CMTS info

Helpful linux and DOCSIS/CMTS howtos and tips

Configuring uBR7246 VXR

1) Basics

Get to configure mode:

  enable
  configure terminal

Almost required basics:

  hostname UBR7246
  enable secret your_password
  ip subnet-zero
  ip cef
  ip classless

Disable CDP and other crap:

  no cdp run
  no ip http server
  no ip http secure-server
2) Cable interface configuration

Set DOCSIS standard(this case EuroDOCSIS)

  cable freq-range european

First cable interface configuration

  int cable 3/0

Security:

  cable tftp-enforce
  cable shared-secret CABLE_PASSWORD

First command makes CMTS accept only modems which downloaded configuration file from TFTP. Second sets the password which must be compiled into cable modems configuration file.

Since we want to conserve IP addresses it's beneficial to make a virtual bridges between cable interfaces so no subnets must be used.

  cable bundle 1

Downstream configuration

  cable downstream annex A              //European setting
  cable downstream modulation 64qam     //lowest modulation available
  cable downstream frequency 402000000  //free downstream frequency
  cable downstream rf-power 61          //Output power in dBmV

Upstream configuration

  cable upstream 0 frequency 56000000     //free upstream frequency
  cable upstream 0 docsis-mode tdma-atdma //Support docsis 1.1 and 2.0
  cable upstream 0 channel-width 3200000 3200000  //min/max channel width
  cable upstream 0 power-level -1         //CM transmit power level
  cable upstream 0 modulation-profile 141 //modulation profile
  cable upstream 0 equalization-coefficient //SNR boost
  cable upstream 0 load-balance group 1   //Assign to load balance group(optional)

Modulation profiles are changed automaticly after setting different docsis mode.

  <1-10>     DOCSIS 1.X Modulation Profile Group
  <141-150>  DOCSIS 1.X/2.0 Mixed Modulation Profile Group for MCU Line Card
  <241-250>  DOCSIS 2.0 Only ATDMA Modulation Profile Group for MCU Line Card
  <41-50>    DOCSIS 1.X Modulation Profile Group for MCU Line Card

Default values won't give you good performance but can work on almost any network. New, faster modualtion profiles can also be created (in this case QPSK/QAM-64 only)

  cable modulation-profile 142 mix-high

Turn on the interface and exit

  no shutdown
  no cable downstream rf-shutdown
  no cable upstream 0 shutdown
  exit

Create load balance group

  cable load-balance group 1 method utilization
  cable load-balance group 1 interval 60
  cable load-balance group 1 threshold load 20 enforce 50

Configure "Brigde" interface

  interface Bundle1
  ip address INTERNET_ROUTER_IP NETMASK secondary
  ip address MODEMS_ROUTER_IP NETMASK
  ip helper-address DHCP_IP_ADDRESS
  cable dhcp-giaddr policy strict
  cable source-verify
  exit

Last command makes sure that CMs and PCs get IPs from right pool.

3) Ethernet and other IP config

Configure GbE interface:

  interface gi 0/1
  ip address IP NETMASK
  no ip proxy-arp 
  ip mroute-cache
  ip route-cache cef
  ip route-cache same-interface
  exit

Having the uBR acting as an arp proxy is NOT a good thing. It brings confusion and security risks to your network

Configure default route and DNS server:

  ip route 0.0.0.0 0.0.0.0 NEXT_ROUTER'S_IP
  ip name-server DNS_IP
  ip cef
4) SSH:

Follow these commands to configure ssh1 on older cisco CMTS.

Warning only ssh 1 and DES supported!!

  aaa new model 
  username example_user secret example_password 
  ip domain name example_domain.com
  generate rsa general-keys label ssh_key modulus 2048
  ip ssh rsa keypair-name ssh_key
5) SNMP v3:

SNMP v3 on uBR allows you to use only DES to encrypt data. Caution is advised when allowing write access.

First create SNMP v3 group with encrypted, read only access. 

  snmp-server group some_read_group_name v3 priv

Next, SNMP v3 user must be created

  snmp-server user some_user_name some_read_group_name v3 auth sha some_auth_password priv des56 some_encrypt_pssword access std_access_list_num

Just to be sure

  snmp-server drop vrf-traffic

Remember to restrict access to SNMP with basic ACL.

6) Other stuff:

Remote query - get upstream power, downstream power, snr and modem info to UBR. Viewed by show cable modem modem_ip verbose

Sadly community string must be specified for snmp-server. To restrict access ACLs can't be used, but specifying empty view does the trick.

  snmp-server view nothing iso excluded 
  snmp-server community your_community_string view nothing RO
  snmp-server manager 
  cable modem remote-query 300 your_community_string
  cable modem remote-query src-ip ip_allowed_to_query_s

Configure line interfaces:

Console:

  line con 0
  logging synchronous 
  transport preferred none
  transport output all

In order it does: NOT make logs obscure the CLI, disable default telneting, allow telneting from console etc.

VTYs:

  line vty 0 255
  logging synchronous 
  transport preferred none
  transport output all
  transport input ssh
  exit

Last command restricts VTY access to SSH only.

Configure NTP client and time zone:

  clock timezone CET 1
  ntp update-calendar
  ntp peer NTP_IP_ADDR

Configure DHCP options copying - for MTAs etc.:

  ip dhcp relay information option

BPI+ problem resolved - if you see errors like this: 

%UBR7200-3-MAP_REJECT_DS_TRAFFIC_FLOW_NOT_MAPPED: <132>CMTS[DOCSIS]:<66060510> Map Reject - Downstream traffic flow not mapped to BPI+SAID.

Apparently multicast traffic is not encrypted, to do so execute:

ip access-list extended 100
  permit ip any 224.0.0.0 15.255.255.255
  exit
int bundle 1 #and any other bundles you have!
  cable match address 100
  exit
7) Finish:

Exit configure mode and save changes

  end
  wr mem

Template: designsbydarren.com on license
All trademarks belong to their respective owners. All materials presented here for informational purposes only.