Cable Modem Terminate

System
Setup

主講: Devil_huang
What is CMTS ?
Cable Modem Terminate
System (CMTS)

1. The Router
2. Gateway

1
1.The Router
Route data between a cable modem
network and a head-end internetwork

2.Gateway
CMTS provides the encapsulation
and de-capsulation of DOCSIS traffic.
In upstream traffic ,it translates DOCSIS data to IP
data then forwards to backbone network.
In downstream traffic , it translates IP data to DOCSIS
data and forwards the result to a cable modem.
2
Simplified Cable Headend Configuration for Two-way Data 3
CMTS function
 Performing MAC and PHY
reception and transmission
functions
 Packet classification
 Priority queuing  Data encryption
 Modification
 Encapsulating packets in the
 Filtering data link layer
 Routing
 Extracts Ethernet packets
 Priority routing
 Tunes each upstream channel
 Proxy services
 Demodulates upstream data
 Modulates downstream data
 Adding forward error correction 4
CMTS: Cable Modem Terminate System
CM: Cable Modem
Abbreviation
DOCSIS: Data Over Cable Service Interface
Specification
DHCP: Dynamic Host Configuration Protocol
CPE: Customer Premises Equipment SNMP: Simple Network
ISP: Internet Service Provider Management Protocol
TFTP: Trivial File Transfer Protocol BPI: Baseline Privacy Initialization
TOD: Time Of Date ACL: Access Control List
ARP: Address Resolution Protocol CLI: Command Line Interface
AAI: Aggregate Access Interface QoS: Quality Of Service
MIC: Message Integrity Check CMS: Call Management Server
CA: Certificate Authority RKS: Record Keeping server
5
MIB: Management Information Base
Architecture
MSO Backbone Network
 Next-hop Router
 DHCP/FTP/WEB Server
 ISP

CM Access Network
 CPE
 CM

6
Packet-Cable Functionality chart
Sample Network
What should be specify ?
 Cable Access Interface
 Fast Ethernet Interface
 Backbone Router
 DHCP / TFTP / TOD / Log server
 MIC Configuration
 Privacy Configuration
 RF Configuration
 CMTS Unit Interfaces
9
Logging In CMTS
Privilege modes
 Non-privileged Mode:can access all reports and
diagnostics cannot modify the system configuration
 Privileged Mode: can modify the system configuration

Logging In
 Type enable puts the CLI in Privileged mode.
 Need password to access
 Type config terminate to get into the configuration context.
And type username devil password letmein to create new user account.
 Type do show username to verify the account.

10
 Configuring A Backbone Fast
Ethernet Interface
 Type configure t to get into configuration context , where
you can start configuring
 Type interface fastethernet {0/0/0 | 0/0/1| 0/0/2 | 0/0/3}
 This command identifies specific fast Ethernet interface
you are about to configure.
 Type ip address a.b.c.d e.f.g.h
 This command identifies a.b.c.d as the fast Ethernet ‘s IP
address, e.f.c.d as its subnet mask.
 Type do show interface ip to verify the configuration
 Type no shutdown to enable the interface.
 Example: Terayon CMTS(config-if 0/0/0) # ip add
192.168.24.11 255.255.255.0
11
Configuring the Next-Hop Route

 The next-hop route defines the backbone router the CMTS

is connected to.In the factory , it always be combined to
the server directly.So the route IP address will be replaced
with the server’s IP address.
 Type ip route {network prefix} {netmask} {next-hop route
IP address}
 Example: Terayon CMTS (config)# ip route 0.0.0.0 0.0.0.0
192.168.24.12.
 In this example ,network prefix and netmask are fill with 0.
This identifies all packet data should route to
192.168.24.12.
12
 AAI concept
Aggregate Access Interface
 Cable modem access interface provided by CMTS.
 Handles the routing of IP packets to the multiple
physical cable interface ,thus keeping the HFC-plant
configuration independent of the IP address domains.
 You can configure the baseline IP network to use a
private or non-routable network IP address for CMs
only. This avoids the use of public IP addresses for
CMs

13
Aggregated Access Interface
Configuring the AAI
 Type interface access 0 to get into the access
configuration context.
 Type ip address a.b.c.d e.f.g.h to identifies the CM
access network IP
 Type ip address a.b.c.d e.f.g.h secondary to
identifies the CPE access network IP
 Type cable helper-address {ip-address} [cable-
modem | host] to identifies the DHCP server’s
address.
 Example: Terayon CMTS(config-if-AAI-0)# cable
helper 192.168.24.12
15
Configuring the AAI
Configure the gateway interface address (giaddr) for the
CM and CPE access networks on the global Aggregated
Access using the command:
cable dhcp-giaddr {policy | primary}
 If you select policy , the CM and CPE networks use a
different giaddr .
 If you select primary , the CM and CPE networks use
the same giaddr.
Example: Terayon CMTS ( config-if-AAI-0) # cable dhcp-
giaddr policy

16
 MIC configuring
 Type interface cable CMTS unit number to
specify the unit you want to configure.
 Type cable shared-secret word to specify the
shared-secret authentication string.
 Use no prefix to disable MIC.
 Example: Terayon CMTS (config-if-1) # cable
shared-secret DOCSIS
 Default string.
 annex A : Euro-DO
 annex B : DOCSIS
One of the many features the CMTS has is its ability to verify
the authentication of a DOCSIS® modem. This is accomplished
through the authentication string the modem downloads in its
configuration file.The authentication string is encrypted , then the
modem transmits the string to the CMTS for verification. The
process is called Message Integrity Check.
 RF Configuration
 Type interface cable CMTS unit number to specify the unit you want to
configure.
 Downstream configuration
 Type cable downstream frequency to specify the center
frequency of the downstream channel. The valid ranges for the
value are :
– <91MHz – 857MHz> for no.America and Japan
– <112MHz – 858MHz> for Europe.
 Type cable downstream power to specify the power level that
CMTS output.
 Use the following command to set the downstream
modulation type
cable downstream modulation {64qam | 256qam}
 RF Configuration
 Upstream configuration
 Type cable upstream {0-3} {0|1} frequency
to specify the upstream center frequency.
– The parameter {0-3} indicates the physical
upstream port you are configuring
– The parameter {0|1} indicates the channel mode
to which the center frequency will apply.
• 0 for TDMA
• 1 for S-CDMA
– The frequency value’s valid ranges are:
• <5MHz – 42MHz> for North-America
• <5MHz – 65MHz> for Europe
• <5MHz – 55MHz> for Japan
 RF Configuration

 Verify the US / DS center frequencies

 Terayon CMTS (config-if-1)# do show cable 1
upstream 0 0
 Terayon CMTS (config-if-1)# do show cable 1
upstream 0 1
 Terayon CMTS (config-if-1)# do show cable 1
downstream
 Enabling the interface
 Type no shutdown to enable CMTS unit interfaces.
 RF Configuration
 Example:
 Terayon CMTS (config-if-1)#cable upstream 0 0 freq
30000000
 Terayon CMTS (config-if-1)#cable downstream freq
802000000
 Terayon CMTS (config-if-1)# no shutdown
This command enables the CMTS Unit MAC interface
 Terayon CMTS (config-if-1)# no cable upstream 0 shutdown
 Terayon CMTS (config-if-1)# no cable upstream 0 0 shutdown
 Terayon CMTS (config-if-1)# no cable downstream shutdown
DOCSIS 1.0 / 1.1 /2.0

Item upstream BPI

DOCSIS1.0 TDMA disable

DOCSIS1.1 TDMA enable
DOCSIS2.0 S-CDMA enable
Viewing Status
 Viewing Cable Interface Status
Terayon CMTS(config-if-1) # do show interfaces cable
Intf Type MTU Speed MACaddr. Oper Admin
status (bps) status status

 Viewing Cable Modem Status

do show cable modem
MAC IP Cable Prim Chan MAC Timing RxPwr Unm
Address Address I/F SID Mode State offset (db) CPE

00e0.6f23.72c0 111.121.1.200 1/1/0/0 8 tdma online(t) 285 0 1

 BPI

 Baseline Privacy Initialization

 Security is an issue of prime importance with the
CMTS. By the term security we mean access and
privilege levels ,authentication ,network
privacy ,data filtering, and hostile-attack protection.
 download configuration file from server to
determine enable BPI or disable.
 Use the cable privacy command to enter the
configuration for privacy and BPI
Configuring cable privacy
 Create a list of trusted / un-trusted cable modem
 Use the cable privacy hotlist command to create a list
(Hotlist) of un-trusted cable modem
 Cable modem on the Hotlist are never authorized and are
always denied service.
 Use the cable privacy trusted-list command to create a list
(trusted-list) of trusted cable modem
 Cable modem on the trusted-list are always authorized for
service and no authentication checking is performed.
 The same cable modem cannot be entered on both Hotlist
and Trusted-list lists.
 Terayon CMTS(config)# [no] cable privacy hotlist H.H.H
{manufacturer cert-ref-no} . Where H.H.H specifies a MAC
address and cert-ref-no is the reference number assigned to
this Manufacturer’s Certificate.
Configuring cable privacy

 Certificate
– Use the cable privacy certificate {root | manufacturer} cert-ref-no
command to enable or disable CA certificates.
– The CMTS maintains a list of known certificates classified in three
categories,Root and Manufacturer Certificates.
– Root Certificates added are marked as ‘root’ and by default marked
trusted.for operation purposes , the system requires only one active Root
Certificate.
– Manufacturer Certificates added are marked as ‘trusted’ by default.The
command cable privacy hotlist allows marking a Certificate as ‘un-
trusted’.
Configuring cable privacy

 Certificate (continue)
– Manufacturer Certificates can be added/
modified.When the certificate be added , a unique
reference number is automatically assigned to it and
displayed on the command line.This reference number
may be used later to display information about this
certificate or to delete this certificate from the database.
– Example:
 Terayon CMTS(config)# cable privacy certificate root cert-ref-
no 2 for American or Japan.
 Terayon CMTS(config)# cable privacy certificate root cert-ref-
no 3 for Europe.
Configuring cable privacy
 Self-signed Certificates
– The CMTS policy to accept self-signed manufacturer
certificates from cable modems at authorization time.
– Use the accept-self-signed-certificate command to accept self-
signed manufacturer certificates.
– It is always set on a per-cable-line-card basis.
 Enabling the Validity Period Check
– The CMTS verifies the validity period of cable modem
certificates( at KEK exchange times), using its time-of-day clock
as the time reference for the verification.
– Use the validity-period-check command to force verification of
the modem certificate validity period.
Configuring cable privacy
 Key Encryption Key/Traffic Encryption Key lifetime
– When BPI is enabled (in the cable modem configuration file),the
CMTS and the cable modem use authorization and encryption /
decryption for packet across the HFC interface.The BPI is
configured with KEKs and TEKs.
– A KEK is assigned to a cable modem based on the cable modem’s
service identifier(SID) and permits the connection when baseline
privacy is activated.
– The TEK is assigned to a cable modem when its KEK has been
established.It is used to encrypt data traffic between cable modems.
– KEK and TEK can be set to expire based on a lifetime value.New
keys are requested before the current ones expire.
– Use the no form of the command to return to the default condition .
Configuring cable privacy

 Setting the Registration Timeout

– Use the registration-timeout command to set the value of the
DOCSIS registration timeout timer(T9 timeout) on a particular
interface.
– The registration timeout is the time allowed between the CMTS
sending a RNG-RSP (ring-response success) to a CM and
receiving a REG-REQ(registration request) from that same CM.
 Configuring the Shared Secret String(MIC)
– Use the default cable shared-secret command to set the default
shared secret string.
Configuring cable privacy

 Setting UP Basic Access Control Lists

– This allows defining a list of host names or IP address
to be permitted or denied access.
 Display and diagnose security parameters
– Displaying Privacy certificates
 show cable privacy certificate {root | manufacturer cert-ref-no}
 show cable privacy certificate modem H.H.H
– Displaying Interface Privacy Information
 show cable privacy interface
The modem configuration file
 The modem configuration file is stored as a binary
file.It can be edited using a special tool.
 Use a designated TFTP server to make your modem
configuration file available for remote configuration.
 Example setting for DOCSIS2.0 modem:
o Privacy Enable(29) =0
o Service Flow Reference(24.1) = 1
o Quality of Service Parameter Set Type (24.6) = 7
o Network Access Control Object(3) = 1
o Maximum Number of CPEs (18) = 2
o Upstream Service Flow encoding(24)
o Downstream Service Flow Encoding(25)
o Service Flow Reference (25.1) = 5
o Quality of Service Parameter Set Type (25.6) = 7
The DHCP Relay Agent

 Each modem and host can get an IP

address and IP information from a
DHCP server connected to the
CMTS.The CMTS servers as a relay
agent between the DHCP server and the
modems and implements the
DHCP/BootP relay agent.
The DHCP Relay Agent
Address Resolution Protocol Function

 The CMTS supports the ARP protocol, a protocol

used to obtain a device physical (layer 2 MAC) address
based on its logical (layer 3 IP) address.In short,ARP
binds high level IP address to low level physical
address.However , the CMTS handles ARP differently
for the backbone , management, and cable interface.
 Entries both for CM and CPE. Each ARP table entry
associates a single IP address with a singe host.
 Supporting Dynamic and Static ARP entries
 Extended ARP type
 ARP learning
ARP Function
ARP configuration

 Aging timeout
– This allows you to set the threshold when you
want dynamic ARPs to age out
– Terayon CMTS(config)# arp timeout <30-86401>.
Where <30-86401> is the timeout value in seconds.
The value 86401 indicates that there is no timeout
and the dynamic ARPs do not age out.
 ARP configuration
 Proxy ARP
– The Proxy ARP feature works on only the cable network side of
the CMTS.
– This reduces network ARP traffic overhead ,thus improving
network performance, and at the same time increases network
security
– When a cable network host send an ARP request to the CMTS,
instead of broadcasting that request to the cable modem
network ,the CMTS responds to the ARP request and then relays
the request to the appropriate host on the cable network.In the host
ARP tables, the destination MAC address is always the CMTS
MAC address
– The default condition of the Proxy ARP feature is enabled
ARP configuration
 ARP Learning feature
– This enables you to stop clients that obtain IP addresses via dynamic
ARP from passing traffic,thus forcing the client (CPE) to obtain an IP
address via a DHCP transaction.
– If you disable ARP Learning on the access side, the CMTS ARP table
entries only from Static ARP and DHCP ARP assignments.Dynamic
ARPs and host MAC addresses for Static-host ARPs are not learned.
– The ability to enable and disable ARP Learning gives you strict
control over ARP table entries,resulting in a higher degree of
protection against IP address spoofing.(unauthorized devices
attempting to steal or mimic a valid IP address).
– The default condition for ARP learning on the access side is enabled
ARP configuration

 Clear ARPs on Modem Reset

– You may configure the CMTS to clear (remove) CPE
ARPs whenever a cable modem resets.
– This may be useful when the IP limit for a modem is 2
or greater
– If the Lease Query (source IP address verification)
feature is disabled ,then enabling the ARP clear-on-
reset feature has no effect.
– Terayon CMTS(config)# arp clear-on-reset
Server Configuration
 Operating System (OS)
– Win2000 professional
 Service Path 4
 Internet Information Services.
– Win2000 Server
– Win2000 Advance Server
 Software
– Cisco Network Register 3.0 (DHCP Server)
– tardis2000nt (TOD Server)
– TFTP 2000 (TFTP Server)
 Server Configuration
 Internet Information Services
– HTTP support – FTP service
– Web service – Scripts support
– FTP support – POP3 / SMTP support

 Setup
1. Start  2. Setting  3.Control Panel  4.
Add/Remove Programs  5.Add/Remove Windows
Component  6.Windows Component Wizard 
7.Select IIS  8. Press Next  Finish
IIS setup
IIS setup
 IIS setup

 After finished software install.The following

folders will be created in disk C.
– Inetpub
 FTProot
 WWWroot
 The file which named default.htm in WWWroot
will used as the web server’s default web.
 The files in FTProot will displayed in FTP
server’s folder.
 Default.htm
IIS setup
FTP Configuration

 Enabling FTP service

– 1.Start  2. Setting  3.Control Panel  4.
Administrative tools  5.Service  6. Select
FTP Publishing Service  7.Start the service
 8. Set the start-up type automatic  Finish
 Copy files you want to shell to FTProot.
Enabling FTP
service
FTP Publishing Service

Enabling FTP
service
 DHCP Configuration
 Software setup
 Login in the system
 Add scope
 Policy configuration
 Time offset
 Router
 DHCP lease time
 Time Server
 Packet file name
 Log server
 Use interface configuration
 TOD setup
 Log into your Windows NT system as a user with
administrative privileges. Tardis 2000 NT must be
installed and configured by someone with
administrative privileges.
 Run the tardis2000NT.exe program and Tardis
2000 will automatically be installed.
 Choose start service / stop service as show in the
following figure
Run Tardis 2000 NT
TFTP setup

 If you use TFTPD32.exe , Start the

program at the same path of the CM
configuration file
 If you use TFTP server pro
2000 ,configured the input path as the CM
configuration file’s location
Troubleshooting
 Understand show command Responses
– show cable modem
– show interface cable
– show cable privacy
– show arp
– show run
 Understand CM online procedure
 Understand CM online message
 Troubleshooting Cable Modem State
Troubleshooting
 Cisco CM State
– Offline State
– Ranging Process
 init(r1),init(r2),init(rc)state
– DHCP
 init(d) , init ( i ) state
– TOD exchange: init(t) state
– Option file transfer started : init (o) state
– Online
 Online , Online(d) ,Online(pt) state
– Reject
 reject(pk) , reject(pt) , reject(m) ,reject(c) state
Troubleshooting

 Terayon CM State
– Offline
 Offline , Offline(lr) , offline (ad) state

– Ranging Process
 init(r ) ,init(rc) ,init(ds) ,init(os) ,init(ip) state

– Online
 Online(pd),Online(tek) ,Online(kek) ,Online(t)
Troubleshooting

 Offline state most common reasons

 Weak carrier signal ( too much noise ).
 Incorrect Downstream Center Frequency
 Incorrect Frequency Specified in the DOCSIS file
 Absence of downstream digital QAM modulated signal
 Incorrect frequency specified in cable modem change-frequency on
the CMTS router
 Offline (lr) & Offline (ad)
 Offline (lr) :The line-card on which the modem came up on last time
was deleted.
 Offline (ad): The modem is denied access. Check the configuration
file of the modem.
Troubleshooting
 Ranging process
 At this stage , the CM begins a ranging process to calculate the
necessary transmit power level to reach the CMTS at its
desired input power level
 Cisco
 init(r1) : Cable modem sent initial ranging
 init(r2) : Cable modem is ranging
 init(rc) : Cable modem ranging complete
 Terayon
 init(r ) : The modem is in ranging modem
Troubleshooting

 DHCP state
 After successful ranging ,it needs to acquire network
configuration via DHCP. The CM sends a DHCP request and
the CMTS relays those DHCP packets in both direction.
 DHCP request received
– Cisco : init (d)
– Terayon
 init (rc) : the modem is unable to get a DHCP address.
 init (ds) : DHCP discover is sent and waiting for offer.
Troubleshooting

 DHCP request received state most common

reason.
 Missing cable helpler-address <IP-address> command on the
CMTS or incorrect < IP-address>
 DHCP server down
 IP connectivity issue from the CMTS to the DHCP server
 Wrong default gateway configured at the DHCP server
 Low transmit power at the CM or low upstream SNR,see RF
Specifications
 DHCP server overload
 DHCP server is out of IP addresses
 Reserved IP address for modem is inside wrong scope.
Troubleshooting

 DHCP reply received ; IP address assigned

 Cisco: init( i )
 Terayon : init( os )
 Most common reason
 Incorrect or invalid DOCSIS file specified in the DHCP server
 TFTP server issues , for example incorrect ip address,TFTP
server unreachable
 Problems getting TOD or Timing Offset
 Incorrect Router setting in the DHCP configuration
Troubleshooting

 TOD exchange – init( t ) state

 You can only see this at Cisco’s CMTS
 Almost always point to a DHCP mis-configuration
 Wrong TOD server address
 TOD server is unavailable.
Troubleshooting

 Option file transfer started state

 Cisco : init ( o )
 Terayon : init (ip)
 Most common reason
 Incorrect,corrupt (for example: ASCII instead of binary), or
missing DOCSIS configuration file.
 Unable to reach the TFTP server ,either is unavailable , too
busy or no IP connectivity
 Invalid or missing Configuration Parameter in DOCSIS file
 Wrong file permissions on the TFTP server
Troubleshooting
 Online state
– Cisco
 online : Cable modem registered , enabled for data
 online(d) : Cable modem registered ,but network access for
the cable modem is disabled
 online(pk): Cable modem registered , BPI enabled and KEK
assigned
 online(pt) : Cable modem registered,BPI enabled and TEK
assigned
– Terayon
 online(pd)
 online(tek)
 online(kek)
 online(t)
Troubleshooting

 Reject state
– Cisco
 Reject(pk) and Reject(pt) state

 Reject(m)

 Most common reason

– Reject(pk) and Reject(pt) state
 Some problem with the BPI configuration

– Reject(m)
 Some problem with the MIC
Troubleshooting

 Full of log
– application program log
 Clear log at the server

– CM record log
 Clear log at CMTS

 Example:
Terayon CMTS # clear cable modem offline delete
Thank you !

Devil