Cisco Systems UBR10012 Intercept Features

1-46

Cisco uBR10012 Universal Broadband Router Software Configuration Guide

OL-1520-08

Chapter1 Overview of CiscouBR10012 Universal Broadband Router Software

Supported Software Features for the CiscouBR10012 Router

For additional information about this feature and HCCP N+1 Redundancy on the Cisco CMTS, refer to

these documents on Cisco.com:

•“N+1 Redundancy for the Cisco Cable Modem Termination System,” Cisco CMTS Feature Guide

http://www.cisco.com/en/US/products/hw/cable/ps2217/products_feature_guide_chapter09186a00

8015096c.html

•Cisco Broadband Cable Command Reference Guide

http://www.cisco.com/en/US/products/hw/cable/ps2217/products_command_reference_book0918

6a0080108e88.html

Intercept Features

The Cisco uBR10012 router supports several intercept features through multiple Cisco IOS release

trains:

•Access Control List Support for COPS Intercept

•Basic Wiretap Support

•Cable Monitor Enhancements

•Cable Monitor Support for Cisco MC5x20U-D and Cisco MC28U Broadband Processing Engines

•cable monitor Command

•COPS TCP Support for the Cisco Cable Modem Termination System

•Packet Intercept

•PXF ARP Filter

•PXF Divert Rate Limiting

•Service Independent Intercept (SII) Support

Access Control List Support for COPS Intercept

Cisco IOS Release 12.3(13a)BC introduces enhanced support for Access Control Lists (ACLs) and

associated commands for the Common Open Policy Service (COPS) feature.

To configure access control lists (ACLs) for inbound connections to all COPS listener applications on

the Cisco CMTS, user the cops listeners access-list command in global configuration mode. To remove

this setting from the Cisco CMTS, us the no form of this command.

cops listeners access-list {acl-num | acl-name}

no cops listeners access-list {acl-num | acl-name}

Syntax Description acl-num Alphanumeric identifier of up to 30 characters, beginning with a letter that

identifies the ACL to apply to the current interface.

acl-name Numeric identifier that identifies the access list to apply to the current

interface. For standard access lists, the valid range is 1 to 99; for extended

access lists, the valid range is 100 to 199.

Contents

Main Cisco uBR10012 Universal Broadband Router Software Configuration Guide Page CONTENTS Page Page Page Page Page Preface Document Revision History Purpose Audience Document Organization Conventions Terms and Acronyms Page Additional References Standards Obtaining Documentation World Wide Web Documentation CD-ROM Ordering Documentation Documentation Feedback Obtaining Technical Assistance Cisco.com Technical Assistance Center Cisco TAC Web Site Cisco TAC Escalation Center Page Overview of CiscouBR10012 Universal Broadband Router Software Cisco IOS Releases and Images for the CiscouBR10012Router Operational Overview Cisco IOS Software Location Determining Your Cisco IOS Software Release Upgrading to a New Software Release 12.3 BC Release Train and Images 12.2 BC Release Train and Images 12.2 CY Release Train and Images CiscouBR10012 Universal Broadband Router Chassis Overview CiscouBR10012Router Slot Numbering Page Hardware Supported on the Cisco uBR10012 Router Page Supported Software Features for the CiscouBR10012 Router CiscouBR10012Router Features and Cisco IOS Releases Page Page Page Page CiscouBR10012Router Configuration Tools AutoInstall Cable Interface Setup Facility Configuration Mode (Command Line Interface Configuration) Cisco Network Registrar Cisco IOS Release 12.3 BC Command-line Enhancements Cisco IOS Release 12.3(13a)BC Command-Line Interface (CLI) Enhancements Cisco IOS Release 12.3(9a)BC Command-Line Interface (CLI) Enhancements DHCP Servers and Feature Support DHCP MAC Address Exclusion List for cable-source verify dhcp Command Integrated DHCP Server DOCSIS 1.0 Feature Support DOCSIS 1.0 Baseline Privacy Interface DOCSIS 1.0 Concatenation Override DOCSIS 1.0 Configuration File Settings DOCSIS 1.0 Constant Bit Rate Extension DOCSIS 1.0 MAC Driver DOCSIS 1.0 Quality of Service Support DOCSIS 1.0 MAC Enhancements to Improve Upstream per CM Data Throughput DOCSIS 1.0 Downstream Rate Shaping with Type of Service (ToS) DOCSIS 1.0 Downstream Signal Test Commands DOCSIS 1.0 Modem Power Enhancement Adjustments for Low SNR Failures DOCSIS 1.0 Multi SID Support DOCSIS 1.0 QoS Profile Enforcement DOCSIS 1.0 RFC 2233 Support (RF Interface MIB) DOCSIS 1.0 Service Class Profiles DOCSIS 1.0 Traffic Shaping and Rate Limiting Features DOCSIS 1.0 Payload Header Suppression DOCSIS 1.0 per SID Bandwidth Request and Grant Counters DOCSIS 1.0 ToS Overwrite Enhanced Rate Bandwidth Allocation (ERBA) Support for DOCSIS 1.0 Cable Modems Page Page DOCSIS 1.0+ Feature Support DOCSIS 1.1 Feature Support DOCSIS 1.1 Baseline Privacy Interface Plus Features 40-bit and 56-bit Baseline Privacy Data Encryption Standard (DES) Access Lists (Per-Modem and Per-Host) Authentication Cisco IOS Firewall CM and Host Subnet Addressing DOCSIS BPI+ Multiple Root Certificate Support DOCSIS 1.1 CM Compatibility DOCSIS 1.1 CM Database Manager DOCSIS 1.1 Concatenation Support DOCSIS 1.1 Customer Premises Equipment Configurator DOCSIS 1.1 Downstream Packet Classifier DOCSIS 1.1 Downstream Packet Scheduler DOCSIS 1.1 Dynamic MAC Messages DOCSIS 1.1 Enhanced Registration DOCSIS 1.1 Fragmentation and Reassembly DOCSIS 1.1 Layer 2 Fragmentation DOCSIS 1.1 MAC Scheduler MAC Scheduler Commands DOCSIS 1.1 Payload Header Suppression and Restoration DOCSIS 1.1 Quality of Service Support DOCSIS 1.1 Type of Service Overwrite DOCSIS 1.1 Rate Limiting and Traffic Shaping DOCSIS 1.1 Service Flow Manager DOCSIS 1.1 Service Template and Class Manager DOCSIS 1.1 Software Infrastructure DOCSIS 1.1 Subscriber Management Connecting DOCSIS 1.0-Based CMs 1-39 DOCSIS 1.1 Time Slot Scheduling DOCSIS 1.1 TLV Parser and Encoder DOCSIS 1.1 Token-Bucket Rate Shaping DOCSIS 1.1 Two-Way Interoperability Optional Upstream Scheduler Modes High Availability Features Automatic Revert Feature for HCCP N+1 Redundancy Switchover Events Backup Path Testing for the Cisco RF Switch DSX Messages and Synchronized PHS Information Factory-Configured HCCP N+1 Redundancy Globally Configured HCCP 4+1 and 7+1 Redundancy on the Cisco uBR10012 Router HCCP N+1 Redundancy Supporting DOCSIS 1.1 for the Cisco CMTS HCCP Timing and Error Enhancements in HCCP Redundancy Show Commands High Availability Support for Encrypted IP Multicast Shutdown and No Shutdown Enhancement for Cable Interfaces Intercept Features Access Control List Support for COPS Intercept Basic Wiretap Support Cable Monitor Enhancements Cable Monitor Support for Cisco MC5x20U-D and Cisco MC28U Broadband Processing Engines cable monitor Command COPS TCP Support for the Cisco Cable Modem Termination System cops ip dscp Additional COPS Information cops tcp window-size Additional COPS Information Packet Intercept PXF ARP Filter PXF Divert Rate Limiting Service Independent Intercept (SII) Support IP Broadcast and Multicast Features IP Broadcast Echo IP Multicast Echo Multicast QoS Support on the Cisco uBR10012 CMTS New and Changed Commands SSM Mapping IP Routing Features Cable ARP Filter Enhancement Configurable Registration Timeout Host-to-Host Communication (Proxy Address Resolution Protocol) Integrated Time-of-Day Server PBR support for the Cisco uBR10012 Supported Protocols Management Features Admission Control for the Cisco CMTS Broadband Internet Access Cable Interface Bundling CNEM Compliance Customer Premises Equipment Limitation and Override DOCSIS 2.0 SAMIS ECR Data Set DOCSIS Set-Top Gateway Issue 1.0 Advanced-mode DOCSIS Set-Top Gateway Issue 1.1 Changes from Cisco DSG 1.0 Prerequisites for DSG 1.1 Restrictions and Caveats for DSG 1.1 Additional Information about DSG 1.1 Advanced-mode DOCSIS Set-Top Gateway Issue 1.2 Downstream Channel ID Configuration Downstream Frequency Override Downstream Load Balancing Distribution with Upstream Load Balancing Dynamic Channel Change (DCC) for Loadbalancing Dynamic Modulation Profiles Dynamic Upstream Modulation EtherChannel Support on the Cisco uBR10012 Universal Broadband Router Management Information Base (MIB) Changes and Enhancements MIBs Changes and Updates in Cisco IOS Release 12.3(9a)BC CISCO-CABLE-METERING-MIB CISCO-CABLE-QOS-MONITOR MIB CISCO-CABLE-SPECTRUM-MIB CISCO-ENHANCED-MEMPOOL-MIB CISCO-PROCESS-MIB DOCS-QOS-MIB DSG-IF-MIB Pre-equalization Control for Cable Modems cable pre-equalization exclude Page Route Processor Redundancy Support Secure Socket Layer Server for Usage-Based Billing SFID Support for Multicast and Cable Interface Bundling Simple Network Management Protocol Cable Modem Remote Query Simple Network Management Protocol v3 Service Class Setting Using SNMP Spectrum Management Advanced Spectrum Management Support on the Cisco uBR10012 CMTS Commands for Enhanced Spectrum Management Static CPE Override (cable submgmt default Command) Statistical Counters Subscriber Traffic Management (STM) Version 1.1 Usage Based Billing (SAMIS) PacketCable and Voice Support Features PacketCable 1.0 With CALEA PacketCable Emergency 911 Cable Interface Line Card Prioritization PacketCable Emergency 911 Services Listing and History 1-81 1-82 The following example illustrates a non-emergency voice call on the Cisco CMTS from the same MTA: Packetcable Multimedia for the Cisco CMTS Page Security Features Address Verification CM Transmission Burst Size Dynamic or Mobile Host Support Dynamic Shared Secret (DMIC) with OUI Exclusion Testing, Troubleshooting and Diagnostic Features Cisco Broadband Troubleshooter 3.2 CBT 3.2 Spectrum Management Support with the Cisco uBR10-MC5X20S/U BPE Dynamic Ranging Flap List Support Online Offline Diagnostics (OOD) Support for the Cisco uBR10012 Universal Broadband Router Virtual Interfaces Virtual Interface and Frequency Stacking Support on the CiscouBR10-MC5X20S/UBPE Virtual Interface Support for HCCP N+1 Redundancy Virtual Interface Bundling on the CiscouBR10-MC5X20S/UBPE VLAN Features VPN and Layer 2 Tunneling Features Dynamic SID/VRF Mapping Support Generic Routing Encapsulation (GRE) Tunneling on the Cisco uBR10012 IPv6 over L2VPN MPLS-VPN Network Support NetFlow Accounting Versions 5 and 8 Support NetFlow Version 5 Features and Format Netflow Version 8 Features and Format Additional Information about Netflow on the Cisco CMTS Transparent LAN Service (TLS) on the Cisco uBR10012 Router with IEEE 802.1Q Transparent LAN Service and Layer 2 Virtual Private Networks Page Configuring the Cable Modem Termination System for the First Time Preparing for Configuration Understanding CiscouBR10012Router Configuration Fundamentals Using the Enable Secret and the Enable Passwords Setting Password Protection Replacing or Recovering a Lost Password Overview of the Password Recovery Process Replacing or Recovering Passwords Page Configuring the CiscouBR10012Router Using AutoInstall Preparing for the AutoInstall Process Configuring the CiscouBR10012Router Using the Setup Facility Configuring Global Parameters 2-9 setup (displays the current interface summary), enter yes or press Return: The interface summary appears, showing the state of configured and unconfigured interfaces. Step5 Enter the enable secret password, the enable password, and the virtual terminal password: Page Configuring Upstream Frequencies Configuring Individual Upstream Modulation Profiles Configuring the CiscouBR10012Router Manually Using Configuration Mode Configuring the Cable Interface with the Extended Setup Facility MAC-Layer Addressing Identifying the Cable Interface Line Card Identifying CM Line Cards Identifying CM Line Card Slots Configuring Global Parameters Saving Your Configuration Settings Reviewing Your Settings and Configurations Viewing Sample Configuration Files Baseline Privacy Interface Configuration Files Page Configuring Cable Interface Features for the CiscouBR10012Router Administratively Shutting Down and Restarting an Interface Configuring the Downstream Cable Interface Activating Downstream Cable Address Resolution Protocol Requests Verifying ARP Requests Activating Downstream Ports Verifying the Downstream Ports Assigning the Downstream Channel ID Verifying the Downstream Channel ID Setting the Downstream Helper Address Verifying the Downstream Helper Address Setting the Downstream Interleave Depth Verifying the Downstream Interleave Depth Setting the Downstream Modulation Verifying the Downstream Modulation Setting the Downstream MPEG Framing Format Verifying the Downstream MPEG Framing Format Setting Downstream Rate Limiting and Traffic Shaping Verifying Downstream Traffic shaping Configuring the Upstream Cable Interface Activating Upstream Admission Control Verifying Upstream Admission Control Activating Upstream Differential Encoding Verifying Upstream Differential Encoding Activating Upstream Forward Error Correction Verifying Upstream FEC Activating the Upstream Ports Verifying the Upstream Ports Activating Upstream Power Adjustment Verifying Upstream Power Adjustment Activating the Upstream Scrambler Verifying the Upstream Scrambler Activating Upstream Timing Adjustment Verifying Upstream Timing Adjustment Setting Upstream Backoff Values Verifying Upstream Data Backoff Setting the Upstream Channel Width Verifying Upstream Channel Width Setting the Upstream Frequency Verifying the Upstream Frequency Setting the Upstream Input Power Level Verifying the Upstream Input Power Level Specifying Upstream Minislot Size Verifying Upstream Minislot Size Setting Upstream Rate Limiting and Traffic Shaping Verifying Upstream Traffic Shaping Troubleshooting Tips Configuring Optional Cable Interface Features Activating Host-to-Host Communication (Proxy ARP) Activating Cable Proxy ARP Requests Verifying Cable Proxy ARP Requests Activating Packet Intercept Capabilities Configuring Payload Header Suppression and Restoration Setting Optional Broadcast and Cable IP Multicast Echo Setting IP Multicast Echo Verifying IP Multicast Echo Access Lists and the cable ip-multicast echo Command Setting IP Broadcast Echo Verifying IP Broadcast Echo Cable Interface Configuration Examples Subinterface Configuration Example Cable Interface Bundling Example 3-31 Subinterface Definition on Bundle Master Example Cable Interface Bundle Master Configuration Example The following example shows how to configure cable interface bundles: PE Router Configuration Example 3-32 3-33 3-34 3-35 P Router Configuration Example BGP Routing Sessions Configuration Example PE-to-PE Routing Sessions Configuration Example BGP PE-to-CE Routing Sessions Configuration Example RIP PE-to-CE Routing Sessions Configuration Example Static Route PE-to-CE Routing Sessions Configuration Example Page Managing Cable Modems on the Hybrid Fiber-Coaxial Network Activating CM Authentication Verify CM Authentication Activating CM Insertion Interval Validating CM Insertion Interval Troubleshooting CM Insertion Interval Activating CM Authentication Verifying CM Authentication Troubleshooting CM Authentication Activating CM Upstream Address Verification Verifying CM Upstream Address Verification Clearing CM Counters Verifying Clear CM Counters Clearing CM Reset Verifying Clear CM Reset Configuring CM Registration Timeout Configuring Dynamic Contention Algorithms (Cable Insertion Interval, Range, and Data Backoff) cable insertion-interval Command Examples Configuring the Dynamic Map Advance Algorithm Configuring Maximum Hosts Attached to a CM Configuring Per-Modem Filters Configuring Sync Message Interval Verifying Sync Message Interval Page Configuring Basic Broadband Internet Access Overview of Basic Broadband Internet Access Recommended Basic Configuration for High-Speed Internet Access Basic Internet Access Sample Configuration File 5-4 5-5 Page Troubleshooting the System Understanding show Command Responses show cable flap-list Page show cable modem Page show cable modem maintenance show cable modulation-profile Page show cable qos profile show interface cable show interface cable sid show cable modulation-profile Using a Headend CM to Verify Downstream Signals Performing Amplitude Averaging Enabling or Disabling Power Adjustment Setting Frequency Threshold to Affect Power Adjustment Setting Downstream Test Signals Configuring Unmodulated Test Signals Configuring PRBS Test Signals Verifying Test Signal Output Pinging Unresponsive CMs Pinging a CM Verifying the Ping Using Cable Interface debug Commands debug cable arp debug cable error (for MAC Protocol Errors) debug cable keyman (for Baseline Privacy Activity) debug cable mac-messages debug cable map debug cable phy debug cable privacy (for Baseline Privacy) debug cable qos debug cable range (for Ranging Messages) debug cable receive (for Upstream Messages) debug cable reg (for Modem Registration Requests) debug cable reset (for Reset Messages) debug cable specmgmt (for Spectrum Management) debug cable startalloc (for Channel Allocations) debug cable transmit (for CMTS Transmissions) debug cable ucc (for Upstream Channel Change Messages) debug cable ucd (for Upstream Channel Description Messages) APPENDIX A DOCSIS and CMTS Architectural Overview DOCSIS Specification Summary Overview of DOCSIS NTSC Cable Plants QoS Policy Propagation on Border Gateway Protocol Overview of DOCSIS-Compliant Downstream Signals Overview of DOCSIS-Compliant Upstream Signals Overview of DOCSIS Two-Way Server Requirements CMTS Traffic Engineering Page Page Page APPENDIX B Configuration Register Information for the CiscouBR10012 Universal Broadband Router Configuration Bit Meanings Bits 03 Bit 6 Bit 7 Bit 8 Bit 10 and Bit 14 Bit 11 and Bit 12 Bit 13 Bit 15 Displaying the Configuration Register While Running Cisco IOS B-14 Displaying the Configuration Register While Running ROM Monitor B-15 Setting the Configuration Register While Running Cisco IOS Setting the Configuration Register While Running ROM Monitor Page INDEX A B C D Page E F G H I K M N O P Q R S T U V W