Cuda 12000 IP Access Switch CLI-based Administration Guide Release 3.0 PART NO. 780-000052-00 PUBLISHED SEPTEMBER 2001 http://www.adc.
ADC Telecommunications, Inc. 8 Technology Drive Westborough, MA 01581 ADC Telecommunications, Inc. (herein referred to as “ADC”) may revise this manual at any time without notice.
The equipment and software described herein may be covered by an ADC warranty statement. You may obtain a copy of the applicable warranty by referring to www.adc.com/cable/support and selecting the technical assistance link. What follows is a summary of the warranty statement. The summary is not binding on ADC and is provided to you merely as a convenience.
CONTENTS CUDA 12000 IP ACCESS SWITCH CLI-BASED ADMINISTRATION GUIDE ABOUT THIS GUIDE Document Objective 16 Audience 16 Document Organization 17 Notations 19 Command Syntax 20 Related Documentation 21 Contacting Customer Support 21 I ADMINISTRATION OVERVIEW 1 CUDA 12000 OVERVIEW Introducing the Cuda 12000 IP Access Switch 26 Hardware 27 Software 30 Minimum Chassis Configuration 31 Understanding the Cuda 12000 Within Your Network Cable Modem Termination System (CMTS) 33 IP Routing Configuration 33 2 ABOU
IP Interface Mode 50 OSPF Global Configuration Mode 51 Import and Export OSPF Route Filter Modes 53 RIP Configuration Mode 54 Import and Export RIP Route Filter Modes 55 Slot Mode 56 3 MANAGING USER ACCOUNTS Understanding User Accounts 57 Configuring Access Profiles 58 Creating and Modifying Access Profiles 60 Displaying Access Profiles 61 Deleting a Profile 62 Managing User Accounts 63 Creating and Modifying User Accounts 64 Displaying User Accounts 65 Deleting User Accounts 66 Configuring User Authentic
5 MULTI-CHASSIS SUPPORT About Multi-Chassis Support 94 Planning Multi-Chassis Support 96 Enabling the Jini Lookup Service 97 Configuring Multi-Chassis Support 98 Creating a Common User Account for the Group Viewing Chassis Details 101 6 100 MODULE ADMINISTRATION Cuda Application Modules 104 Configuring the 10/100 Ethernet and GigE Modules 105 Viewing Module Information 106 Viewing Installed Modules 106 Viewing Module Versions 108 Viewing Ethernet Interface Packet Statistics 110 Displaying Statistics for
TIMING AND ALARM CONTROLLER MANAGEMENT About Timing and Alarm Controller Fault Reporting Assertion Levels 150 Configuring the Power Assertion Level 151 Configuring Fan Unit Assertion Levels 152 Configuring Fault Reporting 153 Removing a Fault Notification 155 Viewing Fault Reporting Status 156 Configuring Alarms Out 157 Viewing Alarm Signals Out the DB-15 Connector 9 148 160 SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) About SNMP 162 Configuring SNMP Access Control 164 Configuring SNMP Access Views 165
Configuring Event Reporting 211 Viewing Event Reporting Configuration 213 Event Classes and SNMP System Events 214 Clearing the Event Log 216 Displaying Event Transmission, Reporting, and Syslog Parameters Displaying the Event Log 218 III IP ROUTING 11 CREATING ROUTE FILTERS About RIP and OSPF Route Maps 224 Creating Route Maps 225 Using the Match Command 227 Using the Override Command 228 Creating OSPF Import Route Maps 229 Creating OSPF Export Route Maps 231 Creating RIP Import Route Maps 234 Creating R
13 CONFIGURING DHCP AUTHORITY About DHCP Authority 264 Enabling DHCP Authority 266 Configuring DHCP Authority Ranges 267 Removing DHCP Authority Ranges 268 DHCP Authority Configuration Examples 269 14 CONFIGURING IP Configuring IP Addresses 272 Viewing IP Interfaces 274 Deleting IP Addresses 276 Displaying the Routing Table 277 Configuring Static Routes 278 Adding Static Routes 278 Deleting Static Routes 280 Adding the Default Route 282 Deleting the Default Route 283 Managing the Address Resolution Proto
Removing OSPF Virtual Interfaces 317 Configuring OSPF Neighbor Traps 318 Configuring IP Source Routing 320 About IP Source Routing 321 Adding IP Source Routes 322 Displaying IP Source Routes 323 Removing IP Source Routes 324 Source Routing Configuration Example 325 15 IP PACKET FILTERING About IP Packet Filtering 328 Enabling and Disabling IP Packet Filtering 329 Understanding Access Lists 330 Creating Access Lists 331 Displaying Access Lists 335 Deleting Access Lists 335 Applying Access Lists to Interfac
Joining IGMP Groups 356 Configuring IGMP Interface Parameters 357 Displaying IGMP Groups and Interface Parameters Deleting IGMP Groups 362 Managing IGMP Proxies 363 Configuring Proxies 363 Displaying Proxies 365 Deleting Proxies 365 Displaying Multicast Routes 366 358 IV CABLE MODEM TERMINATION SYSTEMS 18 CONFIGURING CABLE MODEM TERMINATION SYSTEMS CMTS Upstream Frequency Reuse 369 Configuring the MAC Interface 370 Displaying MAC Interface Parameters and Statistics 370 Understanding MAC Interface Statist
Configuring CMTS Privacy Parameters Configuring Flap Control 428 19 428 MANAGING CABLE MODEMS Viewing Cable Modems 432 Displaying the Summary of Cable Modem Registration States 432 Displaying a Detailed Listing for an Interface 434 Displaying Specific Cable Modems 438 Displaying Cable Modem Statistics 439 Tracking Offline Cable Modems 441 Setting the Duration for Tracking Offline Cable Modems 441 Maintaining Statistics for Offline Cable Modems 442 Clearing Offline Cable Modems 442 Resetting Cable Modems
20 SUBSCRIBER MANAGEMENT About Subscriber Management Filtering 494 About CPE Control 495 Configuring Filter Groups 496 Viewing Filter Groups 502 Deleting Filter Groups and Filters 503 Modifying Existing Filter Groups 504 Assigning Default Filter Groups 505 Modifying Filter Groups Per Cable Modem 507 Viewing Filter Group Assignments 510 Configuring CPE Control Parameters 512 Modifying CPE Control Parameters Per Cable Modem 515 Viewing CPE Control Parameters and CPE Devices 518 Viewing CPE Control Parameters
Packet Over SONET (POS) Commands Ethernet Commands 588 585 B CONFIGURING EXTERNAL PROVISIONING SERVERS C GLOSSARY INDEX
ABOUT THIS GUIDE This chapter introduces you to the Cuda 12000 IP Access Switch CLI-based Administration Guide and contains the following sections: ■ Document Objective (page 16) ■ Audience (page 16) ■ Document Organization (page 17) ■ Notations (page 19) ■ Command Syntax (page 20) ■ Related Documentation (page 21) ■ Contacting Customer Support (page 21)
16 CHAPTER : ABOUT THIS GUIDE Document Objective The Cuda 12000 IP Access Switch CLI-based Administration Guide provides procedural information about the commands you can use to configure and manage the Cuda 12000 system using the command line interface (CLI). Before you use this guide, you should have already installed and brought the system online using the Cuda 12000 IP Access Switch Installation Guide.
Document Organization 17 Document Organization The Cuda 12000 IP Access Switch CLI-based Administration Guide is organized as follows: Part I: Administration Overview Chapter 1: Cuda 12000 Overview — Provides an overview of product functionality and includes information on how the Cuda 12000 integrates into your network. Chapter 2: About the Command Line Interface — Introduces you to the Cuda 12000 command line interface (CLI).
18 CHAPTER : ABOUT THIS GUIDE Part III: IP Routing Chapter 11: Creating Route Filters — Provides information and procedures for creating RIP and OSPF policy-based route filters. Chapter 12: Configuring DHCP Relay — Provides information and procedures on how to configure DHCP relay on a cable interface. Chapter 13: Configuring DHCP Authority — Provides information and procedures on how to configure DHCP authority on a cable interface.
Notations 19 Appendices Appendix A: Command Summary — Provides a complete listing of CLI commands and a brief description of each; organized by function. Appendix B: Configuring External Provisioning Servers — Provides information on configuring external FastFlow BPM and third-party provisioning servers. Appendix C: Glossary — Provides a glossary of networking terms. Notations Table 1 lists the text notations that are used throughout the Cuda 12000 documentation set guide.
20 CHAPTER : ABOUT THIS GUIDE Command Syntax Table 2 describes the command syntax conventions used in this guide. Table 2 Command Syntax Conventions Command Element Syntax Commands and keywords Expressed in bold. For example: Variables Enclosed in < > and expressed in plain text. For example: show chassis-config add arp In this example, and are variables that follow the add arp command. Optional Arguments Enclosed in [ ].
Related Documentation 21 Related Documentation For more information on the Cuda 12000 system, refer to the following publications: ■ Cuda 12000 IP Access Switch Installation Guide: Provides the information you need to install the system and bring it online. Includes a test procedure to ensure that the system is operational and can provision modems. ■ Cuda 12000 IP Access Switch CLI Reference Guide: Provides detailed reference information on CLI command syntax and arguments.
22 CHAPTER : ABOUT THIS GUIDE ADC Telecommunications, Inc.
ADMINISTRATION OVERVIEW I Chapter 1 Cuda 12000 Overview Chapter 2 About the Command Line Interface Chapter 3 Managing User Accounts
1 CUDA 12000 OVERVIEW This chapter explains the overall features of the Cuda 12000 IP Access Switch and describes how your Cuda 12000 IP Access Switch fits into your network.
26 CHAPTER 1: CUDA 12000 OVERVIEW Introducing the Cuda 12000 IP Access Switch The Cuda 12000 IP Access Switch is a fully-meshed IP access switch that sits between the hybrid fiber coax cables (HFC) and the carrier’s IP backbone network. It serves as an integrated Cable Modem Termination System (CMTS) and IP router, and supports DOCSIS and EuroDOCSIS RFI Specification 1.0 and 1.1.
Introducing the Cuda 12000 IP Access Switch 27 Hardware This section provides a brief overview of Cuda 12000 IP Access Switch hardware features and modules. For more information on Cuda 12000 IP Access Switch hardware, refer to the Cuda 12000 IP Access Switch Installation Guide.
28 CHAPTER 1: CUDA 12000 OVERVIEW Feature Description CableOnce Network Connections The system supports a CableOnce design that allows you to cable directly to the appropriate connector fixed to the rear of the chassis, or slot backplate. Cabling directly to these stationary connectors, instead of to the modules themselves, allows module replacement without recabling. You remove a module and then insert a new one while the cables remain attached to the system.
Introducing the Cuda 12000 IP Access Switch 29 DOCSIS (Data Over Cable Service Interface Specification) is a CableLabs® standard for interoperability between a CMTS and cable modems. EuroDOCSIS (European Data Over Cable Service Interface Specification) is a CableLabs® and tComLabs® standard. DOCSIS and EuroDOCSIS modules serve as CMTS interface modules with your HFC network using upstream and downstream ports.
30 CHAPTER 1: CUDA 12000 OVERVIEW Software The Cuda 12000 IP Access Switch system software comprises two software components, as follows: ■ ■ Base System Software (required): The base system software is shipped with your Cuda and contains the operating system.
Introducing the Cuda 12000 IP Access Switch 31 Minimum Chassis Configuration The minimum configuration of a Cuda 12000 IP Access Switch comprises the following: ■ A minimum of one management module, plus the base software package. The module and base software are required to configure the Cuda 12000 IP Access Switch. ■ An Octal 10/100 Ethernet, Gigabit Ethernet, or POS module.
32 CHAPTER 1: CUDA 12000 OVERVIEW Understanding the Cuda 12000 Within Your Network Cuda 12000 IP Access Switches are installed at the HFC end of a cable plant and are responsible for gateway operations between the headend and the Internet. Through the Cuda 12000 IP Access Switch, digital data signals are modulated onto RF channels for broadcast over the same infrastructure. Typically, the signals are broadcast through the HFC to fiber nodes in the network.
Understanding the Cuda 12000 Within Your Network 33 Cable Modem Termination System (CMTS) The Cuda 12000 implements DOCSIS and EuroDOCSIS CMTS functionality, providing connectivity and data forwarding for cable modems over the RF cable plant. The DOCSIS and EuroDOCSIS modules interface with your HFC network, using a 1-to-4 downstream-to-upstream port ratio (referred to as 1 x 4), or a 1-to-6 downstream-to-upstream port ratio (referred to as 1 x 6).
34 CHAPTER 1: CUDA 12000 OVERVIEW ADC Telecommunications, Inc.
2 ABOUT THE COMMAND LINE INTERFACE This chapter introduces you to the command line interface (CLI) and covers the following topics: ■ About the CLI (page 35) ■ Accessing the CLI (page 37) ■ Command Modes (page 40) About the CLI The Cuda 12000 management module runs the Linux operating system. The CLI operates within this environment. The CLI is a textual command line interface accessible through a local COM port or through remote Telnet or secure shell (SSH).
36 CHAPTER 2: ABOUT THE COMMAND LINE INTERFACE ■ ■ Command Mode Help — To view all commands available in the current mode with associated descriptions, type help. To show a list of available commands without descriptions, type ? at the prompt or press the Tab key twice. Configurable Prompt — By default, the prompt displays both the address assigned to the management module and the current command mode. You can configure the prompt so it does not display this information.
Accessing the CLI 37 Accessing the CLI Your first form of access to the CLI (after installing the Cuda 12000) is through COM port 1 located on the front of the management module. Once you assign the Craft Ethernet port on the management module an IP address, you can access the CLI remotely through Telnet or SSH. Use the following procedure to logon to the system management module and access the CLI environment through COM port 1: 1.
38 CHAPTER 2: ABOUT THE COMMAND LINE INTERFACE The system ships with the following system defaults: Account Name: root Password: bas For example: [administrator@Tech2000 administrator]$ bascli cli:null:root> enable root password: *** Connecting to 172.16.19.10...
Accessing the CLI 39 For example: ADC Cuda 12000 cli:null:root> enable root password: *** Connecting to 192.168.208.3... Java Server version is compatible logon complete Sending message: User root just logged in from techpubs FROM:root@techpubs:: User root just logged in from techpubs Note that the default login name and password are case-sensitive — all lowercase.
40 CHAPTER 2: ABOUT THE COMMAND LINE INTERFACE Command Modes The Cuda 12000 switches and routes IP traffic between cable modems on an analog HFC network, and an IP digital network. As a result, administration tasks range from configuring IP interfaces and routing protocols to managing subscribers. To support these administration tasks, the system provides a set of global commands and multiple command modes.
Command Modes 41 The command modes that are available for system configuration depend on the product packages installed.
42 CHAPTER 2: ABOUT THE COMMAND LINE INTERFACE Global Commands Global commands can be used anywhere in the CLI, regardless of your current command mode. Table 2-1 lists global commands as they appear when you type help at the command prompt. Note that the help command output displays many commands in their abbreviated form. Table 2-1 Global Commands Command Description basmonitor Starts the system monitor. boot Enables, disables, or reboots a module in an application slot.
Command Modes 43 Table 2-1 Global Commands Command Description server Shortened form of prov-server. set Sets several user session parameters. show Specifies the show form of a command, which provides a read-only view of configuration parameters and other information. sleep Delays the display of the CLI prompt for a specified number of seconds. slot Changes you to slot mode. source Executes a script file. talk Enables and disables sending of broadcast messages.
44 CHAPTER 2: ABOUT THE COMMAND LINE INTERFACE Root Mode Root is the top-level mode in the CLI administration console; all other modes run within this mode. From within root mode you can access second-level command modes, such as slot configuration mode. To enter root mode from within any configuration mode, type root. Table 2-2 lists available root commands as they appear when you type help at the command prompt. Global commands are not listed and can be found in Table 2-1 on page 42.
Command Modes 45 Table 2-2 Root Mode Commands Command Description modulation-profile Configures modulation profiles, which contain burst properties for upstream data channels. privacy Configures X.509 certificate parameters for BPI plus. radius-server Configures a RADIUS authentication server. reset Reboots a module. save Saves the system configuration for all slots to persistent storage. snmp-server Configures the SNMP agent. tacacs-server Configures the TACACS+ server.
46 CHAPTER 2: ABOUT THE COMMAND LINE INTERFACE Physical Interface Mode Physical interface mode allows for the administration of a specified interface, including interface-specific configuration and information displays. To enter this mode, you must specify the chassis/slot/port-number (c/s/i) combination that identifies the physical interface that you want to configure. After you enter this mode, all configuration that you perform pertains to the interface that you specified.
Command Modes 47 Table 2-3 DOCSIS Interface Mode Commands Command Description cm First element in various cable modem and subscriber management commands, such as cm modify active, cm reset, and so on. cm-filter Creates a cable modem filter. cm-offline Configures several offline cable modem parameters for the current interface. dhcp-authority Adds a DHCP authority range. The command also enables and disables DHCP authority.
48 CHAPTER 2: ABOUT THE COMMAND LINE INTERFACE Table 2-3 DOCSIS Interface Mode Commands Command Description spectrum-group Configures spectrum group rules. sync-interval Configures the time interval between synchronization message transmissions on the downstream channel. trace-log Configures event logging for the interface. ucd-interval Configures the time interval between transmission of successive Upstream Channel Descriptor (UCD) messages for each upstream channel.
Command Modes 49 Table 2-5 POS Interface Mode Commands Command Description access-class Applies an access list to the current interface. access-list Creates an access list, which consists of IP filtering rules. arp Sets the ARP timeout parameter. bootp-policy Defines BOOTP request policies. clock-source Configures the SONET transmission clock source. crc Configures cyclic redundancy checking (CRC). dhcp-authority Adds a DHCP authority range.
50 CHAPTER 2: ABOUT THE COMMAND LINE INTERFACE IP Interface Mode IP interface mode allows for the administration of a specified IP interface, including IP interface-specific configuration and information displays. To enter this mode, you must: 1. Enter physical interface mode for the physical interface associated with the IP interface. 2. Issue the ip address command. On the command line, you specify the IP address and network mask combination that identifies the IP interface.
Command Modes 51 OSPF Global Configuration Mode OSPF commands allow you to configure global OSPF (Open Shortest Path First) parameters. The system supports OSPF version 2 as defined in RFC 1583. OSPF global configuration mode allows you to enable the protocol on a system-wide basis, and set system-wide OSPF parameters — such as router ID — and default OSPF parameters. All OSPF areas to which you want this system to belong must be configured within this mode.
52 CHAPTER 2: ABOUT THE COMMAND LINE INTERFACE Table 2-6 lists available OSPF global commands as they appear when you type help at the command prompt. CLI global commands are not listed and can be found in Table 2-1 on page 42. Note that the help command output displays many commands in their abbreviated form. Table 2-6 OSPF Global Configuration Mode Commands Command Description asbr Configures the Cuda 12000 IP Access Switch as an Autonomous System Boundary Router (ASBR).
Command Modes 53 Import and Export OSPF Route Filter Modes Route filters control the flow of routes to and from the routing table. Import route filters control which routes are stored in the routing table. Export filters control which routes are advertised to other routers. You can define route filters to control the flow of both OSPF and RIP routes. To create OSPF import route filters, enter import mode from within router:ospf mode, or type router ospf import from any mode.
54 CHAPTER 2: ABOUT THE COMMAND LINE INTERFACE RIP Configuration Mode RIP (Routing Information Protocol) is a broadcast-based protocol used by routers to update routing tables, which include information about the networks that are in their routing tables. The routing table is broadcast to the other routers on the network where RIP is configured over IP. The Cuda 12000 supports RIP version 2 as defined in RFC 1724. The Cuda can interoperate in a network of both RIPv1 and RIPv2 routers.
Command Modes 55 Import and Export RIP Route Filter Modes Route filters control the flow of routes to and from the routing table. Import route filters control which routes are stored in the routing table. Export filters control which routes are advertised to other routers. You can define route filters to control the flow of both OSPF and RIP routes. To create RIP import route filters, enter import mode from within router:rip mode or type router rip import from within any mode.
56 CHAPTER 2: ABOUT THE COMMAND LINE INTERFACE Slot Mode Slot mode provides access to slot-specific commands. To enter this mode, you must specify a chassis/slot (c/s) combination that identifies the slot that you want to administer. Within this mode, you can do the following: ■ Persist (save) configuration for the current module, or all modules in the system ■ Configure and show trace log activity for the current slot ■ Reset the module contained in the slot, or all modules in the chassis.
3 MANAGING USER ACCOUNTS This chapter provides information and procedures on how to manage user accounts and consists of the following tasks: ■ Configuring Access Profiles (page 57) ■ Managing User Accounts (page 58) ■ Configuring User Authentication (page 63) Before you can effectively perform these tasks, you need to understand some concepts of user accounts.
58 CHAPTER 3: MANAGING USER ACCOUNTS Configuring Access Profiles Access profiles define the type of access available to users. The access profile command allows you to configure access to the following functional areas: Table 3-1 Functional Areas Functional Area Description Admin Functions associated with administering user accounts, such as adding modifying, and deleting users and profiles, as well as chassis configuration.
Configuring Access Profiles 59 The system ships with the following default access profiles. Note that these profiles are displayed in all capital letters when viewed to distinguish them from user-defined profiles. Also note that you cannot modify or remove these built-in profiles: ■ AUDITORPROFILE. Provides read-only access to DOCSIS, routing, and provisioning functionality; no access to administrative functions. ■ OPERATORPROFILE.
60 CHAPTER 3: MANAGING USER ACCOUNTS Creating and Modifying Access Profiles To create or modify an access profile, use the access-profile command. To create a profile, specify a new profile name; to modify a profile specify an existing profile name. You create or modify a profile by performing the following tasks: Task Command 1. Enter root mode. root 2. Define the access profile.
Configuring Access Profiles 61 Displaying Access Profiles You display access profile information by performing the following tasks: Task Command 1. Enter root mode. root 2. Display all access profiles. show access-profile 3. Display a specific access profile. show access-profile Example The following example displays a profile named routemonitor: cli:172.16.19.
62 CHAPTER 3: MANAGING USER ACCOUNTS Deleting a Profile You remove an access profile by performing the following tasks: Task Command 1. Enter root mode. root 2. Remove a specified access profile. no access-profile Example The following example deletes an access profile named routemonitor: cli:172.16.19.10:root# no access-profile routemonitor 'routemonitor' was successfully removed cli:172.16.19.10:root# ADC Telecommunications, Inc.
Managing User Accounts 63 Managing User Accounts You create and modify local user accounts on the Cuda 12000 using the account command.
64 CHAPTER 3: MANAGING USER ACCOUNTS Creating and Modifying User Accounts To create or modify a user account, use the account command. To create a new account, specify a new account name. To modify an existing account, specify an existing name. You create or modify a user account by performing the following tasks: Task Command 1. Enter root mode. root 2. Create a user account.
Managing User Accounts Displaying User Accounts You view user accounts configured on the system by performing the following tasks: Task Command 1. Enter root mode. root 2. Show all user accounts. show account 3. Show a specified user account. show account Example The following example shows the user account named Route_1: cli:172.16.19.
66 CHAPTER 3: MANAGING USER ACCOUNTS Deleting User Accounts You may want to delete a user account when you no longer need it or want to remove a user from the system. After a user account is deleted that user is locked out of the system. Note that this is also true for the user with root profile privileges. If there is only one user with root profile privileges for your system and that user is locked out of the system, then you need to contact Customer Support for assistance.
Configuring User Authentication 67 Configuring User Authentication The Cuda 12000 IP Access Switch supports three types of user authentication: ■ Local authentication – Users are authenticated locally by the Cuda 12000. This is the default authentication type. ■ TACACS+ authentication – Users are authenticated by a TACACS+ server. When the user attempts to login to the Cuda 12000, the Cuda 12000 encrypts the username and pasword, and forwards them to the TACACS+ server for authentication.
68 CHAPTER 3: MANAGING USER ACCOUNTS Configuring Local Authentication By default, users are authenticated locally by the Cuda 12000 using the accounts and access profiles you create as described earlier in this chapter. If you configure TACACS+ or RADIUS authentication, and then decide to change back to local authentication, perform the following tasks: Task Command 1. Enter root mode. root 2. Enable local authentication. aaa authentication login default local 3.
Configuring User Authentication 69 Configuring TACACS+ Authentication Before you configure TACACS+ authentication on the Cuda 12000, make sure that: ■ At least one account for Cuda 12000 users has been created on the TACACS+ server. Users must login to the Cuda 12000 an account created on the TACACS+ server. Refer to your TACACS+ server documentation for more information. ■ You know the IP address of the TACACS+ server.
70 CHAPTER 3: MANAGING USER ACCOUNTS Task Command 6. Verify that TACACS+ authentication is enabled. show aaa Example cli:192.168.208.3:root# tacacs-server host 192.168.220.200 cli:192.168.208.3:root# tacacs-server key one4me cli:192.168.208.3:root# show tacacs-server tacacs-server host 192.168.220.200 tacacs-server key one4me cli:192.168.208.3:root# aaa authentication login default tacacs+ cli:192.168.208.3:root# show aaa aaa authentication login default tacacs+ cli:192.168.208.
Configuring User Authentication 71 Configuring RADIUS Authentication Before you configure RADIUS authentication on the Cuda 12000, make sure that: ■ At least one account for Cuda 12000 users has been created on the RADIUS server. Users must login to the Cuda 12000 an account created on the RADIUS server. Refer to your RADIUS server documentation for more information. ■ You know the IP address of the RADIUS server.
72 CHAPTER 3: MANAGING USER ACCOUNTS Task Command 6. Verify that RADIUS authentication is enabled. show aaa Example cli:192.168.208.3:root# radius-server host 192.168.220.202 cli:192.168.208.3:root# radius-server key one4me cli:192.168.208.3:root# show radius-server radius-server host 192.168.220.202 radius-server key one4me cli:192.168.208.3:root# aaa authentication login default radius cli:192.168.208.3:root# show aaa aaa authentication login default radius cli:192.168.208.
II CHASSIS ADMINISTRATION Chapter 4 Chassis Configuration Chapter 5 Multi-Chassis Support Chapter 6 Module Administration Chapter 7 Packet Over SONET Administration Chapter 8 Timing and Alarm Controller Management Chapter 9 Simple Network Management Protocol (SNMP) Chapter 10 Managing System Events
4 CHASSIS CONFIGURATION This chapter explains the configuration features of the Cuda 12000 chassis and includes the following sections: ■ Understanding Chassis Identification (page 76) ■ Understanding Management Module Redundancy (page 76) ■ Configuring Chassis Parameters (page 78) ■ Displaying Current Chassis Configuration (page 81) ■ Configuring Clock Sources (page 86) ■ Starting and Stopping the HTTP Server (page 88) ■ Enabling and Disabling Traffic Relay (page 89) ■ Broadcasting Message
76 CHAPTER 4: CHASSIS CONFIGURATION Understanding Chassis Identification The Cuda 12000 chassis has two key identifiers: ■ Chassis Number — The Cuda 12000 chassis is shipped with a unique chassis-number, which is a fixed value assigned to each chassis during manufacturing at the ADC plant. ■ Chassis ID — Each Cuda 12000 switch should be configured with a unique chassis identification (ID) number. The chassis ID serves as a router management tool.
Understanding Management Module Redundancy 77 A secondary management module can take over the primary role in two ways: ■ Automatically, when the secondary management module detects that the primary management module is not functioning properly. ■ Manually, through the chassis-config CLI command. In this case, you use the command to force the current primary management module into the secondary role, which in turn forces the current secondary management module into the primary role.
78 CHAPTER 4: CHASSIS CONFIGURATION Configuring Chassis Parameters Chassis configuration includes the following parameters: ■ Chassis Number — A fixed number assigned to the Cuda 12000 chassis during manufacturing at the ADC plant. ■ Chassis ID — User-defined. A unique identification number that you assign to the Cuda 12000 chassis in the network. The Cuda uses a multi-range numbering system. Acceptable chassis ID values are 1 to 128, or the number 255. ■ Cluster ID — User-defined.
Configuring Chassis Parameters 79 Configuration of chassis parameters is achieved using the chassis-config command within root mode. Perform the following tasks within root mode to configure chassis parameters: Task Command 1. Identify the chassis number. show chassis-config 2. Configure the chassis ID. chassis-config chassisid <1..128> 3. Configure the Cluster ID chassis-config clusterid 4.
80 CHAPTER 4: CHASSIS CONFIGURATION The following example shows you how to force a primary management module into a secondary role, thereby forcing the secondary management module into a primary role: cli:192.168.222.200:root# show chassis-config Chassis Number: 101 Chassis Id: 1 Cluster Id: 0 Primary Manager Slot: 13 Secondary Manager Slot: 14 Scope: Cluster cli:192.168.222.200:root# chassis-config 101 manager secondary Connection to 192.168.222.
Displaying Current Chassis Configuration 81 Displaying Current Chassis Configuration The Cuda 12000 allows you to generate a list of CLI commands that display the current running state of the chassis configuration. The command that supports this function is show running-config. Use the following procedure to display the complete current configuration: Task Command 1. Enter root mode. root 2. Display the current configuration.
82 CHAPTER 4: CHASSIS CONFIGURATION Example cli:192.168.208.3:root# show running-config ! ! BAS Chassis event-config reporting warning local|syslog|traps event-config reporting notice local|syslog|traps event-config reporting info none traffic-relay tftp port 69 traffic-relay time_of_day port 37 ! ! RIP Protocol router rip ! ! RIP Import filters import up ! ! RIP Export filters export up root ! ! OSPF Protocol router ospf ospf area 0.0.0.
Displaying Current Chassis Configuration 83 snmp-server group adc v3 noauth read public write private notify public contex t adc storage nonvolatile snmp-server group mgr v3 noauth read nosnmpconfig context monitor storage nonv olatile snmp-server group guitraps v1 notify guitraps storage readonly snmp-server group guitraps v2c notify guitraps storage readonly snmp-server group superman v3 priv read allaccess write allaccess context admi n storage nonvolatile snmp-server group admingroup v1 read allaccess
84 CHAPTER 4: CHASSIS CONFIGURATION snmp-server community trapcommunity trapcommunity storage nonvolatile snmp-server host 127.0.0.1 guitraps udp-port 54321 storage readonly snmp-server host 201.1.1.
Displaying Current Chassis Configuration 85 interface ethernet 1/11/6 root ! ! Interface 1/11/7 10/100 Ethernet MAC interface ethernet 1/11/7 root ! ! Interface 1/11/8 10/100 Ethernet MAC interface ethernet 1/11/8 root ! ! CMTS Module slot 1/1 ! ! Interface 1/1/1 CMTS MAC interface cable 1/1/1 dhcp-policy default permit forward-internal dhcp-relay add-agent-options enable ip source-route 201.1.2.0 255.255.255.0 201.1.3.1 ip source-route 201.1.4.0 255.255.255.0 201.1.5.0 ip source-route 201.4.6.0 255.255.
86 CHAPTER 4: CHASSIS CONFIGURATION ! POS Module slot 1/8 ! ! Interface 1/8/1 POS MAC interface pos 1/8/1 arp timeout 0 ! ! BasPppProtocol root Configuring Clock Sources The Cuda 12000 IP Access Switch backplane has a primary clock (A) and a secondary clock (B).
Configuring Clock Sources 87 A typical configuration would be as follows: ■ Primary clock configured to use a BITS-A or BITS-B external clock source ■ Secondary clock configured to use the internal Stratum-3 oscillator clock source. The example at the end of this section illustrates the commands you would issue to create this typical configuration. To configure primary and secondary clock sources, perform the following tasks: Task Command 1. Enter root mode. root 2.
88 CHAPTER 4: CHASSIS CONFIGURATION Starting and Stopping the HTTP Server The chassis runs an HTTP server, which allows CudaView users to manage the chassis with their Web browsers. Refer to the Cuda 12000 IP Access Switch CudaView Administration Guide for more information on CudaView. You can start and stop the HTTP server using the http-server command. If you stop the HTTP server, the chassis cannot be managed through CudaView. By default, the HTTP server is enabled and running.
Enabling and Disabling Traffic Relay 89 Enabling and Disabling Traffic Relay You can configure processes, such as the HTTP server, to send and receive TCP or UDP packets using an internal address on the Cuda 12000. This method of sending and receiving packets is called traffic relay. If you are running a TFTP server on the Cuda 12000 as part of FastFlow BPM provisioning, you must enable traffic relay for the TFTP server in order to download configuration files to cable modems.
90 CHAPTER 4: CHASSIS CONFIGURATION Example In this example, traffic relay is enabled for Telnet. cli:192.168.208.3:root# traffic-relay telnet cli:192.168.208.3:root# show traffic-relay row count: 10 Protocol -----------tftp time_of_day syslog dns snmp telnet ssh http ftp snmp-trap State Port Number -------- ----------enable 69 enable 37 disable 514 disable 53 disable 161 enable 23 disable 22 disable 80 disable 21 disable 162 cli:192.168.208.3:root# ADC Telecommunications, Inc.
Broadcasting Messages to Users 91 Broadcasting Messages to Users The talk command enables you to broadcast messages to all chassis users and to enable and disable the ability to broadcast messages. To broadcast messages to users, perform the following task: Task Command From any mode, send a broadcast talk message. Note that if the string contains spaces, enclose it in quotes.
92 CHAPTER 4: CHASSIS CONFIGURATION ADC Telecommunications, Inc.
5 MULTI-CHASSIS SUPPORT This chapter describes multi-chassis support, and includes the following sections: ■ About Multi-Chassis Support (page 94) ■ Planning Multi-Chassis Support (page 96) ■ Enabling the Jini Lookup Service (page 97) ■ Configuring Multi-Chassis Support (page 98) ■ Creating a Common User Account for the Group (page 100) ■ Viewing Chassis Details (page 101)
94 CHAPTER 5: MULTI-CHASSIS SUPPORT About Multi-Chassis Support The purpose of multi-chassis support is to allow network administrators, from a single session, to access and manage multiple chassis as a single group. When a network administrator connects to a chassis that is a member of a multi-chassis group, the administrator can also access all other chassis in that group without having to connect to each chassis individually.
About Multi-Chassis Support 95 The multi-chassis group, MCS-Group1, in the example below consists of three chassis: A, B, and C. The group name “MCS-Group1” is configured on each chassis, and each chassis registers this name with the Jini lookup service running on Chassis C. In this example, the network administrator logs in to Chassis B (the host chassis), but keep in mind that the network administrator can also log in to Chassis A and Chassis C to access the group.
96 CHAPTER 5: MULTI-CHASSIS SUPPORT Planning Multi-Chassis Support Before you configure multi-chassis support, perform these planning tasks: ■ Identify each Cuda 12000 chassis that will be in the group. Make sure that all chassis in the group are running software versions that have multi-chassis support. ■ Decide on a group name. A descriptive name is suggested (for example, “MCS-Group-Net-Mgmt”). The name may not contain spaces. You will configure this name on each chassis in the group.
Enabling the Jini Lookup Service 97 Enabling the Jini Lookup Service Enable the Jini lookup service on at least two Cuda 12000 chassis. Each chassis that runs the Jini lookup service must be on the same physical network as the multi-chassis group that it serves. To enable the Jini lookup service on a chassis, perform the following tasks: Tasks Commands 1. Enter configuration mode. root 2. Enable the Jini lookup service. lookup enable 3. Verify the Jini status.
98 CHAPTER 5: MULTI-CHASSIS SUPPORT Configuring Multi-Chassis Support The Cuda 12000 ships with multi-chassis support enabled. During the initial installation (or upgrade) of the Cuda operating system software, the Java server checks for a multi-chassis support service property. If the property is not found, the Java server automatically enables multi-chassis support, using Jini as the chassis discovery mechanism on the local network.
Configuring Multi-Chassis Support 99 Example In this example, the administrator enables multi-chassis support, specifies a group name, and displays multi-chassis status on the chassis (local chassis) that the administrator is currently configuring. cli:192.168.208.3:root# cli:192.168.208.3:root# cli:192.168.208.3:root# cli:192.168.208.
100 CHAPTER 5: MULTI-CHASSIS SUPPORT Creating a Common User Account for the Group On each chassis in the group, create the same user account (same username, same password, same access privileges). Then, to access all chassis in the group, log in to the host chassis using this account. You can manage user accounts on a chassis to which you are directly connected and logged into only (on the host chassis). You cannot manage user accounts by proxy.
Viewing Chassis Details 101 Viewing Chassis Details You can view chassis details for a local chassis, a particular chassis within a group, or all the chassis in a group. Chassis details include the following information: Table 5-1 Chassis Details Parameter Description Multi Chassis Service Indicates whether or not multi-chassis support is activated on the particular chassis. This field appears only if you specify the local keyword on the show chassis command.
102 CHAPTER 5: MULTI-CHASSIS SUPPORT Example The following is an example of a list of chassis in the group named “Cuda:” cli:192.168.220.208:root# show chassis Found 33 chassis. Host Name IP Address Group Name Version Description : : : : : jsl_cuda xxx.xxx.xxx.xxx cuda 3.0.6 R3dev_cmts 16 2001_07_16_1532 null Host Name IP Address Group Name Version Description : : : : : lynnebcm xxx.xxx.xxx.xxx cuda 3.0.6 release3.
6 MODULE ADMINISTRATION This chapter provides general information on how to view and manage Cuda application modules through the CLI and provides specific information on managing Ethernet modules.
104 CHAPTER 6: MODULE ADMINISTRATION Cuda Application Modules Cuda 12000 application modules interface with attached networks. The system supports installation of the following module types: ■ DOCSIS — Provides Cable Modem Terminating System (CMTS) functions for two-way data communication over domestic cable networks. ■ EuroDOCSIS — Provides Cable Modem Terminating System (CMTS) functions for two-way data communication over European cable networks.
Configuring the 10/100 Ethernet and GigE Modules 105 Configuring the 10/100 Ethernet and GigE Modules The Cuda 12000 allows you to configure duplex mode for interfaces on the 10/100 module and the interface on the GigE modules. The Cuda 12000 also allows you to configure speed for interfaces on the 10/100 module. You may set duplex mode to full duplex, half duplex, or auto negotiation. You may set the speed of the 10/100 module to 10 Mbps, 100 Mbps, or auto negotiation.
106 CHAPTER 6: MODULE ADMINISTRATION Viewing Module Information This section provides information on how to view module information, including: ■ Viewing Installed Modules ■ Viewing Module Versions Viewing Installed Modules You can display a listing of modules and their associated interfaces currently installed on the system by using the show topology command.
Viewing Module Information 107 The following example shows the modules currently installed in the Cuda chassis: cli:172.16.19.
108 CHAPTER 6: MODULE ADMINISTRATION Viewing Module Versions You can view the software version currently installed on each module. To do so, perform the following task within any mode. Task Command Show the firmware version installed on each module. show version For example: cli:172.16.19.10:root# show version 2.0.
Viewing Module Information 109 Table 6-1 describes the information in the display. Table 6-1 Show Version Field Descriptions : Field Description Chassis Number assigned to the chassis in which each module resides. Slot Number of the physical chassis slot in which the module resides. For information on how slots are numbered, see the Cuda 12000 IP Access Switch Installation Guide. LPort Logical port utilized by the module. For ADC use only. Boot Time Indicates date and time of last module bootup.
110 CHAPTER 6: MODULE ADMINISTRATION Viewing Ethernet Interface Packet Statistics You can view both incoming and outgoing packet statistics for a selected interface. To do so, perform the following tasks within either root mode or interface configuration mode: Task Command 1 Show incoming packet statistics for a selected Ethernet interface. show interface ethernet in-counters 2. Show outgoing packet statistics for a selected Ethernet interface.
Viewing Ethernet Interface Packet Statistics cli:172.16.19.
112 CHAPTER 6: MODULE ADMINISTRATION ■ Out Multicast Packets — The total number of Multicast packets that have been transmitted out of this interface. ■ Out Broadcast Packets — The total number of Broadcast packets that have been transmitted out of this interface. Displaying Statistics for All System Interfaces You can display incoming and outgoing statistics for all system interfaces.
Viewing Ethernet Interface Packet Statistics 113 cli:172.16.19.
114 CHAPTER 6: MODULE ADMINISTRATION ADC Telecommunications, Inc.
7 PACKET OVER SONET ADMINISTRATION This chapter provides information on how to configure Packet over SONET (POS) on the Cuda 12000 using the CLI and includes the following sections: ■ About Packet Over SONET (page 116) ■ Packet Over SONET (POS) Interface Administration (page 117) ■ Configuring and Viewing SONET Alarms (page 132) ■ Configuring Point-to-Point Protocol (PPP) (page 137) The section covers functionality available in the Cuda 12000 Base System Software.
116 CHAPTER 7: PACKET OVER SONET ADMINISTRATION About Packet Over SONET Packet Over SONET enables the Cuda 12000 to transmit IP packets over SONET links; essentially placing the IP layer over the SONET physical layer. POS makes efficient use of bandwidth, allowing for lower packet overhead and extremely fast transmission speeds. The system uses point-to-point protocol (PPP) to transport IP data over SONET point-to-point circuits, as described in RFC 2615.
Packet Over SONET (POS) Interface Administration 117 Packet Over SONET (POS) Interface Administration Packet over Synchronous Optical Network (SONET) allows for high-speed transport of IP data packets over a SONET network. The OC-3 and OC-12 POS modules contain a single physical interface that supports connection to STS networks and supports transmission speeds of up to 155 Mbps. A SONET frame is 810 bytes represented as a grid of 9 rows by 90 columns.
118 CHAPTER 7: PACKET OVER SONET ADMINISTRATION ■ Photonic Layer — Converts the electrical STS-n signal to an optical signal, referred to as Optical Carrier. This OC-n signal is then transmitted over the circuit. Each layer consists of its own overhead bytes. This overhead provides the powerful management and fault-tolerance capabilities inherent in a SONET network. SONET overhead also provides for various alarms and error messages — known as defects — to be reported.
Packet Over SONET (POS) Interface Administration 119 Displaying POS Interface Information You can display information for each POS interface. To do so, perform the following task within root mode: Task Command Display POS interface statistics show interface pos and settings. The following example uses the show topology command to obtain a list of modules installed on the system, then uses the show interface command to display information for the select POS interface. cli:192.168.208.
120 CHAPTER 7: PACKET OVER SONET ADMINISTRATION Interface In Broadcast Pkt 0 Interface In Discards 0 Interface In Errors 0 Interface Out Octets 0 Interface Out Unicast Pkts 0 Interface Out Multicast Pk 0 Interface Out Broadcast Pk 0 Interface Out Discards 0 Interface Out Errors 0 LCP closed Open None Negotiation Attempts 10 Retry Timeout 3 IPCP IP Address Report Enabled Framing Sonet Line Type Single Mode (15km) Clock Source Line Path Signal Id - C2 0xCF Section Trace Byte - J0 0xCC Packet Scrambling Disa
Packet Over SONET (POS) Interface Administration 121 The display includes a number of statistics, as described in the following table. Table 7-1 POS Interface Statistics Display Element Description Interface Type Number representing Packet over SONET. POS 1/3/1 (line protocol) Indicates whether a SONET line-layer connection is open or closed. Hardware is Packet over SONET Indicates hardware module type. Internet Address IP address of the POS interface.
122 CHAPTER 7: PACKET OVER SONET ADMINISTRATION Display Element Description Rx Abort The number of packets received on this link in which the abort sequence is detected. Rx Runts The number of packets received on this link which are smaller than the minimum packet size. Interface Type Displays “ppp” (Point-to-Point Protocol). Interface Speed Transmission speed in Kbits. Interface in Unicast Pkts Number of Unicast packets received on this interface.
Packet Over SONET (POS) Interface Administration 123 Display Element Description Loopback Indicates loopback configuration. Last clearing of counters Time (SysUpTime) since the counters were last cleared and reset to zero. PPP Authentication Security Mode Indicates authentication used on this interface — PAP or CHAP Clearing Interface Counters You can clear interface counters for a selected POS interface.
124 CHAPTER 7: PACKET OVER SONET ADMINISTRATION Viewing POS Interface Packet Statistics You can view incoming and outgoing packet statistics for selected POS interfaces. These traffic statistics provide a snapshot overview as to the amount and type of traffic flowing across the interface. For each POS interface, incoming and outgoing statistics are shown for the physical SONET layer, the Path layer, and at the PPP layer. To display these statistics, perform the following tasks: Task Command 1.
Packet Over SONET (POS) Interface Administration 125 The following outgoing statistics are displayed for each interface: ■ Out Octets — Total number of PPP negotiations octets that have been transmitted from this interface. This does not include octets for data packets. ■ Out Unicast Packets — Total number of Unicast packets that have been transmitted from this interface. ■ Out Multicast Packets — Total number of Multicast packets that have been transmitted from this interface.
126 CHAPTER 7: PACKET OVER SONET ADMINISTRATION Viewing SONET Line-Layer Information The SONET Line layer serves as the path between multiplexers and is responsible for synchronizing data transmission and multiplexing the STS-n signals generated by the section layer. Performance management statistics are collected at the SONET line layer. To view these Line-layer statistics, perform the following task within root mode: Task Command View SONET Line information.
Packet Over SONET (POS) Interface Administration 127 Display Element Description BIP (B2) Even Parity is calculated over groups of 3 bytes of each frame, except the first 3 rows of TOH. The value is compared to the B2 values in the received frame. Mismatches are counted. Viewing SONET Path Layer Information The Path layer is responsible for mapping the data to be transported into the synchronous payload envelope (SPE) of the SONET frame. It creates the STS-1 SPE and passes it to the line layer.
128 CHAPTER 7: PACKET OVER SONET ADMINISTRATION Table 7-3 describes the SONET Path statistics shown in the display. Table 7-3 SONET Path Layer Statistics Display Element Description AIS — Path Alarm Indication Signal The number of times a Path Alarm Detections (PAIS) Indication Signal has been detected. A PAIS occurs if all the H1/H2 pointer bytes in the received SONET frame are 01.
Packet Over SONET (POS) Interface Administration 129 Section Layer Administration The primary roles of the section layer include synchronization and timing of the SONET transmission, and passing the electrical STS-n frame format to the photonic layer where it is then converted to an optical signal and transported to the adjacent device.
130 CHAPTER 7: PACKET OVER SONET ADMINISTRATION Clock Source SONET is a synchronous transport technology. Timing for this synchronous transmission of data is derived from one of the following clock sources: ■ Line — Also referred to as loop timing, this timing option configures the interface to use the recovered receive clock to provide transmit clocking. This is the default clock source. ■ Internal — Configures the interface to generate the transmit clock internally.
Packet Over SONET (POS) Interface Administration 131 Packet Scrambling Enables scrambling of SONET Synchronous Payload Envelopes (SPEs) on this interface. Note that both end-points of the transmission must use the same scrambling. Scrambling is disabled by default. To configure scrambling on a POS interface, perform the following task in interface pos mode: Task Command Enable scrambling on the POS interface.
132 CHAPTER 7: PACKET OVER SONET ADMINISTRATION Configuring and Viewing SONET Alarms A major advantage of SONET is that it can generate alarm and error messages when problems occur, such as when a signal fails or degrades. A receiving interface is notified of network defects in the form of Alarm Indication Signals (AIS); transmitting interfaces are notified of network defects by the return of Remote Defect Indications (RDI).
Configuring and Viewing SONET Alarms 133 Configuring POS Alarm Reporting You can configure reporting of 12 different POS alarms. To do so, perform the following tasks within interface pos mode: Alarm Report Description Line Alarm Indication Signal (LAIS) Disabled by default, configures the interface to report line alarm indication signal errors.
134 CHAPTER 7: PACKET OVER SONET ADMINISTRATION Alarm Report Description B2 Signal Fail (SF) Enabled by default, configures the interface to report a failure when the B2 signal degrades enough to meet or cross a specified Bit Error Rate (BER) threshold. The default BER threshold for B2 signal failure is 10-3.
Configuring and Viewing SONET Alarms 135 Viewing Alarm Information Using the show controllers pos command within root mode, you can display both the alarms that you have enabled on the POS interface, and whether or not specific alarms have been reported. To view the alarm reporting configuration on a POS interface, perform the following task in root mode: Task Command View whether the reporting of each POS alarm is enabled or disabled.
136 CHAPTER 7: PACKET OVER SONET ADMINISTRATION The following example indicates whether or not a specific alarm has been reported: cli:172.16.19.
Configuring Point-to-Point Protocol (PPP) 137 Configuring Point-to-Point Protocol (PPP) PPP is well-suited for delivery of data over SONET networks, as SONET links are provisioned as point-to-point circuits. The system encapsulates IP datagrams using PPP, then places the PPP frames into the SONET payload before transmission over the SONET circuit. PPP also provides security protocols that support the authentication of peers.
138 CHAPTER 7: PACKET OVER SONET ADMINISTRATION Configuring PPP Security Challenge Handshake Authentication Protocol (CHAP) and Password Authentication Protocol (PAP) provide authentication mechanisms that serve to identify the peers that want to establish point-to-point connections. Using both CHAP and PAP, the device must provide a known username and password to the POS interface with which it wants to establish a PPP connection. CHAP is more secure than PAP.
Configuring Point-to-Point Protocol (PPP) 139 To configure CHAP authentication, perform the following tasks within interface pos mode: Task Command 1. Enable CHAP authentication. ■ To enable the use of CHAP only: ppp authentication chap The interface will use CHAP authentication only; no negotiation. ■ To enable CHAP then PAP: ppp authentication chap pap The interface will negotiate the authentication protocol to use. It will try to agree on CHAP authentication first, then PAP second.
140 CHAPTER 7: PACKET OVER SONET ADMINISTRATION To configure PAP authentication, perform the following tasks within interface pos mode: Task Command 1. Enable PAP authentication. ■ To enable the use of PAP only: ppp authentication pap The interface will use PAP authentication only; no negotiation. ■ To enable PAP then CHAP: ppp authentication pap chap The interface will negotiate the authentication protocol to use. It will try to agree on PAP authentication first, then CHAP second.
Configuring Point-to-Point Protocol (PPP) 141 Configuring Server-Side Security Parameters When a remote peer (client) calls into the POS interface and attempts to establish a point-to-point connection, the interface functions as a PPP access server. Enabling server-side authentication configures the POS interface to authenticate all peers that call into it. Configuring server-side authentication involves the following: ■ Specifying which protocol you want the interface to use to authenticate clients.
142 CHAPTER 7: PACKET OVER SONET ADMINISTRATION Task Command 1. Enable CHAP authentication. ■ To enable the use of CHAP only: ppp authentication chap The interface will use CHAP authentication only; no negotiation. ■ To enable CHAP then PAP: ppp authentication chap pap The interface will negotiate the authentication protocol to use. It will try to agree on CHAP authentication first, then PAP second.
Configuring Point-to-Point Protocol (PPP) 143 Perform the following tasks within interface pos mode to configure PPP PAP server-side security parameters: Task Command 1. Enable PAP authentication ■ To enable the use of PAP only: ppp authentication pap The interface will use PAP authentication only; no negotiation. ■ To enable PAP then CHAP: ppp authentication pap chap The interface will negotiate the authentication protocol to use.
144 CHAPTER 7: PACKET OVER SONET ADMINISTRATION Configuring LCP The PPP protocol suite includes a Link Control Protocol (LCP) for establishing, configuring and verifying point-to-point connections. PPP uses LCP to determine encapsulation options, set limits in transmit and receive packet size, detect link configuration errors, and terminate links. LCP is defined in RFCs 1570 and 1661.
Configuring Point-to-Point Protocol (PPP) 145 Max Negotiation Attempts Perform the following task within interface pos mode to configure the maximum number of link negotiation attempts allowed by the current interface: Task Command Configure maximum negotiation attempts. ppp negotiation-count <0...100> Time Between Negotiation Attempts Perform the following task within interface pos mode to configure the number of seconds that the interface waits between LCP negotiations.
146 CHAPTER 7: PACKET OVER SONET ADMINISTRATION Enabling NCP IP Control Protocol (IPCP) is the Network Control Protocol (NCP) used to configure, enable, and disable IP protocol access on both ends of a SONET point-to-point circuit. In order for IP packets to be transmitted over the point-to-point link, IPCP must reach the open state. This enables IP communication between the two circuit endpoints. By default, the Cuda 12000 is configured to provide its IP address during IPCP negotiations.
8 TIMING AND ALARM CONTROLLER MANAGEMENT The Cuda 12000 utilizes an external fan tray for cooling and obtains power from an external power source. Fault management features on the Cuda 12000 for the fan tray and power source are: ■ The Timing and Alarms Controller (TAC) that resides on the Management module. TAC provides alarm processing for detection of faults associated with fan tray and power supply auxiliary devices.
148 CHAPTER 8: TIMING AND ALARM CONTROLLER MANAGEMENT About Timing and Alarm Controller Fault Reporting For a single chassis, you can connect the following units: ■ Fan Tray — The fan tray serves as the system cooling unit. This is a required component and ships with every Cuda 12000. ■ Power Supply A — A single -48 volt DC power source is required for system operation. ■ Power Supply B — Connection to a second power source is optional to provide redundancy.
About Timing and Alarm Controller Fault Reporting 149 Configuring power and fan tray fault reporting involves performing the following tasks: ■ You must specify whether the auxiliary device utilizes an active-high or active-low assertion level to report fault conditions, as described in “Assertion Levels” on page 150. ■ Configure the faults that you want the system to report, as described in “Configuring Fault Reporting” on page 153.
150 CHAPTER 8: TIMING AND ALARM CONTROLLER MANAGEMENT Assertion Levels When a fault condition occurs on the fan unit or power supply, a signal is sent to TAC indicating a fault condition. The signal that the fan unit or power supply sends may use one of the following assertion levels: ■ Active-High — Signal indicates the assertion state as a logic ONE state. ■ Active-Low — Signal indicates the assertion state as a logic ZERO state.
Assertion Levels 151 Configuring the Power Assertion Level You must verify the assertion level specified by the power supply vendor to indicate fault conditions, and set the assertion levels as specified by the vendor. To configure the assertion level that the power supply utilizes when indicating a fault condition, perform the following tasks: Task Command 1. Enter root mode. root 2. Set the assertion level to report aux-device ac-monitor fault-level {active-high | active-low} AC current faults. 3.
152 CHAPTER 8: TIMING AND ALARM CONTROLLER MANAGEMENT Configuring Fan Unit Assertion Levels The fan unit, by default, sends an active-low signal to TAC to report fan temperature and rotation faults. You configure the fan unit to send an active-high signal if so specified by the fan unit vendor. To configure the fan unit assertion level, perform the following tasks: Task Command 1. Enter configuration mode. root 2.
Configuring Fault Reporting 153 Configuring Fault Reporting The system reports faults in the form of SNMP traps and syslog messages. You must configure the faults for which you want to be notified. For each fault that you choose to report, the system sends an SNMP trap or syslog message to all specified destinations if a fault is detected. SNMP traps and syslog messages are also sent when there is a state transition from okay to faulted or a transition from faulted to okay.
154 CHAPTER 8: TIMING AND ALARM CONTROLLER MANAGEMENT Fault Description ps-ac The power supply associated with the chassis detected the loss of one or more AC inputs. ps-dc The power supply associated with the chassis detected a DC out-of-range fault. ps-temp The power supply associated with the chassis detected an over-temperature condition. red-alarm One or more payload blades has asserted a Red Alarm. yellow alarm One or more payload blades has asserted a Yellow Alarm.
Configuring Fault Reporting 155 Removing a Fault Notification In the event that you no longer wish to be notified of a fault condition, you may remove a specified fault notification by performing the following tasks: Task Command 1. Enter root mode. root 2. Remove the fault condition from the notification report.
156 CHAPTER 8: TIMING AND ALARM CONTROLLER MANAGEMENT Viewing Fault Reporting Status Each fault condition displays one of the following states. ■ disabled — Reporting is not specified for the fault condition. An SNMP Trap or syslog message is not generated when the fault condition occurs. ■ faulted — Fault reporting is specified. An SNMP trap or syslog message is generated when the fault condition occurs. ■ okay — Fault reporting is specified.
Configuring Alarms Out 157 Configuring Alarms Out A DB-15 connector on the Cuda 12000 chassis rear panel serves as the alarms out port. You can configure the Cuda 12000 to send specific types of alarm signals out this DB-15 connector to an external indication device to notify the external device that a particular type of fault has occurred. (Refer to the Cuda 12000 IP Access Switch Installation Guide for information about cabling the DB-15 connector.
158 CHAPTER 8: TIMING AND ALARM CONTROLLER MANAGEMENT You Can Configure This Signal: To Provide Notification of These Faults: Power Alarm ■ ■ ■ ■ ■ ■ ■ Temp Fault ■ ■ ■ Power Fault local-pwr-a-fault local-pwr-b-fault backplane-pwr-fault backplane-pwr-a-fault backplane-pwr-b-fault ps-ac-fault ps-dc-fault processor-temp-fault ps-temp-fault fan-temp-fault ■ local-pwr-a-fault local-pwr-b-fault backplane-pwr-a-fault backplane-pwr-b-fault ps-ac-fault ps-dc-fault PowerA Fail ■ local-pwr-a-fault Powe
Configuring Alarms Out Task Command 1. Enter root mode. root 159 2. Specify the types of alarm no aux-device db15 alarm signals that you want to {blue | enable, to set the fault to send clock [bits-a] [bits-b] [red-alarm] | alarm signals out the DB-15 power-alarm [backplane-power] connector.
160 CHAPTER 8: TIMING AND ALARM CONTROLLER MANAGEMENT Viewing Alarm Signals Out the DB-15 Connector You may display the current configuration of the alarm signals over the DB-15 connector. To do this, perform the following tasks: Task Command 1. Enter root mode. root 2. Display current configuration of the show aux-device db15 alarm signals out the DB-15 connector.
9 SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) Simple Network Management Protocol (SNMP) is a standard for managing networks. This chapter provides an overview of SNMP (refer to “About SNMP” on page 162).
162 CHAPTER 9: SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) About SNMP This section provides an overview of SNMP. For further information about the SNMP protocol, refer to the RFCs listed below or other general publications specific to SNMP. SNMP is a network management protocol that provides a standard for network management systems. In the SNMP scheme, a network management system contains two primary components: a manager and agents.
About SNMP 163 Configuring and monitoring SNMP on the Cuda 12000 involves the following processes. These processes are explained in the sections that follow: 1. Configuring SNMP access control. 2. Configuring system name, contact, and location information. Refer to “Configuring System Name, Contact, and Location” on page 180. 3. Configuring event notification. Refer to “Configuring SNMP Event Notification Types” on page 182. 4. Monitoring SNMP. Refer to “Monitoring SNMP” on page 196.
164 CHAPTER 9: SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) Configuring SNMP Access Control SNMP Access Control defines how SNMP will controls access to MIB objects. In SNMP versions 1 and 2c, access control is configured by a community-based model. A community associates an SNMP agent and an SNMP management application. You assign a name to the community, and the agent and management application use this name to authenticate SNMP messages exchanged between them.
Configuring SNMP Access Control 165 Configuring SNMP Access Views SNMP Access Views control access to a MIB subtree. Configuring SNMP Access Views involves the following: 1. Creating a MIB view. You create a MIB view by specifying a name for the view, by defining the MIB subtree to be viewed, and by specifying whether instances of the MIB subtree are included in the MIB view or excluded from the MIB view. 2. Specifying the storage type for the view. 3. Specifying the status of the view.
166 CHAPTER 9: SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) Perform the following tasks to configure SNMP Access Views: Tasks Commands 1. Enter configuration mode. root 2. Create a MIB view by performing snmp-server view the following tasks: {included | excluded} ■ ■ ■ Specify the name of the view. Specify the MIB subtree that defines the family of views. You can enter the MIB value as an Object Identifier (OID), and OID with wildcards, or an OID name description.
Configuring SNMP Access Control 167 Example The following example configures and displays an SNMP MIB view using the default storage type and status. cli:192.168.208.3:root# snmp-server view auditorview1 1.3.6.1 included cli:192.168.208.3:root# show snmp view row count: 5 View Name ---------------public private guitraps v1default auditorview1 Subtree --------------------------1.3.6.1 1.3.6.1 1.3.6.1 1.3.6.1 1.3.6.
168 CHAPTER 9: SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) Configuring SNMP Groups SNMP groups restrict read, write and notify access to certain parts of the MIB. Configuring SNMP groups involves: 1. Creating a group. 2. Assigning the group a security mode and security level to process SNMP messages. 3. Specifying how the group is stored and assigning the group access privileges to an SNMP MIB view.
Configuring SNMP Access Control Parameter Description Storage Specifies how the group entry is stored: ■ ■ ■ ■ 169 volatile: The entry is stored in volatile memory. The information is lost during a system reboot. nonvolatile (default): The entry is stored in non-volatile memory. The information is not lost during a system reboot. permanent: The entry is stored in non-volatile memory. You cannot delete the information but you can make modifications.
170 CHAPTER 9: SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) Task Command 6. Display SNMP group information. show snmp group [] 7. Remove an SNMP group.
Configuring SNMP Access Control 171 The following example associates an existing context to the group: root# snmp-server group alemaps v1 read public context adc root# show snmp group Group Context Model Level Read View Write View Notify View Storage ---------- ------- ----- ------ ----------- ----------- ----------- ----------alemaps adc V1 NoAuth public NonVolatile Example 2 The following example specifies the storage type for a group: root# snmp-server group hms v3 auth storage volatile root# show snm
172 CHAPTER 9: SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) Configuring SNMP Communities SNMP versions 1 and 2c use a community to control access to a MIB object. A community is a pairing relationship between an SNMP agent and an SNMP application. The network administrator assigns the community a name. The community assigns specific rights and privileges to authenticate SNMP messages. The community passes on the messages to an associated group.
Configuring SNMP Access Control 173 Parameter Description Storage Indicates how the SNMP community’s attributes are stored. The options are: ■ ■ ■ ■ volatile: The entry is stored in volatile memory. The information is lost during a system reboot. nonvolatile (default): The entry is stored in non-volatile memory. The information is not lost during a system reboot. permanent: The entry is stored in non-volatile memory. You cannot delete the information but you can make modifications.
174 CHAPTER 9: SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) Example The following example creates and displays a specific SNMP community: cli:root# snmp-server community beta build address 192.168.20.12 mask 255.255.255.0 context cuda cli:192.168.208.
Configuring SNMP Access Control 175 Configuring SNMPv3 Users The SNMPv3 user is anyone who requires management operations to be authorized by a particular SNMP entity. SNMP entities must have knowledge of a user and the user’s attributes. Configuring an SNMPv3 user involves the following: 1. Specifying a user’s name. 2. Specifying the user’s security attributes for an SNMP entity. 3. Specifying the storage type for the user. 4. Specifying the status of the user.
176 CHAPTER 9: SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) Parameter Description Storage Indicates how the user’s attributes are stored. The options are: ■ ■ ■ ■ Status volatile: The entry is stored in volatile memory. The information is lost during a system reboot. nonvolatile (default): The entry is stored in non-volatile memory. The information is not lost during a system reboot. permanent: The entry is stored in non-volatile memory.
Configuring SNMP Access Control 177 Tasks Commands 4. Specify how user attributes are stored. snmp-server user [storage {volatile | nonvolatile | permanent | readonly}] By default, storage type is set to NonVolatile. 5. Specify the user’s status. By default, the Cuda sets status type to Active. snmp-server user [status {enable | disable}] 6. Display SNMP user attributes. show snmp user [] 7. Remove an SNMP user.
178 CHAPTER 9: SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) Configuring SNMPv3 Contexts SNMPv3 uses contexts to control access to a MIB object. A context is a collection of management information that is accessed by an SNMP entity. A single SNMP entity may be in more than one context. A single SNMP entity may have access to many contexts. Configuring SNMPv3 contexts involves: 1. Creating a context. 2. Setting a storage type for the context. 3. Setting the status for the context.
Configuring SNMP Access Control 179 Perform the following tasks to configure SNMPv3 contexts. Refer to the configuration example below: Task Command 1. Enter configuration mode. root 2. Provide the name of the context. snmp-server context Enter a single text or numeric string, up to 32 characters. 3. Set the storage type for the context. snmp-server context [storage {nonvolatile | permanent | readonly | volatile}] By default, storage is set to NonVolatile. 4.
180 CHAPTER 9: SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) Configuring System Name, Contact, and Location For the Cuda 12000, you can configure system name, contact, and location information. This information is stored in the sysName, sysContact, and sysLocation MIB variables. This information is described as follows: Table 9-6 System Name, Contact, and Location Parameters Parameter Description Name The name of the system (sysName MIB object).
Configuring System Name, Contact, and Location 181 Example The following example creates and displays name, contact, and location information: root# snmp-server name "cuda 111" root# snmp-server contact “John Smith, x334” root# snmp-server location "bldg. 1400" root# show snmp Contact John Smith, x334 Name cuda 111 Location bldg.
182 CHAPTER 9: SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) Configuring SNMP Event Notification Types Notifications indicate that a system event occurred, such as a physical fault that affects the chassis, and system faults that may impact the operation of the management module or any of the application modules. Notifications are sent to an SNMP host. The SNMP host may be the default local host on the management module, or an external host that you configure to receive the notifications.
Configuring SNMP Event Notification Types 183 The following table lists the system events and their associated Event Classes. For more information about Event Classes, refer to Chapter 10, Managing System Events, on page 203. Table 9-7 List of System Events E System Event Description Cluster events: Cluster events refer to faults that affect the management module. Event Class ■ authentication-failure SNMP receives a bad Community Name. Notice ■ bcm-failover-down Services are going down.
184 CHAPTER 9: SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) System Event Description Event Class ■ Interface-related events: Interface-related events refer to faults that Notice affect the link state of the interface. ■ link up Link to IP network is operational. Notice ■ link down Link to IP network is not operational. Error ■ chassis-fault Auxiliary device-related event that refers to Critical faults associated to the fan tray, power source and clock sources.
Configuring SNMP Event Notification Types System Event Description Event Class Warning ■ docss-dyn-ack-fail A dynamic service acknowledgement failure occurred during the dynamic services process. ■ docs-dyn-req-fail A dynamic service request failure occurred Warning during the dynamic services process. ■ docs-bpi-init A BPI initialization attempt failure occurred Informational during the registration process. ■ docs-bpkm A baseline privacy key management operation failed.
186 CHAPTER 9: SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) System Event Description Event Class ■ ospf-nbr-state Signifies a change in the state of an OSPF neighbor on a physical interface. To send this notification type, note that you also have to enable sending of OSPF neighbor state traps using the report command. Notice ■ ospf-virt-nbr-state Signifies a change in the state of an OSPF neighbor on a virtual interface.
Configuring SNMP Event Notification Types 187 The following table describes the parameters that you set to configure notifications: Table 9-8 Parameters Contained in Event Notification Configuration Parameter Description Host:Port The IP address and UDP port number on which the SNMP host is configured to receive traps. The UDP port range is 1 to 65535 and the default is 162.
188 CHAPTER 9: SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) Parameter Description Storage Specifies how the host entry is stored. The options are: ■ ■ ■ ■ volatile: The entry is stored in volatile memory. The information is lost during a system reboot. nonvolatile (default): The entry is stored in non-volatile memory. The information is not lost during a system reboot. permanent: The entry is stored in non-volatile memory. You cannot delete the information but you can make modifications.
Configuring SNMP Event Notification Types 189 Parameter Description Level The level of security to process SNMP messages. You can choose one of the following three levels: ■ ■ ■ No Authentication: Provides no authentication and no encryption. This is the lowest level of security. V1 and V2c security models provide only this level of security. Authentication: Provides authentication but no encryption. Only V3 security model provides this level of security.
190 CHAPTER 9: SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) Parameter Description ■ bcm-sw-mismatch The secondary will not come up because its software revision does not match the software revision of the primary. ■ trace-log For ADC internal use only. ■ cold-start Generated when module boots from power up. ■ warm-start Generated when module boots from reset. ■ icl-state-change A change in the ICL link.
Configuring SNMP Event Notification Types Parameter ■ chassis-fault-cleared DOCSIS events: 191 Description Indicates the chassis event that caused a fault is fixed. DOCSIS events refer to initialization faults on DOCSIS and EuroDOCSIS modules. ■ docs-dyn-rsp-fail A dynamic service response failure occurred during the dynamic services process. ■ docss-dyn-ack-fail A dynamic service acknowledgement failure occurred during the dynamic services process.
192 CHAPTER 9: SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) Parameter Description docs-init-rsp-fail A registration response failure from the cable modem occurred during the cable modem initialization process and was detected on the CMTS side. Provisioning events: Provisioning events refer to faults that pertain to the FastFlow BPM running on the Cuda 12000. ■ ■ duplicate-addr A duplicate IP address has been detected.
Configuring SNMP Event Notification Types Parameter ■ ospf-virt-nbr-state Modem deregistration event: ■ dereg-modems 193 Description Signifies a change in the state of an OSPF neighbor on a virtual interface. To send this notification type, note that you also have to enable sending of OSPF virtual neighbor state traps using the report command. A modem deregistration event refers to the deregistration of cable modems.
194 CHAPTER 9: SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) Tasks Commands 5. Specify the storage type for this host. snmp-server host {traps | informs [timeout ] [retries ]} [version {1 | 2c | 3 {auth | noauth | priv}] [storage {volatile | nonvolatile | permanent | readonly}] By default, storage type is set to NonVolatile. 6. Specify the type of events for which you want to be notified.
Configuring SNMP Event Notification Types 195 Example 2 The following example displays all SNMP hosts notification destinations and associated notification types. root# show snmp notify row count: 2 Host:Port -------------------136.4.6.6:164 127.0.0.
196 CHAPTER 9: SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) Monitoring SNMP The show snmp command allows you to monitor SNMP activity on the Cuda 12000. To use this command, perform the following tasks: Tasks Commands 1. Enter root mode. root 2. Monitor SNMP activity. show snmp The command displays the following information: Table 9-9 SNMP Parameters and Statistics Parameter Description Contact The type of contact for this network.
Monitoring SNMP 197 Parameter Description Invalid Messages Total number of packets that the SNMP engine receives and drops because there were invalid or inconsistent components in the SNMP message. Unknown PDU Handlers Total number of packets that the SNMP engine receives and drops because the PDU contained in the packets could not be passed to an application responsible for the PDU type. Authentication Traps Indicates whether the SNMP entity is able to generate failure traps.
198 CHAPTER 9: SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) Sample SNMP Configurations This section provides sample configurations for SNMPv1/v2c community access control, SNMPv3 access control, and notification. Sample SNMPv1/v2c Community Access Control To configure SNMPv1/v2c community access control, you must: 1. Configure SNMP Access Views. 2. Configure SNMP Groups. 3. Configure SNMPv1, v2c Communities.
Sample SNMP Configurations 199 To configure the “admincon” community, the administrator issues the following commands: cli:192.168.208.3:root# snmp-server cli:192.168.208.3:root# snmp-server allaccess cli:192.168.208.3:root# snmp-server allaccess cli:192.168.208.3:root# snmp-server 100.100.0.0 mask 255.255.0.0 view allaccess 1.3.6.
200 CHAPTER 9: SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) To configure these access control elements, the administrator issues the following commands: cli:192.168.208.3:root# cli:192.168.208.3:root# cli:192.168.208.3:root# monitor cli:192.168.208.3:root# cli:192.168.208.3:root# snmp-server view nosnmpconfig 1.3.6.
Sample SNMP Configurations 201 Sample Notification Configuration The following sample commands configure the Cuda 12000 to send SNMPv1 traps to a host (201.1.1.20): cli:192.168.208.3:root# cli:192.168.208.3:root# cli:192.168.208.3:root# cli:192.168.208.3:root# cli:192.168.208.3:root# snmp-server snmp-server snmp-server snmp-server snmp-server view allaccess 1.3.6.1 included group trapcommunity v1 notify allaccess group trapcommunity v2 notify allaccess community trapcommunity trapcommunity host 201.1.1.
202 CHAPTER 9: SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) ADC Telecommunications, Inc.
10 MANAGING SYSTEM EVENTS This chapter describes how to manage event transmission and includes the following sections: ■ About System Events (page 204) ■ Configuring the Syslog Server (page 205) ■ Configuring SNMP Trap Recipients (page 206) ■ Configuring Event Transmission (page 208) ■ Event Reporting (page 210) ■ Event Classes and SNMP System Events (page 214) ■ Clearing the Event Log (page 216) ■ Displaying Event Transmission, Reporting, and Syslog Parameters (page 216) ■ Displaying the
204 CHAPTER 10: MANAGING SYSTEM EVENTS About System Events An event is a problem, a configuration change or some other noteworthy incident that occurs on the Cuda 12000 or in the network. Events create the generation of: ■ System log (syslog) messages ■ SNMP traps, which the Cuda 12000 sends to network management stations ■ Internal log messages ADC Telecommunications, Inc.
Configuring the Syslog Server 205 Configuring the Syslog Server Before you manage event transmission or reporting using the syslog server, you set the IP address of the syslog server to which your Cuda 12000 writes system log messages, as required by DOCSIS 1.1 standards. You may specify the IP address of the local Syslog server on your Cuda 12000 or a remote syslog server on another Cuda 12000. To configure the IP address of the Syslog server, perform the following tasks: Task Command 1.
206 CHAPTER 10: MANAGING SYSTEM EVENTS Configuring SNMP Trap Recipients You must define a list of IP addresses of SNMP management stations that receive traps or syslog messages from your Cuda 12000. Use this procedure to specify each trap recipient: Task Command 1. Enter root mode. root 2. Specify the trap recipient.
Configuring SNMP Trap Recipients 207 Removing SNMP Trap Recipients Perform this task to remove an SNMP trap recipient: Task Command Remove the trap recipient. no snmp-server host Example root# no snmp-server host 136.4.6.
208 CHAPTER 10: MANAGING SYSTEM EVENTS Configuring Event Transmission A Cuda 12000 can generate a significant volume of events in a short period of time. The Cuda 12000 manages event transmission in compliance with DOCSIS 1.1 standards.
Configuring Event Transmission 209 Parameter Description Throttle Inhibited Displays the throttle inhibited status. This field displays True if one of the following conditions is met: ■ ■ Event Administrative Status is set to inhibited. Event Administrative Status is set to stopAtThreshold and the threshold has been reached. Otherwise, this field displays False. To configure event transmission, perform the following tasks: Task Command 1. Enter root mode. root 2. Specify the event threshold.
210 CHAPTER 10: MANAGING SYSTEM EVENTS Event Reporting Each Cuda 12000 event belongs to one of eight event classes. An event class defines the severity of the event. You can configure each event class to be sent through a subset of reporting mechanisms (trap, syslog, or local event log). To do this, you specify: ■ An event class ■ How you want events in that class to be reported Event Classes Event classes are ordered from most critical (emergency) to least critical (debug).
Event Reporting 211 Reporting Actions Each event class is associated with a reporting action. The following table lists the reporting actions: Table 10-3 Reporting Actions Reporting Action Description local Write a message to the internal log. local|traps Write a message to the internal log and send a trap. local|syslog Write a message to the internal log and send a syslog message. local|traps|syslog Write a message to the internal log, send a trap, and send a syslog message.
212 CHAPTER 10: MANAGING SYSTEM EVENTS To configure event classes and associated reporting actions, perform the following tasks: Task Command 1. Enter root mode. root 2. Assign the Default event class and event-config reporting default reporting action. 3. Assign the Emergency event class and associated reporting action. event-config reporting emergency local 4. Assign the Alert event class and associated reporting action. event-config reporting alert local 5.
Event Reporting 213 Viewing Event Reporting Configuration You may view the event reporting configuration. The output includes event reporting configuration for all current event classes. To view the current event reporting configuration, perform the following tasks: Task Command 1. Enter root mode. root 2. Display current event reporting configuration show event-config reporting Example The following example displays the current event reporting configuration. cli:192.168.208.
214 CHAPTER 10: MANAGING SYSTEM EVENTS Event Classes and SNMP System Events Event classes are associated with SNMP system events, as shown in Table 10-5. For additional information about SNMP System Events refer to Chapter 9, Simple Network Management Protocol (SNMP), on page 161.
Event Classes and SNMP System Events SNMP System Event Event Class Provisioning events: ■ duplicate-addr Notice ■ isp-addr-high Notice ■ isp-addr-low Notice ■ ldap-failed Notice ■ ldap-restored Notice ■ prov-service Notice ■ subnet-addr-high Notice ■ subnet-addr-low Notice DOCSIS events: ■ docs-dyn-rsp-fail Warning ■ docss-dyn-ack-fail Warning ■ docs-dyn-req-fail Warning ■ docs-bpi-init Informational ■ docs-bpkm Error ■ docs-dcc-ack-fail Warning ■ docs-dcc-req-f
216 CHAPTER 10: MANAGING SYSTEM EVENTS Clearing the Event Log To prevent your internal event log from consuming too much disk space, you may want to clear the log periodically. Use this procedure to clear the event log: Task Command 1. Enter root mode. root 2. Clear the event log. event-log clear Displaying Event Transmission, Reporting, and Syslog Parameters Use this procedure to display the event transmission, reporting, and syslog parameters: Task Command 1. Enter root mode. root 2.
Displaying Event Transmission, Reporting, and Syslog Parameters Example root# show event-config Event Throttle Parameters ------------------------Threshold Interval Admin Status Throttle Inhibited 0 1 unconstrained True Event Reporting Priorities -------------------------row count: 8 Priority ----------emergency alert critical error warning notice information debug Action -----------------local local local|traps|syslog local|traps|syslog traps|syslog traps|syslog none none Syslog Server 133.132.1.
218 CHAPTER 10: MANAGING SYSTEM EVENTS warning notice information debug traps|syslog traps|syslog none none cli:192.168.208.3:root# show event-config syslog Syslog Server 133.132.1.1 cli:192.168.208.3:root# Displaying the Event Log Use this procedure to display the log of events that the Cuda has generated: Task Command 1. Enter root mode. root 2. Display the contents of the event log.
Displaying the Event Log Field Description ID An internal event identifier. The Text field describes the event associated with this identifier. Text Brief description of the event. Example root# show event-log row count: 133 Index First Time ------ ---------1 2000-12-31 ,21:1:40.0 ,455:0 2 2000-12-31 ,21:31:40. 0,455:0 3 2001-1-1,1 :20:0.0,45 5:0 219 Last Time Counts Level ID ---------- ---------- ---------- ---------2000-12-31 1 critical 2147483652 ,21:1:40.0 ,455:0 2000-12-31 ,21:31:40.
220 CHAPTER 10: MANAGING SYSTEM EVENTS ADC Telecommunications, Inc.
III IP ROUTING Chapter 11 Creating Route Filters Chapter 12 Configuring DHCP Relay Chapter 13 Configuring DHCP Authority Chapter 14 Configuring IP Chapter 15 IP Packet Filtering Chapter 16 Network-Layer Bridging Chapter 17 Managing IP Multicast
11 CREATING ROUTE FILTERS This chapter provides information and procedures on how to create route filters to control the flow of routes on your network. You create these route filters in the form of route-maps and map-lists. Route-maps contain the fundamental gating action (permit or deny) based on selected route-match criteria with optional override actions. Map-lists are sequential groupings of these route-maps.
224 CHAPTER 11: CREATING ROUTE FILTERS About RIP and OSPF Route Maps The system uses route filtering functions to control the flow of routes to and from other RIP and OSPF routers. Two filtering functions are supported for control of RIP and OSPF routes: ■ Import — Controls how routes are added to the system’s routing table. ■ Export — Controls which routes are advertised to other routers.
Creating Route Maps 225 Creating Route Maps You can use route maps to control and modify routing information and to define the conditions by which routes are redistributed. When you run the route-map command within router:rip:import or export mode, or router:ospf:export mode the following syntax applies: route-map {permit | deny} The map-tag is a number that identifies the route map.
226 CHAPTER 11: CREATING ROUTE FILTERS While within any route-map mode, you can display a summary of all route maps configured within that mode using the show route-map command as follows: cli:172.16.19.10:router:rip:export:route-map(3)# show route-map row count: 3 ID Description Route Address Route Mask --- ----------- --------------- --------------1 172.16.0.0 255.255.0.0 2 10.255.0.0 255.255.0.0 3 10.0.0.0 255.0.0.0 Interface Address Owner ----------------- ----0.0.0.0 NONE 0.0.0.0 NONE 0.0.0.
Creating Route Maps 227 Using the Match Command Use the match command within route-map configuration mode to define the match criteria for the route map.
228 CHAPTER 11: CREATING ROUTE FILTERS Using the Override Command Use the override command within route-map configuration mode to specify override actions to take for all matching routes.
Creating Route Maps 229 Creating OSPF Import Route Maps You can use OSPF import route-maps to override the preference of incoming OSPF routes. Preference is the local ranking of the route. OSPF import route maps are created within router-ospf import mode using the route-map command. To create an OSPF import route map, use this procedure: Permit and deny options do not apply to OSPF import routes as all OSPF routes are always learned. Task Command 1. Enter router-ospf mode. router ospf 2.
230 CHAPTER 11: CREATING ROUTE FILTERS The following example creates an OSPF import route map that assigns a preference of 100 to all incoming routes from the 172.16.0.0 network: cli:172.16.19.10:root# router ospf mode: router:ospf cli:172.16.19.10:router:ospf# import mode: router:ospf:import cli:172.16.19.10:router:ospf:import# route-map 1 cli:172.16.19.10:router:ospf:import:route-map(1)# match ip-address 172.16.0.0 255.255.0.0 cli:172.16.19.
Creating Route Maps 231 Creating OSPF Export Route Maps You can use OSPF route maps to permit or deny advertisement of routes learned from a non-OSPF protocol. For example, you can choose to advertise select routes onto your OSPF network if they were originally learned through the RIP protocol, or if they were manually added as a static route. You can also override the cost metric of incoming routes originating for a non-OSPF protocol.
232 CHAPTER 11: CREATING ROUTE FILTERS Task Command 4. Define the match criteria for this route map. match {ip-address | tag {exact | exclude} | specific1 | specific2 | route-type {none | connected | static | special | rip | bgp-ext | bgp-int | } Note that a “connected” route is a local route (a route to a directly connected network). 5. Define the override criteria that you want the system to apply to any routes that match.
Creating Route Maps 233 The following example creates an export route map that prevents the 176.16.0.0 RIP network from being advertised. cli:172.16.19.10:router:ospf:import:route-map(1)# router rip mode: router:rip cli:172.16.19.10:router:rip# export mode: router:rip:export cli:172.16.19.10:router:rip:export# route-map 1 deny cli:172.16.19.10:router:rip:export:route-map(1)# match ip-address 172.16.0.0 255.255.0.0 cli:172.16.19.
234 CHAPTER 11: CREATING ROUTE FILTERS Creating RIP Import Route Maps You can use RIP import route maps to alter the preference of incoming RIP routes. When there are multiple routes to the same destination, the route with the numerically highest preference is preferred. RIP import route maps are created within router-rip import mode using the route-map command. To create a RIP import route map, use this procedure: Task Command 1. Enter router-rip mode. router rip 2. Enter import mode. import 3.
Creating Route Maps 235 The following example creates a RIP import route-map that prevents the 176.16.0.0 network learned through a non-RIP protocol from being advertised via the RIP protocol. cli:172.16.19.10:root# router rip mode: router:rip cli:172.16.19.10:router:rip# import mode: router:rip:import cli:172.16.19.10:router:rip:import# route-map 1 deny cli:172.16.19.10:router:rip:import:route-map(1)# match ip-address 172.16.0.0 255.255.0.0 cli:172.16.19.
236 CHAPTER 11: CREATING ROUTE FILTERS Creating RIP Export Route Maps You can use RIP export route maps to permit or deny advertisement of routes learned from non-RIP protocols. For example, you can choose not to advertise select routes via RIP if they were manually added as static routes. You can also choose to override the cost metric of advertised routes originating for a non-RIP protocol. When there are multiple routes to the same destination, the route with the lowest cost metric is preferred.
Creating Route Maps 237 Task Command 4. Define that match criteria for this route map. match {ip-address | tag {exact | exclude} | interface-address | peer-mask | specific | route-owner {none | connected | ospf | ospf-ext | static | special | bgp-ext | bgp-int | } Note that a “connected” route is a local route (a route to a directly connected network). 5.
238 CHAPTER 11: CREATING ROUTE FILTERS The following example creates a RIP export route map that allows the 176.16.0.0 network that was learned through a non-RIP protocol to be advertised via RIP with a cost of 16. cli:172.16.19.10:root# router rip mode: router:rip cli:172.16.19.10:router:rip# export mode: router:rip:export cli:172.16.19.10:router:rip:export# route-map 1 permit cli:172.16.19.10:router:rip:export:route-map(1)# match ip-address 172.16.0.0 255.255.0.0 cli:172.16.19.
Creating Map Lists 239 Creating Map Lists A map-list is a sequential grouping of route maps. These route-maps serve as the filter criteria within the map-list. A route is sequentially compared against all route maps that comprise the active route list. Upon finding a match, the system takes the action defined by the route map and exists the list. You create a map-list by adding a route map to it using the map-list command.
240 CHAPTER 11: CREATING ROUTE FILTERS Route-maps are appended to the specified map-list. The order in which you add the route-maps to the map-list determine the sequence in which the system examines the route maps; the first route-map that you added to the list is examined first, the final route-map that you appended to the list is examined last. You cannot modify the sequence of route-maps in an existing map-list. To re-define the order of route-maps, you must create a new map-list.
Route Filter Configuration Example 241 The following example creates a RIP import filter by adding route maps 1, 2, and 3 to the a map list number 20 and designates it as the active list to use for RIP imports. cli:172.16.19.10:root# router rip mode: router:rip cli:172.16.19.10:router:rip# import mode: router:rip:import cli:172.16.19.10:router:rip:import# map-list 2 route-map 1 cli:172.16.19.10:router:rip:import# map-list 2 route-map 2 cli:172.16.19.
242 CHAPTER 11: CREATING ROUTE FILTERS ADC Telecommunications, Inc.
12 CONFIGURING DHCP RELAY This chapter provides information and procedures on how to configure DHCP relay on a cable interface and includes the following sections: ■ About DHCP Relay (page 244) ■ Displaying DHCP Relay Configuration (page 245) ■ Configuring DHCP Relay Options (page 247) ■ Specifying DHCP Servers (page 249) ■ DHCP and BOOTP Policies (page 251)
244 CHAPTER 12: CONFIGURING DHCP RELAY About DHCP Relay DHCP is used within a DOCSIS- or EuroDOCSIS-compliant network to allocate IP addresses and to configure cable modems with other IP parameters. DHCP Relay support on DOCSIS or EuroDOCSIS modules enables a cable interface (CMTS) to forward DHCP Requests from cable modems, CPE devices, MTA devices, and other IP hosts to a DHCP server.
Displaying DHCP Relay Configuration ■ ■ 245 MTA Gateway Address — The MTA Gateway address that the DHCP Relay requests on behalf of the MTA device. This is the same address as the Gateway Address configured on the interface.When a DHCP Request is received and it is from the MTA device, then the MTA Gateway Address is used by the DHCP Relay. Enable or disable agent options.
246 CHAPTER 12: CONFIGURING DHCP RELAY Table 12-1 describes the fields shown in the display. Table 12-1 DHCP-Relay Display Fields Field Description dhcp-relay: [enabled or disabled] Indicates whether or not the DHCP Relay is enabled on this cable interface. Add Agent Options Indicates whether Agent Options are enabled on this cable interface. Drop Mismatch Indicates whether the Drop Mismatch options is enable or disabled. Max Pkt Len Maximum packet length allowed to be relayed.
Configuring DHCP Relay Options 247 Configuring DHCP Relay Options The Cuda 12000 allows you to enable and configure DHCP Relay functionality on each IP interface so that the interface can forward DHCP requests to a central DHCP server. You must enable DHCP Relay on a select CMTS interface to dynamically allocate network addresses to the attached cable modems.
248 CHAPTER 12: CONFIGURING DHCP RELAY Task Command 6. If you are configuring a cable interface, then configure the gateway that you want cable modems on this interface to use. dhcp-relay cm-gateway 7. If you are configuring an MTA interface, then configure the gateway that you want MTA devices on this interface to use. dhcp-relay mta-gateway 8. Verify the current dhcp-relay parameters for the current interface. show dhcp-relay Example cli:192.168.208.
Specifying DHCP Servers 249 Specifying DHCP Servers You must specify the DHCP server to which you want the cable interface to forward DHCP Requests. The DHCP server is configured on a per interface basis. You may add up to 32 DHCP servers. If a DHCP server is not configured, then the DHCP server drops all DHCP requests as it does not know where to forward them.
250 CHAPTER 12: CONFIGURING DHCP RELAY Specifying the Internal DHCP Server To specify the internal FastFlow BPM DHCP server, perform the following tasks: Task Command 1. Enter cable interface mode. interface cable 2. Specify the internal DHCP server. dhcp-policy default permit forward-internal Example The following example configures cable interface 1/1/1 to forward DHCP messages to the internal FastFlow BPM DHCP server: cli:172.16.19.
DHCP and BOOTP Policies 251 DHCP and BOOTP Policies You can use Dynamic Host Configuration Protocol (DHCP) and Bootstrap Protocol (BOOTP) policies to control which devices obtain IP addresses and which DHCP and BOOTP servers allocate those addresses.
252 CHAPTER 12: CONFIGURING DHCP RELAY For example, you can configure the system to match on the DHCP packet to determine whether the request originated from a cable modem, a CPE, a MTA device, a specific interface, or a specific MAC address; wildcards can be used to match portions of a MAC address. In the event of a match, you can configure the DHCP relay agent to forward the request to a list of up to 32 DHCP servers, or configure the agent to drop the request.
DHCP and BOOTP Policies 253 Configuring DHCP and BOOTP Policies DHCP Policies determine the DHCP servers to which a CMTS interface forwards DHCP requests from attached cable modems, CPE devices and MTA devices. BOOTP Policies determine the BOOTP servers to which a CMTS interface forwards BOOTP requests from attached cable modems and diskless workstations. You configure DHCP policies using the dhcp-policy command. You configure the BOOTP policies using the bootp-policy command.
254 CHAPTER 12: CONFIGURING DHCP RELAY Parameter Description Match Criteria DHCP Policies allow matching on several parameters in the DHCP packet, including: ■ ■ ■ ■ Policy Action Cable Modem MAC Address – Allows you to match on the cable modem MAC address contained in the request. Interface – Enables you to match on the specific interface on which the DHCP offer was received. MAC Address – Allows you to match on the source MAC address of the cable modem.
DHCP and BOOTP Policies 255 The following table describes the parameters that you set to configure BOOTP policies: Table 12-3 BOOTP Policy Parameters Parameter Description Index Number Determines the sequence in which a BOOTP request is compared to each policy. You assign this number when defining the policy. The request is applied to the policy with the lowest index first, then precedes incrementally.
256 CHAPTER 12: CONFIGURING DHCP RELAY To configure a DHCP Policy and a BOOTP policy, perform the following tasks: Task Command 1. Enter cable interface mode. interface cable 2. Create a DHCP Policy. dhcp-policy { | default} {deny | permit} {... | forward-internal [disable] } [agent-option {cm | cpe} | cmmac | interface | mac [mask ]] [vendor-class-id {cm | mta}] [description ] 3. Create a BOOTP policy.
DHCP and BOOTP Policies 257 To remove DHCP or BOOTP policies from the current cable interface, perform the following tasks within interface cable mode: Task Command 1. Remove all DHCP policies from the current cable interface. no dhcp-policy all 2. Remove all BOOTP policies from the current cable interface. no bootp-policy all 3. Remove a specified DHCP policy from the current cable interface. no dhcp-policy 4.
258 CHAPTER 12: CONFIGURING DHCP RELAY Configuring Default Policies To modify the default DHCP or BOOTP policy used on all interfaces of a specific DOCSIS module, enter interface cable mode for one of the interfaces on the selected DOCSIS module and perform the following task: Task Command 1. Modify the default DHCP policy. dhcp-policy default {permit ... | deny} Note that you do not define matching criteria for the default policy.
DHCP and BOOTP Policies 259 DHCP Policy Configuration Examples This section contains examples illustrating how to configure DHCP policies for a specified cable interface. The following example configures the DHCP relay agent to forward DHCP requests internally to the local FastFlow BPM DHCP server: cli:172.16.19.
260 CHAPTER 12: CONFIGURING DHCP RELAY The following example configures the cable interface to forward all DHCP requests arriving on interface 1/1/1 to servers 102.12.1.12 and 172.16.19.3: cli:172.16.19.10:interface:cable:csi(1/1/1)# dhcp-policy 2 permit 102.12.1.12 172.16.19.3 interface 1/1/1 cli:172.16.19.10:interface:cable:csi(1/1/1)# show dhcp-policy 2 Index 2 Mac Address Mac Mask Cable Modem Mac Policy Action permit Policy Server List 102.12.1.12 172.16.19.
DHCP and BOOTP Policies 261 The following example configures the cable interface to forward all DHCP requests containing a source MAC address of 09:08:a4:95:2e:3a to server 101.1.1.1: cli:172.16.19.10:interface:cable:csi(1/1/1)# dhcp-policy 4 permit 101.1.1.1 mac 09:08:a4:95:2e:3a mask 00:00:00:00:00:00 cli:172.16.19.10:interface:cable:csi(1/1/1)# show dhcp-policy 4 Index 4 Mac Address 09:08:a4:95:2e:3a Mac Mask 00:00:00:00:00:00 Cable Modem Mac Policy Action permit Policy Server List 101.1.1.
262 CHAPTER 12: CONFIGURING DHCP RELAY ADC Telecommunications, Inc.
13 CONFIGURING DHCP AUTHORITY This chapter provides instructions on how to configure DHCP authority and includes the following sections: ■ About DHCP Authority (page 264) ■ Enabling DHCP Authority (page 266) ■ Configuring DHCP Authority Ranges (page 267) ■ Removing DHCP Authority Ranges (page 268) ■ DHCP Authority Configuration Examples (page 269)
264 CHAPTER 13: CONFIGURING DHCP AUTHORITY About DHCP Authority DHCP authority is a security feature that prevents spoofing (unauthorized use) of DHCP assigned IP addresses. Spoofing occurs when a host uses an IP address that was dynamically assigned to another host via the Dynamic Host Configuration Protocol (DHCP). DHCP authority prevents spoofing of IP addresses by ensuring that IP addresses are only used by the specific cable modems and CPEs to which they are assigned.
About DHCP Authority ■ 265 When the DHCP relay agent sees this acknowledgement, it then checks to verify whether the IP address falls within a DHCP authority range configured on the interface, and one of the following actions occur: If the address does fall within a preconfigured DHCP authority range and DHCP Authority is enabled for that interface, an ARP entry is added to the ARP cache for that interface and tagged as being assigned through DHCP.
266 CHAPTER 13: CONFIGURING DHCP AUTHORITY Enabling DHCP Authority To enable or disable DHCP authority on an interface, perform the following tasks: Task Command 1. Enter interface mode. interface 2. Enable DHCP Authority on the current interface. dhcp-authority {enable | disable} Example The following example enables DHCP authority on cable interface 1/1/1, then uses the show dhcp-authority command to verify the configuration: cli:172.16.19.
Configuring DHCP Authority Ranges 267 Configuring DHCP Authority Ranges The DHCP Authority ranges that you define for an interface dictate which addresses are protected by the authority feature. These DHCP authority IP address ranges that you define must fall within the range of IP addresses as allowed by the IP interface (as dictated by the network mask for that IP interface). For example, if the physical interface has an IP interface of 172.16.19.1 255.255.255.
268 CHAPTER 13: CONFIGURING DHCP AUTHORITY Removing DHCP Authority Ranges You can remove DHCP Authority ranges using the no dhcp-authority command. You may want to do so if you no longer require the range, or if you want to redefine the range. Note that you cannot modify DHCP Authority ranges, so if you want to redefine a range, you must delete it and then recreate it with the new configuration.
DHCP Authority Configuration Examples 269 DHCP Authority Configuration Examples In the following example, cable interface 1/1/1 has an IP interface of 192.168.19.50: cli:172.16.19.10:interface:cable:csi(1/1/1)# show ip address Chassis/Slot/Interface 1/1/1 row count: 1 IP Address Net Mask Interface Priority ---------------- ---------------- ---------- ---------192.168.19.50 255.255.255.0 8781825 Other In the following example, this IP address is configured as the cable modem gateway.
270 CHAPTER 13: CONFIGURING DHCP AUTHORITY The following example protects all IP addresses within the address range of 192.168.19.51 to 192.168.19.55 using the dhcp-authority command. cli:172.16.19.10:root# interface 1/1/1 mode: interface:cable:csi(1/1/1) cli:172.16.19.10:interface:cable:csi(1/1/1)# dhcp-authority 1 start 192.168.19. 51 end 192.168.19.55 cli:172.16.19.
14 CONFIGURING IP This chapter provides information on how to configure Internet Protocol (IP) routing protocols on the Cuda 12000 and describes the following functions: ■ Configuring IP Addresses (page 272) ■ Displaying the Routing Table (page 277) ■ Configuring Static Routes (page 278) ■ Managing the Address Resolution Protocol (ARP) (page 284) ■ Configuring RIP (page 290) ■ Configuring OSPF (page 298) ■ Configuring IP Source Routing (page 320)
272 CHAPTER 14: CONFIGURING IP Configuring IP Addresses Configuring IP addresses involves setting values for the following parameters: ■ IP Address — Enter the IP address that you want to assign to the selected physical interface (chassis/slot/interface) or the loopback interface, which is a logical IP interface. ■ Network Mask Address — Enter the network mask for that network. You add an IP address to an interface using the ip address command within interface configuration mode.
Configuring IP Addresses 273 You add an IP address to a selected physical interface or the loopback interface, and then enter configuration mode for that IP interface by performing the following tasks: Task Command 1. Enter configuration mode for the selected interface interface { | loopback} 2. Add the IP address. ip address Example 1 cli:172.16.19.10:root# interface 1/1/1 mode: interface:cable:csi(1/1/1) cli:172.16.19.10:interface:cable:csi(1/1/1)# ip address 204.142.
274 CHAPTER 14: CONFIGURING IP Viewing IP Interfaces You can use the following commands to view IP interfaces: ■ show ip address: Use this command within interface configuration mode to view a list of IP addresses added to that current physical interface.
Configuring IP Addresses 275 Example 2 The following example displays IP interface information for interface 1/1/1: cli:192.168.208.3:interface:cable:csi(1/1/1)# show ip interface Chassis/Slot/Interface 1 / 1 / 1 (8781825) Description CATV MAC: Broadcom BCM3210 Admin Status Oper Status Mtu up up 1500 (bytes) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IP Address Net Mask Interface Priority 201.1.1.1 255.255.255.
276 CHAPTER 14: CONFIGURING IP Deleting IP Addresses You may want to remove an IP address from a physical interface or the loopback interface when you no longer need the associated network or you want to assign the address to a new interface. You remove an IP network from a physical interface or loopback interface by performing the following tasks. Task Command 1. Enter configuration mode for the selected interface interface { | loopback} 2. Delete the IP address.
Displaying the Routing Table 277 Displaying the Routing Table You can display the contents of the routing table using the show ip command within any mode, as shown in the following example: cli:192.168.208.3:root# show ip row count: 8 Protocol Route Type -------- -----Net Mgmt Remote Local Local Local Local Net Mgmt Remote Local Local Local Local Local Local Net Mgmt Remote Destination --------------133.1.1.0 155.144.1.0 199.3.1.0 199.3.2.0 201.1.1.0 201.1.2.0 222.2.2.0 222.2.3.
278 CHAPTER 14: CONFIGURING IP Configuring Static Routes You can manually add static routes to the Cuda 12000 routing table. Static routes take precedence over dynamically-learned routes to the same destination. These routes are useful in network environments where no routing protocol is used, or to override select routes discovered using a routing protocol.
Configuring Static Routes 279 Perform the following tasks to add a static route to the routing table: Task Command 1. Enter configuration mode for the interface on which you want to add the route. interface { | loopback} 2. Add the static route. ip route [] Example cli:192.168.208.3:root# interface 1/11/1 mode: interface:ethernet:csi(1/11/1) cli:192.168.208.3:interface:ethernet:csi(1/11/1)# ip route 222.2.1.0 255.255.255.0 222.2.2.1 cli:192.
280 CHAPTER 14: CONFIGURING IP Deleting Static Routes Static routes remain in the routing table until you remove them. You may want to remove the route if it is no longer needed, or if you prefer that the system discover the route dynamically. You delete a static route from the routing table by performing the following task: Task Command 1. Enter configuration mode for the interface on which you want to delete the route. interface { | loopback} 2. Display the routing table. show ip 3.
Configuring Static Routes 281 Example cli:192.168.208.3:root# interface 1/11/1 mode: interface:ethernet:csi(1/11/1) cli:192.168.208.3:interface:ethernet:csi(1/11/1)# show ip row count: 8 Protocol Route Destination Net Mask Next Hop Metric C/S/I Type -------- ------ --------------- --------------- --------------- ------ -----Local Local 155.144.1.0 255.255.255.0 155.144.1.1 0 1/8/1 Local Local 199.3.1.0 255.255.255.0 199.3.1.1 0 131/1/1 Net Mgmt Remote 199.3.2.0 255.255.255.0 199.3.1.
282 CHAPTER 14: CONFIGURING IP Adding the Default Route The default route is a special kind of static route. When the Cuda 12000 must forward a packet, but it cannot determine the route to the packet’s destination, the Cuda 12000 forwards the packet to the next hop associated with the default route. Unlike other static routes, you only have to specify the IP address of the next hop (gateway) when adding the default route.
Configuring Static Routes 283 Deleting the Default Route To add the default route, perform the following task: Task Command From any mode, delete the default route. no ip route default Example cli:192.168.208.3:root# show ip row count: 8 Protocol Route Type -------- -----Net Mgmt Remote Local Local Local Local Net Mgmt Remote Local Local Local Local Local Local Net Mgmt Remote Destination --------------0.0.0.0 155.144.1.0 199.3.1.0 199.3.2.0 201.1.1.0 201.1.2.0 222.2.2.0 222.2.3.
284 CHAPTER 14: CONFIGURING IP Managing the Address Resolution Protocol (ARP) On a physical network on which devices have Media Access Control (MAC) addresses (for example, Ethernet), ARP is used to map the MAC addresses to IP addresses.
Managing the Address Resolution Protocol (ARP) 285 Displaying the ARP Cache Use the following procedure to display the ARP cache for a selected interface Task Command 1. Enter configuration mode for the selected interface. interface 2. Display the ARP cache for the selected interface. show arp Example The following example displays the contents of the ARP cache maintained by cable interface 1/1/1: cli:172.16.19.10:root# interface 1/1/1 mode: interface:cable:csi(1/1/1) cli:172.16.19.
286 CHAPTER 14: CONFIGURING IP Adding ARP Entries System interfaces can learn host addresses by sending out ARP requests. Optionally, you can manually define these address mappings for a selected interface by adding a static IP-to-MAC address entry to the ARP cache of a selected interface. Adding an ARP entry involves specifying both the IP address and the MAC address that you want to map to each other. You can add static ARP entries to Ethernet interfaces only.
Managing the Address Resolution Protocol (ARP) 287 Deleting ARP Entries Static entries remain in the ARP cache until you manually remove them. You can remove any ARP entry using the following procedure. Task Command 1. Enter configuration mode for the selected Ethernet interface. interface 2. Remove the IP-to-MAC address mapping by specifying the IP address. del arp Example cli:172.16.19.10:root# interface 1/11/1 mode: interface:ethernet:csi(1/11/1) cli:172.16.19.
288 CHAPTER 14: CONFIGURING IP Configuring the ARP Timeout You can set the ARP timeout, which is the timeout in seconds, for dynamic ARP cache entries associated with an interface. When the timeout value is exceeded, the Cuda 12000 flushes out-of-date cache entries from the ARP cache. The cache contains IP addresses and their associated MAC addresses that were stored in response to an ARP reply. Valid ARP timeout values range from 0 to 604800 seconds. The default is 600 seconds.
Managing the Address Resolution Protocol (ARP) 289 Clearing the ARP Cache The clear arp-cache command allows you to delete all non-static entries in the ARP cache. If you issue this command from root mode, you delete all non-static ARP entries associated with all interfaces. If you issue this command from interface mode, you delete only the non-static ARP entries associated with the current interface. Exercise caution when clearing the ARP cache.
290 CHAPTER 14: CONFIGURING IP Configuring RIP This section provides instructions on how to configure Routing Information Protocol (RIP) on an IP interface. Configuring RIP consists of the following tasks: ■ Configuring RIP on IP Interfaces ■ Disabling RIP on IP Interfaces ■ Removing RIP from IP Interfaces Before you can effectively perform these steps, however, you need to understand certain concepts about RIP.
Configuring RIP 291 Descriptions of the RIP parameters that you configure are listed below. Table 14-2 RIP Parameters Parameter Description IP Address IP address of the current interface. Send Version Version of RIP packets this router will send on this interface ((RIP v1), (RIP v2), (RIPv1 or RIPv2) or none). Receive Version Versions of RIP packets the router will accept on this interface ((RIP v1), (RIP v2), (RIPv1 or RIPv2) or none). Cost Cost or metric of the current interface.
292 CHAPTER 14: CONFIGURING IP Parameter Description Default Cost Metric that is to be used for the default route entry in RIP updates originated on this interface. A value of zero indicates that no default route should be originated; in this case, a default route via another router may be propagated. Accept Default Indicates whether default routes advertised by neighbor routers are accepted on this interface.
Configuring RIP 293 You configure RIP on an IP interface by performing the following tasks: Task Command 1. Enter configuration mode for the interface on which you want to enable RIP. interface 2. Enter the IP address of this interface. ip address 3. Enable RIP on the current interface. ip rip enable 4. Enter the protocol for outgoing ip rip send-version {1 | 2 |1 2| none} packets that the router will send on this interface.
294 CHAPTER 14: CONFIGURING IP Task Command 9. Configure the interface to ip rip send default-only advertise only the default route. When RIP is enabled for the first time on the interface, the interface does not advertise default routes. 10.Configure the interface to ip rip send default-also advertise the default route in addition to other routes. When RIP is enabled for the first time on the interface, the interface does not advertise default routes. 11.
Configuring RIP Task 295 Command 15.Configure the authentication type ip rip authentication for the interface. When RIP is {md5 | password} enabled for the first time on the interface, no authentication is in effect by default. 16.Configure the authentication key for the interface. ip rip authentication {key-id key | key } 17.Verify the RIP configuration on the show ip rip current interface.
296 CHAPTER 14: CONFIGURING IP Example The following example configures RIP on cable interface 1/1/1: cli:# mode: cli:# cli:# interface 1/1/1 interface:cable:csi(1/1/1) ip address 201.1.1.1 255.255.255.
Configuring RIP Disabling RIP on IP Interfaces Use this procedure to disable RIP on an interface: Task Command 1. Enter configuration mode for the interface for which you want to disable RIP. interface 2. Enter the IP address of this interface. ip address 3. Disable RIP on the interface. ip rip disable For more information on these commands, refer to the Cuda 12000 IP Access Switch CLI Reference Guide.
298 CHAPTER 14: CONFIGURING IP Configuring OSPF Open Shortest Path First (OSPF) is a link-state-based interior gateway protocol. With link-state routing protocols, routers maintain a link-state database that contains current information on the state of each communications link in the network topology. This information enables routers to determine the best routes to each destination network within a single autonomous system of networks. The Cuda 12000 supports OSPF version 2 as defined in RFC 1583.
Configuring OSPF 299 OSPF Areas To address large link-state databases, OSPF employs areas, which are groups of OSPF routers that exchange topology information. Designated routers only send LSAs to routers in the same area. If an autonomous system (AS) has one area, all routers in the AS receive LSAs; however, if the AS consists of many areas, LSAs are only sent to the appropriate areas, which minimizes traffic and the link-state database size. Using areas, the AS works much like a group of small networks.
300 CHAPTER 14: CONFIGURING IP OSPF requires the backbone to be contiguous to all areas in the AS. All other non-backbone areas (areas other than area 0) must have a connection to the backbone area. Non-backbone areas that are not contiguous to the backbone can use virtual interfaces to connect to the backbone. OSPF Routers OSPF performs routing within an area and routing between areas. Different categories of routers perform these two types of routing.
Configuring OSPF 301 OSPF Configuration Task Overview Configuration of the Cuda 12000 within an OSPF network includes: ■ Configuring OSPF Global Parameters ■ Adding OSPF Areas ■ Removing OSPF Areas ■ Configuring OSPF on IP Interfaces ■ Removing OSPF from IP Interfaces ■ Configuring OSPF Virtual Interfaces ■ Removing OSPF Virtual Interfaces ■ Configuring OSPF Neighbor Traps Configuring OSPF Global Parameters OSPF Global Parameters provide information about this router to other OSPF routers
302 CHAPTER 14: CONFIGURING IP OSPF global parameters are configured within router ospf mode. You configure OSPF global parameters by performing the following tasks: Task Command 1. Enter router-ospf mode. router ospf 2. Define the OSPF router ID for this system. router-id 3. Configure this router as an ASBR. asbr Note that you cannot set the router ID to 0.0.0.0 or 255.255.255.255. Note that ASBR is disabled by default.
Configuring OSPF 303 Adding OSPF Areas You can divide an AS into smaller, more manageable sub-divisions or areas. This reduces the amount of routing information that must travel through the network and serves to reduce the size of each router’s routing database. In order for the Cuda 12000 to support OSPF, you must add at least one area. Typically, the Cuda 12000 will have a direct connection to the OSPF backbone, in which case you must add area 0.0.0.0.
304 CHAPTER 14: CONFIGURING IP Task Command 4. Configure the default cost only if ospf area default-cost this is an ABR connected to a stub area. The default cost is the metric assigned to the summary default route injected into the area by this router. 5. If you want to summarize routes injected into the area, use this command to define the area range. ospf area range [advertise-matching] 6. Configure authentication for this area.
Configuring OSPF 305 Example cli# router ospf mode: router:ospf cli# ospf area 0.0.0.1 cli# ospf area 0.0.0.1 authentication md5 cli# ospf area 0.0.0.1 stub cli# ospf area 0.0.0.1 default-cost 10 cli# Removing OSPF Areas You remove a specified OSPF area by performing the following tasks: Task Command 1. Enter router-ospf mode. router ospf 2. Display OSPF areas. show ospf area 3. Remove the OSPF area.
306 CHAPTER 14: CONFIGURING IP Configuring OSPF on IP Interfaces You configure OSPF on IP interfaces using the ip ospf command within interface configuration mode. To configure OSPF on an IP interface, you must: ■ Assign an area ID to the IP interface ■ Configure OSPF parameters for the IP interface Assigning an Area ID to the IP Interface Before you can configure any OSPF parameters on an IP interface, you must assign the area ID to the IP interface.
Configuring OSPF 307 Example The following example enters IP address configuration mode for interface 1/1/1 and assigns the interface an area ID of 1.1.1.1. cli:172.16.19.10:root# router ospf mode: router:ospf cli:172.16.19.10:router:ospf# ospf area 1.1.1.1 cli:172.16.19.10:router:ospf# interface 1/1/1 mode: interface:cable:csi(1/1/1) cli:172.16.19.10:interface:cable:csi(1/1/1)# ip address 172.16.9.8 255.255.255.0 cli:172.16.19.10:interface:cable:csi(1/1/1):ip-address(172.16.9.8)# ip ospf area-id 1.1.1.
308 CHAPTER 14: CONFIGURING IP Configuring OSPF Parameters for an IP Interface After you have entered IP address configuration mode and assigned an area ID to the IP interface, you can then configure OSPF parameters on the interface. To do so, perform the following tasks within IP address configuration mode: Task Command 1. Configure the cost for this OSPF interface. ip ospf cost 2. Configure the dead-interval for this ip ospf dead-interval OSPF interface, in seconds.
Configuring OSPF Task Command 4. Configure the interface priority. This number identifies the priority of the Cuda 12000 relative to other OSPF routers on the current interface. The number is used to elect the designated and backup designated routers. The router with the highest priority is considered the designated router. ip ospf priority A value of 0 indicates that the router is not eligible to be the designated or backup designated router.
310 CHAPTER 14: CONFIGURING IP Task Command 7. Configure the authentication type. Authentication is optional. If you choose to implement authentication: ip ospf authentication {md5 | password} ■ ■ The Cuda 12000 and all of its OSPF neighbors on the interface you are configuring must implement the same type of authentication. Note that you specify “md5” to configure MD5 password authentication; “password” to configure simple password authentication.
Configuring OSPF 311 Example The following example configures OSPF parameters on IP interface 201.1.1.1: cli:# router ospf mode: router:ospf cli:# show ospf area row count: 2 Area Id Auth Type ImpAsExt SPF ABR ASBR LSA LSA Area Area Count Count Count Cksum Summary Type ---------------- --------- -------- ---- ----- ----- ----- ------ ------- ----0.0.0.0 None Extern 32 0 0 1 26284 Send Norm 0.0.0.
312 CHAPTER 14: CONFIGURING IP Removing OSPF from IP Interfaces You remove OSPF from an interface by performing the following tasks: Task Command 1. Enter configuration mode for the interface from which you want to remove OSPF. interface 2. Enter the IP address of this interface. ip address 3. Remove OSPF from the interface. no ip ospf area-id For more information on these commands, refer to the Cuda 12000 IP Access Switch CLI Reference Guide.
Configuring OSPF 313 Configuring OSPF Virtual Interfaces OSPF requires that all areas be attached to the OSPF backbone area (area 0.0.0.0). However, you may encounter situations in which you cannot connect an OSPF area directly to the backbone. If your Cuda 12000 is an area border router between one area that is physically connected to the OSPF backbone and one area that is not, you can create a virtual interface on your Cuda 12000 to connect the non-contiguous area to the OSPF backbone.
314 CHAPTER 14: CONFIGURING IP Area 0.0.0.1 (Transit Area) Cuda 12000 (ABR) Third Party Router (ABR) CPE ROUTER Area 0.0.0.2 (Non-Contiguous Area) Router ID = 133.132.1.1 Area 0.0.0.0 (Backbone) Figure 14-3 Sample Non-Contiguous Area To connect area 0.0.0.2 to the backbone, you would have to create a virtual interface on the Cuda 12000. You would specify 0.0.0.1 for the transit area and 133.132.1.1 for the neighbor router ID. ADC Telecommunications, Inc.
Configuring OSPF 315 Use this procedure to configure a virtual interface: Task Command 1. Enter router-ospf mode. router ospf 2. Configure the transit area and the router ID of the neighbor for this virtual interface. ospf-vi 3. Configure the dead-interval, in seconds.
316 CHAPTER 14: CONFIGURING IP Task Command 7. Configure the authentication type. ospf-vi authentication {md5 | password} Authentication is optional. If you choose to implement authentication, the OSPF neighbors on the virtual interface must all implement the same authentication type. Note that: ■ ■ Specify “md5” to configure MD5 password authentication; “password” to configure simple password authentication.
Configuring OSPF 317 Example The following example illustrates how to create a virtual interface that links a non-contiguous area to the backbone via a transit area of 0.0.0.1 and an ABR with a router ID of 133.132.1.1: cli:192.168.208.3:root# router mode: router:ospf cli:192.168.208.3:router:ospf# cli:192.168.208.3:router:ospf# cli:192.168.208.3:router:ospf# cli:192.168.208.3:router:ospf# 350 cli:192.168.208.3:router:ospf# cli:192.168.208.3:router:ospf# cli:192.168.208.
318 CHAPTER 14: CONFIGURING IP Configuring OSPF Neighbor Traps You can enable the sending of the OSPF neighbor state trap and the OSPF virtual neighbor state trap. These traps report changes in OSPF neighbor state or virtual neighbor state. To enable OSPF neighbor traps, perform the following tasks: Task Command 1. Enter router-ospf mode. router ospf 2. Enable the OSPF neighbor state trap. report ospf-nbr-state Note: To disable the trap, issue this command: no report ospf-nbr-state 3.
Configuring OSPF 319 Example cli:192.168.220.230:router:ospf# report ospf-nbr-state cli:192.168.220.230:router:ospf# report ospf-virt-nbr-state cli:192.168.220.230:router:ospf# show ospf Admin Status Enabled TOS Support False Router Id 201.1.1.1 ABR Status False ASBR Status False Report ospf-nbr-state Report ospf-virt-nbr-state Enabled Enabled For snmp-server host command examples, refer to Chapter 9 “Simple Network Management Protocol (SNMP)” for more information.
320 CHAPTER 14: CONFIGURING IP Configuring IP Source Routing IP source routing allows you to configure the default route a packet should take based on the source IP address of the packet. Configuring IP source routing includes the following tasks: ■ Adding IP Source Routes ■ Displaying IP Source Routes ■ Removing IP Source Routes In addition, a sample source routing configuration is provided.
Configuring IP Source Routing 321 About IP Source Routing Source routing allows you to configure a different default route for each IP network or host. Specifically, source routing allows you to define the default route (next hop gateway) to which a packet containing a particular source IP address should be forwarded in the event that a local route to the destination does not exist. This feature is called source routing because the route is determined by the source of the message.
322 CHAPTER 14: CONFIGURING IP Adding IP Source Routes Source routes are added on a per-interface basis. You add a source route entry on a particular interface by performing the following tasks: Task Command 1. Enter interface mode. interface 2. Add a source route. ip source-route Examples The following example configures interface 1/1/1 to forward any packets received from the 172.16.19.0 network to the router at 172.20.19.4: cli:172.16.19.
Configuring IP Source Routing 323 Displaying IP Source Routes You display the source routing entries configured on a particular interface by performing the following tasks: Task Command 1. Enter interface mode. interface 2. Display a source route entry. show ip interface source-route Example The following example displays all source route entries configured on interface 1/1/1: cli:172.16.19.10:root# interface 1/1/1 mode: interface:cable:csi(1/1/1) cli:172.16.19.
324 CHAPTER 14: CONFIGURING IP Removing IP Source Routes To remove an IP source route entry from a particular interface, perform the following tasks: Task Command 1. Enter interface mode. interface 2. Remove a source route entry. no ip source-route The following example configures interface 1/1/1 to forward any packets received from the 172.16.19.0 network to the router at 172.20.19.4: cli:172.16.19.10:interface:cable:csi(1/1/1)# no ip source-route 172.
Configuring IP Source Routing 325 Source Routing Configuration Example For example, if 3 users are connected to a single DOCSIS module on interface 1/1/1; each user would belong to a different internet service provider, ISP-1, ISP-2, ISP-3, as described in the following table: Customer Host ISP ISP’s Router 172.16.19.2 ISP-1 209.16.19.2 172.16.19.5 ISP-2 172.16.20.4 172.16.19.9 ISP-3 172.19.34.
326 CHAPTER 14: CONFIGURING IP ADC Telecommunications, Inc.
15 IP PACKET FILTERING This chapter covers IP packet filtering on the Cuda 12000 and includes the following sections: ■ About IP Packet Filtering (page 328) ■ Enabling and Disabling IP Packet Filtering (page 329) ■ Understanding Access Lists (page 330) ■ Creating Access Lists (page 331) ■ Applying Access Lists to Interfaces (page 336) ■ Packet Filtering Considerations and Example (page 340) Note that IP packet filtering is only supported on cable interfaces.
328 CHAPTER 15: IP PACKET FILTERING About IP Packet Filtering The Cuda 12000 supports packet filtering in the form of access lists. Access lists allow you to restrict and control IP packet flow over specified cable interfaces. This control of IP packet transmission restricts network access from specified users, devices, and applications. IP packet filtering involves the following steps: 1.
Enabling and Disabling IP Packet Filtering 329 Enabling and Disabling IP Packet Filtering Whenever you apply an access-list to an interface using the access-class command IP filtering is automatically enabled. You can disable IP filtering so that all packets are permitted to cross the interface. You must disable access lists manually; IP filtering is not automatically disabled when access lists are removed. For each interface, you can enable filtering of incoming packets, as well as outgoing packets.
330 CHAPTER 15: IP PACKET FILTERING Understanding Access Lists Access lists are sequential groupings of permit and deny rules. These rules enable you to permit or deny packets from crossing specified interfaces. An access list is comprised of both match criteria and actions to take upon finding a match.
Creating Access Lists 331 Creating Access Lists Access lists are comprised of rules that are sequenced according to assigned rule numbers. These rules are created and assigned to access lists using the access-list command. Packets are matched against the lowest numbered rules first. Each rule defines a permit or deny action which determines whether the packet is accepted or permitted when matched. Note that access lists include an implicit deny command at the end.
332 CHAPTER 15: IP PACKET FILTERING Creating IP Access Lists To create an IP access list, perform the following task in either root mode or interface configuration mode: Task Command Create an IP access list.
Creating Access Lists 333 For example, the following access list permits TCP traffic on port 23 (Telnet) from host 172.16.19.200 to any IP address destination. cli:172.16.19.10:root# access-list 5 permit 1 tcp 172.16.19.200 0.0.0.0 any eq 23 Creating UDP Access Lists To create a UDP access list, perform the following task in either root mode or interface configuration mode: Task Command Create an UDP access list.
334 CHAPTER 15: IP PACKET FILTERING The following table provides a quick reference to access list command arguments. For more information, see the Cuda 12000 IP Access Switch CLI Reference Guide. Table 15-1 Access List Command Arguments Argument Description list number Index number that identifies this list. Valid range: 1–65535. rule number Number identifying the precedence of this access list. Smaller rule numbers result in greater precedence.
Creating Access Lists 335 Displaying Access Lists To display the contents of a specified access list, perform the following task within root or interface mode: Task Command 1. Display all access lists within the system. show access-list 2. Display a specified access list. show access-list Deleting Access Lists To delete an access list, perform the following task within root or interface mode: Task Command 1. To delete a specified access list.
336 CHAPTER 15: IP PACKET FILTERING Applying Access Lists to Interfaces After you create an access list, you can apply it to one or more interfaces to filter traffic. Filters can be applied to either outbound or inbound interfaces or both. Note that filtering is enabled automatically when you apply an access list to an interface. You apply access lists to a specific interface by using the access-class command.
Applying Access Lists to Interfaces 337 The following example applies access list 1 to the inbound interface and access list 2 to the outbound interface of cable interface 1/1/1: cli:172.16.19.10:root# interface 1/1/1 mode: interface:cable:csi(1/1/1) cli:172.16.19.10:interface:cable:csi(1/1/1)# show access-list List ----1 ..... 2 ..... Ac Rule Prot IP Source IP Dest -- ---- ---- --------------DE 1 ip 172.16.19.200 0.0.0.0 .. .... .... ............... PE 1 tcp 172.16.19.200 0.0.0.0 .. .... .... .........
338 CHAPTER 15: IP PACKET FILTERING Figure 15-2 shows a logical representation of an access class for an inbound or outbound interface.
Applying Access Lists to Interfaces 339 Removing Access Lists from Access Classes To remove an access list from an interface, remove it from the access class on that interface. To do so, perform the following task within interface mode: Task Command Remove an access list from an interface.
340 CHAPTER 15: IP PACKET FILTERING Packet Filtering Considerations and Example This section reviews the considerations you should keep in mind when creating packet filters, and provides examples using the access-list and access-class commands. When configuring packet filtering, consider the information in the next two sections. Implicit Deny Access lists contain an implicit deny at the end. This means packets for which no match is found are rejected.
Packet Filtering Considerations and Example 341 With the added permit any rule, only packets from the 172.16.19.20 are rejected, all others pass. This is because once the permit any condition is met, no further lines in the access list are read. Match Sequence The sequence in which an inbound or outbound packet is matched against the filter criteria of an interface is determined by the following: ■ Rule number within access list — Lower rule numbers take precedence over higher rule numbers.
342 CHAPTER 15: IP PACKET FILTERING ADC Telecommunications, Inc.
16 NETWORK-LAYER BRIDGING Network-layer bridging allows a single subnet to span across multiple DOCSIS modules.
344 CHAPTER 16: NETWORK-LAYER BRIDGING About Network-Layer Bridging Network-layer bridging allows you to add the same IP address to multiple physical interfaces throughout the system. Of particular value is the ability to propagate the same IP gateway across cable interfaces on multiple DOCSIS (CMTS) modules. The cable modem, customer premise equipment (CPE), or Multimedia Terminal Adapter (MTA) gateway determines the subnet to which a modem, CPE, or MTA can belong.
Creating Network-Layer Bridges 345 Creating Network-Layer Bridges The key to spanning a single subnet across multiple DOCSIS modules is to configure the same IP gateway on each module. Because the gateway serves as the key that dictates address assignment for cable modems, CPE devices or MTAs, configuring the same IP gateway on each cable interface enables the DHCP server to assign those devices IP addresses from the same subnet or subnet pool.
346 CHAPTER 16: NETWORK-LAYER BRIDGING The system supports network-layer bridging within a single chassis where egress ports within the chassis share an IP address. It also supports network-layer bridging within a cluster where egress ports on modules that reside in different chassis can share an IP address. In this way, the layer 3 bridge can span across a single chassis, or multiple chassis in the same cluster.
Creating Bridge Groups 347 Creating Bridge Groups You must first create a network-layer bridge group before you can configure it. After you create the bridge group, you then configure it within interface configuration mode. You can identify bridge groups using either numbers or strings; the text string that you specify is case-sensitive. To create a network-layer bridge, perform the following task within any mode: Task Command Create a bridge group.
348 CHAPTER 16: NETWORK-LAYER BRIDGING To remove network-layer bridges, perform the following tasks within any mode: Task Command 1. Remove a specified bridge group. no bridge-group 2. Remove all currently configured bridge groups. no bridge-group all The follow example removes all bridge groups configured on the system: cli:172.16.19.10:root# show bridge-group Bridge Group: Bridge_1 Bridge Group: 5 cli:172.16.19.10:root# no bridge-group all 2 Bridge Groups have been deleted cli:172.
Adding Interfaces to Bridge Groups 349 Adding Interfaces to Bridge Groups After you create a bridge group, you can then enter configuration mode for the group and assign system interfaces to it. All interfaces that you add to the bridge group become part of the layer 3 bridge. To add an interface to a specified bridge group, perform the following tasks: Task Command 1. Enter interface configuration mode for the bridge group to which you want to add interfaces. interface bridge-group 2.
350 CHAPTER 16: NETWORK-LAYER BRIDGING To remove an interface from a bridge group, use the no bridge-interface command, as shown in the following example: cli:172.16.19.10:interface:bridge-group(1)# show bridge-group 1 Bridge Group: 1 Chassis Slot Interface ---------- ---------- ---------1 1 1 1 11 1 1 11 8 row count: 3 cli:172.16.19.10:interface:bridge-group(1)# no bridge-interface 1/11/8 cli:172.16.19.
Assigning IP Addresses To Bridge Groups 351 Assigning IP Addresses To Bridge Groups A network-layer bridge is comprised of interfaces that belong to the same bridge group. They share any IP address that you assign to the bridge group. The IP address that you assign to the bridge-group is automatically added to the routing table.
352 CHAPTER 16: NETWORK-LAYER BRIDGING ADC Telecommunications, Inc.
17 MANAGING IP MULTICAST This chapter describes how to manage IP Multicast on the Cuda 12000 and includes the following sections: ■ About IP Multicast (page 354) ■ Managing IGMP Interfaces (page 356) ■ Managing IGMP Proxies (page 363) ■ Displaying Multicast Routes (page 366)
354 CHAPTER 17: MANAGING IP MULTICAST About IP Multicast IP Multicast reduces traffic on a network by delivering a single stream of information to multiple users at one time. The Cuda 12000 supports up to 500 multicast groups per chassis. IGMP Internet Group Management Protocol (IGMP) is required by all hosts and routers to receive multicast packets. For a host to receive multicast traffic from a specific multicast group, it must join that multicast group.
About IP Multicast 355 If IGMP proxy is enabled for these multicast groups, the Cuda 12000 joins these groups on the proxy interface. When the remote multicast router sends an IGMP query to the Cuda 12000, the Cuda 12000 replies with IGMP reports for all multicast groups joined by the hosts. Since the remote multicast router knows about the additional multicast groups joined by the hosts, it routes multicast traffic for these groups onto the common Ethernet.
356 CHAPTER 17: MANAGING IP MULTICAST In the Cuda 12000, you can configure interfaces to proxy for individual IP multicast addresses or multicast address ranges. This gives you a lot of flexibility. For example, you can proxy for a single multicast group on one interface and a different multicast group on another interface. Alternatively, you could also include these groups in the same range and proxy for them both on the same interface.
Managing IGMP Interfaces 357 Configuring IGMP Interface Parameters You can configure the following IGMP interface parameters: ■ Query Interval — Specifies the frequency, in seconds, that the Cuda 12000 transmits IGMP host query packets on this particular interface. The default is 125 seconds with a range of 10 to 65535 seconds. ■ Query Max Response Time — Specifies the maximum number of seconds that the Cuda 12000 waits for a response to an IGMP Query message before deleting the group.
358 CHAPTER 17: MANAGING IP MULTICAST Use the following procedure to configure IGMP interface parameters: Task Command 1. Enter configuration mode for the selected interface. interface 2. Set the IGMP interface parameter.
Managing IGMP Interfaces 359 Table 17-1 describes interface details that the show ip igmp interface command displays. Table 17-2 displays details that the show ip igmp groups command displays. Table 17-1 Interface Details Parameter Description Multicast forwarding Indicates whether multicast forwarding is enabled or disabled on the interface. IP Address The lowest IP address configured on the specified interface. An IP address of 0.0.0.0 means that the interface functions as an IGMP host.
360 CHAPTER 17: MANAGING IP MULTICAST Table 17-1 Interface Details (continued) Parameter Description Max Resp Time Maximum number of seconds to wait for a response to an IGMP Query message before the group is deleted. The default is 10 seconds with a range of 1 to 25. Robustness Allows you to compensate for the expected packet loss on a subnet. If the loss is expected to be high, increase the value. The default is 2 and the range is 1 to 255.
Managing IGMP Interfaces 361 Table 17-2 Group Details Parameter Description Group Address The IP address of the IGMP group. Up Time Time elapsed in hours, minutes, and seconds since the creation of the entry. Expires Minimum amount of time remaining before this entry is aged out. If the value is zero, the entry does not time out. Last Reporter Source IP address for the last membership report received for this group IP address. If no report is received, the value is 0.0.0.0.
362 CHAPTER 17: MANAGING IP MULTICAST Deleting IGMP Groups You can delete IGMP groups that you join on an interface using the ip igmp join-group command. You can delete these groups in two ways: ■ Using the no ip igmp join-group command ■ Using the clear ip igmp group command To delete groups with the no ip igmp join-group command: Task Command 1. Enter interface mode. root 2. Display groups. show ip igmp groups 3. Specify the multicast address of the group you want to delete.
Managing IGMP Proxies 363 Managing IGMP Proxies You can configure an interface to proxy for a single multicast group or a range of multicast groups. You can also display and delete IGMP proxies. Configuring Proxies Before configuring an interface to proxy for multicast groups, note that: ■ You must assign an IP address to that interface. ■ You cannot configure an interface to proxy for a multicast group within the multicast range 224.0.0.0 to 224.0.0.255.
364 CHAPTER 17: MANAGING IP MULTICAST Examples You can configure an interface to proxy for a single multicast group or a range of multicast groups. An example of each instance is shown below: Example 1 — This example shows a range of multicast groups for which the interface proxies: ■ Group Address — 225.1.0.0 ■ Mask — 255.255.0.0 The interface proxies for an address range from 225.1.0.0 to 255.1.255.
Managing IGMP Proxies 365 Displaying Proxies Use this procedure to display proxies for multicast groups: Task Command 1. Enter root mode. root 2. Display proxies. show ip igmp proxy The show ip igmp proxy command displays the following information about each proxy: ■ Group Address — IP Multicast group address or address range for which the interface acts as a proxy. ■ Mask — Mask associated with the group address. ■ Interface — Interface that acts as the proxy.
366 CHAPTER 17: MANAGING IP MULTICAST Displaying Multicast Routes Use this procedure to display multicast routes: Task Command 1. Enter root mode or interface mode. enable root or interface 2. Display summary information on multicast routes, details on multicast routes, or details on a specific multicast route.
IV CABLE MODEM TERMINATION SYSTEMS Chapter 18 Configuring Cable Modem Termination Systems Chapter 19 Managing Cable Modems Chapter 20 Subscriber Management Chapter 21 MIB Browsing
18 CONFIGURING CABLE MODEM TERMINATION SYSTEMS Cable Modem Termination Systems (CMTS) consists of DOCSIS and EuroDOCSIS modules within the Cuda 12000.
370 CHAPTER 18: CONFIGURING CABLE MODEM TERMINATION SYSTEMS Configuring the MAC Interface Media Access Control (MAC) is a logical interface implemented within hardware and software. MAC contains one downstream and four upstream channels. Frequencies are assigned for each of the downstream and upstream channels. MAC interface parameters are associated with DOCSIS/EuroDOCSIS module timing and control features that exist at network layer 2 to manage upstream and downstream traffic.
Configuring the MAC Interface 371 Example The following example displays the current MAC configuration and related statistics for cable interface 1/1/1: cli:172.16.19.10:root# interface 1/1/1 mode: interface:cable:csi(1/1/1) cli:172.16.19.
372 CHAPTER 18: CONFIGURING CABLE MODEM TERMINATION SYSTEMS Understanding MAC Interface Statistics MAC interface statistics are displayed as part of the show interface cable mac display, as shown in the previous section. Table 18-1 provides a brief description for each MAC statistic. Table 18-1 CMTS MAC Interface Statistics Statistic Description In Octets Aggregate number of bytes received on all upstream channels.
Configuring the MAC Interface 373 Statistic Description Invalid Range Requests Aggregate number of invalid ranging requests received on the MAC interface. Ranging Aborts Number of abort range responses that were sent by the CMTS. Invalid Registration Requests Aggregate number of invalid registration requests received on the MAC interface. Failed Regestration Requests Aggregate number of failed registration requests from modems.
374 CHAPTER 18: CONFIGURING CABLE MODEM TERMINATION SYSTEMS Configuring MAC Interface Parameters MAC interface parameters are described in the following sections. Shared Secret The Shared Secret parameter is the authentication string shared between the CMTS and the provisioning server. The shared secret is used by the CMTS to validate that a cable modem was provisioned by an authorized server. If this parameter is left blank, the CMTS does not validate a modem’s provisioning.
Configuring the MAC Interface 375 Sync Interval (millisec) The Sync Interval parameters sets the time interval between the CMTS transmission of SYNC messages. By default, the SYNC message is sent by the MAC hardware every 5 milliseconds. Acceptable values are 1 to 200 milliseconds. You set the sync interval by performing the following tasks. Task Command 1. Enter interface cable mode. interface cable 2. Configure the CMTS ranging sync interval.
376 CHAPTER 18: CONFIGURING CABLE MODEM TERMINATION SYSTEMS Insertion-interval The Insertion-interval parameter specifies the interval between CMTS transmission of Initial Maintenance (IM) intervals. This limits the amount of time during which cable modems can request an upstream frequency from the CMTS and join the network for the first time. By default, the automatic setting is configured at 10 centiseconds. Acceptable values are 5 to 200 centiseconds. Task Command 1. Enter interface cable mode.
Configuring the MAC Interface 377 Map-timer The Map-timer parameter sets the time interval between the CMTS transmission of MAP messages for each active upstream channel. Acceptable values are 1000 – 10000 microseconds. The default is 10 milliseconds. Setting this value at less than 6 milliseconds causes performance problems. Perform the following task to set the Map-timer parameter for the current cable interface. Task Command 1. Enter interface cable mode. interface cable 2.
378 CHAPTER 18: CONFIGURING CABLE MODEM TERMINATION SYSTEMS Plant-delay The Plant-delay parameter specifies the maximum round-trip propagation delay in the cable plant. This value is used to adjust the map lead time. It is recommended that a low value be used to reduce cable modem access delay. ■ For a cable plant of 25 miles, the recommended value is 400. ■ For a cable plant of 100 miles, the recommended value is 1600.
Configuring the Downstream Channel 379 Configuring the Downstream Channel The Downstream Channel sends data from the headend site to subscriber cable modems. Configuring the downstream channel involves setting parameters to maximize the performance of the data transfer. Downstream channel parameters are based on the modulation type for a downstream channel on the CMTS. The downstream center frequency range values and the downstream interleave depth values are different for DOCSIS and EuroDOCSIS.
380 CHAPTER 18: CONFIGURING CABLE MODEM TERMINATION SYSTEMS Example The following example displays the current downstream configuration and related statistics for cable interface 1/1/1: cli:172.16.19.10:root# interface 1/1/1 mode: interface:cable:csi(1/1/1) cli:172.16.19.10:interface:cable:csi(1/1/1)# show downstream C/S/P 1 / 1 / 2 / 2 Frequency 507.
Configuring the Downstream Channel 381 Understanding Downstream Channel Statistics Downstream statistics are displayed as part of the show interface cable downstream display as shown in the previous section. Table 18-2 provides a brief description for each MAC statistic. Table 18-2 Downstream Channel Statistics Statistic Description Symbol Rate Specifies the MAC symbol rate in symbols per second: ■ ■ qam64 – 5,056,941 symbols per second. qam256 – 5,360,537 symbols per second.
382 CHAPTER 18: CONFIGURING CABLE MODEM TERMINATION SYSTEMS Configuring Downstream Parameters Downstream channel configuration is described in the following sections: Annex Type The downstream channel Annex Type parameter supports MPEG framing format for DOCSIS and EuroDOCSIS modules. The Cuda 12000 automatically detects MPEG framing format, as follows: ■ Annex A — Indicates an MPEG framing format for a EuroDOCSIS module. ■ Annex B — Indicates an MPEG framing format for a DOCSIS module.
Configuring the Downstream Channel 383 Downstream Frequency The Downstream Frequency (Hz) parameter sets the downstream signal for the RF carrier. By default, Center Frequency is set at 507 MHz. DOCSIS acceptable values are 93 MHz to 855 MHz; EuroDOCSIS acceptable values are 91.0 MHz to 858 MHz. You set the downstream center frequency by performing the following tasks. Task Command 1. Enter interface cable mode. interface cable 2. Set the downstream center frequency.
384 CHAPTER 18: CONFIGURING CABLE MODEM TERMINATION SYSTEMS Downstream transmit-power The Downstream transmit-power (TenthdBmV) parameter sets the nominal output transmit power level. By default, Channel Power is set at 550 TenthdBmV. Acceptable values: 0–650. You set the downstream output transmit power level by performing the following tasks. Task Command 1. Enter interface cable mode. interface cable 2. Set the output transmit power level. downstream transmit-power <0..
Configuring the Downstream Channel 385 Downstream Modulation The Downstream modulation parameter sets the modulation rate for a downstream channel. The CMTS supports the following two modulation types. You set the downstream modulation type by performing the following tasks. Task Command 1. Enter interface configuration mode. interface cable 2. Configure modulation used on the downstream channel.
386 CHAPTER 18: CONFIGURING CABLE MODEM TERMINATION SYSTEMS Downstream interleave-depth The Downstream interleave-depth parameter sets the FEC Interleaving for the downstream channel. By default, the Downstream interleave-depth for DOCSIS is set at taps32Increment4. A higher value improves protection from noise bursts; however, it may slow down the downstream data transfer rate. The Downstream interleave-depth for EuroDOCSIS must be set at taps12Increment7.
Configuring the Downstream Channel 387 Example Procedure of Downstream Configuration The following procedure steps you through the process of configuring a DOCSIS downstream channel. An example of a DOCSIS configuration follows: Task Command 1. View a list of CMTS interfaces that you have installed on your chassis. You can do so by using a combination BAS/UNIX command. show topology | include docs 2. Enter configuration mode for the CMTS interface that you want to configure.
388 CHAPTER 18: CONFIGURING CABLE MODEM TERMINATION SYSTEMS Task Command 7. Set the downstream channel modulation type. downstream modulation {qam64 | qam256} 8. Set the downstream channel power. Acceptable values: 0 – 650. downstream transmit-power 9. Verify the downstream configuration for this CMTS card. show interface cable downstream ADC Telecommunications, Inc.
Configuring the Downstream Channel 389 Example The following example shows a downstream channel configuration. cli:172.16.19.10:root# show topology | include docs 1 / 1 / 1 Egress docsCableMaclayer Active 1 / 6 / 1 Egress docsCableMaclayer Active cli:172.16.19.10:root# interface 1/1/1 mode: interface:cable:csi(1/1/1) cli:172.16.19.10:interface:cable:csi(1/1/1)# cli:172.16.19.10:interface:cable:csi(1/1/1)# cli:172.16.19.10:interface:cable:csi(1/1/1)# cli:172.16.19.10:interface:cable:csi(1/1/1)# cli:172.16.
390 CHAPTER 18: CONFIGURING CABLE MODEM TERMINATION SYSTEMS Configuring Upstream Channels Upstream channels are used to transfer data from subscriber cable modems to the headend site. Data transfer is accomplished in bursts. The Cuda 12000 supports four upstream channels per DOCSIS/EuroDOCSIS module. Displaying Upstream Configuration and Statistics You can display configuration and statistics for DOCSIS/EuroDOCSIS upstream channels, including signal quality information.
Configuring Upstream Channels Task Command 4. Enter this command within cable interface mode to display parameters and statistics for a specific upstream channel on the current cable interface. show upstream 391 Example cli:172.16.19.10:root# interface 1/1/1 mode: interface:cable:csi(1/1/1) cli:172.16.19.10:interface:cable:csi(1/1/1)# show upstream 1 Upstream Channel Id 1 / 1 / 3 / 2 Center Frequency 20.0 (MHz) Channel Width 3.
392 CHAPTER 18: CONFIGURING CABLE MODEM TERMINATION SYSTEMS Configuring Upstream Channel Parameters Configuring upstream channel parameters is described in the following sections. Upstream shutdown The Upstream shutdown parameter sets the state of the upstream channel. Choose Up to set the channel active, or choose Down to set the channel inactive. You set the upstream channel status by performing the following tasks. Task Command 1. Enter interface cable mode. interface cable 2.
Configuring Upstream Channels 393 Frequency The Frequency (MHz) parameter sets the upstream signal frequency for the RF carrier. You may choose an acceptable DOCSIS range from 5.0 - 42.0 MHz; or an acceptable EuroDOCSIS range from 5.0 - 65.0 MHz. You set the upstream channel status by performing the following tasks. Task Command 1. Enter interface cable mode. interface cable 2. Set the upstream channel frequency.
394 CHAPTER 18: CONFIGURING CABLE MODEM TERMINATION SYSTEMS Perform the following task within interface:cable:csi mode to set the upstream channel width. Task Command 1. Enter interface cable mode. interface cable 2. Set the upstream channel width. upstream channel-width {200 | 400 | 800 | 1600 | 3200} Slot Size The Slot Size parameter is the number of 6.25 microsecond ticks in each upstream minislot.
Configuring Upstream Channels 395 You set the upstream slot size by performing the following tasks. Task 1. Enter interface cable mode. 2. Set the upstream channel mini-slot size. Command interface cable upstream minislot-size {2 | 4 | 8 | 16 | 32 | 64 | 128} Receive Power The Receive Power parameter sets the level for the upstream interface in TenthdBmV. By default, the Receive Power is set at 0, which is the optimal setting for the upstream power level.
396 CHAPTER 18: CONFIGURING CABLE MODEM TERMINATION SYSTEMS Modulation Profile The Profile Index number that identifies the properties of the Upstream Channel ID. You assign a modulation profile to an upstream channel by performing the following tasks. Task Command 1. Enter interface cable mode. interface cable 2. Specify the modulation profile that you want the channel to utilize.
Configuring Upstream Channels 397 Range-Backoff The Range Backoff Start parameter sets the fixed start value for range backoff on the upstream channels. By default the start value is set to 2 and the end value is set to 10. Acceptable values are 0 to 15. You set ranging backoff values on the upstream channel by performing the following task. . Task Command 1. Enter interface cable mode. interface cable 2. Configure the ranging backoff for an upstream channel.
398 CHAPTER 18: CONFIGURING CABLE MODEM TERMINATION SYSTEMS Example Procedure of Upstream Configuration The following procedure steps you through the process of configuring upstream channel 1. An upstream configuration example for a DOCSIS cable interface follows. The process is similar for the remaining upstream channels. Task Command 1. View a list of DOCSIS interfaces that you have installed on your chassis. show topology | include docs 2.
Configuring Upstream Channels 399 Task Command 7. Set the upstream channel frequency. Valid range: 5.0 – 42.0 MHz. upstream frequency 8. Set the mini-slot size for the downstream channel. upstream minislot-size {2 | 4 | 8 | 16 | 32 | 64 | 128} 9. Set the receive power level. Acceptable range: -160 – 260 TenthdBmV. upstream power-level 10.Set the upstream channel width.
400 CHAPTER 18: CONFIGURING CABLE MODEM TERMINATION SYSTEMS Example The following example configures upstream channel 1 on the CMTS interface installed in slot 1. cli:172.16.19.10:root# show topology | include docs 1 / 1 / 1 Egress docsCableMaclayer Active 1 / 6 / 1 Egress docsCableMaclayer Active cli:172.16.19.10:root# interface 1/1/1 mode: interface:cable:csi(1/1/1) cli:172.16.19.10:interface:cable:csi(1/1/1)# upstream 1 no shutdown cli:172.16.19.
Configuring Upstream Channels 401 Upstream Channel MAP Configuration You can fine tune MAP generation for upstream channels, as described in the following sections. Initial Maint Region Size (microsec) The size of the upstream channel Initial Maintenance (IM) contention region. Maps with Initial Maint regions are sent periodically. By default, Initial Maint Contention Region Size is set at 500. You set the initial maintenance contention for an upstream channel by performing the following tasks. .
402 CHAPTER 18: CONFIGURING CABLE MODEM TERMINATION SYSTEMS UCD Grant Size (microsec) Upstream Channel Description (UCD) grant size. After a UCD change, this specifies the size of grant to zero (which functions as a delay for cable modems to digest the new UCD), in microseconds. By default, New UCD Grant Size is set at 3000. Perform the following task within interface cable mode to set the UCD grant size for an upstream channel. . Task Command 1. Enable interface cable mode.
Configuring Upstream Channels 403 Minimum Request Region The minimum size, in minislots, for request contention region. By default, Minimum Request Region Size is set at 20. You set maximum request contention region size for an upstream channel by performing the following tasks. . Task Command 1. Enable interface cable mode. interface cable 2. Set minimum request contention region for a specific upstream channel.
404 CHAPTER 18: CONFIGURING CABLE MODEM TERMINATION SYSTEMS Upstream Channel Ranging Configuration You can fine tune how cable modems adjust power levels during the ranging process, as described in the following sections: Power Offset Threshold (dB) If power level offset reported by MAC chip is less than or equal to this threshold value, then power level adjustment may be stopped. By default, Power Offset Threshold is set at 8. Specified in 1/4 dB units.
Configuring Upstream Channels 405 CM Range Invite Timeout (millisec) This is the minimum time allowed for a cable modem following receipt of a RNG-RSP, before it is expected to reply to an invitation to range request in milliseconds. By default, the CM Range Invite Timeout is set at 400 milliseconds. You set the CM range invite timeout for an upstream channel by performing the following tasks. . Task Command 1. Enable interface cable mode. interface cable 2. Set CM range invite timeout.
406 CHAPTER 18: CONFIGURING CABLE MODEM TERMINATION SYSTEMS Enable Zero Power Adjustment If enabled, the power adjustment field in the range response message is unconditionally set to 0. Useful for debugging. By default, Enable Zero Power Adjustment is disabled. You enable or disable zero power adjustment on an upstream channel by performing the following tasks. . Task Command 1. Enable interface cable mode. interface cable 2. Enable or disable zero power adjustment.
Configuring Upstream Channels 407 Enable Zero Frequency Adjustment If enabled, the frequency adjustment item in range response message is unconditionally set to 0. Useful for debugging. By default, Enable Zero Frequency Adjustment is disabled. Perform the following task within interface cable mode to enable or disable zero frequency adjustment on an upstream channel. Task Command 1. Enable interface cable mode. interface cable 2. Enable or disable zero frequency adjustment.
408 CHAPTER 18: CONFIGURING CABLE MODEM TERMINATION SYSTEMS Configuring Admission Control The admission control function allocates HFC interface bandwidth to service flows, and prevents admission of flows when bandwidth is unavailable. The admission control function sets aside bandwidth for unsolicited grant service (UGS) service flows and UGS with activity detection (UGS/AD) service flows, which are used to transmit voice traffic. By default, admission control is disabled on an interface.
Configuring Admission Control To disable admission control on a cable interface, perform these tasks: Task Command 1. Access interface cable mode. interface cable 2. Disable admission control. admission-control disable 3. Verify that admission control is disabled.
410 CHAPTER 18: CONFIGURING CABLE MODEM TERMINATION SYSTEMS Example In this example, the administrator enables admission control on interface 1/1/1, and reserves a percentage of bandwidth on upstream 1. cli:192.168.208.3:root# interface 1/1/1 mode: interface:cable:csi(1/1/1) cli:192.168.208.3:interface:cable:csi(1/1/1)# admission-control enable CMTS Admission Control: Enable cli:192.168.208.3:interface:cable:csi(1/1/1)# show admission-control CMTS Admission Control: Enable cli:192.168.208.
Configuring Frequency Hopping 411 Configuring Frequency Hopping This section describes frequency hopping, and includes the following sections: ■ Understanding Frequency Hopping Configuration ■ Understanding Frequency Hopping Parameters ■ Frequency Hopping Statistics Understanding Frequency Hopping Configuration The ADC Policy-based Frequency Hopping function continuously monitors the quality of the upstream spectrum that is in use to avoid unacceptable error rates due to noise.
412 CHAPTER 18: CONFIGURING CABLE MODEM TERMINATION SYSTEMS Understanding Frequency Hopping Parameters Frequency Hopping parameters are set within interface:cable:csi mode. For each upstream channel you can configure up to five policies. Each of these policies consists of the following four parameters: Table 18-3 Frequency Hopping Parameters Parameter Description Threshold The percentage error threshold for this frequency hopping policy entry.
Configuring Frequency Hopping 413 To configure frequency hopping on an upstream channel, perform the following tasks in interface:cable:csi mode: Task Command 1. Setup a policy for an upstream spectrum-group <1...5> upstream channel. 2. Set the upstream burst profile number. spectrum-group upstream profile {0...255} 3. Set the percentage error threshold.
414 CHAPTER 18: CONFIGURING CABLE MODEM TERMINATION SYSTEMS Display All Policies on Single Upstream Channel You display all policies on a single upstream channel by performing the following tasks: Task Command 1. Enter interface cable mode. interface cable 2. Display the frequency hopping policy on an upstream channel. show spectrum-group upstream Example The following example displays all policies on upstream channel 1, and shows that there is only one policy configured.
Configuring Frequency Hopping 415 Display All Policies on All Upstream Channels You display all policies on all upstream channels by performing the following tasks: Task Command 1. Enter interface cable mode. interface cable 2. Display the frequency hopping policy on all upstream channels. show spectrum-group upstream Example cli:192.168.208.
416 CHAPTER 18: CONFIGURING CABLE MODEM TERMINATION SYSTEMS Frequency Hopping Statistics Frequency Hopping also provides statistics for you to monitor the condition of your plant. Within interface:cable:csi mode you may view these statistics. You can display statistics for all policies on a single channel or all channels: ■ Error Rate: The percentage of errors. ■ Error Count: The number of frames with errors. ■ Total Packets: The total number of frames received for each policy.
Configuring Frequency Hopping 417 Example This example displays statistics for all policies on all channels: cli:192.168.208.3:interface:cable:csi(1/1/1)# show spectrum-group stats upstream row count: 3 Rule Upstream Threshold Interval Freq (MHz) Profile Error Error Count Error Packet Number ID Num Rate Count ------ -------- --------- -------- ---------- ------- ----- ----------- -----------1 1 1 10 5.0 1 0 0 1 2 1 5 10 21.0 1 0 0 0 2 2 5 10 21.0 1 0 0 0 cli:192.168.208.
418 CHAPTER 18: CONFIGURING CABLE MODEM TERMINATION SYSTEMS Defining Modulation Profiles Modulation profiles contain the profile properties of the CMTS upstream data stream channels. The CMTS supports two profiles for the four upstream channels. Each profile consists of a burst descriptor for the following Interval Usage Codes: ■ Request: Interval when a request on bandwidth can be sent by the modem.
Defining Modulation Profiles 419 Mod qpsk The Mod qpsk parameter is the modulation type for an upstream channel. Acceptable values are QPSK and QAM16. You set the modulation type by performing the following tasks: . Task Command 1. Enter cable interface mode. interface cable 2. Configure the modulation type. modulation-profile interval-usage {initial | long | request | short | station} mod {qam16 | qpsk} Pre-len Preamble pattern length.
420 CHAPTER 18: CONFIGURING CABLE MODEM TERMINATION SYSTEMS Burst-len The Burst-len parameter is the maximum number of mini-slots that can be transmitted during a channel's burst time. A value of zero is transmitted if the burst length is bounded by the allocation MAP rather than this profile. By default, Max Burst Size is set to 0 for all interval usage codes. You set the maximum burst size by performing the following tasks: . Task Command 1. Enter cable interface mode. interface cable 2.
Defining Modulation Profiles 421 Task Command 3. Disable the differential encoding. modulation-profile interval-usage {initial | long | request | short | station} no-diff FEC-tbytes The Fec-tbytes parameter is the number of errored bytes that can be corrected in forward error correction code. By default, FEC-tbypes is set at zero. The value of zero indicates no correction is employed. Acceptable values are 0 to 10.
422 CHAPTER 18: CONFIGURING CABLE MODEM TERMINATION SYSTEMS Fec-len The Fec-len parameter is the number of data bytes (k) in the forward error correction codeword. Acceptable values are 1 to 255. Note that this parameter is not used if FEC-tbytes is zero. You set the codeword length by performing the following tasks: . Task Command 1. Enter cable interface mode. interface cable 2. Configure the codeword length.
Defining Modulation Profiles 423 Shortened The Shortened parameter enables the truncation of FEC codeword. You specify whether to keep the codeword fixed or enable truncation of the FEC codeword by performing the following tasks: . Task Command 1. Enter cable interface mode. interface cable 2. Configure codeword length.
424 CHAPTER 18: CONFIGURING CABLE MODEM TERMINATION SYSTEMS Example — Creating a Modulation Profile The following example configures configures profile properties for all Usage Codes to create modulation-profile 3 on interface 1/1/1.
Defining Modulation Profiles cli# cli# cli# cli# modulation-profile modulation-profile modulation-profile modulation-profile 3 3 3 3 interval-usage interval-usage interval-usage interval-usage short short short short cli# cli# cli# cli# cli# cli# cli# cli# cli# modulation-profile modulation-profile modulation-profile modulation-profile modulation-profile modulation-profile modulation-profile modulation-profile modulation-profile 3 3 3 3 3 3 3 3 3 interval-usage interval-usage interval-usage interva
426 CHAPTER 18: CONFIGURING CABLE MODEM TERMINATION SYSTEMS Task Command 3. Enter this command within root mode or cable interface configuration mode to display a specific modulation profile on the specified cable interface. show interface cable modulation-profile [] 4. Enter this command within cable interface configuration mode to display a specific modulation profile on the current cable interface. show modulation-profile [] Example cli:172.16.19.
Defining Modulation Profiles 427 Deleting Modulation Profiles You delete a modulation profile from a cable interface by performing the following tasks . Task Command 1. Enter cable interface mode. interface cable 2. Delete the specified modulation profile. no modulation-profile The following example deletes modulation profile 3 from interface 1/1/1: cli:172.16.19.
428 CHAPTER 18: CONFIGURING CABLE MODEM TERMINATION SYSTEMS Configuring CMTS Privacy Parameters You can configure BPI and BPI+ privacy parameters on a cable interface. Information on configuring both CMTS and cable modem privacy parameters can be found in “Configuring BPI and BPI+ Parameters” onpage 453. Configuring Flap Control Flap Control configuration sets the control of the flap list by configuring the size and entry thresholds, as described in the following sections.
Configuring Flap Control 429 Flap-list aging The Flap-list aging parameter sets the number of days to age the cable modem from the flap list table. Setting the aging threshold to zero results in modems never being aged from the table. By default, flap-list aging threshold is set at 60 days. Acceptable values are 1 to 60 days. You configure the flap list aging threshold by performing the following tasks: . Task Command 1. Enter cable interface mode. interface cable 2. Set aging threshold.
430 CHAPTER 18: CONFIGURING CABLE MODEM TERMINATION SYSTEMS Flap-list power-adj-threshold The Flap-list power-adj-threshold parameter records a flap list event. When the power adjustment of a modem exceeds the threshold, the modem is placed in the flap list. Setting this parameter to zero results in modems never being inserted in the flap list table due to power adjustments. By default, the flap-list power-adj-threshold parameter is set at 3. Acceptable values are 1 to 10 dBmv.
19 MANAGING CABLE MODEMS This chapter provides information on managing cable modems. Managing cable modems consists of the tasks listed below. These tasks do not need to be performed in specific order.
432 CHAPTER 19: MANAGING CABLE MODEMS Viewing Cable Modems Viewing cable modems consists of the following cable modem displays; all are entered using CLI commands. ■ Displaying the Summary ■ Displaying Detailed Listing ■ Displaying a Specific Modem ■ Displaying Cable Modem Statistics Displaying the Summary of Cable Modem Registration States You can display a summary of cable modems and their corresponding registration states. To do so, perform the following tasks: Task Command 1.
Viewing Cable Modems 433 Example The following example displays the results of the show modem summary command. Refer to the next section, Displaying Detailed Listing, for explanations of the modem states. cli:172.16.19.10:interface:cable:csi(1/1/1)# show modem summary row count: 13 Modem Status Summary Modem State -------------------DhcpReqRcvd Registered TimeReqRcvd -------------------Total Ch1 -----0 6 1 -----7 Ch2 -----1 4 1 -----6 Ch3 -----0 0 0 -----0 cli:172.16.19.
434 CHAPTER 19: MANAGING CABLE MODEMS Displaying a Detailed Listing for an Interface You can display a list of cable modems attached to a specific cable interface and their associated status. To do so, perform the following tasks: Task Command 1. Enter this command from within root mode or interface mode to display all cable modems on a specific interface. show interface cable modem 2. Enter this command from within cable interface mode to display all cable modems on the current interface.
Viewing Cable Modems 435 The display includes the following parameter information: Table 19-1 Cable Modem Display Parameters Parameter Description MAC Address The RF MAC address of this cable modem. IP Address The IP address assigned to this cable modem by DHCP. SID The service ID assigned to this cable modem. CID DOCSIS 1.0 class of service ID. CPE The number of CPE devices attached to this cable modem. D:U Downstream and Upstream channel IDs.
436 CHAPTER 19: MANAGING CABLE MODEMS Timing Timing Offset. A measure of the current round-trip time for this cable modem. Timing Offset is used for timing cable modem upstream transmissions to ensure synchronized arrivals at the CMTS. Units are in terms of (6.25 microseconds/64). A value of zero is returned if the time is unknown. Modem State Current cable modem connectivity state specified in the DOCSIS 1.0 and 1.1 RF Interface Specifications.
Viewing Cable Modems Modem State (continued) 437 TftpReqRcvd: The CMTS has received a TFTP Request from the cable modem. Registered: The cable modem is registered, without Baseline Privacy. RegNoNetAccess: The cable modem is registered, but Network Access is disabled. RegBpiKek: The cable modem is registered, with Baseline Privacy enable. A Key Encryption Key has been assigned. RegBpiTek: The DOCSIS 1.1 cable modem is registered, with Baseline Privacy enabled. A Traffic Encryption Key has been assigned.
438 CHAPTER 19: MANAGING CABLE MODEMS Displaying Specific Cable Modems You can display selected modems by MAC address. To do so, perform the following tasks: Task Command 1. Enter this command within root show interface cable modem mode or interface mode to display a modem for a specified interface. 2. Enter this command within interface mode to display a specified modem connected to the current cable interface. show modem Example cli:192.168.208.
Viewing Cable Modems 439 Displaying Cable Modem Statistics To display cable modem statistics, perform the following tasks: Task Command 1. Enter this command from within root mode or cable interface mode to display statistics for cable modems attached to the specified interface. show interface cable modem stats 2. Enter this command within cable interface mode to display statistics for cable modems attached to the current cable interface.
440 CHAPTER 19: MANAGING CABLE MODEMS Example The following example shows the results of the show modem stats command. cli:192.168.208.3:interface:cable:csi(1/1/1)# show modem stats row count: 12 MAC Address IP Address Vendor Pkts NonErr CorrErr UnCorr Name ----------------- --------------- ------- ---- --------- --------- ------00:90:96:00:29:71 201.1.1.102 ASKEY 22 638 0 0 COMPUTE 00:90:96:00:29:6d 201.1.1.103 ASKEY 22 638 0 0 COMPUTE 00:10:95:01:f0:05 201.1.1.
Tracking Offline Cable Modems 441 Tracking Offline Cable Modems You can control how long the CMTS tracks offline cable modems, and manage cable modem statistics when a cable modem transitions out of the offline state. Tracking offline cable modems involves: ■ Specifying the number of days that you want the CMTS to track offline cable modems. ■ Specifying whether you want the CMTS to maintain cable modem statistics when the cable modem transitions out of offline state. ■ Managing offline cable modems.
442 CHAPTER 19: MANAGING CABLE MODEMS Maintaining Statistics for Offline Cable Modems To specify whether you want the CMTS to maintain the statistics when a cable modem transitions out of the offline state, perform the following tasks: Task Command 1. Enter cable interface mode. interface cable 2. Specify that you want the CMTS to maintain cm-offline persist the statistics. 3. Specify that you do not want the CMTS to maintain the statistics.
Resetting Cable Modems 443 Resetting Cable Modems The Cuda lets you reset a single modem or multiple modems attached to the same cable interface. You can specify the modem that you want to reset in terms of its IP address, MAC address, or Service Identifier (SID). Use the cm reset command within interface cable mode to reset cable modems.
444 CHAPTER 19: MANAGING CABLE MODEMS Resetting Multiple Modems To reset multiple modems with common MAC address hexadecimal values, perform the following task within interface cable mode. Task Command Reset multiple modems with common hexidecimal values. cm reset match The hex values that you want to match entered with “ff” values specified as wildcards.
Resetting Cable Modems 445 Example The following example displays the modems attached to cable interface 1/1/1. The administrator uses the match argument to reset all modems with the vendor ID: 00:90:96.
446 CHAPTER 19: MANAGING CABLE MODEMS Resetting All Modems on a Network To reset all modems attached to a selected network, perform the following task within the interface cable mode. Task Command Reset all modems on a network. cm reset match The IP address that you want to match entered with a “255” wildcard mask. For example, if you want to reset all cable modems attached to subnet 189.23.3.x, enter the following command: cm reset 189.23.3.
Changing Upstream Channels 447 Changing Upstream Channels You can change the upstream channel that a cable modem is using by changing the upstream channel ID for the specified modem. To change the upstream channel, perform the following task in interface cable mode. Task Command Modify the upstream channel ID for a select modem.
448 CHAPTER 19: MANAGING CABLE MODEMS Example cli:192.168.208.3:interface:cable:csi(1/1/1)# show modem row count: 12 MAC Address IP Address SID CID ----------------00:90:96:00:29:71 00:90:96:00:29:6d 00:10:95:01:f0:05 00:10:95:04:0a:c3 00:10:95:04:0a:b7 00:90:96:00:39:7f 00:90:96:00:39:f9 00:10:95:04:0a:c4 00:10:95:01:ef:d8 00:90:83:36:82:f1 00:90:83:36:82:ee 00:90:83:32:9f:8c --------------- ---- ---201.1.1.102 1 1 201.1.1.103 2 1 201.1.1.100 3 1 0.0.0.0 4 0 201.1.1.101 5 1 201.1.1.107 6 1 201.1.1.
Viewing Services 449 Viewing Services Services are assigned when the cable modems are provisioned. The CMTS dynamically assigns a Service ID number to the cable modem. A cable modem keeps the same Service ID for as long as it continues to range and is registered with the CMTS. For example, if a cable modem is reset or goes through a power cycle, CMTS reassigns the next available Service ID number to the cable modem the next time it ranges and registers.
450 CHAPTER 19: MANAGING CABLE MODEMS Example cli:192.168.208.
Viewing Services 451 To view statistics for each service identifier, perform the following task in interface cable mode. Task Command View SID statistics. show interface cable sid stats Example The following example displays the results of the show sid stats command. cli:172.16.19.
452 CHAPTER 19: MANAGING CABLE MODEMS The SID statistics display includes the following parameter information: Table 19-3 SID Statistics Parameter Description SID The Service Id number assigned dynamically to the cable modem by the CMTS. In Pkts The number of packets received by this cable modem. In Disc The aggregate number of discard packets received.
Configuring BPI and BPI+ Parameters 453 Configuring BPI and BPI+ Parameters Configuring BPI and BPI+ includes the following tasks: ■ Configuring Authorization and Traffic Encryption Keys. This task applies to both BPI and BPI+. ■ Configuring Trust and Validity for Manufacturer Certificates. This task applies to BPI+ only. ■ Configuring IP Multicast Address Mapping. This task applies to BPI+ only. ■ Viewing privacy keys. This task applies to both BPI and BPI+.
454 CHAPTER 19: MANAGING CABLE MODEMS During the CMTS registration process, the CMTS assigns one or more static Service Identifiers (SIDs) to the registering cable modem that matches the cable modems class-of-service provisioning. The first static SID that the CMTS assigns is the primary SID and serves as the cable modem’s primary Security Association Identifier (SAID). If the cable modem is configured to operate BPI+, the cable modem’s BPI+ security functions initialize.
Configuring BPI and BPI+ Parameters 455 Configuring Authorization and Traffic Encryption Keys You can configure and display lifetime in seconds for all new authorization and Traffic Encryption Keys (TEK), as well as for existing authorization and TEKs for a specified interface or a specified cable modem. Note that this task applies to both BPI and BPI+.
456 CHAPTER 19: MANAGING CABLE MODEMS Parameter Description stats Displays the statistics of the BPI+ configuration. tek-lifetime Specifies the allowable value range for the TEK lifetime. Values range from 1 to 6048000 seconds. 40-bit-des Configures the interface for 40-bit baseline privacy encryption. 56-bit-des Configures the interface for 56-bit baseline privacy encryption.
Configuring BPI and BPI+ Parameters 457 Task Command 6. Display the current BPI and BPI+ base configuration, for all interfaces or for a specified interface. show [interface cable ] privacy base 7. Display the authorization key show [interface cable ] privacy configuration and statistics for all auth [] {stats | error} interfaces, a specified interface, or a specified cable modem. 8.
458 CHAPTER 19: MANAGING CABLE MODEMS Configuring Trust and Validity for Manufacturer Certificates A Certificate Authority (CA) is a self-signed certificate containing the DOCSIS CA’s trusted public key. The manufacturer issues an X.509 certificate that binds the cable modem public key to other identifying information. BPI+ uses the X.509 digital certificate to authenticate key exchanges between the cable modem and CMTS.
Configuring BPI and BPI+ Parameters 459 Parameter Description filename The CM Configuration file name associated to the certificate. These certificates reside in the following directory in Linux on the Cuda 12000: /bas/data/certification chained Specifies that the certificate’s level of trust is chained. In order for a chained certificate to be valid, it must meet several criteria, such as: ■ ■ ■ root The certificate is linked to a Root, Trusted, or Valid certificate.
460 CHAPTER 19: MANAGING CABLE MODEMS You use the following commands to configure and display trust and validity for certificates. Note that all of these commands are issued from within interface cable mode, except for privacy ca-cert and privacy cm-cert. These two commands can be issued from within either interface cable mode or root mode. Task Command 1. Set the trust for all new self-assigned manufacturer certificates. privacy base cert-trust {trusted | untrusted}. 2.
Configuring BPI and BPI+ Parameters 461 Configuring IP Multicast Address Mapping You can configure and display an IP multicast address mapping entry, and set the associated multicast SAID authorization for each cable modem on each CMTS MAC interface.
462 CHAPTER 19: MANAGING CABLE MODEMS Parameter Description sa-type Specifies one of the following security association types: ■ ■ ■ ■ encrypt-alg none – Specifies no security association. primary – Specifies Primary Security Association, which is tied to a single cable modem, and is established when that cable modem completes DOCSIS MAC registration. static – Specifies a Static Security Association, which is provisioned within the CMTS.
Configuring BPI and BPI+ Parameters 463 You use the following commands within interface cable mode to configure and display IP multicast address mapping entries: Task Command 1. Set the IP multicast address mapping entry and its mask for the associated SAID. privacy multicast ip said sa-type {dynamic | none | primary | static} encrypt-alg {des40cbcMode | des56cbcMode | none} authent-alg none 2.
464 CHAPTER 19: MANAGING CABLE MODEMS Viewing Privacy Keys To display privacy key (that is, TEK) information, perform the following task within interface:cable:csi mode: Task Command Display privacy key information. show [interface cable ] privacy tek [said] [stats] When issued without the optional said and stats arguments, the display includes the following parameter information: Table 19-7 Privacy Parameters Parameter Description SAID The security association ID.
Configuring BPI and BPI+ Parameters Sequence Number 465 Displays the authorization sequence number assigned to the key. When issued with the said argument, the display shows the same information, but for the specified SAID only. When issued with the stats argument, the display shows the following statistics: Table 19-8 Privacy Statistics Statistic Description SAID The security association ID. Requests The number of privacy key requests received by the CMTS.
466 CHAPTER 19: MANAGING CABLE MODEMS Managing Flap Lists The flap list monitors the cable modems that have connectivity problems. Flapping refers to the rapid disconnecting and reconnecting of a cable modem experiencing problems holding a connection. The function of the flap list includes: ■ Maintaining entries for cable modems that completed registration and subsequently reset. ■ Logging the time of the most recent activity of the cable modem by MAC address.
Managing Flap Lists 467 Example The following example displays the flap list for cable interface 1/1/1: cli:172.16.19.
468 CHAPTER 19: MANAGING CABLE MODEMS Remove Time The last date and time that this cable modem reset. Hit Count The number of times the modem responds to MAC layer keep alive messages. It can indicate intermittent upstream, laser clipping, or common-path distortion. Miss Count Specifies the number of times the cable modem misses the MAC layer keep alive messages. It can indicate intermittent upstream, laser clipping, or common-path distortion. ADC Telecommunications, Inc.
Managing Flap Lists 469 Clearing the Flap List To delete all entries in the flap list table on a specific cable interface, perform the following task within interface cable mode. Task Command Clear the flap list. flap-list clear Example cli:172.16.19.
470 CHAPTER 19: MANAGING CABLE MODEMS Managing Quality of Service Quality of Service (QoS) defines the transmission ordering and scheduling on the Radio Frequency (RF) Interface. To provide for upstream traffic through the cable modem, DOCSIS 1.1 QoS classifies packets traversing the RF MAC interface into a Service Flow. To provide for upstream traffic through the cable modem terminating systems (CMTS), DOCSIS 1.1 QoS classifies packets prior to traversing the RF MAC interface into a Service Flow.
Managing Quality of Service 471 Service Flows A Service Flow is a QoS protocol mechanism that serves as a MAC-layer transport service and provides a unidirectional flow of packets transmitted either upstream by the cable modem or downstream by the CMTS. A Service Flow is characterized by a Service Flow ID (SFID), the service ID (SID) and a set of QoS parameters. A SID refers only to packets transmitted upstream.
472 CHAPTER 19: MANAGING CABLE MODEMS You define Service Flows when you provision cable modems. For information about provisioning cable modems, refer to the Fast Flow Broadband Provisioning Manager Guide, or the guide for your third-party provisioning vendor. You can view summaries of DOCSIS 1.1 QoS Parameters for Service Flows. The following tables describe parameters, tasks and commands for viewing Service Flow Summaries, upstream Service Flows and Service Flow Parameter Sets.
Managing Quality of Service 473 Table 19-12 Parameters Contained in Upstream Service Flows Display Parameter Description SID The Service ID for the upstream Service Flow. Fragments The number of fragmentation headers the upstream Service Flow received, regardless if the fragment was correctly re-assembled into a valid packet. Discarded Fragments The number of upstream fragments the flow discards and does not assemble into a valid upstream packet.
474 CHAPTER 19: MANAGING CABLE MODEMS Parameter Description Max Traffic Rate (bits/sec) Maximum sustained traffic rate, in bits/sec, allowed for this Service Flow. A value of zero indicates no maximum traffic rate is being enforced. This parameter applies to both upstream and downstream Service Flows. Max Traffic burst (bytes) Token bucket size, in bytes, for this parameter set. The max traffic burst size and the maximum traffic rate determine the maximum sustained traffic rate.
Managing Quality of Service 475 Parameter Description Scheduling Type Upstream scheduling service for an upstream Service Flow. For downstream Service Flows, the value of this parameter is “undefined.” Nominal Polling Interval (usecs) Nominal interval, in microseconds, between successive unicast request opportunities on only an upstream Service Flow. This value is zero if this parameter does not apply to the scheduling type of the QoS parameter set or if the value is unknown.
476 CHAPTER 19: MANAGING CABLE MODEMS Parameter Description Grants Per Interval Number of data grants per nominal grant interval, on only an upstream flow. Grants Per Interval does not apply to downstream flows. TOS AND Mask Specifies the AND mask for IP TOS byte overwrite, on only an upstream flow. TOS AND Mask does not apply to downstream flows. TOS OR Mask Specifies the OR mask for IP TOS byte overwrite, on only an upstream flow. TOS OR Mask does not apply to downstream flows.
Managing Quality of Service 477 Viewing Service Flows Perform the following tasks within interface:cable:csi mode to view Service Flow summaries, upstream Service Flows and Service Flow parameter sets. Views may be defined for all Service Flows, for a specified Service Flow and for a specified cable modem: Task Command 1. View a summary of all Service Flows or a specified SFID. show modem [] service-flow [] 2. View a summary of an upstream Service Flow.
478 CHAPTER 19: MANAGING CABLE MODEMS Example 1 The following example displays all Service Flows for a specified cable modem: interface:cable:csi(1/1/1)# show modem 00:90:83:36:82:f1 service-flow Cable Modem: 00:90:83:36:82:f1 row count: 2 Service Flow ID -------21 22 Direction Primary Time Created Class Name Scheduling Type ---------- --------- -------------- ---------- ----------downstream True 01-07-02 16:03 undefined upstream True 01-07-02 16:03 best effort Example 2 The following example display
Managing Quality of Service 479 Example 3 The following example displays an Admitted parameter set for a specified Service flow: interface:cable:csi(1/1/1)# show modem 00:90:83:36:82:EE service-flow 26 parameter-set 2 Cable Modem: 00:90:83:36:82:EE SFID 26 Param Type admitted Service Class Name Priority 0 Max Traffic Rate 0 (bits/sec) Max Traffic Burst 1522 (bytes) Min Reserved Rate 0 (bits/sec) Min Reserved Packet 64 (bytes) Active Timeout 0 (secs) Admitted Timeout 200 (secs) Max Concat Burst 0 (bytes) S
480 CHAPTER 19: MANAGING CABLE MODEMS unsolicitGrantSize nomGrantInterval tolGrantJitter grantsPerInterval tosOverwrite maxLatency off off off off off off Classifiers This section describes Classifiers and explains the process for viewing Classifiers. A Classifier is a QoS protocol mechanism that contains a set of matching criteria that applies to each downstream and upstream packet entering the cable network. Downstream Classifiers apply to packets that the CMTS is transmitting.
Managing Quality of Service 481 The following table describes the parameters contained in viewing Service Flow Classifiers: Table 19-14 Parameters Contained in Viewing Service Flow Classifiers Parameter Description SFID The Service Flow Identifier. CID Unique identifier for the packet classifier that the CMTS assigns. Direction Indicates the direction for the classifier. Priority Indicates the order of evaluation for the classifiers. The higher the value, the higher the priority.
482 CHAPTER 19: MANAGING CABLE MODEMS Parameter Description IP Protocol Indicates the value of the IP protocol field necessary for IP packets to match this rule. A value of 256 matches traffic with any IP protocol value. A value of 257 matches both TCP and UDP. If the referenced parameter is not present in the classifier, the value is 258. IP Src Addr Indicates the value of the IP source address necessary for packets to match this rule.
Managing Quality of Service 483 Parameter Description IP Dest Port End Specifies the low end inclusive range of TCP/UDP destination port numbers to which a packet compares. Dest MAC Addr Indicates the destination MAC address. An Ethernet packet matches an entry when the destination MAC address equals the destination MAC mask. Dest MAC Mask Indicates the destination MAC mask. An Ethernet packet matches an entry when the destination MAC address equals the value of the destination MAC mask.
484 CHAPTER 19: MANAGING CABLE MODEMS Parameter Description Enet Protocol Indicates the packet class Ethernet protocol. The options are: none Parameter is ignored when considering whether a packet matches the current rule. ethertype Indicates the 16-bit value of the Ethertype that the packet must match to match the rule. dsap Lower 8-bits of the value must match the DSAP byte of the packet to match the rule.
Managing Quality of Service 485 Parameter Description State Indicates whether or not the classifier is currently classifying packets to a Service Flow. The options are: active or inactive. Packets Indicates the number of packets that have been classified. Bit Map Indicates what parameter encoding were actually present in the DOCSIS packet classifier encoding in the DOCSIS message that created the classifier.
486 CHAPTER 19: MANAGING CABLE MODEMS Service Flow Logs This section describes Service Flow Logs and the process for viewing and clearing logs. Service Flow logs contain historical information about Service Flows that are no longer in use. The following table describes the parameters contained in viewing Service Flow Logs: Table 19-15 Parameters for Viewing Service Flow Logs Parameter Description Index SFID The unique index number generated for the log.
Managing Quality of Service 487 Viewing and Clearing Service Flow Logs Perform the following tasks within interface:cable:csi mode to view and clear Service Flow logs. NOTE: Service Flow logs are not indexed by SFID. You may choose to view and clear Service Flow logs for all Service Flows, by cable modem or by the index number of the log. Task Command 1. View Service Flow logs for all Service Flows. show modem service-flow log 2.
488 CHAPTER 19: MANAGING CABLE MODEMS Example 1 The following example displays Service Flow logs for all Service Flows: show modem service-flow log row count: 4 Index SFID ----- -------1045 21 1046 22 1047 23 1048 24 CM MAC Address Packets Time Deleted Time Created Time Active ----------------- --------- -------------- -------------- ----------ec:5b:20:00:00:ee 6 01-06-30 19:14 01-07-02 16:03 44:49:32 ec:5b:20:00:00:ee 254 01-06-30 19:14 01-07-02 16:03 44:49:32 ec:5b:20:00:00:ee 7 01-06-29 17:09 01-07-01
Managing Quality of Service 489 Dynamic Service This section describes Dynamic Service and explains the process for viewing Dynamic Service Flow Statistics. In addition to Service Flow creation at the time the cable modem registers, Dynamic Service creates Service Flows that are defined by the cable modem (CM) or the CMTS.
490 CHAPTER 19: MANAGING CABLE MODEMS Parameter Description DSD Requests The number of dynamic service delete requests. DSD Responses The number of dynamic service delete responses. Dynamic Adds The number of successful dynamic service addition transactions. Dynamic Add Fails The number of failed dynamic service addition transactions. Dynamic Changes The number of successful dynamic service change transactions. Dynamic Change Fails The number of failed dynamic service change transactions.
Managing Quality of Service 491 Parameter Description DCCs The number of successful dynamic channel change transactions. This value is only non-zero for the downstream. DCC Fails The number of failed dynamic service change transactions. The value is only non-zero for the downstream. DCC Acks The number of dynamic channel change acknowledgment messages traversing an interface. This value is only non-zero for the downstream.
492 CHAPTER 19: MANAGING CABLE MODEMS Example The following example displays Dynamic Service Flow Statistics: cli:show dynamic-service-stats Direction DSA Requests DSA Responses DSA Acks DSC Requests DSC Responses DSC Acks DSD Requests DSD Responses Dynamic Adds Dynamic Add Fails Dynamic Changes Dynamic Change Fails Dynamic Deletes Dynamic Delete Fails DCC Requests DCC Responses DCC Acks DCCs DCC Fails Direction DSA Requests DSA Responses DSA Acks DSC Requests DSC Responses DSC Acks DSD Requests DSD Respo
20 SUBSCRIBER MANAGEMENT Through Subscriber Management, the Cuda 12000 provides added security for your cable network against: ■ Malicious tampering with the cable modem software ■ Unwanted traffic from entering the cable network To achieve added security, the Cuda 12000 provides protocol filtering to and from the cable modem, and limits the number of IP addresses available to Customer Premise Equipment (CPE) devices.
494 CHAPTER 20: SUBSCRIBER MANAGEMENT About Subscriber Management Filtering Subscriber Management filtering on the Cuda 12000 works as follows: 1. You configure groups of Subscriber Management IP packet filters. These filter groups provide the source-matching criteria for upstream and downstream traffic for cable modems and CPE devices. These filter groups are used across the Cuda 12000 and are persisted on the Route Server. 2.
About CPE Control 495 About CPE Control In addition to providing added security through filtering, Subscriber Management provides added security by limiting the number of IP addresses available to CPE devices, which minimizes the risk of malicious tampering against your cable network. Subscriber Management allows a maximum of 16 IP addresses available to CPE devices. Once the limit that you configure is met, packets from additional IP addresses are dropped.
496 CHAPTER 20: SUBSCRIBER MANAGEMENT Configuring Filter Groups Configuring filter groups on the Cuda 12000 involves defining the right source matching criteria. You can configure up to 60 global filter groups. Each filter group may contain up to 40 matching criteria rules (filters).
Configuring Filter Groups 497 Table 20-1 Subscriber Management Global Filtering Parameters Parameter Description Group number Group number specifies the ID of the filter group to which you want the filter to belong. Allowable group number values range from 1 to 60. A value of 0 means that no filtering is performed. Filter number Filter number specifies the index number for the filter within the group. Allowable values range from 1 to 40.
498 CHAPTER 20: SUBSCRIBER MANAGEMENT Parameter Description Protocol The protocol that the filter attempts to match. Specify one of the following protocols: TCP, UDP, Any, and Number. ■ ■ You may obtain protocol numbers from the Internet Assigned Numbers Authority (IANA) at www.iana.org. You may specify a protocol number from 0 to 256. Note that specifying 256 is the same as specifying “Any.
Configuring Filter Groups 499 Parameter Description TCP Flag Optional. The value of the TCP flags. The following is a list of the TCP flag options. Leaving this field blank indicates a null value (no flags). ■ ■ ■ ■ ■ ■ urgent: The TCP segment is marked urgent. ack: The acknowledgement number field in the TCP field segment is significant. push: The TCP software must push all the data sent, so far, through the connection to the receiving application. reset: The connection is reset.
500 CHAPTER 20: SUBSCRIBER MANAGEMENT The source matching criteria that you define for the global filter group is used across the Cuda 12000 and is persisted on the Route Server. To configure matching criteria for global filter groups, perform the following tasks: Task Command 1. Enter root mode. root 2. Create a Subscriber cm-filter Management filter group. {deny | permit} prot {any | tcp | udp | } 3. Specify the source IP address and mask.
Configuring Filter Groups 501 Example The following example displays global Subscriber Management filter group 2 and index 1, which is configured to deny packets, to filter TCP packets and to use a destination IP and mask address of 144.133.1.1 255.255.255.0: cli:192.168.208.3:root# cm-filter 2 1 deny prot tcp dest 144.133.1.1 255.255.255.0 cli:192.168.208.3:root# show cm-filter 2 1 Group 2 Index 1 Src Address 0.0.0.0 Src Mask 0.0.0.0 Dest Address 144.133.1.1 Dest Mask 255.255.255.
502 CHAPTER 20: SUBSCRIBER MANAGEMENT Viewing Filter Groups You can view a particular global Subscriber Management filter group or view all filter groups on the cable network. To view Subscriber Management filters, perform the following tasks: Task Command 1. View all the Subscriber Management filter groups on the cable network. show cm-filter 2. View a particular Subscriber Management filter.
Deleting Filter Groups and Filters 503 Deleting Filter Groups and Filters You can delete a particular Subscriber Management filter group or a filter within the group. To delete Subscriber Management filter groups and filters, perform the following tasks: Task Command 1. Delete a Subscriber Management filter group. no cm-filter 2. Delete a particular Subscriber no cm-filter group.
504 CHAPTER 20: SUBSCRIBER MANAGEMENT Modifying Existing Filter Groups You may replace the source matching criteria for an existing filter group. To do so, perform the same tasks as listed on page 500. For example: 1. Enter root mode. 2. Issue the show cm-filter command to identify the filter group you want to modify. 3. Perform Task 2 on page 500. 4. Complete Tasks 3 through 8 on page 500 by specifying the new source matching criteria to replace the existing criteria for the filter group.
Assigning Default Filter Groups 505 Assigning Default Filter Groups Default filter groups are used by cable modems and CPE devices on all cable interfaces, for upstream and downstream traffic. You assign four default Subscriber Management filter groups: ■ One upstream and one downstream default filter group for cable modems. ■ One upstream and one downstream default filter group for CPE devices.
506 CHAPTER 20: SUBSCRIBER MANAGEMENT To assign default Subscriber Management filter groups, perform the following tasks: Task Command 1. From any mode, assign a filter cm-filter-default cpe downstream group to CPE devices for downstream traffic. 2. From any mode, assign a filter cm-filter-default cpe upstream group to CPE devices for upstream traffic. 3. From any mode, assign a filter cm-filter-default cm downstream group to cable modems for downstream traffic. 4.
Modifying Filter Groups Per Cable Modem 507 Modifying Filter Groups Per Cable Modem The Cuda 12000 allows the network administrator to temporarily modify the matching criteria of a default filter group on a per cable modem basis. A default filter group is modified when the network administrator feels it is necessary to use different matching criteria for a particular cable modem or CPE device.
508 CHAPTER 20: SUBSCRIBER MANAGEMENT Parameter Description SID A session identifier that detects whether the packet refers to a cable modem or CPE device. ■ ■ For upstream packets, the SID is identified in the “parm2” field of the packet structure. For downstream packets, an ARP lookup is performed to determine for which cable modem the packet is destined. To modify default Subscriber Management filter groups, perform the following tasks.
Modifying Filter Groups Per Cable Modem 509 Example In this example, the administrator enters interface mode for a cable interface. Then, the administrator assigns a filter group with a group number of 10 to filter upstream and downstream traffic for a cable modem with an SID of 12. cli:192.168.208.3:root# interface 1/1/1 mode: interface:cable:csi(1/1/1) cli:192.168.208.
510 CHAPTER 20: SUBSCRIBER MANAGEMENT Viewing Filter Group Assignments You can view the Subscriber Management filter groups currently assigned to a particular cable modem and associated CPE devices. To view filter group assignments, perform the following tasks: Task Command 1. Enter cable interface mode. interface:cable:csi 2. Display filter group assignments show modem cm-filter for all cable modems (and associated CPE devices). 3.
Viewing Filter Group Assignments 511 Example The following example displays filter group assignments for: ■ All cable modems and associated CPE devices ■ A specific cable modem and associated CPE devices cli:192.168.208.3:root# interface 1/1/1 mode: interface:cable:csi(1/1/1) cli:192.168.208.3:interface:cable:csi(1/1/1)# show modem cm-filter row count: 12 MAC Address IP Address CPE DS Filter Group ----------------- --------------- ---------00:90:96:00:29:71 201.1.1.102 0 00:90:96:00:29:6d 201.1.1.
512 CHAPTER 20: SUBSCRIBER MANAGEMENT Configuring CPE Control Parameters In addition to providing added security through filtering, Subscriber Management provides added security by limiting the number of IP addresses available to CPE devices, which minimizes the risk of malicious tampering against your cable network. Subscriber Management allows a maximum of 16 IP addresses available to CPE devices. Once the limit that you configure is met, packets from additional IP addresses are dropped.
Configuring CPE Control Parameters To set chassis-wide Subscriber Management defaults for CPE devices, perform the following tasks: Task Command 1. Enter cable interface mode. interface cable 2. From any mode, specify that no cpe-control active you do not want to disable Subscriber Management on all cable interfaces on the chassis. 3. From any mode, specify that cpe-control active you want to enable Subscriber Management on all cable interfaces on the chassis. 4.
514 CHAPTER 20: SUBSCRIBER MANAGEMENT Example In this example, Subscriber Management of CPE devices is enabled, the maximum number of IP addresses available to CPE devices per cable modem is set to 10, and the ability of the CMTS to learn CPE IP addresses is enabled. cli:192.168.208.3:root# cli:192.168.208.3:root# cli:192.168.208.3:root# cli:192.168.208.
Modifying CPE Control Parameters Per Cable Modem 515 Modifying CPE Control Parameters Per Cable Modem The Cuda 12000 allows the network administrator to modify Subscriber Management CPE control per cable modem. Modifications on a per-cablemodem basis are not persisted on the Route Server, and are sent in the form of SNMP sets directly to the cable modem. The next time the cable modem re-initializes, the changes are wiped out and the cable modem uses the default CPE control settings.
516 CHAPTER 20: SUBSCRIBER MANAGEMENT To modify Subscriber Management CPE control per cable modem, perform the following tasks. Note that you use the show modem command to determine the IP address, MAC address and service ID of the cable modem: Task Command 1. Enter cable interface mode. interface cable 2. Specify that you want to use cm modify active Subscriber Management for { | | } CPE devices that use the cable modem to access the network. 3.
Modifying CPE Control Parameters Per Cable Modem 517 Example In this example, the administrator restricts CPE devices that use a specific cable modem (201.1.1.101) to access the network to five IP addresses. cli:192.168.208.3:root# interface 1/1/1 mode: interface:cable:csi(1/1/1) cli:192.168.208.
518 CHAPTER 20: SUBSCRIBER MANAGEMENT Viewing CPE Control Parameters and CPE Devices You can view CPE control parameters and CPE devices. Viewing CPE Control Parameters To view CPE control parameters, perform the following tasks: Task Command 1. From any mode, view default CPE control parameters. show cpe-control 2. From interface:cable:csi show modem cpe-control mode, view CPE control parameters for all cable modems using the interface. 3.
Viewing CPE Control Parameters and CPE Devices 519 Example In this example, the administrator displays default CPE control parameters and then displays CPE control parameters for all cable modems on a specific interface. cli:192.168.208.3:root# show cpe-control MAX IP 16 Active True Learnable True cli:192.168.208.3:root# interface 1/1/1 mode: interface:cable:csi(1/1/1) cli:192.168.208.
520 CHAPTER 20: SUBSCRIBER MANAGEMENT Viewing CPE Devices You can view CPE devices associated with all cable modems on an interface or a specific cable modem. To view CPE devices, perform the following tasks: To view CPE devices, perform the following tasks: Task Command 1. Enter interface cable mode. interface 2. View CPE devices associated with all cable modems. show modem cpe-hosts 3. View CPE devices associated with a specific cable modem.
21 MIB BROWSING The Cuda 12000 supports MIB browsing of cable modems and embedded Multimedia Terminal Adapters (MTAs). This chapter provides information on how to browse cable modem and MTA MIBs, and the MIB objects that are returned. The cable modem and MTA MIB tables are in compliance with DOCSIS Operations Support System Interface Specification SP-OSSIv1.
522 CHAPTER 21: MIB BROWSING Cable Modem MIBs The following is a list and description of the cable modem MIB tables that are supported by the Cuda 12000: Table 21-1 Cable Modem MIB Tables MIB Table Description docsIfCmMacTable Describes the attributes of each cable modem MAC interface. docsIfCmServiceTable Describes the attributes of each upstream service queue. docsIfCmStatusTable Maintains status objects and counters for cable modems.
Cable Modem MIBs 523 MIB Table Description subset of ifTable & ifXTable Provides status information and statistics on interface activity. docsDevBaseGroup, docsDevSoftwareGroup, docsDevServerGroup Provides objects needed for cable device system management.
524 CHAPTER 21: MIB BROWSING MTA MIBs The following is a list and description of the MTA MIB tables that are supported by the Cuda 12000: Table 21-2 MTA MIB Tables MIB Table Description pktcMtaDevBase Provide general information regarding the MTA device for the particular interface. pktcMtaDevServer Provides the information that the MTA device uses to initialize when it boots up. pktcMtaDevSecurity Provides the public key certificates and other security-related information for the MTA device.
Browsing Cable Modem and MTA Status 525 Browsing Cable Modem and MTA Status The Cuda 12000 supports the retrieval and display of status information that is maintained by individual cable modems and MTAs connected to the HFC network. This information is useful when you have to monitor the network and troubleshoot network problems. To retrieve and display this status information: 1.
526 CHAPTER 21: MIB BROWSING Command MIB Table or Group show modem cm bpi-plus base BPI Plus Base (docsBpi2CmBaseTable). Refer to Table 21-13 on page 540. show modem cm bpi-plus tek BPI Plus TEK (docsBPI2CmTEKTable). Refer to Table 21-14 on page 545. show modem cm system System (systemGroupTable). Refer to Table 21-15 on page 547. show modem cm device Device (docsDevBase, docsDevSoftware, docsDevServer). Refer to Table 21-16 on page 547.
Browsing Cable Modem and MTA Status 527 For example, to display cable modem device status, you would issue the following command: cli:192.168.208.3:interface:cable:csi(1/1/1)# show modem 00:90:83:57:52:5b cm downstream S l o t 1 MAC Address 00:90:83:57:52:5b IP Address 172.30.1.
528 CHAPTER 21: MIB BROWSING Cable Modem and MTA Command Output Descriptions Table 21-4 docsIfCmMacTable Parameters CLI Output Description docsIfCmCmtsAddress MAC address of the CMTS that is believed to control this MAC domain. At the cable modem, this the source address from the SYNC, MAP, and other MAC-layer messages. If the CMTS is unknown, this value is 00-00-00-00-00-00. docsIfCmCapabilites Capabilities of the MAC implementation at this interface.
Cable Modem and MTA Command Output Descriptions CLI Output 529 Description docsIfCmServiceRqExceededs Number of requests for bandwidth that failed due to excessive retries without acknowledgement. Table 21-6 docsIfCmStatusTable Parameters CLI Output Description docsIfCmServiceStatusValue Current cable modem connectivity state. docsIfCmServiceStatusCode Status code for this cable modem.
530 CHAPTER 21: MIB BROWSING Table 21-7 docsIfDownstreamChannelTable CLI Output Description docsIfDownChannelID CMTS identification of the downstream channel within this particular MAC interface. If the interface is down, the most current value displays. If the channel ID is unknown, a value of zero displays. docsIfDownChannelFrequency Center of the downstream frequency, in hertz, associated with this channel. This object returns the current tuner frequency.
Cable Modem and MTA Command Output Descriptions 531 Table 21-8 docsIfUpstreamChannelTable Parameters CLI Output Description docsIfUpChannelId CMTS identification of the upstream channel within this particular MAC interface. If the interface is down, the most current value displays. If the channel ID is unknown, a value of zero displays. docsIfUpChannelFrequency Center of the downstream frequency, in hertz, associated with this channel.
532 CHAPTER 21: MIB BROWSING CLI Output Description docsIfUpChannelTxBackoffEnd Final random backoff window to use when retrying transmissions. Expressed as a power of 2. For example, a value of 16 at the CMTS indicates that a proprietary adaptive retry mechanism is to be used. Table 21-9 docsIfSignalQualityTable CLI Output Description docsIfSigQIncludes Contention Indicates the signal includes contention. The options are: True CMTS includes contention intervals. A value of 1 indicates True.
Cable Modem and MTA Command Output Descriptions 533 Table 21-10 docsIfQosProfileTable Parameters CLI Output Description docsIfQosProfPriority Relative priority assigned to this service when allocating bandwidth. Zero indicates lowest priority, and seven indicates the highest priority. docsIfQosProfMaxUpBandwidth Maximum upstream bandwidth, in bps, the service allows with this service class.
534 CHAPTER 21: MIB BROWSING Table 21-11 docsBpiCmBaseTable Parameters CLI Output Description docsBpiCmPrivacyEnable Indicates if the cable modem is provisioned to run Baseline Privacy. docsBpiCmPublicKey Indicates the DER-encoded RSA public key corresponding to the public key of the cable modem. docsBpiCmAuthState State of the cable modem authorization Finite State Machine (FSM). The options are: Start FSM is in its initial state.
Cable Modem and MTA Command Output Descriptions CLI Output 535 Description Auth Reject Wait The cable modem received an Authorization Reject message in response to its last Authorization Request. The Authorization Reject’s error code indicated that the error was not of a permanent nature. In response to receiving this reject message, the cable modem set a timer and transitioned to the Authorized Reject Wait state. The cable modem remains in this state until the timer expires.
536 CHAPTER 21: MIB BROWSING CLI Output Description docsBpiCmOpWaitTimeout Operational wait timeout, in seconds. This value cannot change while the authorization state machine is operating. docsBpiCmRekeyWaitTimeout Rekey wait timeout, in seconds. This value cannot change while the authorization state machine is operating. docsBpiCmAuthRejectWaitTimeout Authorization reject wait timeout, in seconds. This value cannot change while the authorization state machine is operating.
Cable Modem and MTA Command Output Descriptions 537 CLI Output Description docsBpiCmAuthInvalidErrorCode Enumerated description of the error code in the most recent authorization invalid message that the cable modem receives. none No authorization invalid messages have been received since reboot. unknown Last error code value was zero. unauthorized cm The cable modem received an Authorization Invalid message from the CMTS with an error code of 1 (unauthorized cable modem).
538 CHAPTER 21: MIB BROWSING Table 21-12 docsBpiCmTEKTable Parameters CLI Output Description docsBpiCmTEKPrivacyEnable Identifies if this SID is provisioned to run Baseline Privacy. docsBpiCmTEKState State of the indicated TEK FSM. The options are: ■ Start ■ OPWait ■ OpReauthWait ■ Operational ■ Rekey Wait ■ Rekey Reauth Wait docsBpiCmTEKExpiresOld Actual clock time for expiration of the immediate predecessor of the most recent TEK for this FSM.
Cable Modem and MTA Command Output Descriptions CLI Output 539 Description docsBpiCmTEKKeyRejectErro Display string in the most recent key reject rCode message received by the cable modem. This displays a zero length string if no key reject message has been received since reboot. docsBpiCmTEKKeyRejectErro Display string in most recent key reject message rString received by the cable modem.
540 CHAPTER 21: MIB BROWSING Table 21-13 docsBpi2CmBaseTable Parameters CLI Output Description docsBpi2CmPrivacyEnable Indicates if the cable modem is provisioned to run Baseline Privacy Plus. docsBpi2CmPublicKey Indicates the DER-encoded RSAPublicKey ASN.1 type string, as defined in the RSA Encryption Standard (PKCS #1) [10], corresponding to the public key of the cable modem.
Cable Modem and MTA Command Output Descriptions CLI Output 541 Description Auth Reject Wait The cable modem received an Authorization Reject message in response to its last Authorization Request. The Authorization Reject’s error code indicated that the error was not of a permanent nature. In response to receiving this reject message, the cable modem set a timer and transitioned to the Authorized Reject Wait state. The cable modem remains in this state until the timer expires.
542 CHAPTER 21: MIB BROWSING CLI Output Description docsBpi2CmTEKGraceTime TEK Grace Time in seconds before TEK expires. docsBpi2CmAuthWaitTimeout Retransmission interval, in seconds, of Authorization Request messages from the Authorize Wait state. docsBpi2CmReauthWaitTimeout Retransmission interval, in seconds, of Authorization Request messages from the Authorize Wait state. docsBpi2CmOpWaitTimeout Retransmission interval, in seconds, of Key Requests from the Operational Wait state.
Cable Modem and MTA Command Output Descriptions CLI Output 543 Description unauthorized cm The cable modem received an Authorization Reject in response to an Authorization Request with an error code of 1 (unauthorized cable modem). unauthorized SAID The cable modem received an Authorization Reject in response to an Authorization Request with an error code of 2 (unauthorized SAID).
544 CHAPTER 21: MIB BROWSING CLI Output Description unauthorized cm The cable modem received an Authorization Invalid message from the CMTS with an error code of 1 (unauthorized cable modem). This indicates that the CMTS and cable modem have lost authorization key synchronization. unsolicited Unsolicited. invalidkey sequence Invalid key sequence number. keyRequest Authentication Failure Message (key request) authentication failure.
Cable Modem and MTA Command Output Descriptions 545 Table 21-14 docsBpi2CmTEKTable CLI Output Description docsBpi2CmTEKSAType Type of security association. The options are: docsBpi2CmTEKData EncryptAlg ■ none ■ primary ■ static ■ dynamic Data encryption algorithm being used. The options are: ■ none ■ des56cbcmode ■ des40cbcmode docsBpi2CmTEKData AuthentAlg Data authentication algorithm being used. docsBpi2CmTEKState State of the indicated TEK FSM.
546 CHAPTER 21: MIB BROWSING CLI Output Description docsBpi2CmTEKKey Sequence Number Most recent TEK key sequence number for this TEK FSM. docsBpi2CmTEKExpiresOld Actual clock time for expiration of the immediate predecessor of the most recent TEK for this FSM. docsBpi2CmTEKExpiresNew Actual clock time for expiration of the most recent TEK for this FSM. docsBpi2CmTEKKeyRequest Number of times the cable modem transmits a s key request message.
Cable Modem and MTA Command Output Descriptions 547 CLI Output Description docsBpi2CmTEKInvalidError String Display string in the most recent TEK invalid message received by the cable modem. If no TEK invalid message has been received since reboot, this value displays as a zero length string. Table 21-15 systemGroup Parameters CLI Output Description Descriptor Provides a textual description of the cable modem vendor. Contact A contact person for the network. Name The name of the network device.
548 CHAPTER 21: MIB BROWSING CLI Output Description Upgrade FromMgt Device will initiate a TFTP software image download. After successfully receiving an image, the device will set its state to IgnoreProvisioningUpgrade and reboot. If the download process is interrupted by a reset or power failure, the device will load the previous image and, after re-initialization, continue to attempt loading the image.
Cable Modem and MTA Command Output Descriptions CLI Output 549 Description WaitingFor Tftp A request to the TFTP parameter server has been made and no response has been received. RefusedBy Cmts The Registration Request/Response exchange with the CMTS failed. Forwarding Denied The registration process completed, but the network access option in the received configuration file prohibits forwarding. Other State other than the ones described above. Unknown Unknown state.
550 CHAPTER 21: MIB BROWSING Table 21-17 docsDevEvControlTable Parameters (Configuration) . CLI Output Description Syslog Server IP address of the Syslog server. If the value is 0.0.0.0, the syslog transmission is inhibited. Threshold Number of trap/syslog events per Throttle Interval to transmit before throttling. Interval (seconds) Interval over which the trap threshold applies. At initial startup, this value is one.
Cable Modem and MTA Command Output Descriptions 551 Table 21-18 docsDevEventTable Parameters CLI Output Description First Time Creation time for the entry. Last Time If multiple events are reported through the same entry, the time that the last event for this entry occurred. Counts Number of consecutive event instances reported by this entry. Level Priority level for this event, as defined by the vendor. These are ordered from most serious (emergency) to least serious (debug).
552 CHAPTER 21: MIB BROWSING Table 21-19 docsDevEvControlTable Parameters (Control) CLI Output Description Priority The priority level of the particular event that occurred for the particular cable modem. Priority levels are ordered from the most serious to the least serious. The priority levels are: Action ■ emergency ■ alert ■ critical ■ error ■ warning ■ notice ■ information ■ debug Determines how the event notification is sent.
Cable Modem and MTA Command Output Descriptions 553 Table 21-20 ifTable and IfXTable Parameters and Statistics CLI Output Description Description Identifies the interface. Type Type of interface. Admin Status Desired state of the interface. When the CMTS initalizes, all interfaces are down. You must either manually or configure the interfaces to be in a testing state or be up. Oper Status Current operational state of the interface.
554 CHAPTER 21: MIB BROWSING CLI Output Description Out Unicast Packets Total number of packets that higher level protocols requested be transmitted and were not addressed to a multicast or broadcast address at this sub layer, including those that were discarded or not sent. Out Multicast Packets Total number of packets that higher level protocols request be transmitted and were addressed to a multicast address at this sub layer.
Cable Modem and MTA Command Output Descriptions 555 Table 21-21 pktcMtaDevBaseTable Parameters CLI Output Description Serial Number Manufacturer’s serial number for this MTA. Hardware Version Manufacturer’s hardware version for this MTA. MAC Address Telephony MAC address for this addrss Fully Qualified Domain Name Fully qualified domain name for this MTA. End Points Physical end points for this MTA. Voice Enabled MTA admininistrive status for this device.
556 CHAPTER 21: MIB BROWSING Table 21-22 pktcMtaDevServerTable Parameters CLI Output Description Boot State The state of the server. The options are: ■ ■ ■ ■ ■ ■ Operational: Device is done loading and processing configuration parameters, and the CMTS has completed the registration exchange. Disabled: Device was administratively disabled, possibly by being refused network access in the configuration file. waiting for Dhcp Offer: DHCP discover has been transmitted and no offer has been received.
Cable Modem and MTA Command Output Descriptions 557 Table 21-23 pktcSigEndPntConfigTable Parameters y CLI Output Description Call Agent ID The call agent name. The call agent name can be a FQDN or an IP address. Call Agent UDP Port The call agent UDP port for this instance of call signalling. Table 21-24 pktcSigDevCodecTable Parameters . CLI Output Description Index Index for this codec.
558 CHAPTER 21: MIB BROWSING Table 21-25 MTA Service-level Configuration Parameters CLI Output Description Echo Cancellation Displays whether echoes are cancelled (True or False). True indicates that echo cancellation is in use. False indicates that echo cancellation is not in use. Silence Suppression Displays whether silence is suppressed in the send direction (True or False). True indicates that silence suppression is enabled. False indicates that silence suppression is disabled.
Cable Modem and MTA Command Output Descriptions 559 CLI Output Description TOS Format Selector Displays one of the following formats for the default call signalling and media stream TOS values: ■ ■ Cuda 12000 IP Access Switch CLI-based Administration Guide dscpCodepoint – Specifies that the TOS field is treated as a Differentiated Service Code Point (DSCP).
560 CHAPTER 21: MIB BROWSING ADC Telecommunications, Inc.
A COMMAND SUMMARY This chapter provides a summary of all Cuda 12000 CLI-based administration commands categorized by primary function. Note that the no and show forms of the commands are not included.
562 APPENDIX A: COMMAND SUMMARY Access Control Commands Table A-1 Access Control Commands Command Mode Description aaa authentication login default {local | tacacs+ | radius} root Enables RADIUS and TACACS+ access authentication.
Mode Commands 563 Mode Commands Table A-2 Mode Commands Command Mode Description interface Any Enters configuration mode for a selected interface. ip address interface Enters IP interface mode. prov-server Any Enters provisioning server mode. This command applies only if the FastFlow Broadband Provisioning Manager is installed on the Cuda 12000. root Any Enters root mode from within any mode.
564 APPENDIX A: COMMAND SUMMARY General Commands Table A-3 General Commands Command Mode Description help Any Shows all commands available in the current mode, and provides a brief description of each. Note that you can enter ? to see a list of available commands without their associated descriptions. set paging {on | off} Any Enables or disables the paging of display output. set prompt [mode] Any Sets the prompt mode.
IP Administration and Route Filtering Commands 565 IP Administration and Route Filtering Commands Table A-4 IP Administration and Route Filtering Commands Command Mode Description access-class {in | out} priority interface:cable:csi Applies filtering rules (access-lists) to interfaces.
566 APPENDIX A: COMMAND SUMMARY Command Mode Description filter-aging {in | out} {enable | disable | rate
IP Administration and Route Filtering Commands Command match {ip-address | neighbor |tag [exact | exclude]} Mode ■ ■ ■ ■ override {metric | tag ■ ■ ■ ■ 567 Description router:ospf:import router:ospf:export router:rip:import router:rip:export Creates match attributes for import and export filters.
568 APPENDIX A: COMMAND SUMMARY RIP Commands Table A-5 Routing Information Protocol (RIP) Commands Command Mode Description ip rip accept default-route interface::csi :ip-address Configures the interface to accept default routes advertised by neighbor routers. ip rip accept host-route interface::csi :ip-address Configures the interface to accept host routes advertised by neighbor routers.
RIP Commands 569 Command Mode Description ip rip send default-only interface::csi :ip-address Configures the interface to advertise only the Cuda 12000’s default route. ip rip send-version {1 | 2 |1 2| none} interface::csi :ip-address Configures the version of RIP the current IP interface uses to advertise routes. ip rip split-horizon interface::csi :ip-address Configures the interface to implement split horizon.
570 APPENDIX A: COMMAND SUMMARY OSPF Commands Table A-6 Open Shortest Path First (OSPF) Commands Command Mode Description asbr router:ospf Configures the system as an Autonomous System Border Router (ASBR). ip ospf area-id [{enable | disable}] interface::csi :ip-address Configures the Area ID for the current interface. The Area ID designates the OSPF area to which this IP interface belongs.
OSPF Commands 571 Command Mode Description ospf area [authentication {md5 | password}] [[stub [no-summary]] [default-cost ] [range [advertise-matching]] [{enable | disable}] router:ospf Creates an OSPF area which you can then apply to select interfaces using the ip ospf area-id command within interface::csi mode.
572 APPENDIX A: COMMAND SUMMARY DHCP Relay Commands Table A-7 DHCP Relay Commands Command Mode Description bootp-policy {deny mac [mask ]... | permit ... mac [mask ]... } [description ] interface:cable:csi Configures BOOTP policies on the current interface. dhcp-policy { | default} {deny | permit} { ...
Cable Interface Administration Commands 573 Cable Interface Administration Commands Table A-8 Cable Interface Administration Commands Command Mode Description admission-control {enable | disable} interface:cable:csi Enables and disables the admission control function. cm modify upstream { | | } interface:cable:csi Moves the specified cable modem to a new upstream port. Note that the new upstream port must be enabled before issuing this command.
574 APPENDIX A: COMMAND SUMMARY Command Mode Description flap-list insertion-time interface:cable:csi Sets the cable-flap list insertion time. When a cable modem makes an insertion request more frequently than the amount of insertion time defined by this command, the system adds the cable modem to the flap list for activity recording. flap-list power-adj-threshold interface:cable:csi Sets the flap list power-adjustment threshold.
Cable Interface Administration Commands 575 Command Mode Description qos permission modems interface:cable:csi Enables cable modem registration access to the QoS tables on the current cable interface. ranging-attempts interface:cable:csi Maximum number of ignored ranging invitations allowed by this cable interface. shared-secret [ascii] interface:cable:csi Use this command to configure cable modem authentication by defining the CMTS shared secret.
576 APPENDIX A: COMMAND SUMMARY Command Mode Description upstream power-level interface:cable:csi Sets the receive power level for the upstream interface in Tenth dBmV. upstream range-backoff interface:cable:csi Sets the range backoff on the specified upstream ports.
Cable Modem and Subscriber Administration Commands 577 Cable Modem and Subscriber Administration Commands Table A-9 Cable Modem and Subscriber Administration Commands Command Mode Description clear service-flow log interface:cable:csi Clears Service Flow logs.
578 APPENDIX A: COMMAND SUMMARY Command Mode Description cm modify cm-downstream { | | } interface:cable:csi Assigns a downstream filter group to a cable modem. cm modify cm-upstream { | | } interface:cable:csi Assigns an upstream filter group to a cable modem.
Cable Modem and Subscriber Administration Commands 579 Command Mode Description privacy base cert-trust {trusted | untrusted} interface:cable:csi Sets the trust for all new self-assigned manufacturer certificates. privacy base enable-cert-validity-periods {true | false} interface:cable:csi Sets the certificates to have or not to have the validity period checked against the current time of day. privacy base tek-lifetime <0..
580 APPENDIX A: COMMAND SUMMARY Network-Layer Bridge Commands Table A-10 Network-Layer Bridge Commands Command Mode bridge-group ■ ■ bridge-interface bridge-timeout {aging } root interface:cable:csi interface:bridge-group ■ ■ interface:bridge-group interface:cable:csi Description Creates a network-layer bridge group. Network layer bridging is especially useful in spanning a single subnet across multiple modules.
Fault Management Commands 581 Fault Management Commands Table A-11 Fault Management Commands Command Mode Description alarm-throttle {alarms | interval | default} root Configures alarm threshold and delivery parameters.+ aux-device ac-monitor aux-device db15 alarm aux-device dc-monitor aux-device fan-rotation aux-device fan-temp aux-device ps-temp root Configures an external device (e.g., power supply and fan tray) for fault reporting.
582 APPENDIX A: COMMAND SUMMARY Chassis Commands Table A-12 Chassis Commands Command Mode Description aux-device backplane-clock-a {bits-a | bits-b | internal | none | slot {enable | disable}} root Configures primary clock (A). aux-device-backplane-clock-b {bits-a | bits-b | internal | none | slot {enable | disable}} root Configures secondary clock (B).
Chassis Commands 583 Command Mode Description http-server {enable | disable} root Enables and disables the HTTP server on the chassis. lookup {enable | disable} root Enables the Jini lookup service on the chassis, which is required for chassis group support. reset [{hard | soft}] slot c/s Resets (reboots) the module that is installed in the selected slot. save slot Persists the configuration of a module in the current slot, or in all chassis slots.
584 APPENDIX A: COMMAND SUMMARY SNMP Commands Table A-13 SNMP Commands Command Mode Description snmp-server community [address [mask ]] [context ] [storage {volatile | nonvolatile | permanent | readonly}] root Creates an SNMP community. snmp-server contact root Specifies the SNMP contact for the network.
Packet Over SONET (POS) Commands Command Mode Description snmp-server view {included | excluded} [storage {volatile | nonvolatile | permanent | readonly}] [status {enable | disable}] root Creates an SNMP MIB view. 585 Packet Over SONET (POS) Commands Table A-14 POS Commands Command Mode Description clear counters interface:pos:csi Clears all counters on the current POS interface.
586 APPENDIX A: COMMAND SUMMARY Command Mode Description pos report sd-ber interface:pos:csi Configures the POS interface to report when the B2 signal degrades to meet or cross a specified Bit Error Rate (BER). pos report sf-ber interface:pos:csi Configures the POS interface to report a failure when the B2 signal degrades to meet or cross a specified Bit Error Rate (BER). pos report slof interface:pos:csi Configures the POS interface to report section loss of frame errors.
Packet Over SONET (POS) Commands 587 Command Mode Description ppp chap-password interface:pos:csi Configures the password with which the POS interface responds to Challenge Handshake Protocol (CHAP) challenges. ppp ipcp-report-address interface:pos:csi Configures the POS interface to respond with its IP address during Internet Protocol Control Protocol (IPCP) negotiations. Note that this is the default behavior. ppp negotiation-count <0...
588 APPENDIX A: COMMAND SUMMARY Ethernet Commands Table A-15 Ethernet Commands Command Mode Description duplex {auto | full | half} interface:ethernet:csi Sets duplex mode. negotiation auto interface:ethernet:csi Configures an Ethernet port to automatically negotiate duplex mode and speed. speed {auto | 10 | 100} interface:ethernet:csi Sets the speed on an Ethernet port. ADC Telecommunications, Inc.
B CONFIGURING EXTERNAL PROVISIONING SERVERS A DHCP server is required for cable modems, MTAs, and CPE devices to boot and receive their IP configuration information — such as IP address and host options. DHCP servers fall into two categories: ■ External — DHCP servers that reside on systems other than your local Cuda 12000 (that is, the Cuda 12000 that has the cable interface that you are configuring). DHCP messages are forwarded over the network to a remote, external DHCP server.
590 APPENDIX B: CONFIGURING EXTERNAL PROVISIONING SERVERS If you are not using the internal FastFlow BPM DHCP server and are instead using an external DHCP server, then you must point the DHCP relay agent on the CMTS DOCSIS/EuroDOCSIS module to the IP address of the external provisioning server. The following procedure steps you through the process of configuring the CMTS to use an external DHCP provisioning server.
591 Task Command 8. Verify the new DHCP server show dhcp-policy default configuration. Example The following example disables the Cuda 12000 internal FastFlow Broadband Provisioning Manager DHCP server and configures the cable interface to forward DHCP requests to an external DHCP server at 192.168.23.26. cli:192.168.208.3:interface:cable:csi(1/1/1)# prov-server mode: prov-server cli:192.168.208.3:prov-server# ps-config serverstate disable cli:192.168.208.
592 APPENDIX B: CONFIGURING EXTERNAL PROVISIONING SERVERS ADC Telecommunications, Inc.
C 16 QAM GLOSSARY Modulation mode used by the CMTS. QAM uses both amplitude and phase modulation to encode multiple bits of data in one signaling element, thus achieving higher data transfer rates than just amplitude or phase modulation alone. 16 QAM encodes four bits per symbol as one of sixteen possible amplitude and phase combinations. 16 QAM refers to the number of discrete phase/amplitude states that are used to represent data bits. 64 QAM A modulation mode used by the CMTS.
594 APPENDIX C: GLOSSARY American National Standards Institute (ANSI) The primary organization for fostering the development of technology standards in the United States. ARP See Address Resolution Protocol. Bandwidth Allocation Map The downstream MAC Management Message that the CMTS uses to allocate transmission opportunities to CMs. Baseline Privacy Interface Provides data privacy for DOCSIS 1.0 CMs and CMTS. BPI+, provides privacy for DOCSIS 1.1 CMs and CMTS. BDU See Bridge Protocol Data Unit.
595 Cable Modem Termination System - Network Side Interface (CMTS-NSI) The interface, defined in [DOCSIS3], between a CMTS and the equipment on its network side. Cable Modem to CPE Interface (CMCI) The interface, defined in [DOCSIS4], between a CM and CPE. Carrier Hum Modulation The peak-to-peak magnitude of the amplitude distortion relative to the RF carrier signal level due to the fundamental and low-order harmonics of the power-supply frequency.
596 APPENDIX C: GLOSSARY of its television program material from a Master Head-end in the same metropolitan or regional area. DNS See Domain Name System. DOCSIS Data Over Cable Service Interface Specification, developed by CableLabs. Defines interface standards for cable modems transmission and supporting equipment. Domain Name System (DNS) An on-line, distributed database used to map human-readable machine names into IP address for resolving machine names to IP addresses.
597 Feeder Cable Coaxial cables that run along streets within the served area and connect between the individual taps which serve the customer drops. Fiber Node The interface between a fiber trunk and the coaxial distribution. Fiber nodes are located in a subscribers neighborhood. File Transfer Protocol (FTP) A protocol that allows users to log into a remote system, identify themselves, list remote directories, and copy files to and from the remote machine. FTP understands a few basic file formats.
598 APPENDIX C: GLOSSARY Head-End The central location on the cable network that originates the broadcast video and other signals in the downstream direction. See also Master Head-end, Distribution Hub. Header Protocol control information located at the beginning of a protocol data unit. HF See High Frequency. HFC See Hybrid Fiber/Coaxial.
599 Incremental Related Carriers (IRC) A method of spacing NTSC television channels on a cable television system in which all channels except 5 and 6 correspond to the standard channel plan, used to reduce composite triple beat distortions. Information Element The fields that make up a MAP and define individual grants, deferred grants, etc. Ingress Noise A type of noise that is the major source of cable system noise.
600 APPENDIX C: GLOSSARY Internet Group Management Protocol (IGMP) A network-layer protocol for managing multicast groups on the Internet. IGMP establishes and maintains a database of group multicast addresses and the interfaces to which a multicast router must forward the multicast data packets. Internet Protocol (IP) The method or protocol by which data is sent from one computer to another on the Internet.
601 Layer A subdivision of the Open System Interconnection (OSI) architecture, constituted by subsystems of the same rank. LDAP See Lightweight Directory Access Protocol. Lightweight Directory Access Protocol (LDAP) A set of protocols for accessing information directories. LDAP is based on the standards contained within the X.500 standard, but is significantly simpler. And unlike X.500, LDAP supports TCP/IP, which is necessary for any type of Internet access to a directory server.
602 APPENDIX C: GLOSSARY procedures include framing, error protection, and acquiring the right to use the underlying transmission medium. Media Access Control (MAC) Sublayer The part of the data link layer that supports topology-dependent functions and uses the services of the Physical Layer to provide services to the logical link control (LLC) sublayer. MIB See Management Information Base.
603 National Cable Television Association (NCTA) A voluntary association of cable television operators which, among other things, provides guidance on measurements and objectives for cable television systems in the United States. National Television Systems Committee (NTSC) A committee which developed a set of standard protocol for television broadcast transmission and reception in the United States. NCTA See National Cable Television Association. NEBS See Network Equipment Building Systems.
604 APPENDIX C: GLOSSARY OSPF See Open Shortest Path First. Packet Identifier (PID) A unique integer value used to identify elementary streams of a program in a single- or multi-program MPEG-2 stream. PHY See Physical Layer. Physical (PHY) Layer Layer 1 in the Open System Interconnection (OSI) architecture. It provides services to transmit bits or groups of bits over a transmission link between open systems and which entails electrical, mechanical, and handshaking procedures.
605 Request For Comments (RFC) A technical policy document of the IETF; these documents can be accessed on the World Wide Web at http://ds.internic.net/ds/rfcindex.html. Return Loss The parameter describing the attenuation of a guided wave signal (e.g., via a coaxial cable) returned to a source by a device or medium resulting from reflections of the signal generated by the source. RF See Radio Frequency. RF DVT Radio Frequency Design Verification Test. RFC See Request For Comments.
606 APPENDIX C: GLOSSARY Subnet A network subdivided into networks or subnets. When subnetting is used, the host portion of the IP address is divided into a subnet number and a host number. Hosts and routers identify the bits used for the network and subnet number through the use of a subnet mask. Subnet Mask A bit mask that is logically ANDed with the destination IP address of an IP packet to determine the network address. A router routes packets using the network address.
607 Transmission Medium The material on which information signals may be carried; e.g., optical fiber, coaxial cable, and twisted-wirepairs. Transport Stream In MPEG-2, a packet-based method of multiplexing one or more digital video and audio streams having one or more independent time bases into a single stream.
608 APPENDIX C: GLOSSARY Very High Frequency (VHF) The range of the radio spectrum is the band extending from 30 MHz to 300 MHz. The wavelengths corresponding to these limit frequencies are 10 meters and 1 meter. VGA Video Graphics Array display system. VHF See Very High Frequency. ADC Telecommunications, Inc.
Index INDEX A access classes displaying 338 removing access lists 339 access lists applying to interfaces 336 creating 331 deleting 335 displaying 335 understanding 330 address resolution protocol (ARP) adding entries 286 clearing cache 289 configuring the timeout 288 deleting entries 287 displaying cache 285 IP address 284 MAC address 284 alarm signals blue alarm 157 clock 158 power alarm 158 power fault 158 powerA fail 158 powerB fail 158 red alarm 157 sys alarm 157 temp alarm 157 temp fault 158 yellow
610 INDEX modulation type 385 configuring MAC interface parameters hardware MAP timer 377 insertion interval 376 invited ranging attempts 376 periodic ranging timer 377 phase-locked loops (PLL) state 378 plant propagation delay 378 shared secret 374 sync interval 375 UCD interval 375 configuring upstream channel MAP initial maintenance region size 401 maximum deferred ranging invitations 402 minimum request region 403 UCD grant size 402 configuring upstream channel ranging cm range invite timeout 405 enab
Index global commands 42 IP interface 50 OSPF global configuration 51 physical interface 46 RIP configuration 54 root 44 slot 56 commands access control 562 cable interface administration 573 cable modem administration 577 cable modem configuration 577 chassis 582 DHCP server administration 580 DHCP subnet administration 580 general 564 IP administration and route filtering 565 mode 563 OSPF 570 Packet Over SONET (POS) 584 RIP 568 show mode 40 configuration example cable modem termination systems (CMTS) up
612 INDEX example 206 configuring the syslog server 205 displaying event transmission, reporting, and syslog parameters 216 example 217 displaying the event log 218 example 219 removing SNMP trap recipients commands 207 example 207 F fan tray alarms configuring assertion levels 150 fault reporting 153 fan unit assertion levels 152 fault management alarms out configuring 157 FEC 411 filtering IP packet filtering 496 subscriber management 496 flap control aging threshold 429 displaying information 430 inse
Index access classes displaying 338 removing access lists 339 access lists applying 336 creating IP access list 332 creating TCP access list 332 creating UDP access list 333 deleting 335 displaying 335 understanding 330 considerations 340 disable 329 enable 329 example 341 IP source routing about 321 next hop gateway 321 source IP address 321 configuring IP 322 example 325 J Jini lookup service 97 L loopback interface 272 M MAC address displaying specific modem 438 MAC interface displaying 370 MAC inter
614 INDEX network structure Packet Over SONET (POS) 116 SONET 117 network-layer bridging about 344 assigning IP addresses 351 bridge groups adding interfaces 349 creating 347 removing 350 creating 345 O open shortest path first (OSPF) configuring interfaces authentication 310 cost 308 dead-interval 308 hello interval 308 interface priority 309 retransmit interval 309 transit-delay 309 configuring IP adding areas 303 global parameters 301 interfaces 306 neighbor traps 318 removing areas 305 virtual interf
Index LCP 144 security 138 server-side security parameters 141 enabling NCP 146 LCP frame check sequence (FCS) size 144 initial maximum transmit/receive unit (MTU) 144 max negotiation attempts 145 parameters 144 time between negotiation attempts 145 policies frequency 412 interval 412 profile 412 power and fan tray alarms configuring assertion levels 150 fault reporting 153 fault reporting faulted 156 okay 156 power offset threshold upstream channel ranging 404 processing power 27 Q QAM 29 QoS 470 classif
616 INDEX commands 193 description 182 example 194 list of system events 183 parameters 187 SNMP groups commands 169 example 170 parameters 168 SNMP hosts example 194 SNMP network system identification commands 180 example 180 parameters 180 SNMP security models 162 SNMPv3 contexts commands 179 example 179 parameters 178 SNMPv3 users commands 176 example 177 parameters 175 software components 30 SONET 128 SONET line-layer information viewing 126 SONET path layer information viewing 127 SONET path layer st
Index cable modem termination systems (CMTS) 369 upstream parameters configuring channel status 392 channel width 393 frequency 393 modulation profile 396 ranging backoff start 397 receive power 395 slot size 394 tx backoff start 396 upstream statistics displaying 390 user manager about user manager 57 access privileges 58 access profiles 58 default accounts 59 see also managing user accounts 617
618 INDEX
