Cable Modems

Document ID: 41862

Contents

Introduction
Prerequisites
      Requirements
      Components Used
      Conventions
Background Information
Configure
      Network Diagram
      Configurations
Verify
Troubleshoot
Related Information

Introduction

This document provides a sample configuration for Network Address Translation (NAT) on the uBR904.

In most cases, Multiple Service Organizations (MSO) assign private IP addresses to the outside cable interface, and dynamic public IP addresses inside to the PC behind the cable modem. When you do this, you can configure a Cisco cable modem as a router to perform NAT in order to enhance IP address functionality, allocation, and various services. NAT is configured on the cable modem to translate private addresses into one or more public addresses. The implementation of NAT is different, however, based on the platform you deploy and if IP address allocation is intended to be dynamically or statically assigned.

If the MSO provides dynamic private IP addresses to cable interfaces, and provides dynamic public IP addresses to hosts behind the cable modem, and wants to perform NAT overload on the public IP addresses, Cisco recommends you configure the cable dhcp-proxy nat command feature on uBR924, uBR925, uBR905, or Cable Voice Adapter (CVA) cable modems.

This document was created because the uBR904 does not support the cable dhcp-proxy nat command feature.

Note: If you use uBR904 and want to perform NAT, then you have to request a static IP address from the MSO. Once you have the static IP address, you can configure NAT on uBR904 when you:

• create a loopback interface

• use an Ethernet secondary interface

Prerequisites

Requirements

Ensure that you meet these requirements before you attempt this configuration:

• basic understanding of the DOCSIS protocol

• knowledge of NAT

• experience with the Cisco IOS® command line

Components Used

In order to configure NAT on a Cisco uBR900 series cable modem, the cable modem must be configured in routing mode, not bridging mode. In implementation, all versions of the Cisco IOS available on the Cisco uBR900 series support NAT. For the configuration in this document, Cisco IOS Software Release 12.1(6) was used on the uBR904.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

Refer to Cisco Technical Tips Conventions for more information on document conventions.

Background Information

In its simplest configuration, NAT operates on a router that connects two networks together.

One of these networks (designated as inside) is addressed with either private or obsolete addresses that need to be converted into legal, routeable addresses before packets are forwarded onto the other network (designated as outside).

Translation operates in conjunction with routing. NAT can simply be enabled on a customer-side Internet access router, such as the Cisco uBR900. Use of a NAT device provides RFC 1631-style NAT on the router platform. RFC 1631 represents a subset of Cisco IOS NAT functionality. When properly configured, NAT should be transparent to the end user.

Generally, cable modem ISPs provide two IP addresses, one for the cable interface and the other for the host behind the cable modem. When the cable modem comes online, the cable interface receives the IP address from the DHCP server of the cable service provider. According to DOCSIS standard, the cable interface IP address needs to be a dynamic IP address. Generally, cable modem service providers provide private RFC 1597 IP addresses, such as 10.x.x.x, to the cable interface. It is unnecessary to perform NAT on these non-routeable IP addresses to connect to the Internet.

The second IP address is a public IP address that can be reached from the Internet (RFC 1466 ), and can be a statically or dynamically assigned. Typically, MSO provides dynamic public IP addresses for hosts behind the cable modem. If you are provided a dynamic public IP address from your MSO and you wish to perform NAT over this IP address to reach the Internet, you need to use the cable dhcp-proxy nat command feature.

Configure

In this section, you are presented with the information to configure the features described in this document.

Note: Use the Command Lookup Tool (registered customers only) to find more information on the commands used in this document.

Network Diagram

This document uses this network setup:

Configurations

version 12.1
no service pad
service times tamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname ubr904
!
enable password ww
!
!
!
!
!
clock timezone - -8
ip subnet-zero
no ip finger
!         
!
!
!
interface Ethernet0
 ip address 10.1.1.1 255.255.255.0    


!--- IP address of the Ethernet


 ip nat inside                        


!--- Inside network with private addresses



!
interface cable-modem0



!--- Some IOS releases show the command ip address
!--- negotiated; others show the ip address
!--- command outside of the network with public addresses.



											    
 ip nat outside                       



 cable-modem downstream saved channel 555000000 42 1
 cable-modem mac-timer t2 80000
 no cable-modem compliant bridge 
     

!--- Place the cable modem in routing mode, not bridging mode.



!
ip default-gateway 172.16.30.1
ip nat inside source list 1 interface cable-modem0 overload   


!--- Enable NAT.


ip classless
ip route 0.0.0.0 0.0.0.0 172.16.30.1  


!--- Default route for IP packets



ip http server
!
access-list 1 permit 10.1.1.0 0.0.0.255  


!--- List of specific inside addresses to translate



snmp-server manager
!
line con 0
 transport input none
line vty 0 4
 password ww
 login
!
end

Note: Cable modem 0 interface does not show any information about the IP address. The cable interface rarely shows the IP address (in this case, it is IP address 172.16.30.20 255.255.255.0). In later releases of Cisco IOS, the commands ip address negotiated or ip address docsis are used. This depends on the cable modem platform and the Cisco IOS software release. If you want to know what IP address you have on the cable interface, issue the show ip interface brief or show interface commands.

It is also recommended that this command be added in the global configuration to limit the size of the NAT translation table:

ip nat translation max-entries 6000 

Verify

Use these commands in order to make sure that NAT works properly:

The Output Interpreter Tool (registered customers only) (OIT) supports certain show commands. Use the OIT to view an analysis of show command output.

• show ip interface brief

• show ip nat translation

• show ip nat statistics

• debug ip nat [ list ] [ detailed]

Issue the show ip interface brief command on the ubr904 to see the interfaces that are up.

ubr904#show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
Ethernet0                  10.1.1.1        YES manual up                    up      
cable-modem0               172.16.30.20    YES unset  up                    up  

You can also see the ARP table by issuing the show arp command.

ubr904#show arp     
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  10.1.1.2               23   0010.7964.e43c  ARPA   Ethernet0
Internet  10.1.1.1                -   0010.7bed.9b44  ARPA   Ethernet0
Internet  172.16.30.1            20   00b0.8ef5.9070  ARPA   cable-modem0
Internet  172.16.30.20            -   0010.7bed.9b45  ARPA   cable-modem0 

Another useful show command is show ip route.

ubr904#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is 172.16.30.1 to network 0.0.0.0

     172.16.0.0/24 is subnetted, 1 subnets
C       172.16.30.0 is directly connected, cable-modem0
     10.0.0.0/24 is subnetted, 1 subnets
C       10.1.1.0 is directly connected, Ethernet0
S*   0.0.0.0/0 [1/0] via 172.16.30.1

The show ip nat statistics command allows you to see how many hits and misses NAT has had since the last time the table was cleared.

ubr904#show ip nat statistics
Total active translations: 3 (0 static, 3 dynamic; 3 extended)
Outside interfaces:
  cable-modem0
Inside interfaces: 
  Ethernet0
Hits: 65  Misses: 13
Expired translations: 10
Dynamic mappings:
-- Inside Source
access-list 1 interface cable-modem0 refcount 3

Troubleshoot

In order to verify the show arp command configuration, issue the debug ip nat detail command and generate some traffic from the client. In this case, a Telnet session was initiated from the PC with IP address 10.1.1.2 to a server behind the CMTS with an address of 172.16.135.11.

Note: Refer to Important Information on Debug Commands before you use debug commands.

ubr904#debug ip nat detailed
IP NAT detailed debugging is on
ubr904#
06:25:18: NAT: Allocated Port for 10.1.1.2 -> 172.16.30.20: wanted 7435 got 7435
06:25:18: NAT: i: icmp (10.1.1.2, 7435) -> (172.16.135.11, 7435) [245]
06:25:18: NAT*: o: icmp (172.16.135.11, 7435) -> (172.16.30.20, 7435) [245]
06:25:18: NAT: Allocated Port for 10.1.1.2 -> 172.16.30.20: wanted 7436 got 7436
06:25:18: NAT: i: icmp (10.1.1.2, 7436) -> (172.16.135.11, 7436) [246]
06:25:18: NAT*: o: icmp (172.16.135.11, 7436) -> (172.16.30.20, 7436) [246]
06:25:18: NAT: Allocated Port for 10.1.1.2 -> 172.16.30.20: wanted 7437 got 7437
06:25:18: NAT: i: icmp (10.1.1.2, 7437) -> (172.16.135.11, 7437) [247]
06:25:18: NAT*: o: icmp (172.16.135.11, 7437) -> (172.16.30.20, 7437) [247]
06:25:18: NAT: Allocated Port for 10.1.1.2 -> 172.16.30.20: wanted 7438 got 7438
06:25:18: NAT: i: icmp (10.1.1.2, 7438) -> (172.16.135.11, 7438) [248]
06:25:18: NAT*: o: icmp (172.16.135.11, 7438) -> (172.16.30.20, 7438) [248]
06:25:18: NAT: Allocated Port for 10.1.1.2 -> 172.16.30.20: wanted 7439 got 7439
06:25:18: NAT: i: icmp (10.1.1.2, 7439) -> (172.16.135.11, 7439) [249]
06:25:18: NAT*: o: icmp (172.16.135.11, 7439) -> (172.16.30.20, 7439) [249]
ubr904#

Notice in the debug command output that the client (10.1.1.2) sends ICMP packets to the destination of the ping (172.16.135.11). In this case, the router allocates ports to do the NAT.

Issue the show ip nat translation command to see how NAT performs this function.

ubr904#show ip nat translation
Pro Inside global      Inside local       Outside local      Outside global
icmp 172.16.30.20:7435 10.1.1.2:7435      172.16.135.11:7435 172.16.135.11:7435
icmp 172.16.30.20:7436 10.1.1.2:7436      172.16.135.11:7436 172.16.135.11:7436
icmp 172.16.30.20:7437 10.1.1.2:7437      172.16.135.11:7437 172.16.135.11:7437
icmp 172.16.30.20:7438 10.1.1.2:7438      172.16.135.11:7438 172.16.135.11:7438
icmp 172.16.30.20:7439 10.1.1.2:7439      172.16.135.11:7439 172.16.135.11:7439
ubr904#

Note: For a detailed explanation on this output, refer to NAT: Local and Global Definitions.

Related Information

• Network Address Translation (NAT) Support Page
• Bridging and Routing Features for the Cisco uBR904 Cable Modem
• Cisco IOS Network Address Translation
• Cisco Network Address Translation (NAT) Frequently Asked Questions
• NAT Support for Multiple Pools Using Route Maps
• RFC 1631-style network address translation
• Technical Support & Documentation - Cisco Systems