DOCSIS Set-Top Gateway (DSG) for the Cisco CMTS - SUPERSEDED
Available Languages
Table Of Contents
DOCSIS Set-Top Gateway and Advanced-mode DSG for the Cisco CMTS
Prerequisites for DOCSIS Set-Top Gateway and A-DSG 1.1
General Prerequisites for A-DSG 1.1
General Prerequisites for DSG 1.0
IP Multicast Prerequisites for DSG 1.0
Restrictions for DOCSIS Set-Top Gateway Issues
General Restrictions for A-DSG 1.1
General Restrictions for DSG Issue 1.0
General Restrictions for DSG Issue 0.9
Unicast Restrictions for DSG Issues 0.9 and 1.0
Multicast Restrictions for DSG Issues 0.9 and 1.0
Information About DOCSIS Set-Top Gateway
A-DSG 1.1 Features and Enhancements for the Cisco CMTS
A-DSG 1.1 and CISCO-CABLE-DSG-IF-MIB
A-DSG 1.1 Downstream Channel Descriptor (DCD)
General Feature Overview for DOCSIS Set-Top Gateway
Basic Structure of a DSG Network
Using Point of Deployment Modules and DSG Tunnels
Primary Benefits of DOCSIS Set-Top Gateway
How to Configure Advanced-mode DOCSIS Set-Top Gateway 1.1 on the Cisco CMTS
Configuring Global A-DSG 1.1 Settings for the Cisco CMTS
Configuring A-DSG 1.1 Interface Settings for the Cisco CMTS
How to Configure DOCSIS Set-Top Gateway 1.0 on the Cisco CMTS
Enabling and Configuring the DOCSIS Set-Top Gateway Feature
Configuring IP Multicast Operations
Configuring NAT to Support Unicast Messaging (optional)
Disabling the DOCSIS Set-Top Gateway Feature
Configuring a Standard IP Access List for Packet Filtering (Optional)
Configuring a Standard IP Access List for Multicast Group Filtering (Optional)
How to Monitor the DOCSIS Set-Top Gateway Feature
Displaying DOCSIS Set-Top Gateway Tunnel Configurations
Examples from A-DSG 1.1 and Cisco IOS Release 12.3(13)BC
Examples from DSG 1.0 and Cisco IOS Release 12.3(9)
Configuration Examples for DOCSIS Set-Top Gateway
Subinterface Configuration Example
Unicast Messaging Configuration Example
Packet Filtering Access List Configuration Example
IP Multicast Access List Configuration Example
IP Multicast Rate-Limiting Access List Configuration Example
Cisco IOS Release 12.2(15)BC2 System Messages
Cisco IOS Release 12.3(9a)BC2 System Messages
DOCSIS Set-Top Gateway and Advanced-mode DSG for the Cisco CMTS
This document describes the DOCSIS Set-Top Gateway (DSG) feature with its configuration and monitoring, from DSG Issue 0.9 through Advanced-mode DSG Issue 1.1 on the Cisco Cable Modem Termination System (CMTS). This document revision emphasizes DSG Issue 1.0 commencing with Cisco IOS Release 12.3(9a)BC, and A-DGS 1.1 commencing with Cisco IOS release 12.3(13)BC.
DSG is a CableLabs® specification that allows cable headend equipment such as the Cisco CMTS to provide a class of cable services known as out-of-band (OOB) messaging. OOD messaging is sent to set-top boxes (STBs) over existing Data-over-Cable Service Interface Specifications (DOCSIS) cable networks.
DSG 1.0 and A-DSG 1.1 allow cable Multiple System Operators (MSOs) and other service providers to combine both DOCSIS and Set-top Box (STB) operations over a single, open and vendor-independent network without requiring any changes to the existing DOCSIS network infrastructure.
At the time of this Cisco publication, DSG 1.0 and earlier issues of DSG support the CableLabs® DOCSIS DSG-I01 and earlier specifications, as described in the "DSG 1.0 Feature List" section. CableLabs® DOCSIS DSG-I01 is in the current status of "Issued" as characterized by stability, rigorous review in industry and cross-vendor interoperability.
Advanced-mode DSG 1.1 (A-DSG 1.1) supports the CableLabs® DOCSIS DSG-I02 specifications, with several new features as described in the "A-DSG 1.1 Features and Enhancements for the Cisco CMTS" section. The CableLabs® DOCSIS DSG-I02 is in the current status of "Issued," with the most recent status change being January, 2005.
For additional information about CableLabs® DSG specifications, refer to the following resources:
•
DOCSIS Set-top Gateway (DSG) Interface Specification Summary
http://www.cablemodem.com/specifications/gateway.html
Feature Specifications for DOCSIS Set-Top Gateway
Finding Support Information for Platforms and Cisco IOS Software Images
Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.
Contents
•
•
•
•
•
•
•
Prerequisites for DOCSIS Set-Top Gateway and A-DSG 1.1
This section describes prerequisites for Advanced-mode DSG 1.1, and the prior issue of DSG 1.0, as supported in Cisco IOS release 12.3(9a)BC.
General Prerequisites for A-DSG 1.1
•
•
•
–
–
–
General Prerequisites for DSG 1.0
•
•
•
–
http://www.cablemodem.com/specifications/gateway.html
http://www.opencable.com/downloads/specs/SP-DSG-I01-020228.pdf
IP Multicast Prerequisites for DSG 1.0
•
•
–
–
–
•
•
•
Tip
Restrictions for DOCSIS Set-Top Gateway Issues
This section describes prerequisites and caveats for Advanced-mode DSG 1.1, and the prior issues of DSG 1.0 and 0.9, as supported in Cisco IOS release 12.3(9a)BC and earlier releases.
General Restrictions for A-DSG 1.1
Cisco DSG 1.1 has the following restrictions:
•
•
•
•
•
•
Table 1 summarizes caveats from Cisco IOS Release 12.3(9a)BC that are resolved in Cisco IOS Release 12.3(13)BC with DSG 1.1:
General Restrictions for DSG Issue 1.0
The following general restrictions apply to DSG Issue 1.0 on Cisco uBR7100 series, Cisco uBR7200 series and Cisco uBR10012 routers and the Cisco IOS 12.3(9a)BC release:
•
•
•
•
•
•
•
•
General Restrictions for DSG Issue 0.9
Cisco IOS Release 12.2(15)BC2 has the following limitations for DSG Issue 0.9:
•
•
•
•
•
•
•
•
•
•
Unicast Restrictions for DSG Issues 0.9 and 1.0
•
Multicast Restrictions for DSG Issues 0.9 and 1.0
•
•
•
•
Information About DOCSIS Set-Top Gateway
This section contains the following topics, and describes the DOCSIS Set-Top Gateway feature for the Cisco CMTS, with emphasis on Advanced-mode DSG Issue 1.1 (A-DSG), and DSG 1.0:
•
•
•
A-DSG 1.1 Features and Enhancements for the Cisco CMTS
A-DSG 1.1 and Cisco IOS Release 12.3(13)BC introduce a significant and powerful set of features to MSOs and the Cisco CMTS. These features represent a significant change from DSG 1.0 and earlier DSG issues. Architectural and configuration changes unique to A-DSG emphasize the following:
•
A-DSG 1.1 and CISCO-CABLE-DSG-IF-MIB
Cisco IOS Release 12.3(13)BC does not support the CISCO-CABLE-DSG-IF-MIB. Support for this MIB continues for basic-mode DSG 1.0.
A-DSG 1.1 Tunnels
The A-DSG Agent (the Cisco CMTS) allows the mapping of an IP multicast address to a DSG tunnel MAC address. Only one IP multicast address can be mapped to a one-tunnel MAC address. However, two tunnels can have the same MAC address.
A-DSG tunnels are configured in global configuration mode. Then, each tunnel is associated to the classifier, also in global configuration mode. This association maps an IP multicast address to the tunnel MAC address. Interface configurations then construct the DCD messages that contain both global and interface information about the A-DSG 1.1 tunnel.
When removing the A-DSG tunnel configuration, all DSG classifiers, rules, and classifiers in the rule configuration associated to that tunnel must be unlinked.
For configuration information, refer to the "Configuring Global A-DSG 1.1 Settings for the Cisco CMTS" section.
A-DSG 1.1 Classifiers
DSG classifier is used to provide additional layer 3 and layer 4 filtering for the DSG tunnel. DSG multicast software module applies the classifier parameters to incoming packets received from the DSG server in order to assign packets to the appropriate DSG tunnel.
Note
When removing the classifier, classifier linked to the DSG rule must be removed. Also, before changing the classifier tunnel association to another DSG tunnel, if classifier is associated to a rule, then user must remove classifier associated with the rule. Figure 3 shows the flow of the configuration of classifier parameters.
For configuration information, refer to the "Configuring Global A-DSG 1.1 Settings for the Cisco CMTS" section.
A-DSG 1.1 Downstream Channel Descriptor (DCD)
Unlike earlier issues of DSG, Advanced-mode DSG (A-DSG) uses a DOCSIS MAC Management Message called the Downstream Channel Descriptor (DCD) message, and this DCD message manages the DSG Tunnel traffic. The DCD message is sent once per second on each downstream and is used by the DCG Client to determine which tunnel and classifier to use.
The DCD is a DSG address table located in the DOCSIS MAC management message. The primary difference between DSG 1.0 (and earlier issues) and A-DSG 1.1 is that advanced mode uses DCD messages to manage the DSG Tunnel.
The DCD message contains a group of DSG Rules and DSG Classifiers, including the following:
•
•
•
•
•
•
This collection of DSG Rules and DSG Classifiers in the DCD message is known as the DSG Address Table. The DCD message is sent by DSG Agent (CMTS) once per second on each downstream.
The DCD message provides several functions:
•
•
•
•
•
The maximum DCD message length is no more than minimum of 1522 bytes long or the MTU size. If DCD message length is greater, DCD message is fragmented and DCD message is sent in pieces. In that case, the DSG agent needs to space out the DCD fragment within one second.
A-DSG 1.1 supports the CableLabs® DOCSIS DSG-I02 specification, with these primary differences between DSG 1.0 and A-DSG 1.1:
•
•
For global configuration information, refer to the "Configuring Global A-DSG 1.1 Settings for the Cisco CMTS" section.
For interface configuration information, refer to the "Configuring A-DSG 1.1 Interface Settings for the Cisco CMTS" section.
A-DSG 1.1 Process
The Advanced DCD process handles the construction and transmission of the DCD message on each downstream. A DCD timer is defined for each downstream and it is initialized during startup. The timer is started when the interface is up and DCD is enabled. The Advanced DCD process wakes up when timer expires and handles the DCD processing. The Figure 5 describes the flow of construction and transmission of the DCD message.
For global and timer configuration information, refer to the "Configuring Global A-DSG 1.1 Settings for the Cisco CMTS" section.
For interface configuration information, refer to the "Configuring A-DSG 1.1 Interface Settings for the Cisco CMTS" section.
A-DSG 1.1 Rule
The parameters associated with the DSG rule are used by the DSG Client to determine which DSG Tunnel to receive and if there are any classifiers to apply. DSG rules are included in the DCD message. All the DSG parameters i.e. tunnels, classifiers, client ID list, vendor specific parameters, and UCID range must be configured before it can be associated to the DSG rule. When removing the rule configuration, the global configuration of the tunnel and classifiers associated to that rule should remain same. The flow of the DSG Rule configuration is shown in the Figure 4.
For global and timer configuration information, refer to the "Configuring Global A-DSG 1.1 Settings for the Cisco CMTS" section.
For interface configuration information, refer to the "Configuring A-DSG 1.1 Interface Settings for the Cisco CMTS" section.
General Feature Overview for DOCSIS Set-Top Gateway
The DOCSIS Set-Top Gateway (DSG) feature allows the Cisco CMTS to provide a class of cable services known as out-of-band (OOB) messaging to set-top boxes (STBs) over existing DOCSIS networks. This allows MSOs and other service providers to combine both DOCSIS and STB operations over one, open, vendor-independent network, without any change to the existing network or cable modems.
Out-of-Band Messaging
Out-of-band (OOB) messages allow network control and management messages to be sent to customer premises equipment (CPE) devices, without interfering with the normal data traffic flow. OOB messages also have an advantage over in-band messages in that OOB messages are not dependent on the type of traffic or applications being sent over the network. This allows new OOB messages to be developed and implemented, without requiring any corresponding changes in the network application software.
Previously, OOB messages have been carried over dedicated channels that use proprietary video standards such as SCTE/DVS-167, SCTE/DVS-178, and DVB-RCCL/DAVIC-RCC. These existing systems have the following limitations:
•
•
•
To respond to these limitations, the CableLabs consortium developed the DSG specification to provide a multi-vendor solution that works with both legacy STB and DOCSIS transport paths. This allows MSOs and other service providers to use their legacy systems and STBs over their existing DOCSIS cable plants, while still preparing for DSG-capable STBs that support applications such as Video-on-Demand (VoD), online gaming and other interactive services.
DSG systems allow a wide variety of OOB messages, such as the following standard messages, in addition to generic and vendor-defined messages:
•
•
•
Basic Structure of a DSG Network
The DOCSIS Set-Top Gateway feature implements the DSG specification on the Cisco CMTS platform, allowing a Cisco CMTS to support both STBs and cable modems over the existing DOCSIS cable network. The CMTS creates a one-way IP datagram channel, called a DSG tunnel, to transport OOB messages to the STBs, allowing the consolidation of cable modem and STB traffic over the same DOCSIS downstream channel.
A typical DSG network contains the following components:
•
•
•
•
•
•
•
The CA servers transmit OOB messages on the network using multicast IP packets, which are received by STBs that are members of the appropriate multicast groups.
Figure 1 shows a typical DSG network.
Figure 1 DSG Network Diagram
Using Point of Deployment Modules and DSG Tunnels
CA vendors typically provide a Point of Deployment (POD) security module to each set-top box customer. Each POD contains a unique ID and a unique X.509 digital certificate that allows the CA/POD vendor's provisioning systems to securely identify and authenticate each set-top box.
Having securely identified and authenticated a set-top box, the CA/POD vendor transmits the OOB messages to the STB over a DSG tunnel, which is an IP multicast datagram stream carried over the DOCSIS downstream channel. Each DSG tunnel is identified by a well-known Ethernet unicast address that is reserved and published by the CA/POD vendor.
The CA/POD vendors can use the different DSG tunnels to provide different services. For example, one CA/POD vendor could define one tunnel for an Electronic Program Guide (EPG), another tunnel for conditional access (CA) programming, a third tunnel for emergency alerts, and a fourth tunnel for software upgrades. Other vendors can define their tunnels in different ways to provide other services.
DSG Addressing
The DOCSIS Set-Top Gateway feature uses the following types of addressing to ensure that the proper OOB messages are delivered to the appropriate STBs:
•
•
The Cisco CMTS router supports an unlimited number of destination multicast addresses, which can be mapped to MAC addresses as follows:
•
•
Note
DSG Operation
DSG maps traffic based on the incoming multicast address or a well-known unicast address. The Cisco CMTS performs the following functions when the CMTS receives an OOB packet from the CA servers over the IP network:
1.
2.
3.
4.
5.
DSG 1.0 Feature List
Cisco IOS Release 12.3(9a)BC introduces support for DOCSIS Set-Top Gateway (DSG) Issue 1.0 on the following Cisco CMTS platforms:
•
•
•
DSG Issue 1.0 improves upon Issue 0.9 in the following ways:
•
•
•
In Cisco IOS Release 12.2(15)BC2, the DOCSIS Set-Top Gateway feature provides the following features:
•
•
•
•
•
–
–
–
–
–
–
•
•
•
•
•
•
•
Primary Benefits of DOCSIS Set-Top Gateway
The DOCSIS Set-Top Gateway feature provides the following benefits to cable MSOs, service providers, and their partners and customers.
Part of CableLabs Specifications
The DOCSIS Set-Top Gateway feature is a CableLabs (http://www.cablelabs.com) specification allows cable MSOs and service providers to create and deploy new interactive services over existing cable networks. Providers can introduce new services, without impacting their existing customers.
Supports Existing DOCSIS Cable Networks
The DOCSIS Set-Top Gateway feature interoperates with existing DOCSIS-capable networks that can support new interactive services, such as VoD and online gaming, that are expected to become available on cable networks in the future. DOCSIS cable operators can deploy innovative interactive services using the best of the available advanced STB products and middleware and applications software, while still preserving their investment in existing headend systems.
Provides Additional Services
The DOCSIS Set-Top Gateway feature allows cable operators to offer Internet access, e-mail, chat services, and other high-bandwidth services, in addition to the existing STB services (such as EPG and CA). Providers can deliver high-speed data services to their cable TV subscribers using the DOCSIS network.
Provides the Capability to Use Multiple CA/POD Vendors
The DOCSIS Set-Top Gateway feature allows cable operators to offer services from many CA/POD vendors, as opposed to existing networks that typically limit the operator to only one vendor per network. This allows greater flexibility in combining or sharing operations between operators or providers.
Uses Standard DOCSIS Networks
The DOCSIS Set-Top Gateway feature uses existing DOCSIS 1.0, DOCSIS 1.1, and DOCSIS 2.0 networks. MSOs and other service providers can continue to create open-standard, vendor-independent DOCSIS networks, without having to maintain legacy STB systems that could disrupt DOCSIS operations.
Simplifies Network Operations and Cost
MSOs and other service providers can use one simplified return channel architecture to support both STBs and DOCSIS cable modems, instead of using two separate return channels. This lowers the complexity of managing CPE devices and requires less investment in headend equipment, which in turn lowers the overall operations and support costs.
Supports Higher Density of STBs
Depending on the CMTS platform, the higher bandwidth available in DOCSIS networks allows MSOs and other service providers to support a higher maximum number of STBs per headend system.
How to Configure Advanced-mode DOCSIS Set-Top Gateway 1.1 on the Cisco CMTS
This section contains two procedures, both of which are required to enable and configure A-DSG 1.1 on the Cisco CMTS:
•
•
Configuring Global A-DSG 1.1 Settings for the Cisco CMTS
Global configuration commands for A-DSG 1.1 configure the following settings on the Cisco CMTS:
•
•
•
These global A-DSG parameters are uniquely identified by A-DSG indexes. The indexes are then used with interface commands to define DCD messages. The interface commands define the DSG rules, tunnel traffic, and parameters to include in the DCD message. The following procedure describes global configuration for A-DSG 1.1, to precede interface configuration.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
9.
DETAILED STEPS
What to Do Next
After global settings are defined for A-DSG 1.1, interface configurations must complete the configuration on the Cisco C MTS. Refer to the "Configuring A-DSG 1.1 Interface Settings for the Cisco CMTS" section.
For additional information about global configuration commands, refer to the "Command Reference" section.
Configuring A-DSG 1.1 Interface Settings for the Cisco CMTS
A-DSG 1.1 parameters are uniquely identified by A-DSG indexes in global configuration mode. Then, those indexes are used with the interface commands in this section to define DCD messages. These interface commands define the DSG rules, tunnel traffic, and additional parameters to include in the DCD message.
Prerequisites
Global configurations for A-DSG 1.1 must be defined and enabled on the Cisco CMTS in order to complete A-DSG 1.1 interface configurations and A-DSG operation.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
DETAILED STEPS
How to Configure DOCSIS Set-Top Gateway 1.0 on the Cisco CMTS
See the following sections for how to enable, configure, disable, and monitor the DOCSIS Set-Top Gateway feature:
•
•
•
•
•
•
Note
Router#).
Enabling and Configuring the DOCSIS Set-Top Gateway Feature
This section describes how to enable and configure the DOCSIS Set-Top Gateway on one or more cable interfaces.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
DETAILED STEPS
Step 1
configure terminal
Example:Router# configure terminal
Router(config)#
Enters global configuration mode.
Step 2
interface cable interface
Example:Router(config)# interface cable 3/0
Router(config-if)#
Enters interface configuration mode for the specified cable interface.
Note
Step 3
cable dsg tunnel-MAC-address group-ip-address CA-vendor-name
Example:Router(config-if)# cable dsg 0010.0025.0025 224.3.3.105 AAARouter(config-if)# cable dsg 0006.0006.0006 224.4.4.1 BBBRouter(config-if)# cable dsg 0010.0001.0001 224.4.4.4 CCCRouter(config-if)#
Configures the cable interface for DSG operations, using the following parameters to create the DSG tunnel:
•
•
•
Note
Step 4
exit
Example:Router(config-if)# exit
Router(config)#
Exits interface configuration mode.
Step 5
cable dsg keepalive
Example:Router(config)# cable dsg keepalive
Router(config)#
(Optional) Enables keepalive messages over DSG tunnels on all cable interfaces. The default is no cable dsg keepalive, which disables the keepalive messages.
Note
Step 6
exit
Example:Router(config)# exit
Router#
Exits global configuration mode and returns to privileged EXEC mode.
Configuring IP Multicast Operations
This section describes how to configure the operation of IP multicast transmissions on the cable and WAN interfaces on the Cisco CMTS. You should perform this configuration on each cable interface being used for DSG traffic and for each WAN interface that is connected to a network controller or Conditional Access (CA) server that is forwarding IP multicast traffic.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
DETAILED STEPS
Step 1
configure terminal
Example:Router# configure terminal
Router(config)#
Enters global configuration mode.
Step 2
ip multicast-routing
Example:Router(config)# ip multicast-routing
Router(config)#
Enables multicast routing on the router.
Step 3
interface interface
Example:Router(config)# interface cable 3/0
Router(config-if)#
Enters interface configuration mode for each cable interface or WAN interface being used for DSG traffic.
Step 4
ip pim {dense-mode | sparse-dense-mode | sparse-mode}
Example:Router(config-if)# ip pim dense-mode
Router(config-if)#
Enables Protocol Independent Multicast (PIM) on the cable interface, which is required to use the DSG feature:
•
•
•
Note
Step 5
ip multicast rate-limit out group-list access-list rate
Example:Router(config-if)# ip multicast rate-limit out group-list 10 2048
Router(config-if)#
(Optional) Enables multicast rate-limiting on the cable interface, using the following parameters:
•
•
Step 6
ip mroute-cache
Example:Router(config-if)# ip mroute-cache
Router(config-if)#
(Optional) Enables IP multicast fast switching, also known as multicast distributed switching (MDS), on the interface.
Note
Step 7
exit
Example:Router(config-if)# exit
Router#
Exits interface configuration mode and returns to privileged EXEC mode.
Configuring NAT to Support Unicast Messaging (optional)
This section describes how to configure a Cisco CMTS router for Network Address Translation (NAT) so as to enable the use of IP unicast addresses for DSG messaging. This allows the Cisco CMTS router to translate incoming IP unicast addresses into the appropriate IP multicast address for the DSG traffic.
Tip
Note
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
9.
DETAILED STEPS
Step 1
configure terminal
Example:Router# configure terminal
Router(config)#
Enters global configuration mode.
Step 2
interface wan-interface
Example:Router(config)# interface FastEthernet0/0
Router(config-if)#
Enters interface configuration mode for the specified WAN interface.
Step 3
ip nat outside
Example:Router(config-if)# ip nat outside
Router(config-if)#
Configures the WAN interface as the "outside" (public) NAT interface.
Step 4
interface cable interface
Example:Router(config-if)# interface cable 3/0
Router(config-if)#
Enters interface configuration mode for the specified cable interface.
Note
Step 5
ip address ip-address mask secondary
Example:Router(config-if)# ip address 192.168.18.1 255.255.255.0 secondary
Router(config-if)#
Configures the cable interface with an IP address and subnet that should match the unicast address being used for DSG traffic. This IP address and its subnet must not be used by any other cable interfaces, cable modems, or any other types of traffic in the cable network.
Step 6
ip nat inside
Example:Router(config-if)# ip nat inside
Router(config-if)#
Configures the cable interface as the "inside" NAT (private) interface.
Step 7
exit
Example:Router(config-if)# exit
Router(config)#
Exits interface configuration mode and returns to global configuration mode.
Step 8
ip nat inside source static ip-multicast-address cable-ip-address
Example:Router(config)# ip nat inside source static 224.3.2.1 192.168.18.2
Router(config)#
Maps the unicast IP address assigned to the cable interface to the multicast address that should be used for the DSG traffic.
•
•
Note
Step 9
exit
Example:Router(config)# exit
Router#
Exits global configuration mode and returns to privileged EXEC mode.
Disabling the DOCSIS Set-Top Gateway Feature
This section describes how to disable the DOCSIS Set-Top Gateway feature on one or more cable interfaces.
SUMMARY STEPS
1.
2.
3.
4.
DETAILED STEPS
Step 1
configure terminal
Example:Router# configure terminal
Router(config)#
Enters global configuration mode.
Step 2
interface cable interface
Example:Router(config)# interface cable 3/0
Router(config-if)#
Enters interface configuration mode for the specified cable interface.
Step 3
no cable dsg tunnel-MAC-address group-ip-address CA-vendor-name
Example:Router(config-if)# no cable dsg
Router(config-if)#
Disables the DSG tunnel and removes its configuration from the cable interface.
Note
Note
Step 4
exit
Example:Router(config)# exit
Router#
Exits global configuration mode and returns to privileged EXEC mode.
Configuring a Standard IP Access List for Packet Filtering (Optional)
This section describes how to configure a standard IP access list so that only authorized traffic is allowed on the cable interface.
Tip
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
DETAILED STEPS
Step 1
configure terminal
Example:Router# configure terminal
Router(config)#
Enters global configuration mode.
Step 2
access-list access-list permit group-ip-address [mask]
Example:Router(config)# access-list 90 permit 228.1.1.1
Router(config)#
Creates an access list specifying that permits access to the specific multicast address that matches the specified group-ip-address and mask.
•
•
•
Step 3
access-list access-list deny group-ip-address [mask]
Example:Router(config)# access-list 90 deny 224.0.0.0 15.255.255.255
Router(config)#
Configures the access list that denies access to any multicast address that matches the specified group-ip-address and mask.
•
•
•
Step 4
access-list access-list deny any
Example:Router(config)# access-list 90 deny any
Router(config)#
Configures the access list so that it denies access to any IP addresses other than the ones previously configured.
Step 5
interface cable interface
Example:Router(config)# interface cable 3/0
Router(config-if)#
Enters interface configuration mode for the specified cable interface.
Step 6
ip access-group access-list
Example:Router(config-if)# ip access-group 90
Router(config-if)#(Optional, but recommended) Configures the interface with the access list, so that packets are filtered by the list before being accepted on the interface.
•
Step 7
exit
Example:Router(config-if)# exit
Router#
Exits interface configuration mode and returns to Privileged EXEC mode.
Configuring a Standard IP Access List for Multicast Group Filtering (Optional)
This section describes how to configure a standard IP access list so that non-DOCSIS devices, such as DSG set-top boxes, can access only the authorized multicast group addresses and DSG tunnels.
Tip
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
DETAILED STEPS
Step 1
configure terminal
Example:Router# configure terminal
Router(config)#
Enters global configuration mode.
Step 2
access-list access-list permit group-ip-address [mask]
Example:Router(config)# access-list 90 permit 228.1.1.1
Router(config)#
Creates an access list specifying that permits access to the specific multicast address that matches the specified group-ip-address and mask.
•
•
•
Step 3
access-list access-list deny group-ip-address [mask]
Example:Router(config)# access-list 90 deny 224.0.0.0 15.255.255.255
Router(config)#
Configures the access list that denies access to any multicast address that matches the specified group-ip-address and mask.
•
•
•
Step 4
access-list access-list deny any
Example:Router(config)# access-list 90 deny any
Router(config)#
Configures the access list so that it denies access to any IP addresses other than the ones previously configured.
Step 5
interface cable interface
Example:Router(config)# interface cable 3/0
Router(config-if)#
Enters interface configuration mode for the specified cable interface.
Step 6
ip igmp access-group access-list [version]
Example:Router(config-if)# ip igmp access-group 90
Router(config-if)#(Optional, but recommended) Configures the interface to accept traffic only from the associated access list, so that only authorized devices are allowed to access the DSG tunnels.
•
•
Step 7
exit
Example:Router(config-if)# exit
Router#
Exits interface configuration mode and returns to privileged EXEC mode.
How to Monitor the DOCSIS Set-Top Gateway Feature
This section describes the following procedures that you can use to monitor and display information about the DOCSIS Set-Top Gateway feature:
•
Displaying DOCSIS Set-Top Gateway Tunnel Configurations
To display the mapping table for a specific DSG tunnel, use the show cable dsg command in privileged EXEC mode. You can display information about DSG statistics and about DSG tunnels. The following examples are typical displays of each command.
Examples from A-DSG 1.1 and Cisco IOS Release 12.3(13)BC
The following example displays the mapping table for all DSG 1.1 tunnel MAC addresses in Cisco IOS Release 12.3(9a)BC:
Router# show cable dsg tunnelGroup-ip Src-ip Tunnel-MAC Interface Packets CA-vendor239.0.0.112 * 0010.18ff.ff00 Cable6/0 0 nds239.0.0.113 * 0010.18ff.ff00 Cable6/0 0 nds224.1.1.1 * 0001.0001.0001 Cable6/0 0 abc224.1.1.2 * 0001.0001.0002 Cable6/0 0 abc224.1.1.3 * 0001.0001.0003 Cable6/0 0 abc224.1.1.4 * 0001.0001.0004 Cable6/0 0 abc224.1.1.5 * 0001.0001.0005 Cable6/0 0 abc224.1.1.6 * 0001.0001.0006 Cable6/0 0 T5 t6The following example displays the statistics for all DSG 1.1 vendor tunnels in Cisco IOS Release 12.3(9a)BC:
Router# show cable dsg statsVendor: bg, Tunnel count: 80004.0004.0004229.4.4.4Cable8/1/0 Resolves: 27 Rcv/Fwd/Drp: 0/0/00001.0001.0002229.1.1.2Cable8/1/0 Resolves: 19 Rcv/Fwd/Drp: 0/0/00001.0001.0003229.1.1.3Cable8/1/0 Resolves: 11 Rcv/Fwd/Drp: 0/0/00001.0001.0004229.1.1.4Cable8/1/0 Resolves: 11 Rcv/Fwd/Drp: 0/0/00001.0001.0005229.1.1.5Cable8/1/0 Resolves: 11 Rcv/Fwd/Drp: 0/0/00001.0001.0006229.1.1.6Cable8/1/0 Resolves: 11 Rcv/Fwd/Drp: 0/0/00001.0001.0007229.1.1.7Cable8/1/0 Resolves: 11 Rcv/Fwd/Drp: 0/0/00001.0001.0008229.1.1.8Cable8/1/0 Resolves: 11 Rcv/Fwd/Drp: 0/0/0Vendor: t, Tunnel count: 80000.0000.0001230.0.0.1Cable8/1/0 Resolves: 11 Rcv/Fwd/Drp: 0/0/00000.0000.0002230.0.0.2Cable8/1/0 Resolves: 11 Rcv/Fwd/Drp: 0/0/00000.0000.0003230.0.0.3Cable8/1/0 Resolves: 11 Rcv/Fwd/Drp: 0/0/00000.0000.0004230.0.0.4Cable8/1/0 Resolves: 11 Rcv/Fwd/Drp: 0/0/00000.0000.0005230.0.0.5Cable8/1/0 Resolves: 11 Rcv/Fwd/Drp: 0/0/00000.0000.0006230.0.0.6Cable8/1/0 Resolves: 11 Rcv/Fwd/Drp: 0/0/00000.0000.0007230.0.0.7Cable8/1/0 Resolves: 11 Rcv/Fwd/Drp: 0/0/00000.0000.0008230.0.0.8Cable8/1/0 Resolves: 11 Rcv/Fwd/Drp: 0/0/0Vendor: bg2, Tunnel count: 70001.0002.0008229.1.2.8Cable8/1/0 Resolves: 11 Rcv/Fwd/Drp: 0/0/00001.0002.0007229.1.2.7Cable8/1/0 Resolves: 11 Rcv/Fwd/Drp: 0/0/00001.0002.0005229.1.2.5Cable8/1/0 Resolves: 11 Rcv/Fwd/Drp: 0/0/00001.0002.0004229.1.2.4Cable8/1/0 Resolves: 11 Rcv/Fwd/Drp: 0/0/00001.0002.0003229.1.2.3Cable8/1/0 Resolves: 11 Rcv/Fwd/Drp: 0/0/00001.0002.0002229.1.2.2Cable8/1/0 Resolves: 11 Rcv/Fwd/Drp: 0/0/00001.0002.0001229.1.2.1Cable8/1/0 Resolves: 11 Rcv/Fwd/Drp: 0/0/0Vendor: nds, Tunnel count: 1dead.beaf.fefe239.0.0.113Cable8/1/0 Resolves: 39 Rcv/Fwd/Drp: 0/0/0Router#The following example illustrates the show cable dsg tunnel command for A-DSG 1.1 on the Cisco uBR10012 router:
show cable dsg <tunnel mac addr | interface>============================================Tunnel ClassifierMAC Addr Interface Srv-Class Dst-IP Pri Src-IP Packets0004.0004.0004 C8/1/0 srvclassA 229.4.4.4 0 100.1.1.1 99229.4.4.5 1 100.1.1.2 99The following example illustrates the show cable dsg rule command for DSG Issue 1.1 on the Cisco uBR10012 router:
Router# show cable dsg rule c8/1/0Rule UCID Client Tunnel Vender ClassifierID Pri Interface Range ID ID ID Dst-IP Pri Src-IP1 1 C8/1/0 1-4 1 1 1 229.4.4.4 0 100.1.1.1 229.4.4.5 1 100.1.1.2The following example illustrates the show cable dsg rule command for DSG Issue 1.1 on the Cisco uBR10012 router:
show cable dsg rule <interface>===============================Rule UCID Client Tunnel Vender ClassifierID Pri Interface Range ID ID ID Dst-IP Pri Src-IP1 1 C8/1/0 1-4 1 1 1 229.4.4.4 0100.1.1.1229.4.4.5 1100.1.1.2The following example illustrates the show cable dsg rule command for DSG Issue 1,1 on the Cisco uBR10012 router:
show cable dsg stats <tunnel mac addr | interface>==================================================0004.0004.0004 229.4.4.4 C8/1/0 DCD Sent: 99 DCD Change Count: 7Resolves: 10 Rcv/Fwd/Drp: 0/0/0Examples from DSG 1.0 and Cisco IOS Release 12.3(9)
The following example displays the statistics for the specified DSG 1.0 vendor tunnel in Cisco IOS Release 12.3(9a)BC:
Router# show cable dsg stats 0001.0001.0001DSG statistics informationVendor name is abc, tunnel MAC is 0001.0001.0001Group address is 224.1.1.1, source address is *Interface is Cable6/0, mapping entry is used 0Received 0 packets, forwarded 0 packetsDropped 0 packets
Note
The following example displays the mapping table for the specified DSG 1.0 tunnel MAC address:
Router# show cable dsg tunnel 0009.0009.0009Group-ip Src-ip Tunnel-MAC Interface Packets CA-vendor224.13.13.1 * 0009.0009.0009 Cable5/0 0 AAA224.12.12.1 * 0009.0009.0009 Cable5/0 0 AAAThe following examples illustrate show cable dsg commands with Cisco IOS Release 12.3(9a)BC and DSG Issue 1.0 with enhanced syntax on a Cisco uBR10012 router:
Router# show cable dsg stats 0050.4d00.0002DSG statistics informationDSG keepalive is setVendor name is nds, tunnel MAC is 0050.4d00.0002Group address is 224.1.2.3, source address is *Interface is Cable6/0, interface Cable6/0 is bundle mastermapping entry is used 85Received 0 packets, forwarded 0 packetsDropped 0 packetsThe following examples illustrate show cable dsg commands with Cisco IOS Release 12.3(9a)BC and DSG Issue 1.0 with enhanced syntax on a Cisco uBR7246VXR router:
Router# show cable dsg tunnelGroup-ip Src-ip Tunnel-MAC Interface Packets CA-vendor224.1.2.3 * 0050.4d00.0002 Cable6/0 0 ndsRouter# show cable dsg tunnel 0050.4d00.0002Group-ip Src-ip Tunnel-MAC Interface Packets CA-vendor224.1.2.3 * 0050.4d00.0002 Cable6/0 0 ndsRouter# show cable dsg statsDSG statistics informationDSG keepalive is setVendor: nds, Tunnel count: 1Vendor name is nds, tunnel MAC is 0050.4d00.0002Group address is 224.1.2.3, source address is *Interface is Cable6/0, interface Cable6/0 is bundle mastermapping entry is used 85Received 0 packets, forwarded 0 packetsDropped 0 packetsExamples from DSG Issue 0.9
The following examples illustrate show cable dsg commands with Cisco IOS Release 12.3(9a)BC and DSG Issue 0.9:
Router# show cable dsg ?keepalive Show DSG keepalive statusstats Show statistics information of DSGtunnel Show DSG tunnel tableRouter# show cable dsg keepaliveDSG keeplive is disabled, keepalives transmitted: 0Router# show cable dsg statsVendor: bg, Tunnel count: 10004.0004.0004229.4.4.4Cable8/1/0 Resolves: 0 Rcv/Fwd/Drp: 0/0/0Router# show cable dsg tunnelDst-ip Src-ip Tunnel-MAC Interface Packets Vendor229.4.4.4 * 0004.0004.0004 Cable8/1/0 0 bgRouter# show cable dsg tunnel ?H.H.H A DSG tunnel MAC addressvendor Show dsg tunnels for the specific vendor| Output modifiers<cr>Router# show cable dsg tunnel 0004.0004.0004Dst-ip Src-ip Tunnel-MAC Interface Packets Vendor229.4.4.4 * 0004.0004.0004 Cable8/1/0 0 bgRouter# show cable dsg tunnelDst-ip: Src-ip: Tunnel-MAC: interface: packets: vendor:229.2.0.99 * 1111.1111.1111 Cable4/0 123 bg229.7.5.99 10.10.2.56 1111.2222.2222 Cable5/0 1 bg229.7.5.98 * 1111.2222.2222 Cable3/0 4003 bgRouter# show cable dsg statVendor: bg, Tunnel count: 21111.1111.1111229.2.0.99Cable4/0 Resolves: 4 Rcv/Fwd/Drp: 323/323/01111.2222.2222229.7.5.99Cable5/0 Resolves: 4 Rcv/Fwd/Drp: 1/1/0229.7.5.98Cable3/0 Resolves: 180 Rcv/Fwd/Drp: 6213/6213/0Router# show cable dsg statsDSG statistics informationVendor: abc, Tunnel count: 3Vendor: cisco, Tunnel count: 4Vendor name is abc, tunnel MAC is 000d.000d.000dGroup address is 230.6.6.6, source address is *Interface is Cable3/0, mapping entry is used 2Received 0 packets, forwarded 0 packetsDropped 0 packets, last second rate 0 bits/secVendor name is abc, tunnel MAC is 000e.000e.000eGroup address is 230.7.7.7, source address is *Interface is Cable3/0, mapping entry is used 4Received 0 packets, forwarded 0 packetsDropped 0 packets, last second rate 0 bits/secVendor name is abc, tunnel MAC is 000c.000c.000cGroup address is 230.5.5.5, source address is *Interface is Cable3/0, mapping entry is used 4Received 0 packets, forwarded 0 packetsDropped 0 packets, last second rate 0 bits/secVendor name is cisco, tunnel MAC is 000b.000b.000bGroup address is 230.4.4.4, source address is *Interface is Cable3/0, mapping entry is used 4Received 0 packets, forwarded 0 packetsDropped 0 packets, last second rate 0 bits/secVendor name is cisco, tunnel MAC is 0009.0009.0009Group address is 229.1.1.1, source address is *Interface is Cable3/0, mapping entry is used 3Received 0 packets, forwarded 0 packetsDropped 0 packets, last second rate 0 bits/secVendor name is cisco, tunnel MAC is 0008.0008.0008Group address is 228.1.1.1, source address is *Interface is Cable3/0, mapping entry is used 4Received 0 packets, forwarded 0 packetsDropped 0 packets, last second rate 0 bits/secVendor name is cisco, tunnel MAC is 000a.000a.000aGroup address is 230.1.1.1, source address is *Interface is Cable3/0, mapping entry is used 6Received 242217224 packets, forwarded 180194756 packetsDropped 62022468 packets, last second rate 501414 bits/secVendor name is cisco, tunnel MAC is 000a.000a.000aGroup address is 230.1.1.1, source address is *Interface is Cable4/0, mapping entry is used 18Received 242218258 packets, forwarded 1482 packetsDropped 242216776 packets, last second rate 501414 bits/secVendor name is cisco, tunnel MAC is 000a.000a.000aGroup address is 230.1.1.1, source address is *Interface is Cable5/0.1, mapping entry is used 6Received 242218258 packets, forwarded 1534970 packetsDropped 240683288 packets, last second rate 501414 bits/sec
Note
Configuration Examples for DOCSIS Set-Top Gateway
This section provides the following configuration examples for the DOCSIS Set-Top Gateway feature:
•
•
•
•
•
DSG Configuration Example
The following example illustrates the cable interface configuration on a Cisco uBR7246VXR router with the DOCSIS Set-Top Gateway (DSG) 1.0 feature enabled:
Tip
...ip multicast-routing...interface GigabitEthernet 1/0ip mroute-cachedescription wan interface to CA and other DSG servers...interface c6/0ip address 10.10.10.11 255.255.255.0ip pim dense-modeip igmp static-group 239.0.0.2ip multicast rate-limit out group-listip mroute-cachecable dsg 1.2.3 239.0.0.2 CCC...
Note
Subinterface Configuration Example
The following DSG 1.0 sample configuration shows a more complex configuration for the DOCSIS Set-Top Gateway feature on a Cisco uBR7114 router, showing the use of subinterfaces:
version 12.2service timestamps debug uptimeservice timestamps log uptimeservice password-encryption!hostname dsg-ubr7114!logging queue-limit 100!no cable qos permission createno cable qos permission updatecable qos permission modemsip subnet-zero!!ip cef!ip multicast-routingmpls ldp logging neighbor-changes!!!interface FastEthernet0/0ip address 1.8.8.13 255.255.0.0duplex autospeed auto!interface FastEthernet0/1no ip addressshutdownduplex autospeed auto!interface Cable1/0ip address 2.75.25.1 255.255.255.0ip pim dense-modeip helper-address 1.8.35.200cable downstream annex Bcable downstream modulation 256qamcable downstream interleave-depth 32cable downstream channel-id 0cable downstream rf-shutdowncable upstream 0 frequency 33008000cable upstream 0 power-level 0cable upstream 0 channel-width 1600000cable upstream 0 minislot-size 4cable upstream 0 modulation-profile 1no cable upstream 0 shutdowncable upstream 1 channel-width 1600000cable upstream 1 minislot-size 4cable upstream 1 modulation-profile 1cable upstream 1 shutdowncable upstream 2 channel-width 1600000cable upstream 2 minislot-size 4cable upstream 2 modulation-profile 1cable upstream 2 shutdowncable upstream 3 channel-width 1600000cable upstream 3 minislot-size 4cable upstream 3 modulation-profile 1cable upstream 3 shutdown!interface Cable1/0.1ip igmp static-group 224.11.11.1ip igmp static-group 224.12.12.1ip igmp static-group 224.3.3.2ip igmp static-group 224.3.3.3ip igmp static-group 224.3.3.6ip igmp static-group 224.3.3.7ip igmp static-group 224.3.3.8ip igmp static-group 224.3.3.9ip igmp static-group 224.3.3.18ip igmp static-group 224.3.3.19ip igmp static-group 224.3.3.20ip igmp static-group 224.3.3.21ip igmp static-group 224.3.3.22ip igmp static-group 224.3.3.93ip igmp static-group 224.3.3.97ip igmp static-group 224.3.3.95ip igmp static-group 224.3.3.98ip igmp static-group 224.5.5.8ip igmp static-group 224.5.5.10ip igmp static-group 224.3.4.12ip igmp static-group 224.3.3.25ip igmp static-group 224.4.4.1ip igmp static-group 224.5.5.5ip igmp static-group 224.5.5.11ip igmp static-group 224.5.5.12ip igmp static-group 224.5.5.13ip igmp static-group 224.5.5.14ip igmp static-group 224.5.5.15ip igmp static-group 224.5.5.16ip igmp static-group 224.6.6.7ip igmp static-group 224.6.6.9ip igmp static-group 224.6.6.10ip igmp static-group 224.6.6.11ip igmp static-group 224.7.7.1ip igmp static-group 224.8.8.1ip igmp static-group 224.8.8.2ip igmp static-group 224.8.8.10ip igmp static-group 224.9.9.1cable dsg 0009.0009.0009 224.12.12.1 sciencecable dsg 0010.0010.0010 224.11.11.1 sciencecable dsg 0001.0001.0001 224.3.3.97 ciscocable dsg 0001.0001.0001 224.3.3.98 ciscocable dsg 0001.0001.0001 224.3.3.93 ciscocable dsg 0001.0001.0001 224.3.3.95 ciscocable dsg 0006.0006.0006 224.9.9.1 microsocable dsg 0005.0005.0005 224.8.8.1 ibmcable dsg 0001.0001.0001 224.7.7.1 ciscocable dsg 0001.0001.0002 224.4.4.1 ciscocable dsg 0005.0005.0005 224.8.8.2 ibmcable dsg 0001.0001.0001 224.3.3.2 ciscocable dsg 0001.0001.0001 224.3.3.3 ciscocable dsg 1234.1234.1234 224.5.5.5 ciscocable dsg 0001.0001.0001 224.3.3.6 ciscocable dsg 0001.0001.0001 224.3.3.7 ciscocable dsg 00dd.0001.0001 224.6.6.7 ciscocable dsg 0001.0001.0001 224.3.3.8 ciscocable dsg 0001.0001.0001 224.5.5.8 ciscocable dsg 0001.0001.0001 224.3.3.9 ciscocable dsg 10dd.0001.0001 224.6.6.9 ibmcable dsg 0000.0000.0000 224.8.8.10 sciencecable dsg 0001.0001.0001 224.5.5.10 ciscocable dsg 10dd.0002.0002 224.6.6.10 ibmcable dsg 0001.0001.0001 224.3.4.12 ciscocable dsg 0003.0001.0001 224.5.5.11 ciscocable dsg 0000.0000.0001 224.6.6.11 ibmcable dsg 0033.0001.0001 224.5.5.12 ciscocable dsg 00cc.0001.0001 224.5.5.13 ciscocable dsg 00cc.0001.0001 224.5.5.14 ciscocable dsg 00cd.0001.0001 224.5.5.15 ciscocable dsg 00dd.0001.0001 224.5.5.16 ciscocable dsg 0001.0001.0001 224.3.3.18 ciscocable dsg 0001.0001.0001 224.3.3.19 ciscocable dsg 0001.0001.0001 224.3.3.20 ciscocable dsg 0001.0001.0001 224.3.3.21 ciscocable dsg 0001.0001.0001 224.3.3.22 ciscocable dsg 0001.0001.0001 224.3.3.25 cisco!interface Cable1/0.2ip igmp static-group 224.11.11.2ip igmp static-group 224.13.13.1cable dsg 0009.0009.0009 224.13.13.1 sciencecable dsg 0011.0011.0011 224.11.11.2 science!interface Ethernet3/0ip address 10.0.0.2 255.0.0.0ip pim dense-modeduplex half!interface Ethernet3/1no ip addressshutdownduplex half!interface Ethernet3/2no ip addressshutdownduplex half!interface Ethernet3/3no ip addressshutdownduplex half!router eigrp 1auto-summary!ip default-gateway 1.8.0.1ip classlessip route 0.0.0.0 0.0.0.0 1.8.0.1ip route 1.0.0.0 255.0.0.0 1.8.0.1ip route 223.255.254.254 255.255.255.255 1.8.0.1no ip http serverno ip http secure-server!!!access-list 101 permit igmp host 10.0.0.1 host 224.3.3.1cdp run!!line con 0line aux 0line vty 0 4password labloginline vty 5 15login!scheduler allocate 3996 400Unicast Messaging Configuration Example
The following excerpt from a configuration file enables basic DSG 1.0 operations on a cable interface, using unicast IP addresses for DSG messaging. This example is the same as the one given in DSG Configuration Example, except that the interfaces have been configured for NAT so as to enable the use of unicast DSG addresses.
...ip multicast-routing...interface GigabitEthernet 1/0ip address 10.10.2.50 255.255.255.0ip nat outsideip mroute-cachedescription wan interface to CA and other DSG servers...interface c6/0ip address 10.10.10.11 255.255.255.0ip address 192.168.18.1 255.255.255.0 secondaryip pim dense-modeip igmp static-group 239.0.0.2ip multicast rate-limit out group-listip mroute-cachecable dsg 1.2.3 239.0.0.2 CCCip nat inside...ip nat inside source static 239.0.0.2 192.168.18.1...
Note
Packet Filtering Access List Configuration Example
The following excerpt from a configuration for a Cisco uBR7246VXR router shows an example of an extended IP access list being used to define the type of traffic that is allowed to be transmitted on a cable interface. Access list 101 permits traffic from two known hosts, denies all other TCP and UDP traffic, and denies IGMP traffic from a particular IP multicast address. All other IP traffic is allowed. The access list is then applied to the cable interface, using the ip access-group command.
interface Cable3/0ip address 10.48.1.1 255.255.255.0ip access-group 101 outip pim sparse-modeip helper-address 1.7.29.1ip igmp static-group 230.6.6.6ip igmp static-group 230.5.5.5ip igmp static-group 230.4.4.4ip igmp static-group 230.1.1.1ip igmp static-group 228.1.1.1ip igmp static-group 229.1.1.1ip igmp static-group 230.7.7.7cable downstream annex Bcable downstream modulation 64qamcable downstream interleave-depth 32cable downstream frequency 459000000cable downstream channel-id 0cable upstream 0 frequency 17808000cable upstream 0 power-level 0cable upstream 0 channel-width 1600000cable upstream 0 minislot-size 4cable upstream 0 modulation-profile 2no cable upstream 0 rate-limitno cable upstream 0 shutdowncable upstream 1 channel-width 1600000cable upstream 1 minislot-size 4cable upstream 1 modulation-profile 1cable upstream 1 shutdowncable upstream 2 channel-width 1600000cable upstream 2 minislot-size 4cable upstream 2 modulation-profile 1cable upstream 2 shutdowncable upstream 3 channel-width 1600000cable upstream 3 minislot-size 4cable upstream 3 modulation-profile 1cable upstream 3 shutdowncable source-verifycable dhcp-giaddr primarycable dsg 000d.000d.000d 230.6.6.6 abccable dsg 000e.000e.000e 230.7.7.7 abccable dsg 000b.000b.000b 230.4.4.4 ciscocable dsg 000c.000c.000c 230.5.5.5 abccable dsg 0009.0009.0009 229.1.1.1 ciscocable dsg 0008.0008.0008 228.1.1.1 ciscocable dsg 000a.000a.000a 230.1.1.1 ciscono keepalive!access-list 101 permit udp host 11.48.1.2 anyaccess-list 101 permit udp host 11.46.1.100 anyaccess-list 101 deny udp any anyaccess-list 101 deny tcp any anyaccess-list 102 deny igmp any host 230.1.1.1access-list 102 permit ip any anyIP Multicast Access List Configuration Example
The following excerpt from a configuration for a Cisco uBR7246VXR router shows a standard IP access list being configured to allow only traffic destined for a range of particular IP multicast addresses. The access list is applied to the cable interface using the ip igmp access-group command.
interface Cable 6/0ip address 10.44.61.1 255.255.255.0 secondaryip address 10.44.51.1 255.255.255.0ip pim sparse-dense-modeip helper-address 10.8.35.200ip igmp static-group 239.0.0.100ip igmp static-group 239.192.16.11ip igmp static-group 239.192.16.12ip igmp static-group 239.192.16.13ip igmp static-group 239.192.16.14ip igmp static-group 239.192.16.17ip igmp static-group 239.192.16.18ip igmp static-group 239.192.16.32ip igmp static-group 239.192.16.16ip igmp query-interval 65535ip igmp access-group 96cable tftp-enforcecable max-hosts 6cable bundle 3 mastercable downstream annex Bcable downstream modulation 64qamcable downstream interleave-depth 32cable downstream channel-id 1cable upstream 0 frequency 25000000cable upstream 0 power-level 0no cable upstream 0 shutdowncable upstream 1 frequency 25000000cable upstream 1 power-level 0no cable upstream 1 shutdowncable upstream 2 frequency 25000000cable upstream 2 power-level 0no cable upstream 2 shutdowncable upstream 3 frequency 25000000cable upstream 3 power-level 0no cable upstream 3 shutdowncable ip-broadcast-echocable source-verify leasetimer 100cable dhcp-giaddr policy. . .access-list 96 permit 224.0.0.0 15.255.255.255access-list 96 deny any. . .IP Multicast Rate-Limiting Access List Configuration Example
The following excerpt from a configuration for a Cisco uBR7246VXR router shows an example of IP multicast access lists being used to limit the maximum possible data rate for a number of different IP multicast addresses. This method ensures that a particular DSG tunnel does not use an excessive amount of bandwidth.
In this basic DSG 1.0 example, a number of standard IP access lists are defined to permit traffic from a particular IP multicast address. These access lists are applied to the cable interface using the ip multicast rate-limit command.
!interface Cable3/0ip address 10.48.1.1 255.255.255.0ip pim sparse-modeip multicast rate-limit out group-list 10 128ip multicast rate-limit out group-list 20 256ip multicast rate-limit out group-list 30 512ip multicast rate-limit out group-list 40 1024ip multicast rate-limit out group-list 50 128ip multicast rate-limit out group-list 60 256ip multicast rate-limit out group-list 70 512ip multicast rate-limit out group-list 80 1024ip helper-address 1.7.29.1ip igmp static-group 230.6.6.6ip igmp static-group 230.5.5.5ip igmp static-group 230.4.4.4ip igmp static-group 230.1.1.1ip igmp static-group 228.1.1.1ip igmp static-group 229.1.1.1ip igmp static-group 230.7.7.7cable downstream annex Bcable downstream modulation 64qamcable downstream interleave-depth 32cable downstream frequency 459000000cable downstream channel-id 0cable upstream 0 frequency 17808000cable upstream 0 power-level 0cable upstream 0 channel-width 1600000cable upstream 0 minislot-size 4cable upstream 0 modulation-profile 2no cable upstream 0 rate-limitno cable upstream 0 shutdowncable upstream 1 channel-width 1600000cable upstream 1 minislot-size 4cable upstream 1 modulation-profile 1cable upstream 1 shutdowncable upstream 2 channel-width 1600000cable upstream 2 minislot-size 4cable upstream 2 modulation-profile 1cable upstream 2 shutdowncable upstream 3 channel-width 1600000cable upstream 3 minislot-size 4cable upstream 3 modulation-profile 1cable upstream 3 shutdowncable source-verifycable dhcp-giaddr primarycable dsg 000d.000d.000d 230.6.6.6 abccable dsg 000e.000e.000e 230.7.7.7 abccable dsg 000b.000b.000b 230.4.4.4 ciscocable dsg 000c.000c.000c 230.5.5.5 abccable dsg 0009.0009.0009 229.1.1.1 ciscocable dsg 0008.0008.0008 228.1.1.1 ciscocable dsg 000a.000a.000a 230.1.1.1 ciscono keepalive!...access-list 10 permit 228.1.1.1access-list 20 permit 229.1.1.1access-list 30 permit 230.1.1.1access-list 40 permit 230.4.4.4access-list 50 permit 230.5.5.5access-list 60 permit 230.6.6.6access-list 70 permit 230.7.7.7access-list 80 permit 230.8.8.8...Additional References
For additional information related to the DOCSIS Set-Top Gateway feature, refer to the following references.
Related Documents
Broadband Cable Command Reference
Cisco Broadband Cable Command Reference Guide, on Cisco.com:
http://www.cisco.com/univercd/cc/td/doc/product/cable/bbccmref/index.htmCisco IOS Release 12.2 Command Reference
Cisco IOS Release 12.2 configuration guides and command references, on Cisco.com:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/index.htmCisco IOS Release 12.3 Command Reference
Cisco IOS Software Release 12.3 Mainline Command References, on Cisco.com:
http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/prod_command_reference_list.html
Cisco DOCSIS Set-top Technology White Paper
Cisco DOCSIS Set-top Gateway White Paper, on Cisco.com:
http://www.cisco.com/en/US/products/hw/cable/ps2217/products_white_paper09186a00801b3f0f.shtml
DOCSIS 1.1 on the Cisco CMTS
Configuring DOCSIS 1.1 on the Cisco CMTS, in the CMTS Feature Guide, on Cisco.com:
http://www.cisco.com/univercd/cc/td/doc/product/cable/cab_rout/cmtsfg/ufg_docs.htmIP Access Lists Configuration Guide
Configuring IP Services, IP Addressing and Services, Cisco IOS IP Configuration Guide, Release 12.2, on Cisco.com:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fipr_c/ipcprt1/1cfip.htmIP Access Lists Command Reference Guide
IP Services Commands, Cisco IOS IP Command Reference, Volume 1, Addressing and Services, Release 12.2, on Cisco.com:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fipras_r/index.htmIP Multicast Configuration Guide
Cisco IOS IP Configuration Guide, Release 12.3 on Cisco.com:
http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/
prod_configuration_guide09186a008017d581.htmlIP Multicast Command Reference
Cisco IOS IP Command Reference, Volume 3 of 3: Multicast, Release 12.2 on Cisco.com:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fiprmc_r/index.htm
Standards
CableLabs DOCSIS Set-top Gateway (DSG) Interface Specification SP-DSG-I03-041124
CableLabs Data-over-Cable Service Interface Specifications Radio Frequency Interface Specification, version 1.1
CableLabs DOCSIS Set-top Gateway (DSG) Interface Specification
1 Not all supported standards are listed.
MIBs
Cisco IOS Release 12.3(9a)BC introduces SNMP support for the CISCO-CABLE-DSG-IF-MIB.
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:
1 Not all supported MIBs are listed.
RFCs
Technical Assistance
System Messages
Cisco IOS Release 12.2(15)BC2 System Messages
Cisco IOS Release 12.2(15)BC2 adds the following system error message to provide information about the DSG feature:
%UBR7100-6-DSG_ALL_TUNNEL_REMOVED
%UBR7200-6-DSG_ALL_TUNNEL_REMOVED: All DSG tunnels are removed on interface [chars] and its subinterfacesExplanation An operator has disabled the DOCSIS Set-top Gateway (DSG) on the indicated cable interface and its subinterfaces, using the no cable dsg command.
Recommended Action No action is needed.
Cisco IOS Release 12.3(9a)BC2 System Messages
Cisco IOS Release 12.3(9a)BC2 adds the following system error message to provide information about the DSG feature:
%UBR7100-6-DDC_CFG_HASHFILTER_REMOVED
%UBR7200-6-DDC_CFG_HASHFILTER_REMOVED
%UBR10000-6-DDC_CFG_HASHFILTER_REMOVED: Hash-filter [dec] not present in global config - Filter removed from [chars]Explanation Thespecified hash filter was removed from the global configuration, and because the associated cable interface line card was not present in the chassis, the hash filter configuration was also removed from that cable interface line card configuration.
Recommended Action No action is needed.
%UBR7100-4-DDC_CFG_HASHID
%UBR7200-4-DDC_CFG_HASHID
%UBR10000-4-DDC_CFG_HASHID: Hash id [dec] does not exist in global configurationExplanation The specified hash ID for the DOCSIS Dual-Channel (DDC) configuration is configured on a cable interface, but it is not configured globally, so that the router cannot map the appropriate OUI or MAC IDs appropriately.
Explanation Configure the hash ID globally, using the cable redundancy hashfilter command in global configuration mode.
%UBR7100-6-DDC_CFG_TARGET_REMOVED
%UBR7200-6-DDC_CFG_TARGET_REMOVED
%UBR10000-6-DDC_CFG_TARGET_REMOVED: Redundancy target invalid - removed from [chars]Explanation The router's MY ID configuration was removed from the configuration, but the associated cable interface line card was not present in the chassis, so the associated redundancy configuration is also removed from that card's interface configuration.
Recommended Action No action is needed.
%UBR7100-4-DDC_GENERAL_ERROR
%UBR7200-4-DDC_GENERAL_ERROR
%UBR10000-4-DDC_GENERAL_ERROR: Error: [chars]Explanation The DOCSIS Dual-Channel (DDC) configuration generated the specified error.
Recommended Action Copy the error message exactly as it appears on the console or in the system log. Issue the show tech-support command to gather data that may help identify the nature of the error. Contact your Cisco technical support representative and provide the representative with the gathered information.
%UBR7100-3-DDC_INVALID_HASHTYPE
%UBR7200-3-DDC_INVALID_HASHTYPE
%UBR10000-3-DDC_INVALID_HASHTYPE: The hash type [dec] for hash id [dec] is invalidExplanation The specified hash ID in the DOCSIS Dual-Channel (DDC) configuration has an invalid configuration.
Recommended Action Verify the DDC configuration on the router. If the configuration appears correct, copy the error message exactly as it appears on the console or in the system log. Issue the show tech-support command to gather data that may help identify the nature of the error. Contact your Cisco technical support representative and provide the representative with the gathered information.
%UBR7100-3-DDC_INVALID_STATICMAP
%UBR7200-3-DDC_INVALID_STATICMAP
%UBR10000-3-DDC_INVALID_STATICMAP: The node [dec] for mac-address [enet] exceeds maximum configured nodes.Explanation The configuration for the DOCSIS Dual-Channel (DDC) contains an Organization Unique Identifier (OUI) or MAC address mapping that specifies a DCC node number outside ofthe valid range (from 1 to 3).
Recommended Action Check the configuration to verify that all of the appropriate downstreams have been configured for the DDC feature, and that the number of configured downstreams is not outside of the valid range. If the configuration appears correct, copy the error message exactly as it appears on the console or in the system log. Issue the show tech-support command to gather data that may help identify the nature of the error. Contact your Cisco technical support representative and provide the representative with the gathered information.
%UBR7100-4-DDC_LIST_ERROR
%UBR7200-4-DDC_LIST_ERROR
%UBR10000-4-DDC_LIST_ERROR: DDC list errorExplanation The DOCSIS Dual-Channel (DDC) software was unable to create a list or add an element to a list. This typically is due to a lack of resources, such as memory, or a failure of the interprocess communication (IPC) subsystem to send the required list control messages.
Recommended Action Display the current processor usage using the show proc command, and look for any processes that might be monopolizing the processor time. Display the running configuration with the show running-config command, and look for any commands that might be allocating large amounts of memory for specific buffers, such as the logging buffered command. Verify that you are using released software on the Cisco CMTS. If so, copy the error message exactly as it appears on the console or in the system log. Issue the show tech-support command to gather data that may help identify the nature of the error. If you cannot determine the nature of the error from the error message text or from the show tech-support command output, contact your Cisco technical support representative and provide the representative with the gathered information.
%UBR7100-4-DDC_MESSAGE_ERROR
%UBR7200-4-DDC_MESSAGE_ERROR
%UBR10000-4-DDC_MESSAGE_ERROR: DDC message error. type [dec]Explanation The DOCSIS Dual-Channel (DDC) software was unable to send the specified interprocess communication (IPC) messages. This could be due to a lack of resources, such as memory, or due to the processor being at or near 100 percent utilization.
Recommended Action Display the current processor usage using the show proc command, and look for any processes that might be monopolizing the processor time. Display the running configuration with the show running-config command, and look for any commands that might be allocating large amounts of memory for specific buffers, such as the logging buffered command. Verify that you are using released software on the Cisco CMTS. If so, copy the error message exactly as it appears on the console or in the system log. Issue the show tech-support command to gather data that may help identify the nature of the error. If you cannot determine the nature of the error from the error message text or from the show tech-support command output, contact your Cisco technical support representative and provide the representative with the gathered information.
%UBR7100-4-DDC_NODE_ID_ERROR
%UBR7200-4-DDC_NODE_ID_ERROR
%UBR10000-4-DDC_NODE_ID_ERROR: Node id mismatch NPE: [dec] linecard: [dec]Explanation The node ID on the NPE subinterface is different than what is configured on the cable interface line card.
Recommended Action Verify that the configuration is correct. If so, copy the error message exactly as it appears on the console or in the system log. Issue the show tech-support command to gather data that may help identify the nature of the error. Contact your Cisco technical support representative and provide the representative with the gathered information.
%UBR7100-4-DDC_PROT_FREQ_ERROR
%UBR7200-4-DDC_PROT_FREQ_ERROR
%UBR10000-4-DDC_PROT_FREQ_ERROR: DS frequency not configured for the protect target node [dec]Explanation A downstream frequency is not configured on the specified target node.
Recommended Action Configure a downstream frequency on the appropriate downstream.
%UBR7100-4-DDC_SEMAPHORE_ERROR
%UBR7200-4-DDC_SEMAPHORE_ERROR
%UBR10000-4-DDC_SEMAPHORE_ERROR: DDC semaphore released when it was not takenExplanation A DOCSIS Dual-Channel (DDC) semaphore flag was released, but the flag was not locked at the time. This indicates either that an unexpected situation or that a software error occurred.
Recommended Action Copy the error message exactly as it appears on the console or in the system log. Issue the show tech-support command to gather data that may help identify the nature of the error. Contact your Cisco technical support representative and provide the representative with the gathered information.
%UBR7100-4-DDC_UNEXPECTED_EVENT_ERROR
%UBR7200-4-DDC_UNEXPECTED_EVENT_ERROR
%UBR10000-4-DDC_UNEXPECTED_EVENT_ERROR: DDC unexpected event error [dec]Explanation The DOCSIS Dual-Channel (DDC) software encountered an unexpected or unsupported event. This indicates either that an unexpected situation or that a software error occurred.
Recommended Action Copy the error message exactly as it appears on the console or in the system log. Issue the show tech-support command to gather data that may help identify the nature of the error. Contact your Cisco technical support representative and provide the representative with the gathered information.
%UBR7100-4-DDC_UNEXPECTED_MESSAGE_ERROR
%UBR7200-4-DDC_UNEXPECTED_MESSAGE_ERROR
%UBR10000-4-DDC_UNEXPECTED_MESSAGE_ERROR: DDC unexpected message error [dec]Explanation The DOCSIS Dual-Channel (DDC) software received an unexpected or unsupported message. This indicates either that an unexpected situation or that a software error occurred.
Recommended Action Copy the error message exactly as it appears on the console or in the system log. Issue the show tech-support command to gather data that may help identify the nature of the error. Contact your Cisco technical support representative and provide the representative with the gathered information.
%UBR7100-3-DDC_UNEXPECTED_NODES
%UBR7200-3-DDC_UNEXPECTED_NODES
%UBR10000-3-DDC_UNEXPECTED_NODES: The number of nodes [dec] is invalid.Explanation The configuration for the DOCSIS Dual-Channel (DDC) is outside of the valid range (from 1 to 3).
Recommended Action Check the configuration to verify that all of the appropriate downstreams have been configured for the DDC feature, and that the number of configured downstreams is not outside of the valid range. If the configuration appears correct, copy the error message exactly as it appears on the console or in the system log. Issue the show tech-support command to gather data that may help identify the nature of the error. Contact your Cisco technical support representative and provide the representative with the gathered information.
Command Reference
The following commands are introduced or modified in the feature or features documented in this module. For information about these commands, see the Cisco IOS Cable Command Reference at http://www.cisco.com/en/US/docs/ios/cable/command/reference/cmts_book.html. For information about all Cisco IOS commands, go to the Command Lookup Tool at http://tools.cisco.com/Support/CLILookup or to the Cisco IOS Master Commands List.
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Glossary
This section describes terms and acronyms that are used in this manual and not otherwise defined. See the Internetworking Terms and Acronyms for terms not included in this glossary.
CA vendor—A programming provider that has encrypted its programs using conditional access (CA) techniques, so that only authorized subscribers are able to decrypt and view the programs. When referring to the network topology, the term "CA vendor" typically refers to the servers that are providing the digitally encrypted program streams.
Cable Card—Another term for POD. See POD.
conditional access (CA)—Methods for encrypting video programs so that only authorized subscribers are able to decrypt and view the programs.
Data-over-Cable Service Interface Specifications (DOCSIS)—A suite of specifications maintained by CableLabs that describe the operation of a data network over a hybrid fiber-coaxial (HFC) cable network.
DOCSIS Set-Top Gateway (DSG)—A specification from CableLabs that allows operators of a DOCSIS cable network to provide out-of-band (OOB) messaging to set-top boxes (STBs) over existing cable networks. This allows MSOs and other service providers to combine both DOCSIS and STB operations over a single, open, vendor-independent network. Vendors can provide advanced STB video and electronic programming services, without interfering with the existing DOCSIS cable network.
DSG Tunnel—An IP multicast datagram stream originating at the DOCSIS Set-Top Gateway and carrying out-of-band messages intended for set-top boxes. It is carried over the downstream DOCSIS channel and is identified by a well-known Ethernet MAC address that is reserved and published by the CA/POD provider. Multiple DSG tunnels may exist on a single downstream DOCSIS channel.
customer premises equipment (CPE)—Set-top box, host, or other device at the subscriber's site that receives the cable signals coming from the cable modem termination system (CMTS), CA servers, and other DSG servers.
embedded cable modem—A DOCSIS cable modem that is integrated into the customer premises equipment (for example, a set-top box that contains tuners for both DOCSIS signals and DSG signals).
multicast address—A broadcast address that is targeted to and received by multiple hosts, as opposed to a unicast address that is intended for only one particular host. Both the Ethernet MAC Layer 2 and the IP Layer 3 protocols support multicast addressing. IP multicast addresses are divided into three separate subgroups:
–
–
–
network controller—Computers system that manages the set-top boxes or other CPE devices within a cable system. In a DSG network, the network controller transmits its control and other messages using a dedicated out-of-band channel.
out-of-band (OOB) messaging—Describes a form of network management in which the network controller sends control and information messages to one or more hosts or set-top boxes using a dedicated channel that is separate from the channel used to send programs and other user data. In a DSG network, OOB messages are transmitted using IP multicast packets and are received by those set-top boxes that are members of the appropriate multicast groups. The OOB messages can include the following types of messages:
•
•
•
•
•
Point of Deployment (POD) module—Removable PCMCIA-form factor security card that is plugged into a set-top box (STB) to uniquely identify and authenticate the STB. Each POD contains a unique ID that identifies the STB, as well as an X.509 certificate that the POD uses to establish secure authentication with the CA servers. This allows the CA provisioning servers to securely identify the STB and determine which programs and services it is authorized to receive. A POD module is more frequently referred to as a Cable Card.
set-top box (STB)—Customer premises equipment (CPE) providing subscription and pay-per-view broadcast television services and interactive TV services. In a DSG network, the each STB is a member of one or more multicast groups, allowing the STB to receive the OOB messages that allow its subscribers to receive the programs they are authorized to view.
set-top terminal—See set-top box (STB).
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2007 Cisco Systems, Inc. All rights reserved.
FeedbackContact Cisco
- Open a Support Case
- (Requires a Cisco Service Contract)