-
null
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
A Device Provisioning Engine (DPE) caches provisioning information and handles all configuration requests, including downloading configuration files to devices. It is integrated with the Cisco Network Registrar DHCP server to control the assignment of IP addresses. Multiple DPEs can communicate with a single DHCP server.
DPEs come with factory-installed software that enables provisioning, but you must perform some initial configuration. This chapter describes the setup procedure.
This chapter describes:
•Configuring a DPE for Voice Technology
Table 7-1 identifies the sequence of events for setting up a hardware DPE.
Each DPE comes with a console cable. To begin setting up the DPE:
Step 1 Attach one end of the cable to the console port of the DPE.
Step 2 Attach the other end of the cable to the serial port on the computer that you want to use to configure the DPE.
Step 3 Proceed to Configuring and Running a Terminal Emulation Program.
You must configure and then run a terminal emulation program on the computer that you have connected to the DPE.
To configure and run a terminal emulation program:
Step 1 Log in to the computer, with root access.
At the command line, enter the name of a terminal emulator. Choose a terminal emulation program that enables communication with the DPE through the serial port on the host computer.
Step 2 On the terminal emulator, configure:
•Speed:9600
•Data Bits:8
•Parity:None
•Stop Bits:1
•Flow Control:Hardware
When you have correctly configured the terminal emulation program, you are prompted to log in to
the DPE.
Step 3 Proceed to Logging In.
To log in to the DPE:
Step 1 At the password prompt, enter the login password. The default user password is changeme.
For security reasons, we recommend that you change the original password.
For example:
bac_host BACC Device Provisioning Engine
User Access Verification
Password:
bac_host>
Step 2 Enter the enable command to enter privilege mode. You must be working in privilege mode to configure the DPE.
Step 3 The system prompts you for the password for the privilege mode. At the prompt, enter the password; the default is changeme.
The system displays the privilege mode prompt.
For example:
bac_host> enable Password:
bac_host#
Step 4 To change the login and privilege mode password, as we recommend:
a. At the prompt, enter the password command.
For example:
bac_host# password password123
b. At the password prompt, enter the new password, and re-enter it.
For example:
New password:
Retype new password:
Password changed successfully.
Note Remember that this is your new login password. If you want to change the privilege mode password, use the enable password command.
Step 5 Proceed to Configuring a DPE for Data.
To configure a DPE, you must know the:
•Static IP address that you want to assign to the DPE.
•IP address or fully qualified domain name (FQDN) of the RDU for the DPE.
•Provisioning group or groups to which the DPE belongs.
•IP address of the default gateway on your network, if the default gateway is implemented on your network.
•Host and domain names of the DPE.
Tip You can use the show run command to view the running configuration. A complete list of commands is available through the use of the show commands command. For additional information, refer to the Cisco Broadband Access Center DPE CLI Reference 2.7.1.
Note The commands pertaining to security are enabled only when connected to the DPE serial port. For more information, refer to the Cisco Broadband Access Center DPE CLI Reference 2.7.1.
To configure a DPE:
Step 1 Assign a static IP address and subnet mask to the first ethernet port on the DPE.
For example, to assign IP address 10.10.10.1 and the subnet mask 255.255.255.0, enter:
bac_host# interface ethernet 0 ip address 10.10.10.1 255.255.255.0
% OK (Requires appliance restart "> reload")
bac_host# interface ethernet 0 ip enabled true
% OK (Requires appliance restart "> reload")
bac_host# interface ethernet 0 provisioning enabled true
% OK (Requires appliance restart "> reload")
Note The values provided here are sample values only. Use values appropriate for your network.
Step 2 Enter the IP address for the RDU or its domain name if you are implementing DNS. Also, identify the port on which the RDU is listening. The default listening port is 49187.
For example:
bac_host# dpe rdu-server 10.10.10.1 49187
% OK (Requires appliance restart "> reload")
Step 3 Specify the provisioning group or groups of which the DPE is part. Where appropriate, specify the secondary provisioning group of which it is part.
For example:
bac_host# dpe provisioning-group primary group1
% OK (Requires appliance restart "> reload")
bac_host# dpe provisioning-group secondary group2
% OK (Requires appliance restart "> reload")
Step 4 If your network topology has a default gateway IP address, enter that information.
For example:
bac_host# ip default-gateway 10.10.10.1
% OK (Requires appliance restart "> reload")
Step 5 To set up DNS for the DPE, enter the IP address of the DNS server.
For example:
bac_host# ip name-server 10.20.10.1
% OK
Note To enter more than one DNS server name, list the servers with a space between each entry.
Step 6 Provide the DNS hostname and domain name for the DPE.
For example:
bac_host# hostname DPE1
% OK (Requires appliance restart "> reload")
bac_host# ip domain-name example.com
% OK
Step 7 Configure the current time on the DPE.
For example:
bac_host# clock set 14:52:20 30 1 2007
Tue Jan 30 14:52:20 GMT 2007
% OK
Step 8 Set the shared secret password to be the same as that on the RDU. This is one of the security-related commands mentioned earlier in this chapter. This command can only be run if the console is connected to the DPE serial port.
For example:
bac_host# dpe shared-secret secret
% OK (Requires DPE restart "> dpe reload")
Step 9 For the configuration to take effect, you must reload the DPE.
For example:
bac_host# reload
bac_host#
After you reload the DPE, you can establish a Telnet session using the IP address of the DPE. Remember to use the new login and enable password that you created in Logging In.
This section describes the configuration tasks that you must perform to set up a DPE to support voice technology.
The tips provided in this section refer to the dpe.properties file, located in the BPR_HOME/dpe/conf directory, for a lab installation of BAC. You change the properties specified, as indicated in the tips, to enable the described feature. If you edit the properties, you must restart the DPE.
Complete these steps to set up voice technology on your DPE.
Step 1 To set the FQDN for each enabled DPE interface, enter:
interface ethernet 0 provisioning fqdn fqdn-value
interface ethernet 1 provisioning fqdn fqdn-value
Tip dpe.properties: /server/provFQDNs=FQDN[IP address]:port. This setting could translate, for example, into c3po.pcnet.cisco.com[10.10.10.5]:49186.
The FQDN is sent as the SNMPEntity in DHCP Option 177 suboption 3.
For example:
bac_host# interface ethernet 0 provisioning fqdn dpe.cisco.com
% OK (Requires DPE restart "> dpe reload")
Step 2 To configure voice technology at DPE, enter:
packetcable registration kdc-service-key password
This is a protected mode security command, accessible only on the local console. The contents of this property are only visible when logged into the local console.
Note The DPE password that you enter using this CLI command must match the corresponding password used in the Keygen utility when generating service keys for the KDC.
For a lab installation, the KDC and DPE are installed on the same host, and the installation program automatically generates a random KDC service key for both the KDC and the DPE.
Tip dpe.properties: /pktcbl/regsvr/KDCServiceKey=(xx: ... xx)
where (xx: ... xx) represents a 24-byte randomly selected, colon-separated, hexadecimal value; for example: 31:32:33:34:35:36:37:38:39:30:31:32:33:34:3 5:36:37:38:39:30:31:32:33:34.
For example:
bac_host# packetcable registration kdc-service-key ciscosystems101
% OK (Requires DPE restart "> dpe reload")
Step 3 To control the choice of encryption algorithm for use during SNMPv3, enter:
packetcable registration policy-privacy value
If you enter a value of zero (which is the default value) for this policy privacy, the MTA will choose a privacy option for SNMPv3. Entering any nonzero value means the Provisioning Server will set its privacy option in SNMPv3 to a specific protocol. Although, currently, DES is the only privacy option supported by voice technology.
Tip dpe.properties: /pktcbl/regsvr/policyPrivacy=1 - This setting enables DES privacy.
For example:
bac_host# packetcable registration policy-privacy 1
% OK (Requires DPE restart "> dpe reload">
Step 4 Enter this command to set the SNMP service key used for SNMPv3 cloning to the RDU.
packetcable snmp key-material password
This is a protected mode security command, accessible only on the local console. The contents of this property are only visible when logged into the local console.
The default value for this command is null. Enter this default to turn SNMPv3 cloning off on this DPE.
Tip dpe.properties: to turn SNMPv3 cloning off, use /pktcbl/snmp/keyMaterial= to turn it on, use /pktcbl/snmp/keyMaterial=key. For example, /pktcbl/snmp/keyMaterial=31:32:33:34: 35:36:37:38:39:30:31:32:33:34:35:36:37:38:39:30:31:32:33:34:35:36:37:38:39:30:31:32:33:
34:35:36:37:38:39:30:31:32:33:34:35:36
For example:
bac_host# packetcable snmp key-material ciscosystems101
% OK (Requires DPE restart "> dpe reload")
Step 5 Enter this command to enable the PacketCable voice technology.
packetcable enable
PacketCable provisioning is disabled at the DPE by default. If you change this property, you must reboot the DPE for the new setting to take effect. Also, you can turn voice technology on or off by entering packetcable enable or no packetcable, respectively.
Tip dpe.properties: /pktcbl/enable=enabled
For example:
bac_host# packetcable enable
% OK (Requires DPE restart "> dpe reload")
Step 6 Run the dpe reload command.
For example:
bac_host# dpe reload
dpe has been restarted
The commands described in this section provide additional configuration settings. Changing these properties on the DPE-2115 causes the change to take effect immediately, without a DPE restart.
If you are working with a lab installation, and modify any DPE property, you must restart the DPE for the change to take effect.
•packetcable registration encryption—This command optionally enables encryption of the MTA configuration file.
Tip dpe.properties: /pktcbl/regsvr/configEncrypt=1
•no packetcable registration encryption—This command optionally disables encryption of the MTA configuration file.
Tip dpe.properties: /pktcbl/regsvr/configEncrypt=0
•packetcable snmp timeout timeout—This command dynamically sets the number of seconds that the DPE waits for a response to an SNMPv3 SET operation. The timeout is expressed in seconds and the default value is 10 seconds.
Tip dpe.properties: /pktcbl/snmp/timeout=1 and /pktcbl/snmp/timeout=10
Complete these steps to verify that your DPEs are operating properly after configuring them for operation with voice technology.
Step 1 To collect all the log, property, and network configuration files on the DPE, enter:
support bundle state
This command places the collected log files in the /outgoing directory. From there, the bundle is accessible using FTP.
For example:
bac_host# support bundle state
Creating state bundle for Cisco support...
+ /outgoing/state-20060721-000340.bac
+ Adding a process listing to the support bundle...
+ Adding a network connection listing to the support bundle...
+ Adding and compressing files for support bundle...
+ Size: 1205782 bytes
Step 2 To check the status of both the DPE and voice technology settings, enter:
show dpe
For example:
bac_host# show dpe
BPR Agent is running
dpe is running
Version BAC 2.7.1 (bacc-271-L-DPE_2115_000000000000).
Caching 51970 device configs and 2 external files.
Received 312 cache hits and 0 misses.
Received 0 lease updates.
Connection status is Ready.
Sent 77 SNMP informs and 77 SNMP sets.
Received 77 MTA provisioning successful SNMP informs.
Received 0 MTA provisioning failed SNMP informs.
Running for 11 days 1 hours 59 mins 15 secs.
This command also checks if voice technology provisioning is running, and displays the current health of the SNMPv3 service.