Cisco IOS Release 12.2(15)BC1 and later releases display the
following system error messages to provide information about cable modems that
have failed the CMTS Message Integrity Check (MIC) when the Dynamic Shared
Secret feature is enabled.
The following system error messages provide information about
cable modems that have failed the CMTS Message Integrity Check (MIC) when the
Dynamic Shared Secret feature is enabled.
Message
The cable modem’s
DOCSIS configuration file did not contain a Message Integrity Check (MIC) value
that corresponds with the proper Dynamic Shared Secret that was used to encode
it. The CMTS has, therefore, assigned a restrictive quality of service (QoS)
configuration to this cable modem to limit its access to the network. The CMTS
has also locked the cable modem so that it will remain locked in the restricted
QoS configuration until it goes offline for at least 24 hours, at which point
it is permitted to reregister and obtain normal service (assuming it is
DOCSIS-compliant and using a valid DOCSIS configuration file).
This error message
appears when the
cable
dynamic-secret
lock
command has been applied to a cable interface to enable the
Dynamic Shared Secret feature for the DOCSIS configuration files on that cable
interface. The cable modem has been allowed to register and come online, but
with a QoS configuration that is limited to a maximum rate of 10 kbps for both
the upstream and downstream flows. Check to ensure that this cable modem is not
running old software that caches the previously used configuration file. Also
check for a possible theft-of-service attempt by a user attempting to download
a modified DOCSIS configuration file from a local TFTP server. The CM cannot
reregister with a different QoS profile until it has been offline for 24 hours,
without attempting to register, or you have manually cleared the lock using the
clear
cable
modem
lock command.
Message
The cable modem’s
DOCSIS configuration file did not contain a Message Integrity Check (MIC) value
that corresponds with the proper dynamic shared secret that was used to encode
it. The CMTS has allowed this modem to register and come online, but has marked
it in the
show
cable
modem displays with an exclamation point (!) so
that the situation can be investigated.
This error message
appears when the
cable
dynamic-secret
mark
command has been applied to a cable interface to enable the
Dynamic Shared Secret feature for the DOCSIS configuration files on that cable
interface. Check to ensure that this cable modem is not running old software
that caches the previously used configuration file. Also check for a possible
theft-of-service attempt by a user attempting to download a modified DOCSIS
configuration file from a local TFTP server.
Message
The CMTS could not
obtain the DOCSIS configuration file for this cable modem from the TFTP server.
This message occurs when the Dynamic Shared Secret feature is enabled on the
cable interface with the
cable
dynamic-secret command.
Verify that the
CMTS has network connectivity with the TFTP server, and that the specified
DOCSIS configuration file is available on the TFTP server. Check that the DHCP
server is correctly configured to send the proper configuration filename in its
DHCP response to the cable modem. Also verify that the DOCSIS configuration
file is correctly formatted.
This problem could
also occur if the TFTP server is offline or is overloaded to the point where it
cannot respond promptly to new requests. It might also be seen if the interface
between the CMTS and TFTP server is not correctly configured and flaps
excessively.
Note |
This error
indicates a problem with the provisioning system outside of the Cisco CMTS.
Disabling the Dynamic Shared Secret feature does not clear the fault, nor does
it allow cable modems to come online. You must first correct the problem with
the provisioning system.
|
Message
%UBR10000-4-BADCFGFILE: Modem config file [chars] at [integer]: [chars]
The DOCSIS
configuration file for the cable modem failed its CMTS MIC verification, either
because the MIC is missing or because the CMTS MIC failed verification with the
shared secret or secondary shared secrets that have been configured for the
cable interface. This message occurs when the dynamic secret feature is enabled
on the cable interface with the
cable
dynamic-secret command.
Verify that the
DOCSIS configuration file for the cable modem has been created using the
correct shared secret value. Also verify that the DHCP server is specifying the
proper configuration file for this cable modem, and that the configuration file
on the TFTP server is the correct one.
Use the
show
cable
modem command to display the MAC state for this
particular cable modem. If the cable modem will remain in the “init(t)” state
continually when the Dynamic Shared Secret feature is enabled, check for the
following possible problems:
- The shared secret and
secondary shared secrets that are configured on the cable interface do not
match the ones that were used to create the DOCSIS configuration files. Either
reconfigure the cable interface with the correct shared secret, or recreate the
DOCSIS configuration files using the correct shared secret.
- The provisioning server
is specifying the wrong DOCSIS configuration file for this cable modem.
- The DOCSIS configuration
file on the TFTP server is either corrupted or incorrectly named.
- A user has successfully
substituted their own DOCSIS configuration file into the service provider’s
network.
- A cable modem has cached
the DOCSIS configuration file, or a user is attempting to reuse a previously
generated DOCSIS configuration file. This could also indicate a possible
theft-of-service attempt by a user attempting to upload a modified DOCSIS
configuration file into the operator’s TFTP server.