Table Of Contents
IP Address Verification for the Cisco uBR7200 Series Cable Router
Feature Overview
Benefits
Restrictions
Related Features and Technologies
Related Documents
Supported Platforms
Supported Standards, MIBs, and RFCs
Configuration Tasks
Configuring the DHCP Router
Verifying Unknown Source IP Addresses
Configuration Examples
Command Reference
cable source-verify
Syntax Description
Default
Command Mode
Command History
Usage Guidelines
Example
IP Address Verification for the Cisco uBR7200 Series Cable Router
Feature Overview
This feature enables Dynamic Host Control Protocol (DHCP) servers to verify IP addresses of upstream traffic.
This feature enables the uBR7200 to send LEASEQUERIES to the DHCP server to verify unknown source IP addresses when it receives an IP packet from an unknown host behind a cable modem on any upstream interface of a line card.
If the DHCP server responds with an ACK, the uBR7200 must use the returned information to determine if it is a PC behind a different cable modem that is spoofing a legitimate IP address or not. If the DHCP server responds with a NAK, then the host IP address is not active.
Benefits
Customers of Multiservice Operators (MSOs) will be prevented from using unauthorized, spoofed, or stolen IP addresses.
Restrictions
You must have a DHCP server that supports the LEASEQUERY message type.
Related Features and Technologies
lists the IOS cable router features released in the IOS 12.0 timeframe.
Table 1 uBR7200 Series Cable Router Features Available Since 12.0 T
Available With:
|
Category
|
Feature
|
11.3(5)NA & 12.0(3)T
|
Cable Features
|
Feature Enhancements
|
11.3(6)NA
|
|
MC16 Modem Card
|
11.3(8)NA
|
|
Access List Support Enhancements
|
12.0(4)T
|
|
Downstream Channel ID Configuration
|
12.0(4)T
|
|
Multiple Service ID Support
|
12.0(4)T
|
|
Cable Modem and Host Subnet Addressing
|
12.0(5)T
|
|
Telephone Return
|
12.0(5)T
|
|
Time Server Functionality
|
12.0(7)T
|
|
Amplitude Averaging Compensation
|
12.0(7)XR
|
|
Cable Interface Bundling
|
12.0(7)XR
|
|
Enhanced Modem Status Display
|
12.0(7)XR
|
|
Show Interface Cable Command Verbose Enhancements
|
12.0(7)XR
|
|
IP Address Verification
|
12.0(7)XR
|
|
Registration Timeout Configuration
|
12.0(7)XR
|
|
Show Cable Modem Command Enhancements
|
12.0(7)XR
|
|
Modem Status Summary Enhancements
|
12.0(7)XR
|
|
Show Controller Command Enhancements
|
12.0(7)XR
|
|
Configuring Concatenation
|
12.0(7)XR
|
|
Virtual Private Network Support
|
12.0(7)XR
|
|
Blind Hopping Support on the MC16S Modem Card
|
12.0(7)XR
|
|
Signal-to-Noise Ratio Data Support
|
11.3(9)NA and 12.0(4)T
|
Cable QoS
|
QoS Profile Enforcement
|
12.0(4)T
|
|
Quality of Service for Voice
|
11.3(9)NA
|
Network Management
|
Upstream Traffic Shaping Feature
|
12.0(5)T
|
|
Enhanced-Spectrum Management
|
12.0(5)T
|
|
Downstream Rate Shaping with TOS bits
|
12.0(7)XR
|
|
Spectrum Management Using the MC16S Modem Card
|
12.0(7)XR
|
|
Downstream Test Signals Configuration
|
12.0(7)XR
|
Wireless Features
|
Point-to-Point Wireless Support
|
Related Documents
The uBR7200 series cable router is described in Voice, Video, and Home Applications Configuration Guide for Cisco IOS Release 12.0 and in the following online feature modules:
•
Cisco uBR7246 Universal Broadband Router Feature Enhancements
•MC16 Modem Card for uBR7200
•uBR7200 Series Access List Support Enhancements
•QoS Profile Enforcement for the Cisco uBR7200 Series Router
•Upstream Traffic Shaping Feature
•Configuring Downstream Channel IDs
•Telephone Return for the Cisco uBR7200 Series Cable Router
•Enhanced-Spectrum Management for the Cisco uBR7200 Series Cable Router
•Time Server Functionality
•Cable Interface Bundling for the Cisco uBR7200 Series Cable Router
•Quality of Service for Voice on the Cisco uBR7200 Series Cable Router
•Modem Status Enhancements for the Cisco uBR7200 Series Cable Router
•Load Sharing Support
•Cable Modem and Host Subnet Addressing
•MGX Resource Pool Management Hardware Diagnostics
•IP Address Verification for the Cisco uBR7200 Series Cable Router (this feature)
•Configuring the Registration Timeout Value for the Cisco uBR7200 Series Cable Router
•Spectrum Management Using the MC16S Modem Card on the Cisco uBR7200 Series Cable Router
•Configuring Downstream Test Signals for the Cisco uBR7200 Series Cable Router
•Configuring Concatenation on the Cisco uBR7200 Series Cable Router
•Point-to-Point Wireless Support for the Cisco uBR7200 Series Universal Broadband Router
•Blind Hopping Support on the MC16S Modem Card for the Cisco uBR7200 Series Cable Router
•Downstream Rate Shaping with TOS bits on the uBR7200 Series Cable Router
•Amplitude Averaging Compensation on the Cisco uBR7200 Series Cable Router
Supported Platforms
uBR7200 series
Supported Standards, MIBs, and RFCs
Standards
No new or modified standards are supported by this feature.
MIBs
No new or modified MIBs are supported by this feature.
RFCs
No new or modified RFCs are supported by this feature.
Configuration Tasks
See the following tasks to verify source IPs.
•Configuring the DHCP Router (Required)
Configuring the DHCP Router
Command
|
Purpose
|
Router(config-if)# cable source-verify dhcp
|
Sends DHCP LEASEQUERRIES packets to verify unknown source IP addresses.
|
Verifying Unknown Source IP Addresses
Step 1 Without enabling the cable source-verify dhcp command on the router, move a PC from behind one CM to behind another.
Step 2 Ping the PC. The ping fails because the new source IP address is not known.
Step 3 Enable cable source-verify dhcp command along with the ip dhcp relay info option command1 . Then move the PC from behind one CM to behind another.
Step 4 Ping the PC. If the ping is successful, the PC's IP address is verified and accepted.
Configuration Examples
None
Command Reference
This section documents the modified cable source-verify command. All other commands used with this feature are documented in the Cisco IOS Release 12.0 command reference publications.
cable source-verify
To turn on cable modem upstream verification, use the cable source-verify cable interface configuration command. To turn off the display of this information, use the no form of this command.
cable source-verify [dhcp]
no cable source-verify dhcp
Syntax Description
dhcp
|
Specifies that queries will be sent to verify unknown source IP addresses in upstream data packets.
|
Default
Disabled
Command Mode
Cable interface configuration
Command History
Release
|
Modification
|
11.3 XA
|
This command was introduced.
|
12.0(7)T
|
The dhcp keyword was added.
|
Usage Guidelines
The router sends DHCP LEASEQUERIES to verify unknown source IP addresses in upstream data packets. For maximum protection, turn on the DHCP relay-agent information option (ip dhcp relay info option) on the uBR when using this feature.
Example
router(config-if)# cable source-verify dhcp
router(config-if)# no cable source-verify
1 Cisco recommends that you use the
ip dhcp relay info option command for maximum protection.
