Installation guide

ManualsBrandsCisco ManualsComputer equipmentUBR924 - uBR 924 Router

121

122

123

124

125

126

127

128

129

130

4-14

Cisco uBR7100 Series Universal Broadband Router Software Configuration Guide

OL-2238-03

Chapter 4 Configuring Basic Broadband Internet Access

Baseline Privacy Interface

identifier (SID), and permits the cable modem to connect to the Cisco uBR7100 series router when

baseline privacy is activated. The TEK is assigned to a cable modem when its KEK has been established.

The TEK is used to encrypt data traffic between the cable modem and the Cisco uBR7100 series CMTS.

Keks and TEKs can be set to expire based on a gracetime or a lifetime value. A gracetime key is used to

assign a temporary key to a cable modem to access the network. A lifetime key is used to assign a more

permanent key to a cable modem. Each cable modem that has a lifetime key assigned will request a new

lifetime key from the Cisco uBR7100 series CMTS before the current one expires.

Tip Use the show cable modem command to identify a cable modem with encryption/decryption enabled.

The online(pk) output of this command reveals a cable modem that is registered with BPI enabled and a

KEK assigned. The online(pt)

output reveals a cable modem that is registered with BPI enabled and a

TEK assigned.

Commands that enable, disable, and configure BPI encryption/decryption include:

• cable privacy kek grace-time 800

• cable privacy kek life-time 750000

• cable privacy tek grace-time 800

• cable privacy tek life-time 56000

• cable privacy enable

• cable privacy mandatory

To change the Cisco uBR7100 series default of 56-bit encryption/decryption to 40-bit, use the “40 bit

des” option:

CMTS(config-if)# cable privacy ?

40-bit-des select 40 bit DES

^^^^^^^^^^

authenticate-modem turn on BPI modem authentication

authorize-multicast turn on BPI multicast authorization

kek KEK Key Parms

mandatory force privacy be mandatory

tek TEK Key Parms

Software then generates a 40-bit DES key, where the DES key that is generated and returned masks the

first 16-bits of the 56-bit key to zero in software. To return to 56-bit encryption/decryption after changing

to 40-bit, enter the no command in front of the “40 bit des” option.

Caution Cisco uBR7100 series telco return images that support BPI do not support encryption/decryption in the

telco return path.