Manualshelf

Installation guide

ManualsBrandsCisco ManualsComputer equipmentUBR924 - uBR 924 Router
71727374757677787980
3-26
Cisco uBR7100 Series Universal Broadband Router Software Configuration Guide
OL-2238-03
Chapter 3 Configuring the Cisco Cable Interface
Enabling and Configuring Baseline Privacy
Enabling BPI
To enable BPI, choose software images at both the CMTS and CM that support the mode of operation.
For the Cisco uBR7100 series software, choose an image with “k1” in its file name or BPI in the
feature set description. For Cisco uBR924 cable access routers, all CM images from
Cisco IOS Release 12.0(5)T1 or later support this by default. For earlier Cisco IOS release CM images,
choose an image with “k1” in its file name or BPI in the feature set description.
Note For the CMTS, BPI is enabled by default when you select an image that supports BPI. For CMs, enable
BPI using the DOCSIS configuration file using the instructions that follow in this section.
When baseline privacy is enabled, the Cisco uBR7100 series router generates traffic encryption keys
(TEKs) for each applicable SID; 56-bit encryption/decryption is the default for Cisco uBR7100 series
equipment.
The router uses the keys to encrypt downstream data and decrypt upstream traffic from two-way
cable interfaces. The Cisco uBR7100 series router generates keys for unicast, broadcast, and multicast
operation as appropriate. Keys are refreshed periodically and have a default lifetime of 12 hours.
Configuring Baseline Privacy
Note Both the CMTS and the CM must support baseline privacy and have BPI enabled.
To configure baseline privacy (deviating from default values), follow procedures in this section:
“Configuring Key Encryption Key (KEK) Privacy” section on page 3-26
“Configuring Traffic Encryption Key (TEK) Privacy” section on page 3-27
Activating Baseline Privacy” section on page 3-27
Configuring Key Encryption Key (KEK) Privacy
A gracetime KEK can be set from 300 to 1800 seconds. A lifetime KEK can be set from 86400 to
6048000 seconds. If you do not set a KEK value, the default values are used.
To configure KEK data privacy on the HFC network, enter one of the following commands in cable
interface configuration mode.
Command Purpose
CMTS01(config-if)# cable privacy kek grace-time
seconds
or
CMTS01(config-if)# cable privacy kek life-time seconds
Set the cable privacy KEK gracetime in seconds. Valid
values are from 300 to 1800 seconds. Default = 600.
Set the cable privacy KEK lifetime in seconds. Valid
values are from 86400 to 6048000 seconds.
Default = 604800.