The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This document explains how the Cisco Data-over-Cable Service Interface Specifications (DOCSIS) Customer Premises Equipment (CPE) Configurator handles shared-secret keys.
Cable shared-secret is one mechanism that can be used to reduce theft of service by non-subscribers. It works by using a single shared-secret key configured in both the Cable Modem Termination System (CMTS) and the DOCSIS config file that is sent down to cable modems prior to them coming online. If this feature is configured, the cable modem cannot complete registration to the CMTS without the key.
The first step in troubleshooting installations with cable shared-secret (particularly new installations) involves visually verifying that the cable shared-secret configured on the CMTS matches the one in the DOCSIS configuration file.
For more information on document conventions, see the Cisco Technical Tips Conventions.
The reader must have basic understanding of DOCSIS.
This command first appeared in Cisco IOS® Software Release 11.3 XA.
To visually verify the cable shared-secret on the CMTS, check the configuration with the show run command, as shown in this example.
Router#show running-config interface Cable3/0 Building configuration... interface Cable3/0 ip address 10.1.1.1 255.255.255.0 no keepalive cable shared-secret SECRET-PASSWORD-TO-SHARE cable map-advance static cable downstream annex B cable downstream modulation 64qam cable downstream interleave-depth 32 cable downstream frequency 583250000 cable upstream 0 frequency 28000000 cable upstream 0 power-level 0 no cable upstream 0 shutdown cable dhcp-giaddr policy cable helper-address 192.168.101.3 !
When the Cisco DOCSIS CPE Configurator is used to open and view the DOCSIS config file in question, however, the cable shared-secret (called CMTS Authentication by the Configurator) does not appear, as shown in this graphic.
By design, the Cisco DOCSIS CPE Configurator does not display the value of the CMTS Authentication field when a file is opened (for security purposes). When a new file is created or an existing one is updated to include the CMTS Authentication feature, however, the value can be seen as long as that Configurator session is open and active. Once the Configurator session on a given file ends (Configurator is closed or a different file opened), the CMTS Authentication value cannot be seen again.
Note: Use caution when you overwrite existing files with the Cisco DOCSIS CPE Configurator. The CMTS Authentication value can be corrupted by overwriting an existing file. When possible, add CMTS Authentication to an existing file, then save to a new filename. When reuse of the same filename is required, save the updated file to a different filename and end the Configurator session (exit the Configurator or open a new file). You can issue command-line interface (CLI) commands or use GUI tools to change the filename to the desired, pre-existing one. In DOS, use the rename or copy commands; in UNIX, use the mv command; or inWindows Explorer, right-click the file and choose Rename.