Filter
Top Products
Configuring Subscriber-End Broadband Access Router Features
Subscriber-End Broadband Access Router Configuration Prerequisites
MC-639
Cisco IOS Multiservice Applications Configuration Guide
Event 10—Comply with Baseline Privacy
During this event, keys for baseline privacy are exchanged between the Cisco uBR900 series and the
headend CMTS. A link level encryption is performed so that your data cannot be “sniffed” by anyone
else on the cable network.
Following is a trace showing Baseline Privacy enabled. The key management protocol is responsible for
exchanging two types of keys: KEKs and TEKs. The KEK, also referred to as the authorization key, is
used by the CMTS to encrypt the TEKs it sends to the Cisco uBR900 series. The TEKs are used to
encrypt/decrypt the data. There is a TEK for each SID that is configured to use privacy.
851.088 CMAC_LOG_STATE_CHANGE establish_privacy_state
851.094 CMAC_LOG_PRIVACY_FSM_STATE_CHANGE machine: KEK, event/state:
EVENT_1_PROVISIONED/STATE_A_START, new state: STATE_B_AUTH_WAIT
851.102 CMAC_LOG_BPKM_REQ_TRANSMITTED
851.116 CMAC_LOG_BPKM_RSP_MSG_RCVD
851.120 CMAC_LOG_PRIVACY_FSM_STATE_CHANGE machine: KEK, event/state:
EVENT_3_AUTH_REPLY/STATE_B_AUTH_WAIT, new state: STATE_C_AUTHORIZED
856.208 CMAC_LOG_PRIVACY_FSM_STATE_CHANGE machine: TEK, event/state:
EVENT_2_AUTHORIZED/STATE_A_START, new state: STATE_B_OP_WAIT
856.220 CMAC_LOG_BPKM_REQ_TRANSMITTED
856.224 CMAC_LOG_BPKM_RSP_MSG_RCVD
856.230 CMAC_LOG_PRIVACY_FSM_STATE_CHANGE machine: TEK, event/state:
EVENT_8_KEY_REPLY/STATE_B_OP_WAIT, new state: STATE_D_OPERATIONAL
856.326 CMAC_LOG_PRIVACY_INSTALLED_KEY_FOR_SID 2
856.330 CMAC_LOG_PRIVACY_ESTABLISHED
Note In order for Baseline Privacy to work, you must use a code image name on the
Cisco uBR900 series that contains the characters k1. In addition, Baseline Privacy must be
supported on the headend CMTS, and it must be turned on in the configuration file that is
downloaded to the cable access router.
Event 11—Enter the Maintenance State
As soon as the Cisco uBR900 series has successfully completed the above events, it enters the
operational maintenance state and is authorized to forward traffic into the cable network.
508178.322 CMAC_LOG_STATE_CHANGE maintenance_state
Subscriber-End Broadband Access Router Configuration
Prerequisites
In order to use the Cisco uBR900 series cable access router for data-over-cable or voice-over-cable
(VoIP) applications, the following tasks must be performed:
• All required CMTS routing and network interface equipment must be installed, configured, and
operational. This includes all headend routers, servers (DHCP, TFTP, and ToD), network
management systems, or other configuration or billing systems in use in your network.
• Based on the quality and capacity of your cable plant, your system administrator or network planner
must define your network IP address allocation plan, spectrum management plan outlining the
recommended operating parameters to optimize performance, channel plan identifying the channels
available to assign to specific Cisco uBR900 series cable access routers, and dial plan based on the
supported VoIP protocol.