The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes the tasks that you perform after installing Prime Cable Provisioning.
Note | You need to get the permanent or evaluation license of 5.3 to upgrade from 4.2.x/5.0/5.1/5.2/5.3 to 5.3.1. |
Prime Cable Provisioning software must be registered via Cisco.com in order to obtain a license file (*.lic). The license file will be sent to you by e-mail. For any licensing issues, please contact your Cisco account representative or mailto:ask-cableprovisioning@cisco.com.
Prime Cable Provisioning licenses are available either as a permanent or an evaluation license.
Prime Cable Provisioning evaluation licenses become invalid on a predetermined date. As such, evaluation licenses must be created when needed. To create your evaluation license, contact your Cisco representative, who will generate the necessary license file online and forward it to you via e-mail.
Prime Cable Provisioning enables you to install permanent and evaluation licenses at the same time. In addition, it also allows you to install more than one evaluation license. This enables you to increase your device limit when you are in short of licenses till you purchase a permanent license. While you can install more than one evaluation license, an expired license can be deleted and a new evaluation license (with a later expiry date), or a permanent license can be added. While deleting the expired license, ensure that the device limit of the new license at least equals the number of devices that is currently stored in the database.
Prime Cable Provisioning enables licensing using a Service License file. Each license translates to a DOCSIS IP device. The license file that you receive will contain the number of DOCSIS IP devices that are licensed.
Prior to Prime Cable Provisioning 5.x, every device type instance such as, DOCSIS, Computer, PacketCable, CableHome, etc. consumed a separate license. In addition, with dual-stack Computers, this approach created two IPDevice records, one each for IPv4 and IPv6, resulting in two licenses being consumed instead of one. In Prime Cable Provisioning 5.x, the licensing scheme counts only the DOCSIS IP devices irrespective of whether the device is a stand-alone CM or an embedded eCM, each DOCSIS IP device consumes one license. Apart from the DOCSIS IP device, all other device types consume no license. In other words, Prime Cable Provisioning consumes only one license:
To know how the license mechanism for Prime Cable Provisioning 5.x is different from BAC 4.x, see the BAC 4.x and Prime Cable Provisioning 5.x Licensing Model document.
The Prime Cable Provisioning Admin UI shows the available and used licenses. You can also see the available and used licenses count through the API client.
Caution | Do not edit your license file. Changing the data in any way invalidates the license file. |
While you must install the DPE license from the Admin UI, the KDC license continues to be proprietary as in previous releases, and is licensed during Prime Cable Provisioning installation.
The DPE license is either included in a single license file along with the Service License or it is a separate license file by itself. The DPE is licensed only when you install this license file from the Admin UI.
For detailed information on how to add and delete licenses, see the Cisco Prime Cable Provisioning User Guide.
Note | With FlexLM licensing, you receive a Product Authorization Key (PAK) for each software CD package that you purchase. The PAK is affixed as a sticky label on the Software License Claim Certificate card that is included in your CD-ROM package. |
To obtain a permanent license:
Step 1 | Keep your PAK handy and access http://www.cisco.com/go/license. You must have a valid Cisco.com account to log into this site. The Product License Registration website appears. | ||
Step 2 | Complete the steps detailed at the Product License Registration page.
| ||
Step 3 | Once you receive your license file, install it using the procedure described in Installing Your License File. |
For an evaluation license, contact your Cisco representative, who will generate the necessary key from the Cisco licensing website and e-mail it to you. Once you receive your license file, install it using the procedure described in Installing Your License File.
Before installing your license file, ensure that you back up your licenses in case you have to reinstall the Prime Cable Provisioning software.
To install your permanent or evaluation license:
Obtain a KDC license from your Cisco representative and then install it in the correct directory.
To install the KDC license file (bacckdc.license):
Step 1 | Obtain your license file from your Cisco representative. | ||
Step 2 | Log into the Prime Cable Provisioning host as root or non-root. | ||
Step 3 | Change to the <BPR_HOME>/kdc directory. | ||
Step 4 | Copy the license
file to this
<BPR_HOME>/kdc directory.
| ||
Step 5 | To restart the KDC server and make the changes take effect, run the bprAgent restart kdc command from the /etc/init.d directory. |
After installing Prime Cable Provisioning, you must set up the Prime Network Registrar DNS server and Prime Network Registrar Extension Points.
A spoofing DNS server redirects all DNS requests to the same IP address. You can enable spoofing to enforce a self-provisioning flow for a new subscriber.
For example, assume that a DNS host is dns.example.com, and has an IP address of 10.10.10.5. Assume also that the web server with the self-provisioning flow is 10.10.10.6.
On the DNS server, set the following parameters in Prime Network Registrar:
nrcmd> zone . delete
nrcmd> zone . create primary dns.example.com postmaster.dns.example.com
nrcmd> zone . addrr * a 10.10.10.6
nrcmd> save
nrcmd> dns reload
When DNS reloads, the changes take effect.
On the DHCP server, set the following parameters in Prime Network Registrar:
nrcmd> policy unprovisioned setoption domain-name-servers 10.10.10.5
nrcmd> policy unprovisioned setoption domain-name example.com
nrcmd> save
nrcmd> dhcp reload
Syslog is now ready to receive alerts from Prime Cable Provisioning.
This appendix describes the sample configuration file included with this installation of Prime Cable Provisioning. This file is typical of the files you use during the Prime Cable Provisioning installation.
You can copy and use the sample configuration scripts to work with your Prime Cable Provisioning implementation. One script exists for DOCSIS modems and computers, while another script is available for DOCSIS modems and PacketCable MTAs.
This section describes the sample configuration file included with this installation of Prime Cable Provisioning. This file is typical of the files you use during the Prime Cable Provisioning installation.
You can copy and use the sample configuration scripts to work with your Prime Cable Provisioning implementation. One script exists for DOCSIS modems and computers, while another script is available for DOCSIS modems and PacketCable MTAs.
The sample configuration nrcmd script (bpr_cnr_hsd_sample_config.nrcmd) is used for a high-speed data deployment of DOCSIS modems and computers in a multiple-host configuration with failover protection. It is installed in the <BPR_HOME>/cnr_ep/samples directory.
Note | Ensure that these IP addresses cannot be pinged from outside. |
Scope selection tag objects for provisioned client classes.
Client-class objects for provisioned DOCSIS modems and computers.
Policy objects for unprovisioned and provisioned devices. (The only difference is that DNS servers are not given to unprovisioned devices.)
Scope and scope policy objects for unprovisioned and provisioned DOCSIS modems and computers.
Disabled TFTP server.
To run this script, in the Prime Network Registrar nrcmd program, enter:
This sample configuration nrcmd script (bpr_cnr_pktcbl_sample_config.nrcmd) is used for a high-speed data deployment of DOCSIS modems and PacketCable eMTA's/eDVA's. A multiple-host configuration with failover protection is also used, and the script is installed in the <BPR_HOME>/cnr_ep/samples directory.
Note | Ensure that these IP addresses cannot be pinged from outside. |
This sample script defines objects similar to those described in Sample Script for DOCSIS Modems and Computers
To run this script, in the Prime Network Registrar nrcmd program, enter:
This section describes how you set up the DPE component of Prime Cable Provisioning.
The DPE caches provisioning information and handles all configuration requests, including downloading configuration files to devices. It is integrated with the Prime Network Registrar DHCP server to control the assignment of IP addresses. Multiple DPEs can communicate with a single DHCP server.
This DPE is not licensed. Your request cannot be serviced. Please check with your system administrator for DPE licenses.
For details on DPE licensing and how to install your license, see Licensing Prime Cable Provisioning.
The Prime Cable Provisioning CLI is an IOS-like command-line interface that you use to configure and view the status of the DPE by using Telnet or SSH. The CLI supports built-in command help and command autocompletion.
You can enable authentication of the CLI through a locally configured login and privileged passwords, or through a remote username and password for a TACACS+ service.
To access the DPE CLI, open a Telnet session to port 2323 from a local or remote host.
To access the CLI from a local host, use:
# telnet localhost 2323
# telnet 0 2323
To access the CLI from a remote host, enter:
Note | # /etc/init.d/bprAgent start cli
|
After you access the CLI, you must enter the DPE password to continue. The default login and privileged passwords are changeme.
See the Cisco Prime Cable Provisioning DPE CLI Reference Guide for specific information on the CLI commands that a DPE supports.
To log into the DPE:
Tip | You can use the show run command to view the running configuration. A complete list of commands is available through the use of the show commands command. For additional information, see the Cisco Prime Cable Provisioning DPE CLI Reference. |
To configure a DPE:
Step 1 | Configure the
DPE interface to handle provisioning requests, by specifying the IP address of
the interface in the IPv4 or the IPv6 addressing formats.
For example: Using IPv4 format: bac_dpe# interface ip 10.10.10.133 provisioning % OK (Requires DPE restart "> dpe reload") Using IPv6 format: bac_dpe# interface ip 2001:0DB8:0:0:203:baff:fe12:d5ea provisioning % OK (Requires DPE restart "> dpe reload")
| ||
Step 2 | Configure the
IPv4 ONLY address for communication with Prime Network Registrar.
For example: bac_dpe# interface ip 10.10.10.133 pg-communication % OK (Requires DPE restart "> dpe reload") | ||
Step 3 | Enter the IP
address for the RDU or its domain name if you are implementing DNS. Also,
identify the port on which the RDU is listening. The default listening port is
49187. Identify whether to enable secure mode of communication with the RDU.
The value can either be true or false, where true indicates secure mode.
For example: Using IPv4 format: bac_dpe# dpe rdu-server 10.10.10.1 49187 false % OK (Requires DPE and DPE CLI restart) | ||
Step 4 | Specify the
provisioning group or groups of the DPE. Where appropriate, specify the
secondary provisioning group to which the DPE belongs to.
For example: bac_dpe# dpe provisioning-group primary group1 % OK (Requires appliance restart "> reload") bac_dpe# dpe provisioning-group secondary group2 % OK (Requires appliance restart "> reload") | ||
Step 5 | Set the shared
secret password to be the same as that on the RDU.
For example: bac_dpe# dpe shared-secret secret % OK (Requires DPE and DPE CLI restart) | ||
Step 6 | Enable the TFTP
service running on the DPE.
For example: Using IPv4 format: bac_dpe# service tftp 1 ipv4 enabled true % OK (Requires DPE restart "> dpe reload") Using IPv6 format: bac_dpe# service tftp 1 ipv6 enabled true % OK (Requires DPE restart "> dpe reload") | ||
Step 7 | Enable the Time
of Day (ToD) service running on the DPE.
For example: Using IPv4 format: bac_dpe# service tod 1 ipv4 enabled true % OK (Requires DPE restart "> dpe reload") Using IPv6 format: bac_dpe# service tod 1 ipv6 enabled true % OK (Requires DPE restart "> dpe reload) | ||
Step 8 | For the
configuration to take effect, you must reload the DPE and restart the DPE CLI.
For example: bac_dpe# dpe reload Process [dpe] has been restarted bac_dpe# /etc/init.d/bprAgent restart cli Process [cli] has been restarted. After you reload the DPE, you can establish a Telnet session to the DPE using its IP address. Remember to use the new login and enable password that you created in Logging In. After the successful configuration of the DPE, the configured DPE must appear under the Servers tab in the Admin UI. |
This section describes the configuration tasks that you must perform to set up a DPE to support voice technology.
For using the tips provided in this section, see the dpe.properties file, located in the <BPR_HOME>/dpe/conf directory. You change the properties specified, as indicated in the tips, to enable the described feature. If you edit the properties, you must restart the DPE.
Caution | In the dpe.properties file, there should be only one instance of each property described in these tips. |
To set up voice technology on your DPE:
Step 1 | To set the FQDN for each enabled DPE interface in the IPv4 or IPv6 format, enter: interface ip ip_address provisioning fqdn fqdn
The FQDN is sent as the SNMPEntity in DHCP option 177 suboption 3. For example: Using the IPv4 format: bac_dpe# interface ip 10.10.1.2 provisioning fqdn dpe.example.com % OK (Requires DPE restart "> dpe reload") Using the IPv6 format: bac_dpe# interface ip 2001:0DB8:0:0:203:baff:fe12:d5ea provisioning fqdn dpe.example.com % OK (Requires DPE restart "> dpe reload") | ||||
Step 2 | Configure the IPv4 ONLY address for communication with Prime Network Registrar. For example: bac_dpe# interface ip 10.10.10.133 pg-communication % OK (Requires DPE restart "> dpe reload") | ||||
Step 3 | To configure voice technology at DPE, enter:
For example: bac_dpe# service packetcable 1 registration kdc-service-key password3 % OK (Requires DPE restart "> dpe reload") | ||||
Step 4 | To control the choice of encryption algorithm for use during SNMPv3, enter: bac_dpe# service packetcable 1 registration policy-privacy value If you enter a value of zero (which is the default value) for this policy privacy, the MTA will choose a privacy option for SNMPv3. Entering any nonzero value means the Provisioning Server will set its privacy option in SNMPv3 to a specific protocol. Although, currently, DES is the only privacy option supported by voice technology.
For example: bac_dpe# service packetcable 1 registration policy-privacy 1 % OK (Requires DPE restart “> dpe reload”> | ||||
Step 5 | Enter this command to set the SNMP service key used for SNMPv3 cloning to the RDU. bac_dpe# service packetcable 1 snmp key-material password The default value for this command is null. Enter this default to disable SNMPv3 cloning on this DPE.
For example: bac_dpe# service packetcable 1 snmp key-material password4 % OK (Requires DPE restart "> dpe reload") | ||||
Step 6 | Enter this command to enable the PacketCable voice technology. bac_dpe# service packetcable 1 enable true You can disable voice technology by entering service packetcable 1 enable false.
For example: bac_dpe# service packetcable 1 enable true % OK (Requires DPE restart "> dpe reload") | ||||
Step 7 | Run the dpe reload command. For example: bac_dpe# dpe reload Process [dpe] has been restarted. |
service packetcable 1 registration encryption enable—This command optionally enables encryption of the MTA configuration file.
Tip | dpe.properties: /pktcbl/regsvr/configEncrypt=1 |
no service packetcable 1 registration encryption enable—This command optionally disables encryption of the MTA configuration file.
Tip | dpe.properties: /pktcbl/regsvr/configEncrypt=0 |
service packetcable 1 snmp timeout timeout—This command dynamically sets the number of seconds that the DPE waits for a response to an SNMPv3 SET operation. The timeout is expressed in seconds and the default value is 10 seconds.
Tip | dpe.properties: /pktcbl/snmp/timeout=1 and /pktcbl/snmp/timeout=10 |