Specifications
DOCSIS 1.1 for Cisco uBR905 and Cisco uBR925 Cable Access Routers and Cisco CVA122 Cable Voice Adapters
How to Configure DOCSIS 1.1 Support
22
Cisco IOS Release 12.2(15)CZ
Configuring the SNMPv3 Diffie-Hellman Kickstart Public Key
Before a DOCSIS 1.1 cable modem can initiate BPI+ encryption, it must be configured with a shared
public key that allows it to securely transfer the BPI+ encryption keys with the CMTS. Use the following
procedure to configure the Cisco uBR905, Cisco uBR925, or Cisco CVA122 with the required public
key.
The DOCSIS 1.1 specification refers to this procedure as SNMPv3 Diffie-Hellman Kickstart. This
procedure needs to be done only once, unless the public keys are changed on the CMTS, or the
Cisco uBR905, Cisco uBR925, or Cisco CVA122 is moved to a different CMTS that uses a different
public key.
Step 1 Use your SNMPv3 manager software to generate a 128-byte (1024-bit) public key for the CMTS.
Step 2 Add this public key to a DOCSIS configuration file along with the built-in DOCSIS operator
“docsisOperator” in the “SnmpV3 Kickstart Value” field (TLV 34). Put the “docsisOperator” value in
field 34.1 and the public key in field 34.2.
For example, if you are creating an ASCII file and using the Cisco DOCSIS Configurator tool to convert
it into the binary DOCSIS configuration file, you would specify lines such as the following:
34 (SNMPv3 Kickstart Values)
S01 (Kickstart Security Name) = docsisOperator
S02 (Kickstart Mgr Public Number) = b1 01 c2 0F F4 3C ... (exactly 128 hex bytes)
To enter this data directly into the Configurator tool, click on the SNMP tab and enter this data into the
first available row in the “SNMP V3 Kickstart Value” table. Figure 2 shows an example of this using
version 3.7 of the Cisco DOCSIS Configurator tool. Figure 3 shows an example of this using version 4.0
of the Cisco Broadband Configurator tool.