Configuring
Event 10—Comply with Baseline Privacy
During this event, keys for baseline privacy are exchanged between the Cisco uBR900 series and the headend CMTS. A link level encryption is performed so that your data cannot be “sniffed” by anyone else on the cable network.
Following is a trace showing Baseline Privacy enabled. The key management protocol is responsible for exchanging two types of keys: KEKs and TEKs. The KEK, also referred to as the authorization key, is used by the CMTS to encrypt the TEKs it sends to the Cisco uBR900 series. The TEKs are used to encrypt/decrypt the data. There is a TEK for each SID that is configured to use privacy.
851.088 | CMAC_LOG_STATE_CHANGE | establish_privacy_state |
851.094 | CMAC_LOG_PRIVACY_FSM_STATE_CHANGE | machine: KEK, event/state: |
EVENT_1_PROVISIONED/STATE_A_START, new state: STATE_B_AUTH_WAIT | ||
851.102 | CMAC_LOG_BPKM_REQ_TRANSMITTED |
|
851.116 | CMAC_LOG_BPKM_RSP_MSG_RCVD |
|
851.120 | CMAC_LOG_PRIVACY_FSM_STATE_CHANGE | machine: KEK, event/state: |
EVENT_3_AUTH_REPLY/STATE_B_AUTH_WAIT, new state: STATE_C_AUTHORIZED | ||
856.208 | CMAC_LOG_PRIVACY_FSM_STATE_CHANGE | machine: TEK, event/state: |
EVENT_2_AUTHORIZED/STATE_A_START, new state: STATE_B_OP_WAIT | ||
856.220 | CMAC_LOG_BPKM_REQ_TRANSMITTED |
|
856.224 | CMAC_LOG_BPKM_RSP_MSG_RCVD |
|
856.230 | CMAC_LOG_PRIVACY_FSM_STATE_CHANGE | machine: TEK, event/state: |
EVENT_8_KEY_REPLY/STATE_B_OP_WAIT, new state: STATE_D_OPERATIONAL | ||
856.326 | CMAC_LOG_PRIVACY_INSTALLED_KEY_FOR_SID | 2 |
856.330 | CMAC_LOG_PRIVACY_ESTABLISHED |
|
Note In order for Baseline Privacy to work, you must use a code image name on the
Cisco uBR900 series that contains the characters k1. In addition, Baseline Privacy must be supported on the headend CMTS, and it must be turned on in the configuration file that is downloaded to the cable access router.
Event 11—Enter the Maintenance State
As soon as the Cisco uBR900 series has successfully completed the above events, it enters the operational maintenance state and is authorized to forward traffic into the cable network.
508178.322 CMAC_LOG_STATE_CHANGE | maintenance_state |
In order to use the Cisco uBR900 series cable access router for
•All required CMTS routing and network interface equipment must be installed, configured, and operational. This includes all headend routers, servers (DHCP, TFTP, and ToD), network management systems, or other configuration or billing systems in use in your network.
•Based on the quality and capacity of your cable plant, your system administrator or network planner must define your network IP address allocation plan, spectrum management plan outlining the recommended operating parameters to optimize performance, channel plan identifying the channels available to assign to specific Cisco uBR900 series cable access routers, and dial plan based on the supported VoIP protocol.
Cisco IOS Multiservice Applications Configuration Guide
