Configuring KEK Privacy, MC-562 | Cisco Systems uBR7200 guide

Configuring Headend Broadband Access Router Features

Configuring and Activating Baseline Privacy

A KEK is assigned to a cable modem based on the cable modem SID and permits the cable modem to connect to the Cisco uBR7200 series when baseline privacy is activated. The TEK is assigned to a cable modem when its KEK has been established. The TEK is used to encrypt data traffic between the cable modem and the Cisco uBR7200 series.

KEKs and TEKs can be set to expire based on a grace-time or a life-time value. A grace-time key is used to assign a temporary key to a cable modem to access the network. A life-time key is used to assign a more permanent key to a cable modem. Each cable modem that has a life-time key assigned will request a new life-time key from the Cisco uBR7200 series before the current one expires.

Note Baseline privacy is only supported in Cisco IOS software containing “-k1” in the filename. If you do not already have a baseline privacy software image, you must download the software from Cisco Connection Online (CCO).

Note Baseline privacy will not operate unless the cable modem configuration file specifies that privacy is on.

The configuration and activation of baseline privacy depends on each cable operator physical plant.

To configure and activate baseline privacy, perform the following tasks:

•Configuring KEK Privacy

•Configuring TEK Privacy

•Activating Baseline Privacy

Configuring KEK Privacy

A grace-time KEK can be set from 300 to 1800 seconds. A life-time KEK can be set from 86,400 to 6,048,000 seconds. If you do not set a KEK value, the default values are used.

To configure KEK data privacy on the HFC network, use the following commands in cable interface configuration mode:

Command	Purpose

CMTS01(config-if)#cable privacy kek grace-time	Sets the cable privacy KEK grace time in seconds. Valid
seconds	values are from 300 to 1800 seconds. Default = 600.
or	or
	or
CMTS01(config-if)#cable privacy kek life-time seconds	Sets the cable privacy KEK life time in seconds. Valid
	Sets the cable privacy KEK life time in seconds. Valid
	values are from 86400 to 6048000 seconds.
	Default = 604800.

Cisco IOS Multiservice Applications Configuration Guide

MC-562

Image 44

Cisco Systems uBR7200 manual Configuring KEK Privacy, MC-562, CMTS01config-if#cable privacy kek grace-time

Contents

Configuring Headend Broadband Access Router Features MC-519 Headend Overview MC-520 Topology of a Typical Broadband Network Voice over IP Services Telco Return MC-523 MC-524 TOD QoS Features Service Class ProfilesMultiple Service IDs MC-525 MC-526 TAG/NetFlow SwitchingQoS Profile Enforcement MC-527 Tag SwitchingNetflow Switching Security Features Weighted Random Early DetectionWeighted Fair Queueing Committed Access Rate CAR Cable Modem and Multicast Authentication Using Radius Docsis Baseline PrivacyUpstream Address Verification MC-529 Traffic Shaping Features Operations and Provisioning FeaturesDynamic Ranging MC-530 Downstream Channel ID Configuration Burst Profile ConfigurationDownstream Frequency Override CPE Limitation Spectrum Management Headend Broadband Access Router Configuration Prerequisites MC-533 Headend Broadband Access Router Configuration Tasks MC-534 Configuring the Downstream Cable Interface CMTS01# configure terminalCMTS01config# interface cable 6/0 Activating the Downstream Carrier Setting the Downstream Center Frequency Troubleshooting TipsVerifying the Downstream Carrier MC-536 MC-537 CMTS01config-if#cable downstream frequencyVerifying the Downstream Center Frequency Setting the Downstream Channel ID Setting the Downstream Mpeg Framing Format Annex BVerifying the Downstream Channel ID MC-538 Setting the Downstream Modulation Verifying the Downstream Mpeg Framing FormatVerifying the Downstream Modulation MC-539 Setting the Downstream Interleave Depth CMTS01config-if#cable downstream interleave-depthVerifying the Downstream Interleave Depth MC-540 MC-541 Setting the Downstream Helper AddressVerifying the Downstream Helper Address Setting Downstream Rate Limiting MC-542 MC-543 Configuring the Upstream Cable InterfaceVerifying Downstream Rate Limiting Setting the Upstream Frequency MC-544 CMTS01# show controllers cable 6/0 u0 Verifying the Upstream FrequencyMC-545 Setting the Upstream Channel Width Verifying Upstream Channel WidthMC-546 Channel-width width Setting the Upstream Input Power Level MC-547 Verifying the Upstream Input Power Level Activating Upstream Admission ControlVerifying Upstream Admission Control MC-548 Activating Upstream FEC MC-549 Router# more systemrunning-config Specifying Upstream Minislot SizeVerifying Upstream FEC MC-550 MC-551 Activating the Upstream ScramblerVerifying Upstream Minislot Size CMTS01config-if#cable upstream usport scrambler CMTS01# more systemrunning-configVerifying the Upstream Scrambler MC-552 Activating Upstream Differential Encoding Activating Upstream Rate LimitingVerifying Upstream Differential Encoding MC-553 MC-554 CMTS01config-if#no cable upstream usport rate-limitVerifying Upstream Rate Limiting MC-555 Activating Upstream Frequency AdjustmentFrequency-adjust averaging percentage MC-556 Activating Upstream Power AdjustmentVerifying Upstream Frequency Adjustment Activating Upstream Timing Adjustment Verifying Upstream Power AdjustmentMC-557 Continue seconds MC-558 Verifying Upstream Timing AdjustmentActivating the Upstream Ports MC-559 Setting Upstream Backoff ValuesVerifying the Upstream Ports CMTS01config-if#cable upstream usport range MC-560Data-backoff start end Data-backoff automatic MC-561 Configuring and Activating Baseline PrivacyVerifying Upstream Data Backoff Automatic MC-562 Configuring KEK PrivacyCMTS01config-if#cable privacy kek grace-time Configuring TEK Privacy Verifying KEK PrivacyVerifying TEK Privacy MC-563 Configuring and Activating Frequency Agility Activating Baseline PrivacyVerifying Baseline Privacy MC-564 Combiner Groups MC-565 Frequency Management Policy MC-566 Determining the Upstream Ports Assigned to a Combiner Group MC-567 Configuring and Activating Spectrum Groups Creating Spectrum GroupsVerifying Spectrum Groups MC-568 Command Purpose MC-569 MC-570 MC-571 Verifying Spectrum Group ConfigurationVerifying Frequency Hopping Configuring Spectrum Group Characteristics MC-572 Verifying Spectrum Group Characteristics CMTS01config# cable spectrum-group groupnum hopMC-573 Threshold percent Activating IP Address Resolution Protocol Assigning the Spectrum Group and the Upstream PortsActivating Cable ARP Requests Verifying Spectrum Group and Upstream Port Assignments MC-575 Activating Host-to-Host Communication Proxy ARPVerifying ARP Requests Configuring Dhcp Options Activating Cable Proxy ARP RequestsActivating Cable Relay Agent Verifying Cable Proxy ARP Requests MC-577 Activating Dhcp giaddrVerifying Dhcp giaddr Activation Setting Service Options Setting Optional IP ParametersConfiguring ToD Service Verifying ToD Service Activating IP Multicast Echo Activating IP Broadcast EchoVerifying IP Multicast Echo MC-579 Configuring Cable Profiles Configuring Cable Modulation ProfilesVerifying IP Broadcast Echo MC-580 Number profile MC-581 MC-582 Configuring QoS ProfilesVerifying Cable Modulation Profiles Verifying QoS Profiles MC-583 Setting QoS Permission Enforcing a QoS Profile AssignmentVerifying QoS Permission MC-584 MC-585 Managing Cable Modems on the HFC NetworkVerifying a QoS Profile Assignment Configuring Sync Message Interval Configuring Telco ReturnActivating Cable Modem Authentication Verifying Sync Message Interval MC-587 Verifying Cable Modem AuthenticationActivating Cable Modem Upstream Address Verification CMTS01config-if#cable source-verify dhcp Activating Cable Modem Insertion IntervalVerifying Cable Modem Upstream Address Verification MC-588 MC-589 CMTS01config-if#cable insertion-interval automaticVerifying Cable Modem Insertion Interval MC-590 Configuring Cable Modem Registration TimeoutVerifying the Maximum Number of Hosts MC-591 Clearing and Resetting Cable ModemsVerifying Registration Timeout MC-592 Verifying Cable Modem Clearing and ResettingClearing Cable Modem Counters Using Ping Docsis Verifying that Cable Modem Counters are ClearedVerifying Ping Docsis MC-593 Spectrum Management Configuration Example MC-594 Virtual Private Network Configuration Example MC-595 MC-596 Ip http server Ip http authentication local No cdp run MC-597 VoIP Configuration Example MC-598 MC-599 Ip subnet-zero No ip domain-lookup Telco Return Configuration Example MC-600 Cable telco-return enable MC-601 QoS Profile Enforcement Configuration Example Cable Modem all resetMC-602 Cable Reg Troubleshooting Using Cable Flap Lists Setting Cable Flap List AgingCMTS01config# cable flap-list aging days MC-603 Setting Cable Flap List Insertion Time Setting Cable Flap List Power Adjustment ThresholdVerifying Cable Flap List Aging Verifying Cable Flap List Insertion Time Setting Cable Flap List Miss Threshold Verifying Cable Flap List Power Adjustment ThresholdCMTS01config# cable flap-list miss-threshold misses Verifying Cable Flap List Miss Threshold Setting Cable Flap List Size Clearing Cable Flap ListVerifying Cable Flap List Size MC-606