1-86
Cisco uBR10012 Universal Broadband Router Software Configuration Guide
OL-1520-08
Chapter1 Overview of CiscouBR10012 Universal Broadband Router Software
Supported Software Features for the CiscouBR10012 Router
Address VerificationThe CiscouBR10012router supports verification of cableinterface and PC addresses to ensure that the
cableinterface service ID (SID) and MAC addresses are consistent. This security feature helps ensure
that IP addresses are not spoofed. A PC behind a cableinterface is assigned an IP address from the
DHCP server. If a user on a second PC or cableinterface statically assigns the same IP address to a PC,
the CiscouBR10012router finds this case to help block the spoofing user. Using the command-line
interface (CLI), administrators can determine the IP and MAC address of a given cableinterface, and
the SID number that shows the IP and MAC addresses of all devices learned in the cableinterface MAC
table. Using the service provider customer databases, administrators can cross-reference the spoofing
cableinterface and PC and prevent usage.
Refer to Chapter4, âManaging Cable Modems on the Hybrid Fiber-Coaxial Networkâ to configure
address verification.
CM Transmission Burst SizeThe CiscouBR10012router allows CMs to register with a maximum transmission burst size up to 2000
bytes. This applies to DOCSIS 1.0 and 1.1 CMs that are configured with concatenation and no IP
fragmentation.
For additional information about configuring dynamic upstream modulation and modulation profiles,
refer to one or more of these documents on Cisco.com:
â˘Cisco Cable Modem Termination System Feature Guide
â˘Cisco uBR7200 Series Dynamic Upstream Modulation at
http://www.cisco.com/univercd/cc/td/doc/product/cable/cab_r_sw/spec_mgt.htm
Dynamic or Mobile Host SupportThe cable source-verify command allows the CMTS administrator to bring up a PC behind one CM,
then move it to another CM. This adds information for the hosts involved in host tables. To prevent
security breaches, this feature supports pinging the host using the old SID to verify that it has indeed
been moved. The security applies to upstream and downstream configuration.
Note The nocablearp command should be configured in the CMTS to prevent it from sending ARP requests.
The no cable arp command prevents the CMTS from sending an arp downstream to CPE hosts or to
devices behind CMs requesting an IP/MAC address association. If the CMTS already knows the
association, or is able to learn it in some other manner, IP packets are forwarded. Otherwise, if the
destination is unknown, the packets are dropped.
Devices on a CM network may share a large subnet, but cannot communicate with each other without
first going through the CMTS. The no cable proxy arp command prevents the CMTS from replying to
arp requests for hosts on the same subnet, and thus prevents peer to peer communication between
subscribers behind CMs.
For additional command information, refer to the CiscoBroadband Cable Command Reference Guide
on Cisco.com.
Dynamic Shared Secret (DMIC) with OUI ExclusionCisco IOS Release 12.3(9a)BC introduces the option of excluding the Organizational Unique Identifiers
(OUIs) from being subjected to the DMIC check. The new cable dynamic-secret exclude command
allow specific cable modems to be excluded from the Dynamic Shared Secret feature on the following
Cisco CMTS platforms:
Command Description
cable source-verify dhcp Configures the DHCP server to verify addresses.