Cisco Remote PHY Device Management Guide for Cisco 1x2 / Compact Shelf RPD Software 2.1

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Book Contents
Find Matches in This Book
Available Languages
Download Options

Book Title

Cisco Remote PHY Device Management Guide for Cisco 1x2 / Compact Shelf RPD Software 2.1

Chapter Title

Secure Software Download

Results

Updated:
August 1, 2017

Chapter: Secure Software Download

Secure Software Download

This document describes how to upgrade software from RPD and Cisco cBR by using Secure Software Download feature.

Hardware Compatibility Matrix for Cisco Remote PHY Device


Note

The hardware components introduced in a given Cisco Remote PHY Device Software Release are supported in all subsequent releases unless otherwise specified.

Table 1 Hardware Compatibility Matrix for the Cisco Remote PHY Device

Cisco HFC Plaform

Remote PHY Device

Cisco GS7000 Node

Cisco 1x2 RPD Software 1.1 and Later Releases

Cisco Remote PHY Device 1x2

  • PID—RPD-1X2=

Information About Secure Software Download

The secure software download (SSD) feature allows you to authenticate the source of a code file and verify the downloaded code file before using it in your system. The SSD is applicable to Remote PHY (R-PHY) devices installed in unsecure locations.

The Remote PHY architecture allows RPDs to download code. Hence, authenticating the source and checking the integrity of the downloaded code is important.

To authenticate and verify downloading of the code, SSD helps in verifying the manufacturer signature and the operator signature, if any. The manufacturer signature affirms the source and integrity of the code file to the RPD. If an additional signature is available from the operator, the RPD verifies both signatures with a certificate chain before accepting a code file.

Prerequisites for Upgrading Software using SSD

The following prerequisites are applicable to upgrading RPD software using SSD:

  • The R-PHY node supports downloading software initiated through the GCP message sent from Cisco cBR.

  • RPD supports a secure software download initiated using SSH and CLI directly on the RPD.

  • R-PHY uses TFTP or HTTP to access the server to retrieve the software update file.

How to Upgrade Software from RPD and Cisco cBR Using SSD


Note

To know more about the commands referenced in this module, see the Cisco IOS Master Command List.

Initiating RPD Software Upgrade from Cisco cBR

The RPD software upgrade can be initiated from Cisco cBR-8 Router. Use the following commands for initiating the upgrade:
cable rpd {all|oui|slot|RPD IP|RPD MAC} ssd server_IP {
            tftp|http} file_name [c-cvc-c|m-cvc-c] 
                [CVC Chain File Name]

Initiating Software Upgrade from RPD Using SSD

If you want to initiate the software upgrade from RPD, set the SSD parameters on RPD. Use the following commands.

Setting the value for SSD CVC (Manufacturer's and Co-signer Code Validation Certificates) parameter is optional.

Configure the values for the following parameters

  • SSD server IP address

  • Filename

  • Transport method

ssd set server server_IP filename file_name transport {tftp|http}
ssd set cvc {manufacturer|co-signer} cvc_chain_file_name  
ssd control start

Verifying Software Upgrade Using SSD Configuration

To display the RPD SSD status, use the cable rpd [all|oui|slot|RPD IP|RPD MAC] ssd status command as given in the following example. 
Router# cable rpd all ssd status 
RPD-ID         ServerAddress Protocol Status            Filename 
0004.9f00.0591 192.0.2.0     TFTP     ImageDownloading  image/RPD_seres_rpd_20170216_010001.itb.SSA
0004.9f00.0861 192.0.2.2     TFTP     CodeFileVerified  userid/RPD_seres_rpd_20170218_010001.itb.SSA
0004.9f03.0091 192.0.2.1     TFTP     ImageDownloadFail chuangli/openwrt-seres-rpd-rdb.itb.SSA

The available statuses are the following:

  • CVCVerified

  • CVCRejected

  • CodeFileVerified

  • CodeFileRejected

  • ImageDownloading

  • ImageDownloadSucceed

  • ImageDownloadFail

  • MissRootCA

Examples for Upgrading RPD Software Using SSD

This section provides example for the Software Using SSD configuration.

Example: RPD Software Upgrade Using SSD on Cisco cBR

cable rpd 0004.9f00.0861 ssd 20.1.0.33 
  tftp userid/RPD_seres_rpd_20170218_010001.itb.SSA 
rpd 0004.9f00.0861 server:20.1.0.33, proto:TFTP, 
file:userid/RPD_seres_rpd_20170218_010001.itb.SSA

Example: RPD Software Upgrade Using SSD on RPD

RPHY#ssd set server 10.79.41.148 
filename RPD_seres_rpd_20170103_010002.itb.SSA transport tftp 
Router#ssd control start

Feature Information for Secure Software Download

Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http:/​/​www.cisco.com/​go/​cfn. An account on Cisco.com is not required.


Note

The table below lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Table 2 Feature Information for Secure Software Download

Feature Name

Releases

Feature Information

Secure Software Download

Cisco 1x2 RPD Software 1.1

This feature was introduced on the Cisco Remote PHY Device.

Was this Document Helpful?

FeedbackFeedback

Contact Cisco