Configuring Headend Broadband Access Router Features
Security Features
DOCSIS Baseline Privacy
The Cisco uBR7200 series routers support DOCSIS baseline privacy (BPI). When BPI is enabled, the Cisco uBR7200 series generates Traffic Encryption Keys (TEKs) for each applicable SID. The router uses the keys to encrypt downstream data and decrypt upstream traffic from
The Cisco uBR7200 series supports both
Note Both the Cisco uBR7200 series universal broadband router and the cable modem must contain software and be configured to support encryption/decryption.
The Cisco uBR7200 series router generates keys for unicast, broadcast, and multicast operation as appropriate. Keys are refreshed periodically and have a default lifetime of 12 hours.
Cable Modem and Multicast Authentication Using RADIUS
As an enhancement to baseline privacy, Cisco uBR7200 series universal broadband routers can be configured for cable modem and multicast authentication using the RADIUS protocol, an access server authentication, authorization, and accounting (AAA) protocol originally developed by Livingston, Inc. The Cisco uBR7200 series also supports additional
When a cable modem comes online or when an access request is sent through a multicast data stream, the Cisco uBR7200 series sends relevant information to RADIUS servers for cable modem/host authentication. This feature can be configured on a
An IETF draft standard, RFC 2138, defines the RADIUS protocol. RFC 2139 defines the corresponding RADIUS accounting protocol. Additional RFC drafts define
Upstream Address Verification
Upstream address verification prevents the spoofing of IP addresses by comparing the source IP address with the MAC address of the cable modem, thus verifying that each upstream data packet comes from the cable modem known to be associated with the source IP address in the packet. The cable
Note Cisco Network Registrar (CNR) supports the LEASEQUERY message type in software release 3.01(T) and later.
Cisco IOS Multiservice Applications Configuration Guide