the ON (|) position. This action turns on power to the router.

The router loads the operating system image from Flash memory; this process can take several minutes. If the remote end of the WAN connection is connected and properly configured, the AutoInstall process begins.

Step 3 When the AutoInstall process is completed, use the copy running-config startup-config command to write the configuration data to the router's nonvolatile random-access memory (NVRAM):
Router# copy running-config startup-config
Completing this step saves the configuration settings that the AutoInstall process created to NVRAM. If you fail to do this, your configuration will be lost the next time you reload the router.

Configuring the Cisco uBR10012 Router Using the Setup Facility

The Cisco uBR10000 series Setup facility (also called the System Configuration dialog) is a useful and efficient tool for configuring your CMTS. The Setup facility supports the following functions so that cable interfaces and cable interface line cards are fully operational (after initial setup):

•Cable-specific commands

•Upstream frequency definition

For each cable interface, the following information is mandatory:
Per upstream:
        cable upstream n frequency f
        no cable upstream n shutdown
Options include definition of the following information:

•DHCP server address.

•Options are also provided to set downstream frequency for the upconverter per interface.

If you do not plan to use AutoInstall, do not connect the router's WAN or LAN cable to the channel service unit (CSU) and data service unit (DSU). If the WAN or LAN cable is connected to the CSU and DSU and the router does not have a configuration stored in NVRAM, the router attempts to run AutoInstall at startup.

Tip The router might take several minutes to determine that AutoInstall is not set up to a remote TCP/IP host. When the router determines that AutoInstall is not configured, it defaults to the Setup facility. If the LAN or WAN cable is not connected, the router boots from Flash memory and automatically runs the Setup facility.

Note You can run the Setup facility when the enable prompt (--- System Configuration Dialog --) is displayed, by entering the setup command in privileged EXEC mode.

Configuring Global Parameters

When you first start the program, configure the global parameters to control system-wide settings:

Step 1 Connect a console terminal to the console port on the I/O controller, and then boot the router.

Step 2 After booting from Flash memory, the following information appears after about 30 seconds. When you see this information, you have successfully booted your router:
       Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
       Cisco Systems, Inc.
       170 West Tasman Drive
       San Jose, California 95134-1706
Cisco Internetwork Operating System Software 
IOS (tm) 10000 Software (UBR10K-P6-M), Version 12.2(2)XF
TAC Support: http://www.cisco.com/pcgi-bin/ibld/view.pl?i=support
Copyright (c) 1986-2001 by Cisco Systems, Inc.
Compiled Fri 20-Jul-01 16:15 by test
Image text-base: 0x60008960, data-base: 0x612E0000
cisco uBR10000 (PRE-RP) processor with 98304K/32768K bytes of memory.
Processor board ID TBA05080458
R7000 CPU at 262Mhz, Implementation 39, Rev 2.1, 256KB L2, 2048KB L3 Cache
Backplane version 1.0, 8 slot 
Last reset from unexpected value
Toaster processor tmc0 is running.
Toaster processor tmc1 is running.
1 Ethernet/IEEE 802.3 interface(s)
1 FastEthernet/IEEE 802.3 interface(s)
509K bytes of non-volatile configuration memory.
46976K bytes of ATA PCMCIA card at slot 0 (Sector size 512 bytes).
32768K bytes of Flash internal SIMM (Sector size 256KB).
Press RETURN to get started!
Note The first two sections of the configuration script, the banner and the installed hardware, appear only at initial system startup. On subsequent uses of the Setup facility, the script begins with the following prompt.
     --- System Configuration Dialog ---
Continue with configuration dialog? [yes/no]: yes
At any point you may enter a question mark '?' for help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets '[]'.
Basic management setup configures only enough connectivity
for management of the system, extended setup will ask you
to configure each interface on the system
Step 3 When asked if you want to continue with thePress RETURN to get started!System Configuration dialog and enter basic management setup (displays the current interface summary), enter yes or press Return:
Continue with configuration dialog? [yes/no]: yes
.
.
.
Would you like to enter basic management setup? [yes/no]: yes
The interface summary appears, showing the state of configured and unconfigured interfaces.

Step 4 Choose which protocols to support on your interfaces. For IP-only installations, you can accept the default values for most of the questions. A typical configuration using IP follows and continues through Step 7:
Configuring global parameters: 
  Enter host name [Router]: router
Step 5 Enter the enable secret password, the enable password, and the virtual terminal password:
The enable secret password is a one-way cryptographic secret  
password used instead of the enable password when it exists.
  Enter enable secret: ******
The enable password is used when there is no enable secret 
password and when using older software and some boot images.
  Enter enable password: ******
Enter virtual terminal password: ******
Step 6 The Simple Network Management Protocol (SNMP) is the most widely supported open standard for network management. SNMP provides a means to access and set configuration and run-time parameters of routers and communication servers. SNMP also defines a set of functions that can be used to monitor and control network elements.

Enter yes to accept SNMP management; enter no to refuse it:
Configure SNMP Network Management? [no]:
    Community string [public]:
Step 7 In all cases, you will use IP routing. When you are using IP routing, select an interior routing protocol. You can specify one of only two interior routing protocols to operate on your system using the Setup facility, either Interior Gateway Routing Protocol (IGRP) or Routing Information Protocol (RIP).

To configure IP routing, enter yes (the default) or press Return, and then select an interior routing protocol:
  Configure IP? [yes]:
    Configure IGRP routing? [yes]:
      Your IGRP autonomous system number [1]: 15
Step 8 Configure your line card interface parameters. The following example shows how an 8-port Ethernet line card is installed in line card slot 3. The Setup facility determines the status of all interfaces.

To configure each active interface port for IP, enter yes (the default) or press Return. For all inactive ports, the default is no. You can press Return to accept the default.
Configuring interface Ethernet 1/0:
  Is this interface in use? [yes]: 
  Configure IP on this interface? [yes]: 
    IP address for this interface [19.2.22.4]: 
    Number of bits in subnet field [8]: 
    Class A network is 19.0.0.0, 8 subnet bits; mask is /16
Configuring interface Ethernet1/1:
  Is this interface in use? [no]: 
Configuring interface Ethernet1/2:
Is this interface in use? [no]: 
Configuring interface Ethernet1/3:
  Is this interface in use? [no]: 
Configuring interface Ethernet1/4:
  Is this interface in use? [no]: 
Configuring interface Ethernet1/5:
  Is this interface in use? [no]: 
Configuring interface Ethernet1/6:
  Is this interface in use? [no]: 
Configuring interface Ethernet1/7:
  Is this interface in use? [no]: 
Step 9 Configure your cable interface. The following example shows a Cisco uBR10012 router with cable interface. The Setup facility, for the most part, determines the status of all interfaces.

To configure each active interface port, enter yes (the default) or press Return. For all inactive ports, the default is no. You can press Return to accept the default.
Configuring interface cable 5/0/0:
  Is this interface in use? [yes]: 
  Configure this interface? [yes]: 
  IP address for this interface [19.2.22.5]: 
  Number of bits in subnet field [8]: 
  Class A network is 19.0.0.0, 8 subnet bits; mask is /16
Configuring interface cable 1/1:
  Is this interface in use? [yes]: 
  Configure this interface? [yes]: 
  IP address for this interface [19.2.22.6]: 
  Number of bits in subnet field [8]: 
  Class A network is 19.0.0.0, 8 subnet bits; mask is /16
The configuration program displays the newly created command interface script:
The following command script was created:
hostname router
enable secret 5 $1$f0fc$A38P/KN/9yD3sEKSt6hKQ/
enable password betty
line vty 0 4
password wilma
snmp-server community public
!
ip routing
!
interface cable 5/0/0
ip address 19.2.22.5 255.255.0.0
router igrp 15
network 19.0.0.0
!
end 
Step 10 When asked if you want to use this configuration, enter yes or press Return.
Use this configuration? [yes/no]: yes
Step 11 Save your settings to NVRAM. (Refer to the "Configuring the Cable Interface with the Extended Setup Facility" section.)

Note You must always manually save the configuration settings to NVRAM whenever they are modified.

Configuring Upstream Frequencies

Upstream parameters must be configured manually. After the Setup facility is run, upstream ports have a default state of "shutdown." You have two methods to configure upstream channel frequencies:

•Configure a fixed frequency between 5 to 42 MHz for North American channel plans, and enable the upstream port.

•Create a global spectrum group, assign the interface to it, and enable the upstream port.

The cable interface card receiver accepts time-division multiplexed burst transmissions from cable interfaces (or CMs in set-top boxes), which are DOCSIS-based. The upstream port becomes "up" when it is assigned an upstream frequency and is configured to be administratively up.

The upstream port is frequency-agile. The frequency can change while the interface is up and carrying traffic, if you define spectrum groups per the example provided.

Configuring Individual Upstream Modulation Profiles

You can define individual modulation profiles. A modulation profile consists of a table of physical layer characteristics for the different types of upstream bursts such as initial maintenance, long grant, request data, request, short grant, and station maintenance.

Note Only qualified personnel should define upstream modulation profiles.

Complete these steps to activate upstream interfaces:

Step 1 After the Setup facility has initially configured noncable interfaces on the Cisco uBR10012 router, enter the enable command and your password (privileged EXEC).

Step 2 Enter the configure terminal command to get into global configuration mode.

Step 3 In global configuration mode, configure modulation profiles and spectrum groups for your Cisco uBR10012 router using the cable modulation-profile and cable spectrum-group commands.

Step 4 In cable interface configuration mode, configure various characteristics for the interface in question, using the cable upstream commands.

Note Refer to Chapter 3 "Configuring Cable Interface Features for the Cisco uBR10012 Router," for further information.

Configuring the Cisco uBR10012 Router Manually Using Configuration Mode

You can configure the Cisco uBR10012 router manually if you prefer not to use the Setup facility or AutoInstall. Complete the following steps:

Step 1 Connect a console terminal to the console port on the I/O controller.

Step 2 When asked if you want to enter the initial dialog, answer no to go into the normal operating mode of the router:
Would you like to enter the initial dialog? [yes]: no
Step 3 After a few seconds, the user EXEC prompt Router> appears. Type enable to enter enable mode (configuration changes can be made only in enable mode):
Router> enable
The prompt changes to the enable mode (also called privileged EXEC) prompt:
Router# 
Step 4 Enter the configure terminal command at the enable prompt to enter configuration mode from the terminal:
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# 
Tip To see a list of the configuration commands available to you, enter ? at the prompt or type help while in configuration mode.

Step 5 At the Router# prompt, enter the interface type slot/port command to enter the interface configuration mode:
Router(config)# interface cable slot/port
Router(config-if)# 
Step 6 Set the downstream center frequency to reflect the digital carrier frequency of the downstream RF carrier (the channel) for the downstream port:
Router(config-int)# cable downstream frequency down-freq-hz
Note This command has no effect on the external upconverter. It is informational only.

Step 7 Activate the downstream port on the cable interface line card to support digital data transmission over the hybrid fiber-coaxial network:
Router(config-int)# no shutdown
Step 8 Enter the fixed center frequency in Hz for your downstream RF carrier and the port number:
Router(config-int)# cable upstream port frequency up-freq-hz
Note Be sure not to select an upstream frequency that interferes with that used for any other upstream application in your cable plant.

Step 9 Repeat Step 8 for each upstream port on the cable interface line card.

Step 10 Activate the upstream port:
Router(config-int)# no cable upstream port shutdown 
Step 11 Repeat Step 10 to activate each port used on your cable interface line card.

Step 12 Exit to return to the configuration mode:
Router(config-if)# exit 
Router(config)# 
Step 13 Enter the next interface to configure, following Step 6 through Step 12, or type exit to return to enable mode.
Router(config)# exit 
Router# 
%SYS-5-CONFIG_I: Configured from console by console# 
Step 14 Save the configuration to NVRAM:
Router# copy running-config startup-config
Configuring the Cable Interface with the Extended Setup Facility

The Setup facility creates an initial configuration. The basic management setup configures only enough connectivity for management of the system. The Extended Setup facility prompts you to configure each interface on the system.

To invoke the configuration facility, use the following command:
Router# setup
The following is the System Configuration dialog:
Continue with configuration dialog? [yes/no]: yes
MAC-Layer Addressing

The MAC-layer or hardware address is a standardized data link layer address required for certain network interface types. These addresses are not used by other devices in the network; they are unique to each port. The Cisco uBR10012 router uses a specific method to assign and control the MAC-layer addresses for line cards.

All LAN interfaces (ports) require unique MAC-layer addresses, also known as hardware addresses. Typically, the MAC address of an interface is stored on a memory component that resides directly on the interface circuitry; however, the online insertion and removal (OIR) feature requires a different method. The OIR feature lets you remove a line card and replace it with another identically configured one. If the new line card matches the line card you removed, the system immediately brings it online.

To support OIR, an address allocator with a unique MAC address is stored in an EEPROM on the Cisco uBR10012 router midplane. Each address is reserved for a specific port and slot in the router regardless of whether a line card resides in that slot.

Caution When hot swapping a line card with a different type of interface, you might have to reconfigure the interfaces. Refer to the hardware installation guide that ships with your CMTS or to the appropriate field-replaceable unit (FRU) document for more specific information regarding OIR.

The MAC addresses are assigned to the slots in sequence. This address scheme allows you to remove line cards and insert them into other Cisco uBR10012 router without causing the MAC addresses to move around the network or be assigned to multiple devices.

Storing the MAC addresses for every slot in one central location means that the addresses stay with the memory device on which they are stored.

Identifying the Cable Interface Line Card

Identifying CM Line Cards

The following Cisco cable interfaces can be installed in a Cisco CMTS:

•The Cisco uBR10012 router supports one downstream modulator and one upstream demodulator.

–The Cisco uBR10012 router supports the following defaults: QAM-256 at 40 MBps downstream, and QAM-16 at 5 Mbps upstream.

–The card supports upstream channel widths of 200 kHz, 400 kHz, 800 kHz, 1.6 MHz, and 3.2 MHz.

–The card outputs +42 dBmV and +/- 2 dBmV.

–The downstream modulator has both an RF output, using the integrated upconverter, and an intermediate frequency (IF) output, which must be connected to an external upconverter.

Identifying CM Line Card Slots

On the Cisco uBR10012 router, the cable interface line card is fixed and is always slot 1. To display information about a specific cable interface slot's downstream channel, use the show interfaces cable command with the CM card's slot number and downstream port number in the following format:
show interfaces cable slot/downstream-port [downstream]
Use the slot number and downstream port number to display information about a downstream interface. You can abbreviate the command to sh int c. The following example shows the display for upstream channel port 0 on a Cisco uBR10012 router:
Router# sh int c 5/0/0
To display information about a specific cable interface slot's upstream channel, use the
show interfaces cable command. Include these CM card parameters:

•Slot number

•Downstream port number

•Upstream port number

Use this format:
show interfaces cable slot/downstream-port [upstream] upstream-port
Use the slot number, downstream port number, and upstream port number to display information about an upstream interface. You can abbreviate the command to sh int c.

The following example shows the display for upstream channel port 0 in cable interface slot 3 of a
Cisco uBR10012 router that is turned up:
Router# sh int c3/0/0 upstream
Configuring Global Parameters

Step 1 Access the host by responding to the following prompt: enable secret 5 $1$ORPP$s9syZt4uKn3SnpuLDrhuei enable password 23skiddoo . . line con 0 password onramp

Step 2 The enable secret password is used to protect access to privileged EXEC and configuration modes. This password, after entered, becomes encrypted in the configuration.

Respond to this prompt: Router# aa

Next, the enable password is used when you do not specify an enable secret password, with some older software versions, and some boot images.

Step 3 Respond to this prompt:Router# bb

Next, use the virtual terminal password to protect access to the router over a network interface.

Step 4 Respond to this prompt:Router(config)# cc

The following system information appears.
Configure SNMP Network Management? [no]: 
Configure IP? [yes]: 
Configure IGRP routing? [yes]: 
Your IGRP autonomous system number [1]: 
Configure CLNS? [no]: 
Configuring interface parameters:
Do you want to configure FastEthernet0/0  interface? [yes]: 
Use the 100 Base-TX (RJ-45) connector? [yes]: 
Operate in full-duplex mode? [no]: 
Configure IP on this interface? [yes]: no
Do you want to configure Ethernet1/0  interface? [yes]: n
Do you want to configure Cable5/0/0  interface? [yes]: 
Downstream setting frequency  : 531000000
For cable upstream [0] 
Shut down this upstream ? [yes/no]: no
Frequency  : 33808000
Would you like to configure the DHCP server ? [yes/no]: yes
IP address for the DHCP server 
[X.X.X.X]: 10.0.0.2
Configure IP on this interface? [no]: yes
IP address for this interface: 10.20.133.65
Subnet mask for this interface [255.0.0.0] : 255.255.255.248
Class A network is 10.0.0.0, 29 subnet bits; mask is /29
The following configuration command script is created:
interface cable5/0/0
ip address 10.20.133.65 255.255.255.248
no ip mroute-cache
no keepalive
cable insertion-interval 500
cable downstream annex B
cable downstream modulation 64qam
cable downstream interleave-depth 32
cable downstream frequency 531000000
cable upstream 0 frequency 33808000
cable upstream 0 power-level 0
no cable upstream 0 shutdown
cable helper-address 10.0.0.2 
Note For modems to acquire an IP address, they must have direct access to DHCP, TFTP, or ToD servers, or have a static route set.

Saving Your Configuration Settings

To store the configuration or changes to your startup configuration in NVRAM, enter the copy running-config startup-config command at the Router(config)# prompt:
Router# copy running-config startup-config
This command saves the configuration settings you set using configuration mode, the Setup facility, or AutoInstall.

Tip If you do not save your settings, your configuration will be lost the next time you reload the router.

Reviewing Your Settings and Configurations

You can check your settings and review any changes to your configuration using various software commands.

•To view information specific to the hardware and cable interface configuration on your Cisco uBR10012 router, use show commands.

–Use this command to verify the downstream center frequency:
Router# show controllers cable slot/port downstream
–Use this command to verify the current value of an upstream port frequency:
Router# show controllers cable slot/port upstream
–Use this command to check the value of the settings you entered:
Router# show running-config
•To review changes you make to the configuration, use the EXEC show startup-config command to display the information stored in NVRAM.

Viewing Sample Configuration Files

This section provides examples of Cisco uBR10012 router configuration files. To view the current configuration of a Cisco uBR10012 router, enter the show running-config command at the command-line interface (CLI) prompt in EXEC mode or privileged EXEC mode.

Baseline Privacy Interface Configuration Files

The Cisco uBR10000 series CMTS supports 56-bit and 40-bit encryption and decryption; 56 bit is the default. After you choose a CMTS image that supports Baseline Privacy Interface (BPI), BPI is enabled by default for the Cisco uBR10000 series CMTS. Key commands that appear in the Cisco uBR10012 router configuration file that denote that encryption and decryption are supported include:

•int cable 5/0/0

•cable privacy kek grace-time 800

•cable privacy kek life-time 750000

•cable privacy tek grace-time 800

•cable privacy tek life-time 56000

•cable privacy enable

•cable privacy mandatory

Note The cable interface must also support encryption and decryption.

When Baseline Privacy is enabled, the Cisco uBR10012 router routes encrypted and decrypted packets from a host or peer to another host or peer. BPI is configured with key encryption keys (KEKs) and traffic encryption keys (TEKs). A KEK is assigned to a CM, based on the CM's service identifier (SID), and permits the CM to connect to the Cisco uBR10012 router when Baseline Privacy is activated. The TEK is assigned to a CM when its KEK has been established. The TEK is used to encrypt data traffic between the CM and the Cisco uBR10012 router.

KEKS and TEKs can be set for Baseline Privacy on the HFC network to expire based on a grace-time or a life-time value, defined in seconds. A grace-time value assigns a temporary key to a CM to access the network. A life-time value assigns a more permanent key to a CM. Each CM that has a life-time value assigned requests a new lifetime key from the Cisco uBR10012 router before the current one expires.

To set the duration in seconds for KEK or TEK grace-time or life-time, use the following commands in global configuration mode. To restore the default values, use the no form of each command.
cable privacy kek {grace-time [seconds] | life-time [seconds]}
no cable privacy kek {grace-time | life-time}
cable privacy tek {grace-time [seconds] | life-time [seconds]}
no cable privacy tek {grace-time | life-time}
Syntax Description
grace-time seconds
(Optional) Length of key encryption grace-time in seconds. Valid range is 300 to 1800 seconds. The default grace-time value is 600 seconds.
life-time seconds
(Optional) Length of the key encryption life-time in seconds.Valid range is 86,400 to 604,8000. The default life-time value is 604800 seconds.
Tip Use the show cable modem command to identify a CM with encryption and decryption enabled. The online(pk) output of this command reveals a CM that is registered with BPI enabled and a KEK assigned. The online(pt) output reveals a CM that is registered with BPI enabled and a TEK assigned.

Should you want to change the Cisco uBR10000 series default of 56-bit encryption and decryption to 40-bit, use the "40 bit DES" option:
Router(config-if)# cable privacy ?
  40-bit-des           select 40 bit DES
  ^^^^^^^^^^
  authenticate-modem   turn on BPI modem authentication
  authorize-multicast  turn on BPI multicast authorization
  kek                  KEK Key Parms
  mandatory            force privacy be mandatory
  tek                  TEK Key Parms
Software then generates a 40-bit DES key, where the DES key that is generated and returned masks the first 16 bits of the 56-bit key to zero in software. To return to 56-bit encryption and decryption after changing to 40-bit, enter the no command in front of the "40 bit des" option.