Event 10-Comply with Baseline Privacy

Event 9—Perform Registration

After the Cisco uBR924 is initialized, authenticated, and configured, it requests to be registered with the headend CMTS. The CMAC_LOG_COS_ASSIGNED_SID field assigns a class of service (CoS) number and a service ID (SID). Multiple CoS entries in the configuration file imply that multiple SIDs are supported by the cable access router. If several cable access routers use the same configuration file, they will have the same CoS numbers but will be assigned different SIDs.

508177.164 CMAC_LOG_STATE_CHANGE

508177.166 CMAC_LOG_LOADING_CONFIG_FILE 508178.280 CMAC_LOG_CONFIG_FILE_PROCESS_COMPLETE

configuration_file_state platinum.cm

Step 4—Interpret the MAC Log File and Take Action

Event 8—Transfer Operational Parameters

After the DHCP and security operations are successful, the Cisco uBR924 downloads operational parameters via a configuration file located on the cable company’s TFTP server. The CMAC_LOG_DHCP_CONFIG_FILE_NAME field shows the filename containing the transmission parameters.

A successful registration is indicated by the CMAC_LOG_REGISTRATION_OK field.

508178.300	CMAC_LOG_STATE_CHANGE	registration_state
508178.302	CMAC_LOG_REG_REQ_MSG_QUEUED
508178.306	CMAC_LOG_REG_REQ_TRANSMITTED
508178.310	CMAC_LOG_REG_RSP_MSG_RCVD
508178.312	CMAC_LOG_COS_ASSIGNED_SID	5/19
508178.314	CMAC_LOG_COS_ASSIGNED_SID	6/20
508178.316	CMAC_LOG_COS_ASSIGNED_SID	7/21
508178.318	CMAC_LOG_RNG_REQ_QUEUED	19
508178.320	CMAC_LOG_REGISTRATION_OK

Event 10—Comply with Baseline Privacy

Keys for baseline privacy are exchanged between the Cisco uBR924 and the headend CMTS. During this event, a link level encryption is performed so that a user’s data cannot be “sniffed” by anyone else who is on the cable network.

Following is a trace that shows baseline privacy enabled. The key management protocol is responsible for exchanging two types of keys: KEKs and TEKs. The KEK (key exchange key, also referred to as the authorization key) is used by the headend CMTS to encrypt the TEKs (traffic encryption keys) it sends to the Cisco uBR924. The TEKs are used to encrypt/decrypt the data. There is a TEK for each SID that is configured to use privacy.

851.088	CMAC_LOG_STATE_CHANGE	establish_privacy_state
851.094	CMAC_LOG_PRIVACY_FSM_STATE_CHANGE	machine: KEK, event/state:
EVENT_1_PROVISIONED/STATE_A_START, new state: STATE_B_AUTH_WAIT
851.102	CMAC_LOG_BPKM_REQ_TRANSMITTED
851.116	CMAC_LOG_BPKM_RSP_MSG_RCVD
851.120	CMAC_LOG_PRIVACY_FSM_STATE_CHANGE	machine: KEK, event/state:
EVENT_3_AUTH_REPLY/STATE_B_AUTH_WAIT, new state: STATE_C_AUTHORIZED
856.208	CMAC_LOG_PRIVACY_FSM_STATE_CHANGE	machine: TEK, event/state:
EVENT_2_AUTHORIZED/STATE_A_START, new state: STATE_B_OP_WAIT
856.220	CMAC_LOG_BPKM_REQ_TRANSMITTED
856.224	CMAC_LOG_BPKM_RSP_MSG_RCVD
856.230	CMAC_LOG_PRIVACY_FSM_STATE_CHANGE	machine: TEK, event/state:
EVENT_8_KEY_REPLY/STATE_B_OP_WAIT, new state: STATE_D_OPERATIONAL
856.326	CMAC_LOG_PRIVACY_INSTALLED_KEY_FOR_SID	2
856.330	CMAC_LOG_PRIVACY_ESTABLISHED

Note In order for baseline privacy to work, you must use a code image name on the Cisco uBR924 that contains the characters k1. In addition, baseline privacy must be supported on the headend CMTS, and it must be turned on in the configuration file that is downloaded to the Cisco uBR924.

Troubleshooting Tips for the Cisco uBR924 Cable Access Router 17

CMAC_LOG_STATE_CHANGE

CMAC_LOG_REG_REQ_MSG_QUEUED

CMAC_LOG_REG_REQ_TRANSMITTED

CMAC_LOG_REG_RSP_MSG_RCVD

CMAC_LOG_COS_ASSIGNED_SID

CMAC_LOG_COS_ASSIGNED_SID

CMAC_LOG_COS_ASSIGNED_SID

CMAC_LOG_RNG_REQ_QUEUED

CMAC_LOG_REGISTRATION_OK

Event 10—Comply with Baseline Privacy

CMAC_LOG_STATE_CHANGE

CMAC_LOG_PRIVACY_FSM_STATE_CHANGE

CMAC_LOG_BPKM_REQ_TRANSMITTED

CMAC_LOG_BPKM_RSP_MSG_RCVD

CMAC_LOG_PRIVACY_ESTABLISHED