Cisco Systems MC-607 Event 10-Comply with Baseline Privacy, Event 11-Enter the Maintenance State

Page 33

Configuring Subscriber-End Broadband Access Router Features

Subscriber-End Broadband Access Router Configuration Prerequisites

Event 10Comply with Baseline Privacy

During this event, keys for baseline privacy are exchanged between the Cisco uBR900 series and the headend CMTS. A link level encryption is performed so that your data cannot be “sniffed” by anyone else on the cable network.

Following is a trace showing Baseline Privacy enabled. The key management protocol is responsible for exchanging two types of keys: KEKs and TEKs. The KEK, also referred to as the authorization key, is used by the CMTS to encrypt the TEKs it sends to the Cisco uBR900 series. The TEKs are used to encrypt/decrypt the data. There is a TEK for each SID that is configured to use privacy.

851.088

CMAC_LOG_STATE_CHANGE

establish_privacy_state

851.094

CMAC_LOG_PRIVACY_FSM_STATE_CHANGE

machine: KEK, event/state:

EVENT_1_PROVISIONED/STATE_A_START, new state: STATE_B_AUTH_WAIT

851.102

CMAC_LOG_BPKM_REQ_TRANSMITTED

 

851.116

CMAC_LOG_BPKM_RSP_MSG_RCVD

 

851.120

CMAC_LOG_PRIVACY_FSM_STATE_CHANGE

machine: KEK, event/state:

EVENT_3_AUTH_REPLY/STATE_B_AUTH_WAIT, new state: STATE_C_AUTHORIZED

856.208

CMAC_LOG_PRIVACY_FSM_STATE_CHANGE

machine: TEK, event/state:

EVENT_2_AUTHORIZED/STATE_A_START, new state: STATE_B_OP_WAIT

856.220

CMAC_LOG_BPKM_REQ_TRANSMITTED

 

856.224

CMAC_LOG_BPKM_RSP_MSG_RCVD

 

856.230

CMAC_LOG_PRIVACY_FSM_STATE_CHANGE

machine: TEK, event/state:

EVENT_8_KEY_REPLY/STATE_B_OP_WAIT, new state: STATE_D_OPERATIONAL

856.326

CMAC_LOG_PRIVACY_INSTALLED_KEY_FOR_SID

2

856.330

CMAC_LOG_PRIVACY_ESTABLISHED

 

Note In order for Baseline Privacy to work, you must use a code image name on the

Cisco uBR900 series that contains the characters k1. In addition, Baseline Privacy must be supported on the headend CMTS, and it must be turned on in the configuration file that is downloaded to the cable access router.

Event 11Enter the Maintenance State

As soon as the Cisco uBR900 series has successfully completed the above events, it enters the operational maintenance state and is authorized to forward traffic into the cable network.

508178.322 CMAC_LOG_STATE_CHANGE

maintenance_state

Subscriber-End Broadband Access Router Configuration Prerequisites

In order to use the Cisco uBR900 series cable access router for data-over-cable or voice-over-cable (VoIP) applications, the following tasks must be performed:

All required CMTS routing and network interface equipment must be installed, configured, and operational. This includes all headend routers, servers (DHCP, TFTP, and ToD), network management systems, or other configuration or billing systems in use in your network.

Based on the quality and capacity of your cable plant, your system administrator or network planner must define your network IP address allocation plan, spectrum management plan outlining the recommended operating parameters to optimize performance, channel plan identifying the channels available to assign to specific Cisco uBR900 series cable access routers, and dial plan based on the supported VoIP protocol.

Cisco IOS Multiservice Applications Configuration Guide

MC-639

Image 33
Contents MC-607 Configuring Subscriber-End Broadband Access Router FeaturesCisco IOS Software Feature Sets Subscriber-end OverviewMC-608 Base IP Bridging Feature Set Home Office Easy IP Feature SetMC-609 Small Office Feature Set Telecommuter Feature SetMC-610 MC-611 Operating ModesData Specifications Description Downstream Values Upstream ValuesMC-612 MC-613 Service AssignmentsDownstream and Upstream Data Transfer Bridging ApplicationsMC-614 MC-615 Routing ApplicationsEasy IP L2TP ProtocolDhcp Server Network Address Translation and Port Address TranslationMC-617 Voice over IP OperationsSimplified VoIP over Cable Network MC-618MC-619 Voice Compression and DecompressionMC-620 Protocol StackSgcp Protocol Stack Subscriber-End Broadband Access Router Voice SpecificationsMetric Value MC-621MC-622 Backup Pots ConnectionDocsis Baseline Privacy IPSec Network SecurityMC-623 Firewall Triple Data Encryption StandardNetRanger Support-Cisco IOS Intrusion Detection MC-624MC-625 Subscriber-End Broadband Access Router Configuration OptionsMC-626 MC-627 Event DescriptionMC-628 Sequence Event DescriptionMC-629 MC-630 MC-631 Cable Modem Initialization FlowchartMC-632 Subscriber-End Broadband Access Router Basic TroubleshootingWaitforlinkupstate MC-633UBR924# show controllers cable-modem 0 mac ? MC-634Event 1-Wait for the Link to Come Up Event 2-Scan for a Downstream Channel, then SynchronizeMC-635 Event 4-Start Ranging for Power Adjustments Event 3-Obtain Upstream ParametersMC-636 MC-637 Event 5-Establish IP ConnectivityEvent 7-Establish Security Event 6-Establish the Time of DayEvent 8-Transfer Operational Parameters Event 9-Perform RegistrationEvent 11-Enter the Maintenance State Event 10-Comply with Baseline PrivacyMC-639 MC-640 Subscriber-End Broadband Access Router Configuration TasksConfiguring a Host Name and Password Command PurposeMC-641 MC-642 Configuring Ethernet and Cable Access Router InterfacesMC-643 Configuring RoutingMC-644 Verifying RoutingMC-645 Configuring BridgingMC-646 MC-647 Reestablishing DOCSIS-Compliant BridgingMC-648 Verifying DOCSIS-Compliant BridgingCustomizing the Cable Access Router Interface Using Multiple PCs with the Cable Access RouterMC-649 MC-650 Basic Internet Access Bridging Configuration ExampleMC-651 Basic Internet Access Routing Configuration ExampleMC-652 IP Multicast Routing Configuration ExampleMC-653 VoIP Bridging Using H.323v2 Configuration ExampleMC-654 VoIP Routing Using H.323v2 Configuration ExampleMC-655 NAT/PAT Configuration ExampleMC-656 VoIP Bridging Using Sgcp Configuration ExampleMC-657 IPSec Configuration ExampleMC-658 L2TP Configuration ExampleMC-659 MC-660