cable modem terminate system setup : devil _huang
TRANSCRIPT
Cable Modem Terminate System
Setup
主講 : Devil_huang
What is CMTS ?What is CMTS ?
1
1. The Router
2. Gateway
Cable Modem Terminate System (CMTS)
1.The Router1.The Router
2
Route data between a cable modem network and a head-end internetwork
2.Gateway2.GatewayCMTS provides the encapsulation and de-capsulation of DOCSIS traffic.
In upstream traffic ,it translates DOCSIS data to IP data then forwards to backbone network.
In downstream traffic , it translates IP data to DOCSIS data and forwards the result to a cable modem.
3Simplified Cable Headend Configuration for Two-way Data
CMTS functionCMTS function Performing MAC and PHY
reception and transmission functions
Packet classification Priority queuing Modification Filtering Routing Priority routing Proxy services
4
Data encryption Encapsulating packets in the
data link layer Extracts Ethernet packets Tunes each upstream channel Demodulates upstream data Modulates downstream data Adding forward error correction
AbbreviationAbbreviation
5
CMTS: Cable Modem Terminate System
CM: Cable Modem
DOCSIS: Data Over Cable Service Interface
Specification
DHCP: Dynamic Host Configuration Protocol
CPE: Customer Premises Equipment
ISP: Internet Service Provider
TFTP: Trivial File Transfer Protocol
TOD: Time Of Date
ARP: Address Resolution Protocol
AAI: Aggregate Access Interface
MIC: Message Integrity Check
CA: Certificate Authority
SNMP: Simple Network
Management Protocol
BPI: Baseline Privacy Initialization
ACL: Access Control List
CLI: Command Line Interface
QoS: Quality Of Service
CMS: Call Management Server
RKS: Record Keeping server
MIB: Management Information Base
ArchitectureArchitecture
MSO Backbone Network Next-hop Router DHCP/FTP/WEB Server ISP
CM Access Network CPE CM
6
Packet-C
able Functionality chart
Sample NetworkSample Network
What should be specify ?What should be specify ? Cable Access Interface Fast Ethernet Interface Backbone Router DHCP / TFTP / TOD / Log server MIC Configuration Privacy Configuration RF Configuration CMTS Unit Interfaces
9
Logging In CMTSLogging In CMTS
Privilege modes Non-privileged Mode:can access all reports and
diagnostics cannot modify the system configuration
Privileged Mode: can modify the system configuration
Logging In Type enable puts the CLI in Privileged mode. Need password to access Type config terminate to get into the configuration context. A
nd type username devil password letmein to create new user account. Type do show username to verify the account.
10
Configuring A Backbone Fast Configuring A Backbone Fast Ethernet InterfaceEthernet Interface
Type configure t to get into configuration context , where you can start configuring
Type interface fastethernet {0/0/0 | 0/0/1| 0/0/2 | 0/0/3} This command identifies specific fast Ethernet interface y
ou are about to configure. Type ip address a.b.c.d e.f.g.h This command identifies a.b.c.d as the fast Ethernet ‘s IP
address, e.f.c.d as its subnet mask. Type do show interface ip to verify the configuration Type no shutdown to enable the interface. Example: Terayon CMTS(config-if 0/0/0) # ip add 192.168.24.
11 255.255.255.011
Configuring the Next-Hop RouteConfiguring the Next-Hop Route
The next-hop route defines the backbone router the CMTS is connected to.In the factory , it always be combined to the server directly.So the route IP address will be replaced with the server’s IP address.
Type ip route {network prefix} {netmask} {next-hop route IP address}
Example: Terayon CMTS (config)# ip route 0.0.0.0 0.0.0.0 192.168.24.12.
In this example ,network prefix and netmask are fill with 0. This identifies all packet data should route to 192.168.24.12.
12
AAI conceptAAI concept
Aggregate Access Interface Cable modem access interface provided by CMTS. Handles the routing of IP packets to the multiple physic
al cable interface ,thus keeping the HFC-plant configuration independent of the IP address domains.
You can configure the baseline IP network to use a private or non-routable network IP address for CMs only. This avoids the use of public IP addresses for CMs
13
Aggregated Access InterfaceAggregated Access Interface
Configuring the AAIConfiguring the AAI Type interface access 0 to get into the access configu
ration context. Type ip address a.b.c.d e.f.g.h to identifies the CM a
ccess network IP Type ip address a.b.c.d e.f.g.h secondary to identifie
s the CPE access network IP Type cable helper-address {ip-address} [cable-mod
em | host] to identifies the DHCP server’s address. Example: Terayon CMTS(config-if-AAI-0)# cable he
lper 192.168.24.12
15
Configuring the AAIConfiguring the AAI
Configure the gateway interface address (giaddr) for the CM and CPE access networks on the global Aggregated Access using the command:
cable dhcp-giaddr {policy | primary} If you select policy , the CM and CPE networks use a di
fferent giaddr . If you select primary , the CM and CPE networks use th
e same giaddr.
Example: Terayon CMTS ( config-if-AAI-0) # cable dhcp- giaddr policy
16
MIC configuringMIC configuring Type interface cable CMTS unit number to spe
cify the unit you want to configure. Type cable shared-secret word to specify the
shared-secret authentication string. Use no prefix to disable MIC. Example: Terayon CMTS (config-if-1) # cable
shared-secret DOCSIS Default string.
annex A : Euro-DO annex B : DOCSIS
One of the many features the CMTS has is its ability to verify the authentication of a DOCSIS® modem. This is accomplished through the authentication string the modem downloads in its configuration file.The authentication string is encrypted , then the modem transmits the string to the CMTS for verification. The process is called Message Integrity Check.
RF ConfigurationRF Configuration Type interface cable CMTS unit number to specify the unit you want to configure.
Downstream configuration Type cable downstream frequency to specify the center frequency
of the downstream channel. The valid ranges for the value are :– <91MHz – 857MHz> for no.America and Japan– <112MHz – 858MHz> for Europe.
Type cable downstream power to specify the power level that CMTS output.
Use the following command to set the downstream modulation type
cable downstream modulation {64qam | 256qam}
RF ConfigurationRF ConfigurationUpstream configuration
Type cable upstream {0-3} {0|1} frequency to specify the upstream center frequency.
– The parameter {0-3} indicates the physical upstream port you are configuring
– The parameter {0|1} indicates the channel mode to which the center frequency will apply.
• 0 for TDMA• 1 for S-CDMA
– The frequency value’s valid ranges are:• <5MHz – 42MHz> for North-America• <5MHz – 65MHz> for Europe• <5MHz – 55MHz> for Japan
RF ConfigurationRF Configuration
Verify the US / DS center frequencies Terayon CMTS (config-if-1)# do show cable 1 ups
tream 0 0 Terayon CMTS (config-if-1)# do show cable 1 ups
tream 0 1 Terayon CMTS (config-if-1)# do show cable 1 do
wnstream
Enabling the interface Type no shutdown to enable CMTS unit interfaces.
RF ConfigurationRF Configuration
Example: Terayon CMTS (config-if-1)#cable upstream 0 0 freq 300000
00 Terayon CMTS (config-if-1)#cable downstream freq 8020000
00 Terayon CMTS (config-if-1)# no shutdown
This command enables the CMTS Unit MAC interface Terayon CMTS (config-if-1)# no cable upstream 0 shutdown Terayon CMTS (config-if-1)# no cable upstream 0 0 shutdow
n Terayon CMTS (config-if-1)# no cable downstream shutdown
DOCSIS 1.0 / 1.1 /2.0DOCSIS 1.0 / 1.1 /2.0
Item upstream BPI
DOCSIS1.0 TDMA disable
DOCSIS1.1 TDMA enable
DOCSIS2.0 S-CDMA enable
Viewing StatusViewing Status
Viewing Cable Interface Status Terayon CMTS(config-if-1) # do show interfaces cable Intf Type MTU Speed MACaddr. Oper Admin status (bps) status status
Viewing Cable Modem Status do show cable modem MAC IP Cable Prim Chan MAC Timing RxPwr Unm Address Address I/F SID Mode State offset (db) CPE
00e0.6f23.72c0 111.121.1.200 1/1/0/0 8 tdma online(t) 285 0 1
BPI BPI
Baseline Privacy Initialization Security is an issue of prime importance with the
CMTS. By the term security we mean access and privilege levels ,authentication ,network privacy ,data filtering, and hostile-attack protection.
download configuration file from server to determine enable BPI or disable.
Use the cable privacy command to enter the configuration for privacy and BPI
Configuring cable privacyConfiguring cable privacy
Create a list of trusted / un-trusted cable modem Use the cable privacy hotlist command to create a list (Hotlis
t) of un-trusted cable modem Cable modem on the Hotlist are never authorized and are al
ways denied service. Use the cable privacy trusted-list command to create a list (tr
usted-list) of trusted cable modem Cable modem on the trusted-list are always authorized for se
rvice and no authentication checking is performed. The same cable modem cannot be entered on both Hotlist an
d Trusted-list lists. Terayon CMTS(config)# [no] cable privacy hotlist H.H.H {m
anufacturer cert-ref-no} . Where H.H.H specifies a MAC address and cert-ref-no is the reference number assigned to this Manufacturer’s Certificate.
Configuring cable privacyConfiguring cable privacy
Certificate– Use the cable privacy certificate {root | manufacturer} cert-ref-no comma
nd to enable or disable CA certificates.– The CMTS maintains a list of known certificates classified in three categ
ories,Root and Manufacturer Certificates.– Root Certificates added are marked as ‘root’ and by default marked truste
d.for operation purposes , the system requires only one active Root Certificate.
– Manufacturer Certificates added are marked as ‘trusted’ by default.The command cable privacy hotlist allows marking a Certificate as ‘un-trusted’.
Configuring cable privacyConfiguring cable privacy
Certificate (continue)
– Manufacturer Certificates can be added/ modified.When the certificate be added , a unique reference number is automatically assigned to it and displayed on the command line.This reference number may be used later to display information about this certificate or to delete this certificate from the database.
– Example: Terayon CMTS(config)# cable privacy certificate root cert-re
f-no 2 for American or Japan. Terayon CMTS(config)# cable privacy certificate root cert-re
f-no 3 for Europe.
Configuring cable privacyConfiguring cable privacy
Self-signed Certificates– The CMTS policy to accept self-signed manufacturer
certificates from cable modems at authorization time.– Use the accept-self-signed-certificate command to accept self-
signed manufacturer certificates.– It is always set on a per-cable-line-card basis.
Enabling the Validity Period Check– The CMTS verifies the validity period of cable modem
certificates( at KEK exchange times), using its time-of-day clock as the time reference for the verification.
– Use the validity-period-check command to force verification of the modem certificate validity period.
Configuring cable privacyConfiguring cable privacy
Key Encryption Key/Traffic Encryption Key lifetime– When BPI is enabled (in the cable modem configuration file),the C
MTS and the cable modem use authorization and encryption / decryption for packet across the HFC interface.The BPI is configured with KEKs and TEKs.
– A KEK is assigned to a cable modem based on the cable modem’s service identifier(SID) and permits the connection when baseline privacy is activated.
– The TEK is assigned to a cable modem when its KEK has been established.It is used to encrypt data traffic between cable modems.
– KEK and TEK can be set to expire based on a lifetime value.New keys are requested before the current ones expire.
– Use the no form of the command to return to the default condition .
Configuring cable privacyConfiguring cable privacy
Setting the Registration Timeout– Use the registration-timeout command to set the value of the
DOCSIS registration timeout timer(T9 timeout) on a particular interface.
– The registration timeout is the time allowed between the CMTS sending a RNG-RSP (ring-response success) to a CM and receiving a REG-REQ(registration request) from that same CM.
Configuring the Shared Secret String(MIC)– Use the default cable shared-secret command to set the default
shared secret string.
Configuring cable privacyConfiguring cable privacy
Setting UP Basic Access Control Lists– This allows defining a list of host names or IP address
to be permitted or denied access.
Display and diagnose security parameters– Displaying Privacy certificates
show cable privacy certificate {root | manufacturer cert-ref-no} show cable privacy certificate modem H.H.H
– Displaying Interface Privacy Information show cable privacy interface
The modem configuration fileThe modem configuration file The modem configuration file is stored as a binary
file.It can be edited using a special tool. Use a designated TFTP server to make your modem
configuration file available for remote configuration. Example setting for DOCSIS2.0 modem:
o Privacy Enable(29) =0 o Service Flow Reference(24.1) = 1o Quality of Service Parameter Set Type (24.6) = 7o Network Access Control Object(3) = 1 o Maximum Number of CPEs (18) = 2 o Upstream Service Flow encoding(24) o Downstream Service Flow Encoding(25)o Service Flow Reference (25.1) = 5 o Quality of Service Parameter Set Type (25.6) = 7
The DHCP Relay AgentThe DHCP Relay Agent
Each modem and host can get an IP address and IP information from a DHCP server connected to the CMTS.The CMTS servers as a relay agent between the DHCP server and the modems and implements the DHCP/BootP relay agent.
The DHCP Relay AgentThe DHCP Relay Agent
Address Resolution Protocol FunctionAddress Resolution Protocol Function
The CMTS supports the ARP protocol, a protocol used to obtain a device physical (layer 2 MAC) address based on its logical (layer 3 IP) address.In short,ARP binds high level IP address to low level physical address.However , the CMTS handles ARP differently for the backbone , management, and cable interface.
Entries both for CM and CPE. Each ARP table entry associates a single IP address with a singe host.
Supporting Dynamic and Static ARP entries Extended ARP type ARP learning
ARP FunctionARP Function
ARP configurationARP configuration
Aging timeout – This allows you to set the threshold when you wan
t dynamic ARPs to age out
– Terayon CMTS(config)# arp timeout <30-86401>. Where <30-86401> is the timeout value in seconds. The value 86401 indicates that there is no timeout and the dynamic ARPs do not age out.
ARP configurationARP configuration
Proxy ARP– The Proxy ARP feature works on only the cable network side of
the CMTS.– This reduces network ARP traffic overhead ,thus improving
network performance, and at the same time increases network security
– When a cable network host send an ARP request to the CMTS, instead of broadcasting that request to the cable modem network ,the CMTS responds to the ARP request and then relays the request to the appropriate host on the cable network.In the host ARP tables, the destination MAC address is always the CMTS MAC address
– The default condition of the Proxy ARP feature is enabled
ARP configurationARP configuration
ARP Learning feature– This enables you to stop clients that obtain IP addresses via dynamic
ARP from passing traffic,thus forcing the client (CPE) to obtain an IP address via a DHCP transaction.
– If you disable ARP Learning on the access side, the CMTS ARP table entries only from Static ARP and DHCP ARP assignments.Dynamic ARPs and host MAC addresses for Static-host ARPs are not learned.
– The ability to enable and disable ARP Learning gives you strict control over ARP table entries,resulting in a higher degree of protection against IP address spoofing.(unauthorized devices attempting to steal or mimic a valid IP address).
– The default condition for ARP learning on the access side is enabled
ARP configurationARP configuration
Clear ARPs on Modem Reset– You may configure the CMTS to clear (remove) CPE
ARPs whenever a cable modem resets.– This may be useful when the IP limit for a modem is 2
or greater– If the Lease Query (source IP address verification) feat
ure is disabled ,then enabling the ARP clear-on-reset feature has no effect.
– Terayon CMTS(config)# arp clear-on-reset
Server ConfigurationServer Configuration
Operating System (OS)– Win2000 professional
Service Path 4 Internet Information Services.
– Win2000 Server– Win2000 Advance Server
Software– Cisco Network Register 3.0 (DHCP Server)
– tardis2000nt (TOD Server) – TFTP 2000 (TFTP Server)
Server ConfigurationServer Configuration
Internet Information Services– HTTP support– Web service– FTP support
Setup1. Start 2. Setting 3.Control Panel 4.
Add/Remove Programs 5.Add/Remove Windows Component 6.Windows Component Wizard 7.Select IIS 8. Press Next Finish
– FTP service– Scripts support– POP3 / SMTP support
IIS setupIIS setup
IIS setupIIS setup
IIS setupIIS setup
After finished software install.The following folders will be created in disk C.– Inetpub
FTProot WWWroot
The file which named default.htm in WWWroot will used as the web server’s default web.
The files in FTProot will displayed in FTP server’s folder.
IIS setupIIS setupDefault.htm
FTP ConfigurationFTP Configuration
Enabling FTP service– 1.Start 2. Setting 3.Control Panel 4.
Administrative tools 5.Service 6. Select FTP Publishing Service 7.Start the service 8. Set the start-up type automatic Finish
Copy files you want to shell to FTProot.
Enabling FTP Enabling FTP serviceservice
Enabling FTP Enabling FTP serviceservice
FTP Publishing Service
DHCP ConfigurationDHCP Configuration
Software setup Login in the system Add scope Policy configuration
Time offset Router DHCP lease time Time Server Packet file name Log server
Use interface configuration
TOD setupTOD setup
Log into your Windows NT system as a user with administrative privileges. Tardis 2000 NT must be installed and configured by someone with administrative privileges.
Run the tardis2000NT.exe program and Tardis 2000 will automatically be installed.
Choose start service / stop service as show in the following figure
Run Tardis 2000 NTRun Tardis 2000 NT
TFTP setupTFTP setup
If you use TFTPD32.exe , Start the program at the same path of the CM configuration file
If you use TFTP server pro 2000 ,configured the input path as the CM configuration file’s location
TroubleshootingTroubleshooting
Understand show command Responses– show cable modem– show interface cable– show cable privacy– show arp– show run
Understand CM online procedure Understand CM online message Troubleshooting Cable Modem State
TroubleshootingTroubleshooting Cisco CM State
– Offline State– Ranging Process
init(r1),init(r2),init(rc)state
– DHCP init(d) , init ( i ) state
– TOD exchange: init(t) state– Option file transfer started : init (o) state– Online
Online , Online(d) ,Online(pt) state
– Reject reject(pk) , reject(pt) , reject(m) ,reject(c) state
TroubleshootingTroubleshooting
Terayon CM State– Offline
Offline , Offline(lr) , offline (ad) state
– Ranging Process init(r ) ,init(rc) ,init(ds) ,init(os) ,init(ip) state
– Online Online(pd),Online(tek) ,Online(kek) ,Online(t)
TroubleshootingTroubleshooting
Offline state most common reasons Weak carrier signal ( too much noise ). Incorrect Downstream Center Frequency Incorrect Frequency Specified in the DOCSIS file Absence of downstream digital QAM modulated signal Incorrect frequency specified in cable modem change-frequency on t
he CMTS router
Offline (lr) & Offline (ad) Offline (lr) :The line-card on which the modem came up on last time
was deleted. Offline (ad): The modem is denied access. Check the configuration fi
le of the modem.
TroubleshootingTroubleshooting
Ranging process At this stage , the CM begins a ranging process to calculate th
e necessary transmit power level to reach the CMTS at its desired input power level
Cisco init(r1) : Cable modem sent initial ranging init(r2) : Cable modem is ranging init(rc) : Cable modem ranging complete
Terayon init(r ) : The modem is in ranging modem
TroubleshootingTroubleshooting
DHCP state After successful ranging ,it needs to acquire network configur
ation via DHCP. The CM sends a DHCP request and the CMTS relays those DHCP packets in both direction.
DHCP request received– Cisco : init (d)– Terayon
init (rc) : the modem is unable to get a DHCP address. init (ds) : DHCP discover is sent and waiting for offer.
TroubleshootingTroubleshooting
DHCP request received state most common reason.
Missing cable helpler-address <IP-address> command on the CMTS or incorrect < IP-address>
DHCP server down IP connectivity issue from the CMTS to the DHCP server Wrong default gateway configured at the DHCP server Low transmit power at the CM or low upstream SNR,see RF
Specifications DHCP server overload DHCP server is out of IP addresses Reserved IP address for modem is inside wrong scope.
TroubleshootingTroubleshooting
DHCP reply received ; IP address assigned Cisco: init( i ) Terayon : init( os )
Most common reason Incorrect or invalid DOCSIS file specified in the DHCP serve
r TFTP server issues , for example incorrect ip address,TFTP se
rver unreachable Problems getting TOD or Timing Offset Incorrect Router setting in the DHCP configuration
TroubleshootingTroubleshooting
TOD exchange – init( t ) state You can only see this at Cisco’s CMTS Almost always point to a DHCP mis-configuration Wrong TOD server address TOD server is unavailable.
TroubleshootingTroubleshooting
Option file transfer started state Cisco : init ( o ) Terayon : init (ip)
Most common reason Incorrect,corrupt (for example: ASCII instead of binary), or m
issing DOCSIS configuration file. Unable to reach the TFTP server ,either is unavailable , too b
usy or no IP connectivity Invalid or missing Configuration Parameter in DOCSIS file Wrong file permissions on the TFTP server
TroubleshootingTroubleshooting Online state
– Cisco online : Cable modem registered , enabled for data online(d) : Cable modem registered ,but network access for the cabl
e modem is disabled online(pk): Cable modem registered , BPI enabled and KEK assign
ed online(pt) : Cable modem registered,BPI enabled and TEK assigned
– Terayon online(pd) online(tek) online(kek) online(t)
TroubleshootingTroubleshooting
Reject state– Cisco
Reject(pk) and Reject(pt) state Reject(m)
Most common reason– Reject(pk) and Reject(pt) state
Some problem with the BPI configuration
– Reject(m) Some problem with the MIC
TroubleshootingTroubleshooting
Full of log– application program log
Clear log at the server
– CM record log Clear log at CMTS
Example: Terayon CMTS # clear cable modem offline delete
Thank you !Thank you !
Devil