Worldwide [change] |Account |Register |About Cisco
Guest

Hierarchical Navigation

Cisco IOS and NX-OS Software

Subscriber Management Packet Filtering for DOCSIS 2.0

Downloads

Table Of Contents

Subscriber Management Packet Filtering Extension for DOCSIS 2.0

Finding Feature Information

Contents

Prerequisites for Configuring Subscriber Management Packet Filtering

Restriction for Configuring Subscriber Management Packet Filtering

Information About Configuring Subscriber Management Packet Filtering

How to Configure Subscriber Management Packet Filtering

Configuring the Filter Group

Defining the Upstream and Downstream MTA Filter Group

Defining the Upstream and Downstream STB Filter Group

Defining the Upstream and Downstream PS Filter Group

Configuration Examples for Subscriber Management Packet Filtering

Configuring the Filter Group: Example

Defining the Upstream and Downstream MTA Filter Group: Example

Defining the Upstream and Downstream STB Filter Group: Example

Defining the Upstream and Downstream PS Filter Group: Example

Additional References

Related Documents

Standards

MIBs

RFCs

Technical Assistance

Command Reference

Feature Information for Subscriber Management Packet Filtering


Subscriber Management Packet Filtering Extension for DOCSIS 2.0

First Published: December 17, 2008
Last Updated: November 16, 2009

The Cisco universal broadband router supports management of data packet filtering based on the subscriber's preferences and criteria. Packet filtering enhances security to the cable network by allowing only the specific packets to flow to the Customer Premise Equipment (CPE) while dropping the unwanted data packets from the cable network.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release.

Use Cisco Feature Navigator to find information about platform support and Cisco IOS, Catalyst OS, and Cisco IOS XE software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

Contents

Prerequisites for Configuring Subscriber Management Packet Filtering

Restriction for Configuring Subscriber Management Packet Filtering

Information About Configuring Subscriber Management Packet Filtering

How to Configure Subscriber Management Packet Filtering

Configuration Examples for Subscriber Management Packet Filtering

Additional References

Command Reference

Feature Information for Subscriber Management Packet Filtering

Prerequisites for Configuring Subscriber Management Packet Filtering

Table 1shows the hardware compatibility prerequisites for the subscriber management packet filtering feature.

Table 1 Cable Hardware Compatibility Matrix for Subscriber Management Packet Filtering

CMTS Platform
Processor Engine
Cable Interface Line Cards

Cisco uBR10012 Universal Broadband Router

Cisco IOS Release 12.2(33)SCB

PRE2

PRE4

Cisco uBR10-MC5X20S/U/H


The software prerequisites for the subscriber management packet filtering feature are:

The latest software image is loaded and working on the Cable Modem Termination System (CMTS) and the cable modems (CM).

The configuration information on the main performance routing engine (PRE) and the standby PRE should be the same before the switchover.

Restriction for Configuring Subscriber Management Packet Filtering

This feature can define up to 254 filtering groups. The number of filters in each group is 255.

Information About Configuring Subscriber Management Packet Filtering

A filter group specifies what filters are applied to the packets going to or coming from each specific CM or CPE device. It defines the rules or criteria to filter or drop a packet. Every packet that has to be filtered can either be accepted to send or filtered to be dropped. The criteria to filter a packet depends on the subscriber's preferences. The filter group can be applied to different subscriber management groups.

Cable subscriber management can be established using the following configuration methods:

CMTS router configuration (via CLI)

SNMP configuration

The process of configuring the subscriber management packet filtering is:

1. The packet filter group defines the action for a packet. The packet can be let to go to the CPE or dropped off the cable network based on the subscriber's packet criteria.

2. The CM sends a registration request to the CMTS. The registration request contains provisioning information that defines the association of a Packet Filtering Group (PFG) with the CM and its subscribers.

3. The specific downstream or upstream PFGs are used to bind the CM, CPE, embedded Multimedia Terminal Adaptor (eMTA), embedded Set-Top Box (eSTB) and embedded portal server (ePS) to a specific PFG.

4. The CMTS identifies the CPE device based on the CPE's DHCP information.

Note For the filter group to work for CMs, a CM must re-register after the CMTS router is configured.

How to Configure Subscriber Management Packet Filtering

This section describes the configuration tasks that are performed to manage subscriber packet filtering on the Cisco CMTS platforms. You can use the command-line interface (CLI) commands to complete the configuration.

See the following sections for the configuration tasks.

1. Configuring the Filter Group

2. Defining the Upstream and Downstream MTA Filter Group

3. Defining the Upstream and Downstream STB Filter Group

4. Defining the Upstream and Downstream PS Filter Group

Configuring the Filter Group

This section describes the tasks to configure the packet filter group. Follow the summary steps to complete the configuration.

To create, configure, and activate a DOCSIS filter group that filters packets on the basis of the TCP/IP and UDP/IP headers, use the cable filter group command in global configuration mode.

SUMMARY STEPS

1. enable

2. configure terminal

3. cable filter group group-id index index-num [option option-value]

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Router#

Enables privileged EXEC mode. Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Router(config)#

Enters global configuration mode.

Step 3 

cable filter group group-id index index-num [option option-value]

Example:

Router(config)# cable filter group 10 index 10 src-ip 10.7.7.7

Creates, configures, and activates a DOCSIS filter group that filters packets.

group-id— The unique group ID for this filter group. The valid range is 1 to 254. 255 is reserved for use by the CMTS router.

index-num—The unique index for this particular filter. The valid range is 1 to 255.

Specify one of the following options and option-values:

dest-ip—(optional) The destination IP address that should be matched. The default IP address is 0.0.0.0.

dest-mask— (optional) The mask for the destination address that should be matched.

dest-port— (optional) The TCP/UDP destination port number that should be matched. The valid range is 0 to 65535.

ip-proto—(optional) The IP protocol type number that should be matched. The valid range is 0 to 256, with a default value of 256 that matches all protocols.

ip-tos—(optional) The type of service (TOS) mask and value to be matched.

match-action—(optional) The action that should be taken for packets that match this filter.

accept—Packets that match the filter are accepted (default).

drop—Packets that match the filter are dropped.

range-dest-port—(optional) The TCP/UDP destination port start number that should be matched. The valid range is 0 to 65535.

range-ip-tos—(optional) The mask against TOS start and end value, expressed in hexadecimal notation.

range-src-port—(optional) The TCP/UDP source port number that should be matched. The valid range is 0 to 65535.

src-ip— (optional) The source IP address that should be matched. The default IP address is 0.0.0.0.

src-mask—(optional) The mask for the source address that should be matched.

src-port—(optional) The the TCP/UDP source port number that should be matched. The valid range is 0 to 65535.

 

status—(optional) Enables or disables the filter (IPv4 and IPv6 filters):

active—Enables the filter immediately (default).

inactive —Disables the filter immediately.

Note You must create a filter group using at least one of the other options before you can use this command to enable or disable the filter.

tcp-flags—(optional) The TCP flag mask and value to be matched.

v6-dest-address—(optional) Specifies the IPv6 destination address that should be matched

v6-dest-pfxlen—(optional) Specifies the length of the network portion of the IPv6 destination address. The valid range is 0 to 128.

v6-src-address—(optional) Specifies the IPv6 source address that should be matched

v6-src-pfxlen—(optional) Specifies the length of the network portion of the IPv6 source address. The valid range is 0 to 128.

Defining the Upstream and Downstream MTA Filter Group

This section describes the configuration tasks to define the upstream and downstream subscriber management filter groups for an embedded Multimedia Terminal Adaptor (eMTA.) Follow the summary steps to complete the configuration.

SUMMARY STEPS

1. enable

2. configure terminal

3. cable submgmt default filter-group mta {downstream | upstream} group-id

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

cable submgmt default filter-group mta {downstream | upstream} group-id

Example:

Router(config)# cable submgmt default filter-group mta downstream 130

Defines the upstream and downstream subscriber management filter groups for an MTA.

downstream— The filter group applies to the downstream traffic that is going to the specified MTA.

upstream— The filter group applies to the upstream traffic that is coming from the specified MTA.

group-id— The filter group ID (0 to 254) to be applied for the MTA, downstream or upstream filter.

Defining the Upstream and Downstream STB Filter Group

This section describes the configuration tasks to define the upstream and downstream subscriber management filter groups for a Set-Top Box (STB.) Follow the summary steps to complete the configuration.

SUMMARY STEPS

1. enable

2. configure terminal

3. cable submgmt default filter-group stb {downstream | upstream} group-id

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

cable submgmt default filter-group stb {downstream | upstream} group-id

Example:

Router(config)# cable submgmt default filter-group stb downstream 20

Defines the upstream and downstream subscriber management filter groups for an STB.

downstream— The filter group applies to the downstream traffic that is going to the specified STB.

upstream— The filter group applies to the upstream traffic that is coming from the specified STB.

group-id— The filter group ID (0 to 254) to be applied for the STB, downstream or upstream filter.

Defining the Upstream and Downstream PS Filter Group

This section describes the configuration tasks to define the upstream and downstream subscriber management filter groups for a Portal Server (PS.) Follow the summary steps to complete the configuration.

SUMMARY STEPS

1. enable

2. configure terminal

3. cable submgmt default filter-group ps {downstream | upstream} group-id

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Router#

Enables privileged EXEC mode. Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Router(config)#

Enters global configuration mode.

Step 3 

cable submgmt default filter-group ps {downstream | upstream} group-id

Example:

Router(config)# cable submgmt default filter-group ps downstream 10

Defines the upstream and downstream subscriber management filter groups for a portal server.

downstream— The filter group applies to the downstream traffic that is going to the specified portal server.

upstream— The filter group applies to the upstream traffic that is coming from the specified portal server.

group-id— The filter group ID (0 to 254) to be applied for the portal server, downstream or upstream filter.

Configuration Examples for Subscriber Management Packet Filtering

This section describes a sample configuration example for configuring the subscriber management packet filtering.

Configuring the Filter Group: Example

Defining the Upstream and Downstream MTA Filter Group: Example

Defining the Upstream and Downstream STB Filter Group: Example

Defining the Upstream and Downstream PS Filter Group: Example

Configuring the Filter Group: Example

The following example shows configuration of a filter group that drops packets with a source IP address of 10.7.7.7 and a destination IP address of 10.8.8.8, and a source port number of 2000 and a destination port number of 3000. All protocol types and ToS and TCP flag values are matched: 

Router(config)# cable filter group 10 index 10 src-ip 10.7.7.7

Router(config)# cable filter group 10 index 10 src-mask 255.255.0.0

Router(config)# cable filter group 10 index 10 dest-ip 10.8.8.8

Router(config)# cable filter group 10 index 10 dest-mask 255.255.0.0

Router(config)# cable filter group 10 index 10 ip-proto 256

Router(config)# cable filter group 10 index 10 src-port 2000

Router(config)# cable filter group 10 index 10 dest-port 3000

Router(config)# cable filter group 10 index 10 tcp-flags 0 0

Router(config)# cable filter group 10 index 10 match-action drop

Defining the Upstream and Downstream MTA Filter Group: Example

The following example shows configuration of an upstream and downstream MTA filter group. 

Router#configure terminal

Router(config)#cable submgmt default filter-group mta downstream 10

Defining the Upstream and Downstream STB Filter Group: Example

The following example shows configuration of an upstream and downstream STB filter group. 

Router#configure terminal

Router(config)#cable submgmt default filter-group stb downstream 20

Defining the Upstream and Downstream PS Filter Group: Example

The following example shows configuration of an upstream and downstream portal server filter group. 

Router#configure terminal

Router(config)#cable submgmt default filter-group ps downstream 10

Additional References

The following sections provide references related to configuring the subscriber management packet filtering feature.

Related Documents

Related Topic
Document Title

CMTS Command Reference

Cisco IOS CMTS Cable Command Reference, at the following URL:

http://www.cisco.com/en/US/docs/ios/cable/command/reference/cbl_book.html

Cisco uBR10012 Universal Broadband Router Documentation

Cisco uBR10012 Universal Broadband Router Hardware Installation Guide, at the following URL:

http://www.cisco.com/en/US/docs/cable/cmts/ubr10012/installation/guide/hig.html

Cisco uBR10012 Universal Broadband Router Software Configuration Guide, at the following URL:

http://www.cisco.com/en/US/docs/cable/cmts/ubr10012/configuration/guide/scg.html

Cisco uBR10012 Universal Broadband Router Release Notes

http://www.cisco.com/en/US/products/hw/cable/ps2209/prod_release_notes_list.html


Standards

Standard
Title

None

 

MIBs

MIB
MIBs Link

None

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs


RFCs

RFC
Title

None

 

Technical Assistance

Description
Link

The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

http://www.cisco.com/techsupport


Command Reference

For information about commands, see the Cisco IOS CMTS Command Reference at http://www.cisco.com/en/US/docs/ios/cable/command/reference/cbl_book.html. For information about all Cisco IOS commands, use the Command Lookup Tool at http://tools.cisco.com/Support/CLILookup or the Cisco IOS Master Command List, All Releases, at http://www.cisco.com/en/US/docs/ios/mcl/allreleasemcl/all_book.html.

Feature Information for Subscriber Management Packet Filtering

Table 2 lists the features in this module and provides links to specific configuration information. Only features that were introduced or modified in Cisco IOS Release 12.2(33)SCB or a later release appear in the table.

Not all commands may be available in your Cisco IOS software release. For release information about a specific command, see the command reference documentation.

Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS, Catalyst OS, and Cisco IOS XE software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

Note Table 2 lists only the Cisco IOS software release that introduced support for a given feature in a given Cisco IOS software release. Unless noted otherwise, subsequent releases of that Cisco IOS software release also support that feature.

Table 2 Feature Information for Subscriber Management Packet Filtering

Feature Name
Releases
Feature Information

Subscriber Management Packet Filtering

12.2(33)SCB

The Cisco universal broadband router supports management of data packet filtering based on the subscriber's preferences and criteria.


CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Nurse Connect, Cisco Pulse, Cisco SensorBase, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn, Cisco Capital, Cisco Capital (Design), Cisco:Financed (Stylized), Cisco Store, Flip Gift Card, and One Million Acts of Green are service marks; and Access Registrar, Aironet, AllTouch, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Lumin, Cisco Nexus, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, Continuum, EtherFast, EtherSwitch, Event Center, Explorer, Follow Me Browsing, GainMaker, iLYNX, IOS, iPhone, IronPort, the IronPort logo, Laser Link, LightStream, Linksys, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, PCNow, PIX, PowerKEY, PowerPanels, PowerTV, PowerTV (Design), PowerVu, Prisma, ProConnect, ROSA, SenderBase, SMARTnet, Spectrum Expert, StackWise, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.

All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0910R)

Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.

© 2009 Cisco Systems, Inc. All rights reserved.