Cisco Systems uBR7200 manual Configuring KEK Privacy, MC-562

Page 44

Configuring Headend Broadband Access Router Features

Configuring and Activating Baseline Privacy

A KEK is assigned to a cable modem based on the cable modem SID and permits the cable modem to connect to the Cisco uBR7200 series when baseline privacy is activated. The TEK is assigned to a cable modem when its KEK has been established. The TEK is used to encrypt data traffic between the cable modem and the Cisco uBR7200 series.

KEKs and TEKs can be set to expire based on a grace-time or a life-time value. A grace-time key is used to assign a temporary key to a cable modem to access the network. A life-time key is used to assign a more permanent key to a cable modem. Each cable modem that has a life-time key assigned will request a new life-time key from the Cisco uBR7200 series before the current one expires.

Note Baseline privacy is only supported in Cisco IOS software containing “-k1” in the filename. If you do not already have a baseline privacy software image, you must download the software from Cisco Connection Online (CCO).

Note Baseline privacy will not operate unless the cable modem configuration file specifies that privacy is on.

The configuration and activation of baseline privacy depends on each cable operator physical plant.

To configure and activate baseline privacy, perform the following tasks:

Configuring KEK Privacy

Configuring TEK Privacy

Activating Baseline Privacy

Configuring KEK Privacy

A grace-time KEK can be set from 300 to 1800 seconds. A life-time KEK can be set from 86,400 to 6,048,000 seconds. If you do not set a KEK value, the default values are used.

To configure KEK data privacy on the HFC network, use the following commands in cable interface configuration mode:

Command

Purpose

 

 

CMTS01(config-if)#cable privacy kek grace-time

Sets the cable privacy KEK grace time in seconds. Valid

seconds

values are from 300 to 1800 seconds. Default = 600.

or

or

 

CMTS01(config-if)#cable privacy kek life-time seconds

Sets the cable privacy KEK life time in seconds. Valid

 

 

values are from 86400 to 6048000 seconds.

 

Default = 604800.

 

 

Cisco IOS Multiservice Applications Configuration Guide

MC-562

Page 43 Page 45
Image 44
Page 43 Page 45
Contents Configuring Headend Broadband Access Router Features MC-519Headend Overview MC-520Topology of a Typical Broadband Network Voice over IP Services Telco Return MC-523MC-524 TODQoS Features Service Class ProfilesMultiple Service IDs MC-525MC-526 TAG/NetFlow SwitchingQoS Profile Enforcement MC-527 Tag SwitchingNetflow Switching Security Features Weighted Random Early DetectionWeighted Fair Queueing Committed Access Rate CARCable Modem and Multicast Authentication Using Radius Docsis Baseline PrivacyUpstream Address Verification MC-529Traffic Shaping Features Operations and Provisioning FeaturesDynamic Ranging MC-530Downstream Channel ID Configuration Burst Profile ConfigurationDownstream Frequency Override CPE LimitationSpectrum Management Headend Broadband Access Router Configuration Prerequisites MC-533Headend Broadband Access Router Configuration Tasks MC-534Configuring the Downstream Cable Interface CMTS01# configure terminalCMTS01config# interface cable 6/0 Activating the Downstream CarrierSetting the Downstream Center Frequency Troubleshooting TipsVerifying the Downstream Carrier MC-536MC-537 CMTS01config-if#cable downstream frequencyVerifying the Downstream Center Frequency Setting the Downstream Channel ID Setting the Downstream Mpeg Framing Format Annex BVerifying the Downstream Channel ID MC-538Setting the Downstream Modulation Verifying the Downstream Mpeg Framing FormatVerifying the Downstream Modulation MC-539Setting the Downstream Interleave Depth CMTS01config-if#cable downstream interleave-depthVerifying the Downstream Interleave Depth MC-540MC-541 Setting the Downstream Helper AddressVerifying the Downstream Helper Address Setting Downstream Rate Limiting MC-542MC-543 Configuring the Upstream Cable InterfaceVerifying Downstream Rate Limiting Setting the Upstream Frequency MC-544CMTS01# show controllers cable 6/0 u0 Verifying the Upstream FrequencyMC-545 Setting the Upstream Channel Width Verifying Upstream Channel WidthMC-546 Channel-width widthSetting the Upstream Input Power Level MC-547Verifying the Upstream Input Power Level Activating Upstream Admission ControlVerifying Upstream Admission Control MC-548Activating Upstream FEC MC-549Router# more systemrunning-config Specifying Upstream Minislot SizeVerifying Upstream FEC MC-550MC-551 Activating the Upstream ScramblerVerifying Upstream Minislot Size CMTS01config-if#cable upstream usport scrambler CMTS01# more systemrunning-configVerifying the Upstream Scrambler MC-552Activating Upstream Differential Encoding Activating Upstream Rate LimitingVerifying Upstream Differential Encoding MC-553MC-554 CMTS01config-if#no cable upstream usport rate-limitVerifying Upstream Rate Limiting MC-555 Activating Upstream Frequency AdjustmentFrequency-adjust averaging percentage MC-556 Activating Upstream Power AdjustmentVerifying Upstream Frequency Adjustment Activating Upstream Timing Adjustment Verifying Upstream Power AdjustmentMC-557 Continue secondsMC-558 Verifying Upstream Timing AdjustmentActivating the Upstream Ports MC-559 Setting Upstream Backoff ValuesVerifying the Upstream Ports CMTS01config-if#cable upstream usport range MC-560Data-backoff start end Data-backoff automaticMC-561 Configuring and Activating Baseline PrivacyVerifying Upstream Data Backoff Automatic MC-562 Configuring KEK PrivacyCMTS01config-if#cable privacy kek grace-time Configuring TEK Privacy Verifying KEK PrivacyVerifying TEK Privacy MC-563Configuring and Activating Frequency Agility Activating Baseline PrivacyVerifying Baseline Privacy MC-564Combiner Groups MC-565Frequency Management Policy MC-566Determining the Upstream Ports Assigned to a Combiner Group MC-567Configuring and Activating Spectrum Groups Creating Spectrum GroupsVerifying Spectrum Groups MC-568Command Purpose MC-569MC-570 MC-571 Verifying Spectrum Group ConfigurationVerifying Frequency Hopping Configuring Spectrum Group Characteristics MC-572Verifying Spectrum Group Characteristics CMTS01config# cable spectrum-group groupnum hopMC-573 Threshold percentActivating IP Address Resolution Protocol Assigning the Spectrum Group and the Upstream PortsActivating Cable ARP Requests Verifying Spectrum Group and Upstream Port AssignmentsMC-575 Activating Host-to-Host Communication Proxy ARPVerifying ARP Requests Configuring Dhcp Options Activating Cable Proxy ARP RequestsActivating Cable Relay Agent Verifying Cable Proxy ARP RequestsMC-577 Activating Dhcp giaddrVerifying Dhcp giaddr Activation Setting Service Options Setting Optional IP ParametersConfiguring ToD Service Verifying ToD ServiceActivating IP Multicast Echo Activating IP Broadcast EchoVerifying IP Multicast Echo MC-579Configuring Cable Profiles Configuring Cable Modulation ProfilesVerifying IP Broadcast Echo MC-580Number profile MC-581MC-582 Configuring QoS ProfilesVerifying Cable Modulation Profiles Verifying QoS Profiles MC-583Setting QoS Permission Enforcing a QoS Profile AssignmentVerifying QoS Permission MC-584MC-585 Managing Cable Modems on the HFC NetworkVerifying a QoS Profile Assignment Configuring Sync Message Interval Configuring Telco ReturnActivating Cable Modem Authentication Verifying Sync Message IntervalMC-587 Verifying Cable Modem AuthenticationActivating Cable Modem Upstream Address Verification CMTS01config-if#cable source-verify dhcp Activating Cable Modem Insertion IntervalVerifying Cable Modem Upstream Address Verification MC-588MC-589 CMTS01config-if#cable insertion-interval automaticVerifying Cable Modem Insertion Interval MC-590 Configuring Cable Modem Registration TimeoutVerifying the Maximum Number of Hosts MC-591 Clearing and Resetting Cable ModemsVerifying Registration Timeout MC-592 Verifying Cable Modem Clearing and ResettingClearing Cable Modem Counters Using Ping Docsis Verifying that Cable Modem Counters are ClearedVerifying Ping Docsis MC-593Spectrum Management Configuration Example MC-594Virtual Private Network Configuration Example MC-595MC-596 Ip http server Ip http authentication local No cdp run MC-597VoIP Configuration Example MC-598MC-599 Ip subnet-zero No ip domain-lookupTelco Return Configuration Example MC-600Cable telco-return enable MC-601QoS Profile Enforcement Configuration Example Cable Modem all resetMC-602 Cable RegTroubleshooting Using Cable Flap Lists Setting Cable Flap List AgingCMTS01config# cable flap-list aging days MC-603Setting Cable Flap List Insertion Time Setting Cable Flap List Power Adjustment ThresholdVerifying Cable Flap List Aging Verifying Cable Flap List Insertion TimeSetting Cable Flap List Miss Threshold Verifying Cable Flap List Power Adjustment ThresholdCMTS01config# cable flap-list miss-threshold misses Verifying Cable Flap List Miss ThresholdSetting Cable Flap List Size Clearing Cable Flap ListVerifying Cable Flap List Size MC-606
Related manuals
Manual 88 pages 21.59 Kb
Top Page Image Contents