Cisco uBR7100 Series Software Configuration Guide - Chapter 4: Configuring Basic Broadband Internet Access [Cisco uBR7100 Series Universal Broadband Routers]

Table Of Contents

Configuring Basic Broadband Internet Access

Overview of Basic Broadband Internet Access

Typical Routing Configuration For High Speed Internet Access

EuroDOCSIS Operation

Transparent Bridging Configuration

Integrated Routing and Bridging Configuration

Baseline Privacy Interface

Configuring Basic Broadband Internet Access

This chapter describes the parameters of configuring and maintaining basic broadband Internet access. The chapter contains these sections:

•"Overview of Basic Broadband Internet Access" section

•"Typical Routing Configuration For High Speed Internet Access" section

•"Transparent Bridging Configuration" section

•"Integrated Routing and Bridging Configuration" section

•"Baseline Privacy Interface" section

Overview of Basic Broadband Internet Access

A Cisco uBR7100 series router and an intermediate frequency (IF)-to-RF upconverter are installed at the headend or distribution hub to transmit digital data. The Cisco uBR7100 series router downstream ports transmit IF signals to the upconverter, which translates the downstream signals to RF for broadcast.

Receivers, scramblers, and descramblers then process the TV signals to encode or decode signals as needed for broadcast. Modulators format the analog TV and digital signals.

The analog and digital signals then pass through the RF combiner. The signals are broadcast from the headend through optical transmitters to fiber nodes.

Amplifiers, coaxial cable, and taps carry the signals to the subscriber premises. Signals are processed as follows:

•Tuners that handle MPEG video, audio and broadcast services in STBs, TVs, and VCRs receive one-way analog signals.

•CMs, or tuners in EuroDOCSIS STBs that handle IP data, receive digital data signals:

–Two-way CMs transmit RF signals back through amplifiers to optical fiber receivers at the headend. These receivers pass the upstream signal to upstream ports on the Cisco uBR7100 series router where they are processed.

–Telco return CMs transmit over the PSTN. Refer to Telco Return for the Cisco CMTS for additional information.

Figure 4-1 illustrates this general signal flow and associated processes in the CMTS.

Figure 4-1 Two-Way Internet Access Network Example

Note The external upconverter shown in Figure 4-1 is needed only if you are not using the router's integrated upconverter.

Typical Routing Configuration For High Speed Internet Access

When running in routing mode, the Cisco uBR7100 series router is fully capable of self provisioning all cable modems and hosts to which it is attached. The router supports multiple IP subnets, including different subnets for hosts and cable modems. Configuration options are only limited by available configuration file length.

The Cisco uBR7100 series CMTS automatically connects DOCSIS-compliant cable modems and hosts right out of the box. Therefore, the factory-supplied configuration activates the downstream RF to 851 MHz center frequency, and the upstream to 37 MHz.

Step 1 Connect one upstream and the downstream port to a duplex filter.

Note Do not combine multiple ports as they are all set on the same frequency.

Step 2 Use at least 40 dB attenuation before the first modem, and modems will connect in under 5 minutes.

The following sample configuration file configures the Cisco uBR7111 router for typical routing operation with the following features:

•Basic DOCSIS Internet Access

•DHCP Address Pools—The Cisco uBR7111 router acts as a DHCP server, providing different address spaces on the basis of the cable modem's service level, including those customers whose network access should be denied access because they have cancelled their service. Different default pools can be used for cable modems and for the IP hosts behind them. Static IP addresses can also be assigned to specific clients on the basis of the client's MAC address.

•DOCSIS Cable Modem Configuration Files—These configuration files provide several different service level options:

–platinum.cm—Users are given a maximum upstream bandwidth of 128kbps, with a guaranteed minimum bandwidth of 10kbps. The downstream has a maximum bandwidth of 10Mbps. Up to 8 PCs are allowed on this connection.

–gold.cm—Users are given a maximum upstream bandwidth of 64kbps and a maximum downstream bandwidth of 5Mbps. Up to 3 PCs are allowed on this connection.

–silver.cm—Users are given a maximum upstream bandwidth of 64kbps and a maximum downstream bandwidth of 1Mbps. Only 1 PC is allowed on this connection.

–disable.cm—Users are denied access to the cable network. This configuration file can be used for users who have cancelled service or have not paid their bills.
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service compress-config
service udp-small-servers max-servers 500
!
hostname ubr7100
!
boot system slot0:
!
no cable qos permission create
no cable qos permission update
cable qos permission modems
cable time-server
!
cable config-file platinum.cm
   service-class 1 max-upstream 128
   service-class 1 guaranteed-upstream 10
   service-class 1 max-downstream 10000
   service-class 1 max-burst 1600
   cpe max 8
   timestamp
!
cable config-file gold.cm
   service-class 1 max-upstream 64
   service-class 1 max-downstream 5000
   service-class 1 max-burst 1600
   cpe max 3
   timestamp
!
cable config-file silver.cm
   service-class 1 max-upstream 64
   service-class 1 max-downstream 1000
   service-class 1 max-burst 1600
   cpe max 1
   timestamp
!
cable config-file disable.cm
   access-denied
   service-class 1 max-upstream 1
   service-class 1 max-downstream 1
   service-class 1 max-burst 1600
   cpe max 1
   timestamp
!
ip subnet-zero
ip cef
no ip domain-lookup
ip dhcp excluded-address 10.128.1.1 10.128.1.15
ip dhcp excluded-address 10.254.1.1 10.254.1.15
ip dhcp ping packets 1
!
ip dhcp pool CableModems
     network 10.128.1.0 255.255.255.0
     bootfile platinum.cm
     next-server 10.128.1.1
     default-router 10.128.1.1
     option 128 ip 10.128.1.1
     option 4 ip 10.128.1.1
     option 2 hex ffff.8f80
     option 11 ip 10.128.1.1
     option 10 ip 10.128.1.1
     lease 1 0 10
!
ip dhcp pool hosts
     network 10.254.1.0 255.255.255.0
     next-server 10.254.1.1
     default-router 10.254.1.1
     dns-server 10.254.1.1 10.128.1.1
     domain-name ExamplesDomainName.com
     lease 1 0 10
!
ip dhcp pool staticPC(012)
     host 10.254.1.12 255.255.255.0
     client-identifier 0108.0009.af34.e2
     client-name staticPC(012)
     lease infinite
!
ip dhcp pool goldmodem
     host 10.128.1.129 255.255.255.0
     client-identifier 0100.1095.817f.66
     bootfile gold.cm
!
ip dhcp pool DisabledModem(0010.aaaa.0001)
     host 10.128.1.9 255.255.255.0
     client-identifier 0100.1095.817f.66
     bootfile disable.cm
!
ip dhcp pool DisabledModem(0000.bbbb.0000)
     client-identifier 0100.00bb.bb00.00
     host 10.128.1.10 255.255.255.0
     bootfile disable.cm
!
!
!
interface FastEthernet0/0
   no ip address
   no ip mroute-cache
   shutdown
   duplex auto
   speed auto
!
interface FastEthernet0/1
   no ip address
   no ip mroute-cache
   shutdown
   duplex auto
   speed auto
!
interface Cable1/0
   description Cable Downstream Interface
   ip address 10.254.1.1 255.255.255.0 secondary
   ip address 10.128.1.1 255.255.255.0
   no keepalive
   cable downstream annex B
   cable downstream modulation 64qam
   cable downstream interleave-depth 32
   cable downstream frequency 851000000
   cable down rf-power 55
   cable upstream 0 description Cable upstream interface, North
   cable upstream 0 frequency 37008000
   cable upstream 0 power-level 0
   cable upstream 0 admission-control 150
   no cable upstream 0 shutdown
   cable upstream 1 description Cable upstream interface, South
   cable upstream 1 frequency 37008000
   cable upstream 1 power-level 0
   cable upstream 1 admission-control 150
   no cable upstream 1 shutdown
   cable upstream 2 description Cable upstream interface, East
   cable upstream 2 frequency 37008000
   cable upstream 2 power-level 0
   cable upstream 2 admission-control 150
   no cable upstream 2 shutdown
   cable upstream 3 description Cable upstream interface, West
   cable upstream 3 frequency 37008000
   cable upstream 3 power-level 0
   cable upstream 3 admission-control 150
   no cable upstream 3 shutdown
   no cable arp
   cable source-verify dhcp
   cable dhcp-giaddr policy
!
ip classless
no ip forward-protocol udp netbios-ns
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
no ip http server
!
!
alias exec scm show cable modem
alias exec scf show cable flap
alias exec scp show cable qos profile
!
line con 0
   transport input none
line aux 0
line vty 0 4
   login
!
end
To set up spectrum management in your configuration, use the following commands to set up the critical elements:

cable spectrum-group 1 frequency 40000000

cable spectrum-group 1 frequency 20000000 2

In this illustration, the user has configured spectrum management group number "1" to be available to upstream channels. As defined by the two previous command lines, the "preferred" choice is for the upstream to operate on a 40-MHz channel. If that channel is not suitable for the transmission scheme available, the upstream automatically moves over to transmitting at 20 MHz and increases the receive power rating by 2 dB.

The command lines in the sample configuration file beginning with the string cable modulation-profile contain the critical elements necessary to set up a modulation profile in your overall configuration:
cable modulation-profile 3 request 0 16 1 8 16qam scrambler 152 no-diff 128 fixed uw16 
cable modulation-profile 3 initial 5 34 0 48 16qam scrambler 152 no-diff 256 fixed uw16 
cable modulation-profile 3 station 5 34 0 48 16qam scrambler 152 no-diff 256 fixed uw16 
cable modulation-profile 3 short 5 75 6 8 16qam scrambler 152 no-diff 144 fixed uw8 
cable modulation-profile 3 long 8 220 0 8 16qam scrambler 152 no-diff 160 fixed uw8 
In this case, the user has configured modulation profile number "3" to be available to upstream channels wherever they are configured to apply it. Note that this modulation profile has been configured to operate with a QAM-16 modulation scheme. The default modulation scheme for any upstream profile (if it is not set to QAM-16) is QPSK.

Later in the configuration file example, upstream port 0 on the cable interface card installed in slot 5 utilizes both the spectrum management and the modulation profile configured in the sample.

cable upstream 0 spectrum-group 1

cable upstream 0 modulation-profile 3

EuroDOCSIS Operation

The Cisco uBR7111E and Cisco uBR7114E routers support the EuroDOCSIS channel plans that use an 8 MHz channel width. Key commands that appear in the Cisco uBR7100 series configuration file that denote EuroDOCSIS operation include:

•cable downstream annex A—Annex A is reserved for EuroDOCSIS operations (Annex B is used for DOCSIS NTSC operations). Annex A is chosen by default on the Cisco uBR7111E and Cisco uBR7114E routers.

•cable upstream 0 frequency—The EuroDOCSIS upstream valid range is from 5,000,000 to 65,000,000 Hz.

The following is a typical configuration file for EuroDOCSIS operation:
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname UBR7114
!
!
cable modulation-profile 1 request 0 16 1 8 16qam scrambler 152
no-diff 128 fixed uw16
cable modulation-profile 1 initial 5 34 0 48 16qam scrambler 152
no-diff 256 fixed uw16
cable modulation-profile 1 station 5 34 0 48 16qam scrambler 152
no-diff 256 fixed uw16
cable modulation-profile 1 short 6 75 6 8 16qam scrambler 152 no-diff
144 fixeduw8
cable modulation-profile 1 long 8 220 0 8 16qam scrambler 152 no-diff
160 fixeduw8
cable modulation-profile 2 request 0 16 1 8 qpsk scrambler 152 no-diff
64 fixeduw8
cable modulation-profile 2 initial 5 34 0 48 qpsk scrambler 152
no-diff 128 fixed uw16
cable modulation-profile 2 station 5 34 0 48 qpsk scrambler 152
no-diff 128 fixed uw16
cable modulation-profile 2 short 5 75 6 8 qpsk scrambler 152 no-diff
72 fixed uw8
cable modulation-profile 2 long 8 220 0 8 qpsk scrambler 152 no-diff
80 fixed uw8
!
no cable qos permission create
no cable qos permission update
cable qos permission modems
!
!
!
!
interface Loopback0
 ip address 222.2.4.1 255.255.255.255
 no ip directed-broadcast
!
interface Loopback2
 ip address 111.0.4.2 255.255.255.255
 no ip directed-broadcast
!
interface FastEthernet0/0
 ip address 1.8.93.9 255.255.0.0
 no ip directed-broadcast
!
interface Cable1/0
 ip address 3.214.1.1 255.255.255.0
 no ip directed-broadcast
 load-interval 30
 no keepalive
 cable spectrum-group 1
 cable helper-address 1.8.93.100
cable downstream annex A
 cable downstream modulation 64qam
 cable downstream frequency 669000000
cable upstream 0 frequency 5008000
 cable upstream 0 power-level 0
 no cable upstream 0 shutdown
 cable upstream 1 frequency 10000000
 cable upstream 1 power-level 0
 no cable upstream 1 shutdown
 cable upstream 2 frequency 15008000
 cable upstream 2 power-level 0
 no cable upstream 2 shutdown
 cable upstream 3 frequency 20000000
 cable upstream 3 power-level 0
 no cable upstream 3 shutdown
!
ip default-gateway 1.8.0.1
ip classless
ip route 223.255.254.254 255.255.255.255 1.8.0.1
!
alias exec scm show cable modem
!
line con 0
 exec-timeout 0 0
 transport input none
line aux 0
line vty 0 4
 password secret
 login
!
end
Transparent Bridging Configuration

Bridging operation between the cable interface and port adapter interfaces is typically not used in DOCSIS CMTS installations because of potential performance and security problems, but bridging operations is appropriate for certain MDU/MTU applications. For example, a hotel could offer Internet connectivity for customers who want to use a fixed IP address, as opposed to being assigned a temporary IP address from the local server's DHCP address pool.

Note Transparent bridging is supported only when using Cisco IOS Release 12.1(7)EC or greater. For complete details on transparent bridging and IRB operation, see the Bridging chapters in the Cisco IOS Bridging and IBM Networking Configuration Guide, Release 12.1, available on CCO and the Documentation CD-ROM.

The following sample configuration file configures the Cisco uBR7111 router for basic bridging operation with the following features:

•Basic DOCSIS Internet Access using bridging operations—This requires the following:

–IP routing is disabled.

–The FastEthernet and cable interfaces are assigned to the same bridge group.

–Each interface receives the same IP address since they form one logical network.

–The subscriber-loop-control bridging option is enabled on the cable interface to allow packets received on an upstream to be forwarded to another cable modem host on the downstream.

Note The spanning-tree protocol is disabled, by default, on the cable interface, but this is not required.

•DOCSIS Cable Modem Configuration Files—These configuration files provide several different service level options:

–platinum.cm—Users are given a maximum upstream bandwidth of 128kbps, with a guaranteed minimum bandwidth of 10kbps. The downstream has a maximum bandwidth of 10Mbps. Up to 8 PCs are allowed on this connection.

–gold.cm—Users are given a maximum upstream bandwidth of 64kbps and a maximum downstream bandwidth of 5Mbps. Up to 3 PCs are allowed on this connection.

–silver.cm—Users are given a maximum upstream bandwidth of 64kbps and a maximum downstream bandwidth of 1Mbps. Only 1 PC is allowed on this connection.

–disable.cm—Users are denied access to the cable network. This configuration file can be used for users who have cancelled service or have not paid their bills.

•TFTP server provides access to the cable modem configuration files (but a DHCP server is not supported in bridging mode)

The following is a typical configuration file for transparent bridging operation:
!
version 12.1
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime
no service password-encryption
service udp-small-servers max-servers no-limit
service tcp-small-servers max-servers no-limit
!
hostname ubr7100
!
no cable qos permission create
no cable qos permission update
cable qos permission modems
cable time-server
!
cable config-file platinum.cm
   service-class 1 max-upstream 128
   service-class 1 guaranteed-upstream 10
   service-class 1 max-downstream 10000
   service-class 1 max-burst 1600
   cpe max 8
   timestamp
!
cable config-file gold.cm
   service-class 1 max-upstream 64
   service-class 1 max-downstream 5000
   service-class 1 max-burst 1600
   cpe max 3
   timestamp
!
cable config-file silver.cm
   service-class 1 max-upstream 64
   service-class 1 max-downstream 1000
   service-class 1 max-burst 1600
   cpe max 1
   timestamp
!
cable config-file disable.cm
   access-denied
   service-class 1 max-upstream 1
   service-class 1 max-downstream 1
   service-class 1 max-burst 1600
   cpe max 1
   timestamp
!
!
clock timezone PST -9
clock calendar-valid
ip subnet-zero
no ip routing
no ip finger
no ip domain-lookup
!
interface FastEthernet0/0
 ip address 10.1.1.1 255.255.255.0 
 no ip route-cache
 no ip mroute-cache
 no keepalive
 duplex half
 speed auto
 no cdp enable
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface FastEthernet0/1
 ip address 10.1.1.1 255.255.255.0 
 no ip route-cache
 no ip mroute-cache
 duplex auto
 speed 10
 no cdp enable
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface Cable1/0
 ip address 10.1.1.1 255.255.255.0
 no ip route-cache
 no ip mroute-cache
 load-interval 30
 no keepalive
 cable downstream annex B
 cable downstream modulation 256qam
 cable downstream interleave-depth 32
 cable downstream frequency 525000000
 no cable downstream rf-shutdown
 cable upstream 0 frequency 17808000
 cable upstream 0 power-level 0
 cable upstream 0 timing-adjust threshold 0
 cable upstream 0 timing-adjust continue 0
 cable upstream 0 channel-width 3200000
 no cable upstream 0 shutdown
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
!
ip default-gateway 1.10.0.3
ip classless
no ip http server
!
no cdp run
tftp-server bootflash:platinum.cm alias platinum.cm
tftp-server bootflash:gold.cm alias gold.cm
tftp-server bootflash:silver.cm alias silver.cm
tftp-server bootflash:disable.cm alias disable.cm
!
line con 0
 exec-timeout 0 0
 privilege level 15
 length 0
 transport input none
line aux 0
line vty 0 4
 privilege level 15
 no login
!
end 
Integrated Routing and Bridging Configuration

Integrated Routing and Bridging (IRB) operation allows bridging within a specific segment of networks or hosts, yet also allows those hosts to connect to devices on other, routed networks, without having to use a separate router to interconnect the two networks. IRB operation is typically not used in DOCSIS CMTS installations because of potential performance and security problems, but bridging operations is appropriate for certain MDU/MTU applications. For example, a hotel could offer Internet connectivity for customers who want to use a fixed IP address, as opposed to being assigned a temporary IP address from the local server's DHCP address pool.

Note IRB operation is supported only when using Cisco IOS Release 12.1(7)EC or greater. For complete details on transparent bridging and IRB operation, see the Bridging chapters in the Cisco IOS Bridging and IBM Networking Configuration Guide, Release 12.1, available on CCO and the Documentation CD-ROM.

The following sample configuration file configures the Cisco uBR7111 router for basic IRB operation with the following features:

•Basic DOCSIS Internet Access using IRB operations—This requires the following:

–IRB bridging is enabled.

–The FastEthernet and cable interfaces are assigned to the same bridge group.

–An IP address is configured only on the virtual BVI interface. No IP address is configured on any physical interface.

–The subscriber-loop-control bridging option is enabled on the cable interface to allow packets received on an upstream to be forwarded to another cable modem host on the downstream.

–The virtual BVI interface is configured with an IP address.

Note The spanning-tree protocol is disabled, by default, on the cable interface, but this is not required.

•DOCSIS Cable Modem Configuration Files—These configuration files provide several different service level options:

–platinum.cm—Users are given a maximum upstream bandwidth of 128kbps, with a guaranteed minimum bandwidth of 10kbps. The downstream has a maximum bandwidth of 10Mbps. Up to 8 PCs are allowed on this connection.

–gold.cm—Users are given a maximum upstream bandwidth of 64kbps and a maximum downstream bandwidth of 5Mbps. Up to 3 PCs are allowed on this connection.

–silver.cm—Users are given a maximum upstream bandwidth of 64kbps and a maximum downstream bandwidth of 1Mbps. Only 1 PC is allowed on this connection.

–disable.cm—Users are denied access to the cable network. This configuration file can be used for users who have cancelled service or have not paid their bills.

•TFTP server provides access to the cable modem configuration files (but a DHCP server is not supported in bridging mode)

The following is a typical configuration file for IRB operation:
!
version 12.1
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime
no service password-encryption
service udp-small-servers max-servers no-limit
service tcp-small-servers max-servers no-limit
!
hostname ubr7100
!
logging buffered 409600 debugging
no logging console
!
no cable qos permission create
no cable qos permission update
cable qos permission modems
cable time-server
!
cable config-file platinum.cm
   service-class 1 max-upstream 128
   service-class 1 guaranteed-upstream 10
   service-class 1 max-downstream 10000
   service-class 1 max-burst 1600
   cpe max 8
   timestamp
!
cable config-file gold.cm
   service-class 1 max-upstream 64
   service-class 1 max-downstream 5000
   service-class 1 max-burst 1600
   cpe max 3
   timestamp
!
cable config-file silver.cm
   service-class 1 max-upstream 64
   service-class 1 max-downstream 1000
   service-class 1 max-burst 1600
   cpe max 1
   timestamp
!
cable config-file disable.cm
   access-denied
   service-class 1 max-upstream 1
   service-class 1 max-downstream 1
   service-class 1 max-burst 1600
   cpe max 1
   timestamp
!
!
clock timezone PST -9
clock calendar-valid
ip subnet-zero
no ip finger
no ip domain-lookup
!
bridge irb
!
interface FastEthernet0/0
 no ip address
 no ip mroute-cache
 no keepalive
 duplex half
 speed auto
 no cdp enable
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface FastEthernet0/1
 no ip address
 no ip mroute-cache
 duplex auto
 speed 10 
 no cdp enable
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface Cable1/0
 no ip address
 no ip mroute-cache
 load-interval 30
 no keepalive
 cable downstream annex B
 cable downstream modulation 256qam
 cable downstream interleave-depth 32
 cable downstream frequency 525000000
 no cable downstream rf-shutdown
 cable upstream 0 frequency 17808000
 cable upstream 0 power-level 0
 cable upstream 0 timing-adjust threshold 0
 cable upstream 0 timing-adjust continue 0
 cable upstream 0 channel-width 3200000
 no cable upstream 0 shutdown
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
!
interface BVI1
 ip address 100.1.1.1 255.255.255.0
!
ip default-gateway 1.10.0.3
ip classless
no ip http server
!
no cdp run
tftp-server bootflash:platinum.cm alias platinum.cm
tftp-server bootflash:gold.cm alias gold.cm
tftp-server bootflash:silver.cm alias silver.cm
tftp-server bootflash:disable.cm alias disable.cm
bridge 1 protocol ieee
 bridge 1 route ip
alias exec scm show cable modem
alias exec sib show ip int brief
!
line con 0
 exec-timeout 0 0
 privilege level 15
 length 0
 transport input none
line aux 0
line vty 0 4
 privilege level 15
 no login
!
end
Baseline Privacy Interface

The Cisco uBR7100 series CMTS supports 56-bit and 40-bit encryption/decryption; 56 bit is the default. After you choose a CMTS image that supports BPI, BPI is enabled by default for the Cisco uBR7100 series routers.

When baseline privacy is enabled, the Cisco uBR7100 series router routes encrypted/decrypted packets from a host or peer to another host or peer. BPI is configured with Key Encryption Keys (KEKs) and traffic encryption keys (TEKs). A KEK is assigned to a cable modem based on the cable modem's service identifier (SID), and permits the cable modem to connect to the Cisco uBR7100 series router when baseline privacy is activated. The TEK is assigned to a cable modem when its KEK has been established. The TEK is used to encrypt data traffic between the cable modem and the Cisco uBR7100 series CMTS.

Keks and TEKs can be set to expire based on a gracetime or a lifetime value. A gracetime key is used to assign a temporary key to a cable modem to access the network. A lifetime key is used to assign a more permanent key to a cable modem. Each cable modem that has a lifetime key assigned will request a new lifetime key from the Cisco uBR7100 series CMTS before the current one expires.

Tip Use the show cable modem command to identify a cable modem with encryption/decryption enabled. The online(pk) output of this command reveals a cable modem that is registered with BPI enabled and a KEK assigned. The online(pt) output reveals a cable modem that is registered with BPI enabled and a TEK assigned.

Commands that enable, disable, and configure BPI encryption/decryption include:

•cable privacy kek grace-time 800

•cable privacy kek life-time 750000

•cable privacy tek grace-time 800

•cable privacy tek life-time 56000

•cable privacy enable

•cable privacy mandatory

To change the Cisco uBR7100 series default of 56-bit encryption/decryption to 40-bit, use the "40 bit des" option:
CMTS(config-if)# cable privacy ?
  40-bit-des           select 40 bit DES
  ^^^^^^^^^^
  authenticate-modem   turn on BPI modem authentication
  authorize-multicast  turn on BPI multicast authorization
  kek                  KEK Key Parms
  mandatory            force privacy be mandatory
  tek                  TEK Key Parms
Software then generates a 40-bit DES key, where the DES key that is generated and returned masks the first 16-bits of the 56-bit key to zero in software. To return to 56-bit encryption/decryption after changing to 40-bit, enter the no command in front of the "40 bit des" option.

Caution Cisco uBR7100 series telco return images that support BPI do not support encryption/decryption in the telco return path.

	Cisco uBR7100 Series Software Configuration Guide
	Chapter 4: Configuring Basic Broadband Internet Access
Cisco uBR7100 Series Software Configuration Guide Preface Chapter 1: Overview of Cisco uBR7100 Series Software Chapter 2: Configuring the CMTS for the First Time Chapter 3: Configuring the Cisco Cable Modem Card Chapter 4: Configuring Basic Broadband Internet Access Chapter 5: Troubleshooting the System Appendix A: Configuration Register Information for the Cisco uBR7100 Series Universal Broadband Router	Download this chapter Chapter 4: Configuring Basic Broadband Internet Access Download the complete book Cisco uBR7100 Series Universal Broadband Router Software Configuration Guide (PDF - 1 MB) Table Of Contents Configuring Basic Broadband Internet Access Overview of Basic Broadband Internet Access Typical Routing Configuration For High Speed Internet Access EuroDOCSIS Operation Transparent Bridging Configuration Integrated Routing and Bridging Configuration Baseline Privacy Interface Configuring Basic Broadband Internet Access This chapter describes the parameters of configuring and maintaining basic broadband Internet access. The chapter contains these sections: •"Overview of Basic Broadband Internet Access" section •"Typical Routing Configuration For High Speed Internet Access" section •"Transparent Bridging Configuration" section •"Integrated Routing and Bridging Configuration" section •"Baseline Privacy Interface" section Overview of Basic Broadband Internet Access A Cisco uBR7100 series router and an intermediate frequency (IF)-to-RF upconverter are installed at the headend or distribution hub to transmit digital data. The Cisco uBR7100 series router downstream ports transmit IF signals to the upconverter, which translates the downstream signals to RF for broadcast. Receivers, scramblers, and descramblers then process the TV signals to encode or decode signals as needed for broadcast. Modulators format the analog TV and digital signals. The analog and digital signals then pass through the RF combiner. The signals are broadcast from the headend through optical transmitters to fiber nodes. Amplifiers, coaxial cable, and taps carry the signals to the subscriber premises. Signals are processed as follows: •Tuners that handle MPEG video, audio and broadcast services in STBs, TVs, and VCRs receive one-way analog signals. •CMs, or tuners in EuroDOCSIS STBs that handle IP data, receive digital data signals: –Two-way CMs transmit RF signals back through amplifiers to optical fiber receivers at the headend. These receivers pass the upstream signal to upstream ports on the Cisco uBR7100 series router where they are processed. –Telco return CMs transmit over the PSTN. Refer to Telco Return for the Cisco CMTS for additional information. Figure 4-1 illustrates this general signal flow and associated processes in the CMTS. Figure 4-1 Two-Way Internet Access Network Example Note The external upconverter shown in Figure 4-1 is needed only if you are not using the router's integrated upconverter. Typical Routing Configuration For High Speed Internet Access When running in routing mode, the Cisco uBR7100 series router is fully capable of self provisioning all cable modems and hosts to which it is attached. The router supports multiple IP subnets, including different subnets for hosts and cable modems. Configuration options are only limited by available configuration file length. The Cisco uBR7100 series CMTS automatically connects DOCSIS-compliant cable modems and hosts right out of the box. Therefore, the factory-supplied configuration activates the downstream RF to 851 MHz center frequency, and the upstream to 37 MHz. Step 1 Connect one upstream and the downstream port to a duplex filter. Note Do not combine multiple ports as they are all set on the same frequency. Step 2 Use at least 40 dB attenuation before the first modem, and modems will connect in under 5 minutes. The following sample configuration file configures the Cisco uBR7111 router for typical routing operation with the following features: •Basic DOCSIS Internet Access •DHCP Address Pools—The Cisco uBR7111 router acts as a DHCP server, providing different address spaces on the basis of the cable modem's service level, including those customers whose network access should be denied access because they have cancelled their service. Different default pools can be used for cable modems and for the IP hosts behind them. Static IP addresses can also be assigned to specific clients on the basis of the client's MAC address. •DOCSIS Cable Modem Configuration Files—These configuration files provide several different service level options: –platinum.cm—Users are given a maximum upstream bandwidth of 128kbps, with a guaranteed minimum bandwidth of 10kbps. The downstream has a maximum bandwidth of 10Mbps. Up to 8 PCs are allowed on this connection. –gold.cm—Users are given a maximum upstream bandwidth of 64kbps and a maximum downstream bandwidth of 5Mbps. Up to 3 PCs are allowed on this connection. –silver.cm—Users are given a maximum upstream bandwidth of 64kbps and a maximum downstream bandwidth of 1Mbps. Only 1 PC is allowed on this connection. –disable.cm—Users are denied access to the cable network. This configuration file can be used for users who have cancelled service or have not paid their bills. ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption service compress-config service udp-small-servers max-servers 500 ! hostname ubr7100 ! boot system slot0: ! no cable qos permission create no cable qos permission update cable qos permission modems cable time-server ! cable config-file platinum.cm service-class 1 max-upstream 128 service-class 1 guaranteed-upstream 10 service-class 1 max-downstream 10000 service-class 1 max-burst 1600 cpe max 8 timestamp ! cable config-file gold.cm service-class 1 max-upstream 64 service-class 1 max-downstream 5000 service-class 1 max-burst 1600 cpe max 3 timestamp ! cable config-file silver.cm service-class 1 max-upstream 64 service-class 1 max-downstream 1000 service-class 1 max-burst 1600 cpe max 1 timestamp ! cable config-file disable.cm access-denied service-class 1 max-upstream 1 service-class 1 max-downstream 1 service-class 1 max-burst 1600 cpe max 1 timestamp ! ip subnet-zero ip cef no ip domain-lookup ip dhcp excluded-address 10.128.1.1 10.128.1.15 ip dhcp excluded-address 10.254.1.1 10.254.1.15 ip dhcp ping packets 1 ! ip dhcp pool CableModems network 10.128.1.0 255.255.255.0 bootfile platinum.cm next-server 10.128.1.1 default-router 10.128.1.1 option 128 ip 10.128.1.1 option 4 ip 10.128.1.1 option 2 hex ffff.8f80 option 11 ip 10.128.1.1 option 10 ip 10.128.1.1 lease 1 0 10 ! ip dhcp pool hosts network 10.254.1.0 255.255.255.0 next-server 10.254.1.1 default-router 10.254.1.1 dns-server 10.254.1.1 10.128.1.1 domain-name ExamplesDomainName.com lease 1 0 10 ! ip dhcp pool staticPC(012) host 10.254.1.12 255.255.255.0 client-identifier 0108.0009.af34.e2 client-name staticPC(012) lease infinite ! ip dhcp pool goldmodem host 10.128.1.129 255.255.255.0 client-identifier 0100.1095.817f.66 bootfile gold.cm ! ip dhcp pool DisabledModem(0010.aaaa.0001) host 10.128.1.9 255.255.255.0 client-identifier 0100.1095.817f.66 bootfile disable.cm ! ip dhcp pool DisabledModem(0000.bbbb.0000) client-identifier 0100.00bb.bb00.00 host 10.128.1.10 255.255.255.0 bootfile disable.cm ! ! ! interface FastEthernet0/0 no ip address no ip mroute-cache shutdown duplex auto speed auto ! interface FastEthernet0/1 no ip address no ip mroute-cache shutdown duplex auto speed auto ! interface Cable1/0 description Cable Downstream Interface ip address 10.254.1.1 255.255.255.0 secondary ip address 10.128.1.1 255.255.255.0 no keepalive cable downstream annex B cable downstream modulation 64qam cable downstream interleave-depth 32 cable downstream frequency 851000000 cable down rf-power 55 cable upstream 0 description Cable upstream interface, North cable upstream 0 frequency 37008000 cable upstream 0 power-level 0 cable upstream 0 admission-control 150 no cable upstream 0 shutdown cable upstream 1 description Cable upstream interface, South cable upstream 1 frequency 37008000 cable upstream 1 power-level 0 cable upstream 1 admission-control 150 no cable upstream 1 shutdown cable upstream 2 description Cable upstream interface, East cable upstream 2 frequency 37008000 cable upstream 2 power-level 0 cable upstream 2 admission-control 150 no cable upstream 2 shutdown cable upstream 3 description Cable upstream interface, West cable upstream 3 frequency 37008000 cable upstream 3 power-level 0 cable upstream 3 admission-control 150 no cable upstream 3 shutdown no cable arp cable source-verify dhcp cable dhcp-giaddr policy ! ip classless no ip forward-protocol udp netbios-ns ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 no ip http server ! ! alias exec scm show cable modem alias exec scf show cable flap alias exec scp show cable qos profile ! line con 0 transport input none line aux 0 line vty 0 4 login ! end To set up spectrum management in your configuration, use the following commands to set up the critical elements: cable spectrum-group 1 frequency 40000000 cable spectrum-group 1 frequency 20000000 2 In this illustration, the user has configured spectrum management group number "1" to be available to upstream channels. As defined by the two previous command lines, the "preferred" choice is for the upstream to operate on a 40-MHz channel. If that channel is not suitable for the transmission scheme available, the upstream automatically moves over to transmitting at 20 MHz and increases the receive power rating by 2 dB. The command lines in the sample configuration file beginning with the string cable modulation-profile contain the critical elements necessary to set up a modulation profile in your overall configuration: cable modulation-profile 3 request 0 16 1 8 16qam scrambler 152 no-diff 128 fixed uw16 cable modulation-profile 3 initial 5 34 0 48 16qam scrambler 152 no-diff 256 fixed uw16 cable modulation-profile 3 station 5 34 0 48 16qam scrambler 152 no-diff 256 fixed uw16 cable modulation-profile 3 short 5 75 6 8 16qam scrambler 152 no-diff 144 fixed uw8 cable modulation-profile 3 long 8 220 0 8 16qam scrambler 152 no-diff 160 fixed uw8 In this case, the user has configured modulation profile number "3" to be available to upstream channels wherever they are configured to apply it. Note that this modulation profile has been configured to operate with a QAM-16 modulation scheme. The default modulation scheme for any upstream profile (if it is not set to QAM-16) is QPSK. Later in the configuration file example, upstream port 0 on the cable interface card installed in slot 5 utilizes both the spectrum management and the modulation profile configured in the sample. cable upstream 0 spectrum-group 1 cable upstream 0 modulation-profile 3 EuroDOCSIS Operation The Cisco uBR7111E and Cisco uBR7114E routers support the EuroDOCSIS channel plans that use an 8 MHz channel width. Key commands that appear in the Cisco uBR7100 series configuration file that denote EuroDOCSIS operation include: •cable downstream annex A—Annex A is reserved for EuroDOCSIS operations (Annex B is used for DOCSIS NTSC operations). Annex A is chosen by default on the Cisco uBR7111E and Cisco uBR7114E routers. •cable upstream 0 frequency—The EuroDOCSIS upstream valid range is from 5,000,000 to 65,000,000 Hz. The following is a typical configuration file for EuroDOCSIS operation: ! version 12.1 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname UBR7114 ! ! cable modulation-profile 1 request 0 16 1 8 16qam scrambler 152 no-diff 128 fixed uw16 cable modulation-profile 1 initial 5 34 0 48 16qam scrambler 152 no-diff 256 fixed uw16 cable modulation-profile 1 station 5 34 0 48 16qam scrambler 152 no-diff 256 fixed uw16 cable modulation-profile 1 short 6 75 6 8 16qam scrambler 152 no-diff 144 fixeduw8 cable modulation-profile 1 long 8 220 0 8 16qam scrambler 152 no-diff 160 fixeduw8 cable modulation-profile 2 request 0 16 1 8 qpsk scrambler 152 no-diff 64 fixeduw8 cable modulation-profile 2 initial 5 34 0 48 qpsk scrambler 152 no-diff 128 fixed uw16 cable modulation-profile 2 station 5 34 0 48 qpsk scrambler 152 no-diff 128 fixed uw16 cable modulation-profile 2 short 5 75 6 8 qpsk scrambler 152 no-diff 72 fixed uw8 cable modulation-profile 2 long 8 220 0 8 qpsk scrambler 152 no-diff 80 fixed uw8 ! no cable qos permission create no cable qos permission update cable qos permission modems ! ! ! ! interface Loopback0 ip address 222.2.4.1 255.255.255.255 no ip directed-broadcast ! interface Loopback2 ip address 111.0.4.2 255.255.255.255 no ip directed-broadcast ! interface FastEthernet0/0 ip address 1.8.93.9 255.255.0.0 no ip directed-broadcast ! interface Cable1/0 ip address 3.214.1.1 255.255.255.0 no ip directed-broadcast load-interval 30 no keepalive cable spectrum-group 1 cable helper-address 1.8.93.100 cable downstream annex A cable downstream modulation 64qam cable downstream frequency 669000000 cable upstream 0 frequency 5008000 cable upstream 0 power-level 0 no cable upstream 0 shutdown cable upstream 1 frequency 10000000 cable upstream 1 power-level 0 no cable upstream 1 shutdown cable upstream 2 frequency 15008000 cable upstream 2 power-level 0 no cable upstream 2 shutdown cable upstream 3 frequency 20000000 cable upstream 3 power-level 0 no cable upstream 3 shutdown ! ip default-gateway 1.8.0.1 ip classless ip route 223.255.254.254 255.255.255.255 1.8.0.1 ! alias exec scm show cable modem ! line con 0 exec-timeout 0 0 transport input none line aux 0 line vty 0 4 password secret login ! end Transparent Bridging Configuration Bridging operation between the cable interface and port adapter interfaces is typically not used in DOCSIS CMTS installations because of potential performance and security problems, but bridging operations is appropriate for certain MDU/MTU applications. For example, a hotel could offer Internet connectivity for customers who want to use a fixed IP address, as opposed to being assigned a temporary IP address from the local server's DHCP address pool. Note Transparent bridging is supported only when using Cisco IOS Release 12.1(7)EC or greater. For complete details on transparent bridging and IRB operation, see the Bridging chapters in the Cisco IOS Bridging and IBM Networking Configuration Guide, Release 12.1, available on CCO and the Documentation CD-ROM. The following sample configuration file configures the Cisco uBR7111 router for basic bridging operation with the following features: •Basic DOCSIS Internet Access using bridging operations—This requires the following: –IP routing is disabled. –The FastEthernet and cable interfaces are assigned to the same bridge group. –Each interface receives the same IP address since they form one logical network. –The subscriber-loop-control bridging option is enabled on the cable interface to allow packets received on an upstream to be forwarded to another cable modem host on the downstream. Note The spanning-tree protocol is disabled, by default, on the cable interface, but this is not required. •DOCSIS Cable Modem Configuration Files—These configuration files provide several different service level options: –platinum.cm—Users are given a maximum upstream bandwidth of 128kbps, with a guaranteed minimum bandwidth of 10kbps. The downstream has a maximum bandwidth of 10Mbps. Up to 8 PCs are allowed on this connection. –gold.cm—Users are given a maximum upstream bandwidth of 64kbps and a maximum downstream bandwidth of 5Mbps. Up to 3 PCs are allowed on this connection. –silver.cm—Users are given a maximum upstream bandwidth of 64kbps and a maximum downstream bandwidth of 1Mbps. Only 1 PC is allowed on this connection. –disable.cm—Users are denied access to the cable network. This configuration file can be used for users who have cancelled service or have not paid their bills. •TFTP server provides access to the cable modem configuration files (but a DHCP server is not supported in bridging mode) The following is a typical configuration file for transparent bridging operation: ! version 12.1 no service pad service timestamps debug datetime msec localtime service timestamps log datetime no service password-encryption service udp-small-servers max-servers no-limit service tcp-small-servers max-servers no-limit ! hostname ubr7100 ! no cable qos permission create no cable qos permission update cable qos permission modems cable time-server ! cable config-file platinum.cm service-class 1 max-upstream 128 service-class 1 guaranteed-upstream 10 service-class 1 max-downstream 10000 service-class 1 max-burst 1600 cpe max 8 timestamp ! cable config-file gold.cm service-class 1 max-upstream 64 service-class 1 max-downstream 5000 service-class 1 max-burst 1600 cpe max 3 timestamp ! cable config-file silver.cm service-class 1 max-upstream 64 service-class 1 max-downstream 1000 service-class 1 max-burst 1600 cpe max 1 timestamp ! cable config-file disable.cm access-denied service-class 1 max-upstream 1 service-class 1 max-downstream 1 service-class 1 max-burst 1600 cpe max 1 timestamp ! ! clock timezone PST -9 clock calendar-valid ip subnet-zero no ip routing no ip finger no ip domain-lookup ! interface FastEthernet0/0 ip address 10.1.1.1 255.255.255.0 no ip route-cache no ip mroute-cache no keepalive duplex half speed auto no cdp enable bridge-group 1 bridge-group 1 spanning-disabled ! interface FastEthernet0/1 ip address 10.1.1.1 255.255.255.0 no ip route-cache no ip mroute-cache duplex auto speed 10 no cdp enable bridge-group 1 bridge-group 1 spanning-disabled ! interface Cable1/0 ip address 10.1.1.1 255.255.255.0 no ip route-cache no ip mroute-cache load-interval 30 no keepalive cable downstream annex B cable downstream modulation 256qam cable downstream interleave-depth 32 cable downstream frequency 525000000 no cable downstream rf-shutdown cable upstream 0 frequency 17808000 cable upstream 0 power-level 0 cable upstream 0 timing-adjust threshold 0 cable upstream 0 timing-adjust continue 0 cable upstream 0 channel-width 3200000 no cable upstream 0 shutdown bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 spanning-disabled ! ip default-gateway 1.10.0.3 ip classless no ip http server ! no cdp run tftp-server bootflash:platinum.cm alias platinum.cm tftp-server bootflash:gold.cm alias gold.cm tftp-server bootflash:silver.cm alias silver.cm tftp-server bootflash:disable.cm alias disable.cm ! line con 0 exec-timeout 0 0 privilege level 15 length 0 transport input none line aux 0 line vty 0 4 privilege level 15 no login ! end Integrated Routing and Bridging Configuration Integrated Routing and Bridging (IRB) operation allows bridging within a specific segment of networks or hosts, yet also allows those hosts to connect to devices on other, routed networks, without having to use a separate router to interconnect the two networks. IRB operation is typically not used in DOCSIS CMTS installations because of potential performance and security problems, but bridging operations is appropriate for certain MDU/MTU applications. For example, a hotel could offer Internet connectivity for customers who want to use a fixed IP address, as opposed to being assigned a temporary IP address from the local server's DHCP address pool. Note IRB operation is supported only when using Cisco IOS Release 12.1(7)EC or greater. For complete details on transparent bridging and IRB operation, see the Bridging chapters in the Cisco IOS Bridging and IBM Networking Configuration Guide, Release 12.1, available on CCO and the Documentation CD-ROM. The following sample configuration file configures the Cisco uBR7111 router for basic IRB operation with the following features: •Basic DOCSIS Internet Access using IRB operations—This requires the following: –IRB bridging is enabled. –The FastEthernet and cable interfaces are assigned to the same bridge group. –An IP address is configured only on the virtual BVI interface. No IP address is configured on any physical interface. –The subscriber-loop-control bridging option is enabled on the cable interface to allow packets received on an upstream to be forwarded to another cable modem host on the downstream. –The virtual BVI interface is configured with an IP address. Note The spanning-tree protocol is disabled, by default, on the cable interface, but this is not required. •DOCSIS Cable Modem Configuration Files—These configuration files provide several different service level options: –platinum.cm—Users are given a maximum upstream bandwidth of 128kbps, with a guaranteed minimum bandwidth of 10kbps. The downstream has a maximum bandwidth of 10Mbps. Up to 8 PCs are allowed on this connection. –gold.cm—Users are given a maximum upstream bandwidth of 64kbps and a maximum downstream bandwidth of 5Mbps. Up to 3 PCs are allowed on this connection. –silver.cm—Users are given a maximum upstream bandwidth of 64kbps and a maximum downstream bandwidth of 1Mbps. Only 1 PC is allowed on this connection. –disable.cm—Users are denied access to the cable network. This configuration file can be used for users who have cancelled service or have not paid their bills. •TFTP server provides access to the cable modem configuration files (but a DHCP server is not supported in bridging mode) The following is a typical configuration file for IRB operation: ! version 12.1 no service pad service timestamps debug datetime msec localtime service timestamps log datetime no service password-encryption service udp-small-servers max-servers no-limit service tcp-small-servers max-servers no-limit ! hostname ubr7100 ! logging buffered 409600 debugging no logging console ! no cable qos permission create no cable qos permission update cable qos permission modems cable time-server ! cable config-file platinum.cm service-class 1 max-upstream 128 service-class 1 guaranteed-upstream 10 service-class 1 max-downstream 10000 service-class 1 max-burst 1600 cpe max 8 timestamp ! cable config-file gold.cm service-class 1 max-upstream 64 service-class 1 max-downstream 5000 service-class 1 max-burst 1600 cpe max 3 timestamp ! cable config-file silver.cm service-class 1 max-upstream 64 service-class 1 max-downstream 1000 service-class 1 max-burst 1600 cpe max 1 timestamp ! cable config-file disable.cm access-denied service-class 1 max-upstream 1 service-class 1 max-downstream 1 service-class 1 max-burst 1600 cpe max 1 timestamp ! ! clock timezone PST -9 clock calendar-valid ip subnet-zero no ip finger no ip domain-lookup ! bridge irb ! interface FastEthernet0/0 no ip address no ip mroute-cache no keepalive duplex half speed auto no cdp enable bridge-group 1 bridge-group 1 spanning-disabled ! interface FastEthernet0/1 no ip address no ip mroute-cache duplex auto speed 10 no cdp enable bridge-group 1 bridge-group 1 spanning-disabled ! interface Cable1/0 no ip address no ip mroute-cache load-interval 30 no keepalive cable downstream annex B cable downstream modulation 256qam cable downstream interleave-depth 32 cable downstream frequency 525000000 no cable downstream rf-shutdown cable upstream 0 frequency 17808000 cable upstream 0 power-level 0 cable upstream 0 timing-adjust threshold 0 cable upstream 0 timing-adjust continue 0 cable upstream 0 channel-width 3200000 no cable upstream 0 shutdown bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 spanning-disabled ! interface BVI1 ip address 100.1.1.1 255.255.255.0 ! ip default-gateway 1.10.0.3 ip classless no ip http server ! no cdp run tftp-server bootflash:platinum.cm alias platinum.cm tftp-server bootflash:gold.cm alias gold.cm tftp-server bootflash:silver.cm alias silver.cm tftp-server bootflash:disable.cm alias disable.cm bridge 1 protocol ieee bridge 1 route ip alias exec scm show cable modem alias exec sib show ip int brief ! line con 0 exec-timeout 0 0 privilege level 15 length 0 transport input none line aux 0 line vty 0 4 privilege level 15 no login ! end Baseline Privacy Interface The Cisco uBR7100 series CMTS supports 56-bit and 40-bit encryption/decryption; 56 bit is the default. After you choose a CMTS image that supports BPI, BPI is enabled by default for the Cisco uBR7100 series routers. When baseline privacy is enabled, the Cisco uBR7100 series router routes encrypted/decrypted packets from a host or peer to another host or peer. BPI is configured with Key Encryption Keys (KEKs) and traffic encryption keys (TEKs). A KEK is assigned to a cable modem based on the cable modem's service identifier (SID), and permits the cable modem to connect to the Cisco uBR7100 series router when baseline privacy is activated. The TEK is assigned to a cable modem when its KEK has been established. The TEK is used to encrypt data traffic between the cable modem and the Cisco uBR7100 series CMTS. Keks and TEKs can be set to expire based on a gracetime or a lifetime value. A gracetime key is used to assign a temporary key to a cable modem to access the network. A lifetime key is used to assign a more permanent key to a cable modem. Each cable modem that has a lifetime key assigned will request a new lifetime key from the Cisco uBR7100 series CMTS before the current one expires. Tip Use the show cable modem command to identify a cable modem with encryption/decryption enabled. The online(pk) output of this command reveals a cable modem that is registered with BPI enabled and a KEK assigned. The online(pt) output reveals a cable modem that is registered with BPI enabled and a TEK assigned. Commands that enable, disable, and configure BPI encryption/decryption include: •cable privacy kek grace-time 800 •cable privacy kek life-time 750000 •cable privacy tek grace-time 800 •cable privacy tek life-time 56000 •cable privacy enable •cable privacy mandatory To change the Cisco uBR7100 series default of 56-bit encryption/decryption to 40-bit, use the "40 bit des" option: CMTS(config-if)# cable privacy ? 40-bit-des select 40 bit DES ^^^^^^^^^^ authenticate-modem turn on BPI modem authentication authorize-multicast turn on BPI multicast authorization kek KEK Key Parms mandatory force privacy be mandatory tek TEK Key Parms Software then generates a 40-bit DES key, where the DES key that is generated and returned masks the first 16-bits of the 56-bit key to zero in software. To return to 56-bit encryption/decryption after changing to 40-bit, enter the no command in front of the "40 bit des" option. Caution Cisco uBR7100 series telco return images that support BPI do not support encryption/decryption in the telco return path.
	© 1992-2009 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.