Académique Documents
Professionnel Documents
Culture Documents
System
Setup
主講: Devil_huang
What is CMTS ?
Cable Modem Terminate
System (CMTS)
1. The Router
2. Gateway
1
1.The Router
Route data between a cable modem
network and a head-end internetwork
2.Gateway
CMTS provides the encapsulation
and de-capsulation of DOCSIS traffic.
In upstream traffic ,it translates DOCSIS data to IP
data then forwards to backbone network.
In downstream traffic , it translates IP data to DOCSIS
data and forwards the result to a cable modem.
2
Simplified Cable Headend Configuration for Two-way Data 3
CMTS function
Performing MAC and PHY
reception and transmission
functions
Packet classification
Priority queuing Data encryption
Modification
Encapsulating packets in the
Filtering data link layer
Routing
Extracts Ethernet packets
Priority routing
Tunes each upstream channel
Proxy services
Demodulates upstream data
Modulates downstream data
Adding forward error correction 4
CMTS: Cable Modem Terminate System
CM: Cable Modem
Abbreviation
DOCSIS: Data Over Cable Service Interface
Specification
DHCP: Dynamic Host Configuration Protocol
CPE: Customer Premises Equipment SNMP: Simple Network
ISP: Internet Service Provider Management Protocol
TFTP: Trivial File Transfer Protocol BPI: Baseline Privacy Initialization
TOD: Time Of Date ACL: Access Control List
ARP: Address Resolution Protocol CLI: Command Line Interface
AAI: Aggregate Access Interface QoS: Quality Of Service
MIC: Message Integrity Check CMS: Call Management Server
CA: Certificate Authority RKS: Record Keeping server
5
MIB: Management Information Base
Architecture
MSO Backbone Network
Next-hop Router
DHCP/FTP/WEB Server
ISP
CM Access Network
CPE
CM
6
Packet-Cable Functionality chart
Sample Network
What should be specify ?
Cable Access Interface
Fast Ethernet Interface
Backbone Router
DHCP / TFTP / TOD / Log server
MIC Configuration
Privacy Configuration
RF Configuration
CMTS Unit Interfaces
9
Logging In CMTS
Privilege modes
Non-privileged Mode:can access all reports and
diagnostics cannot modify the system configuration
Privileged Mode: can modify the system configuration
Logging In
Type enable puts the CLI in Privileged mode.
Need password to access
Type config terminate to get into the configuration context.
And type username devil password letmein to create new user account.
Type do show username to verify the account.
10
Configuring A Backbone Fast
Ethernet Interface
Type configure t to get into configuration context , where
you can start configuring
Type interface fastethernet {0/0/0 | 0/0/1| 0/0/2 | 0/0/3}
This command identifies specific fast Ethernet interface
you are about to configure.
Type ip address a.b.c.d e.f.g.h
This command identifies a.b.c.d as the fast Ethernet ‘s IP
address, e.f.c.d as its subnet mask.
Type do show interface ip to verify the configuration
Type no shutdown to enable the interface.
Example: Terayon CMTS(config-if 0/0/0) # ip add
192.168.24.11 255.255.255.0
11
Configuring the Next-Hop Route
13
Aggregated Access Interface
Configuring the AAI
Type interface access 0 to get into the access
configuration context.
Type ip address a.b.c.d e.f.g.h to identifies the CM
access network IP
Type ip address a.b.c.d e.f.g.h secondary to
identifies the CPE access network IP
Type cable helper-address {ip-address} [cable-
modem | host] to identifies the DHCP server’s
address.
Example: Terayon CMTS(config-if-AAI-0)# cable
helper 192.168.24.12
15
Configuring the AAI
Configure the gateway interface address (giaddr) for the
CM and CPE access networks on the global Aggregated
Access using the command:
cable dhcp-giaddr {policy | primary}
If you select policy , the CM and CPE networks use a
different giaddr .
If you select primary , the CM and CPE networks use
the same giaddr.
Example: Terayon CMTS ( config-if-AAI-0) # cable dhcp-
giaddr policy
16
MIC configuring
Type interface cable CMTS unit number to
specify the unit you want to configure.
Type cable shared-secret word to specify the
shared-secret authentication string.
Use no prefix to disable MIC.
Example: Terayon CMTS (config-if-1) # cable
shared-secret DOCSIS
Default string.
annex A : Euro-DO
annex B : DOCSIS
One of the many features the CMTS has is its ability to verify
the authentication of a DOCSIS® modem. This is accomplished
through the authentication string the modem downloads in its
configuration file.The authentication string is encrypted , then the
modem transmits the string to the CMTS for verification. The
process is called Message Integrity Check.
RF Configuration
Type interface cable CMTS unit number to specify the unit you want to
configure.
Downstream configuration
Type cable downstream frequency to specify the center
frequency of the downstream channel. The valid ranges for the
value are :
– <91MHz – 857MHz> for no.America and Japan
– <112MHz – 858MHz> for Europe.
Type cable downstream power to specify the power level that
CMTS output.
Use the following command to set the downstream
modulation type
cable downstream modulation {64qam | 256qam}
RF Configuration
Upstream configuration
Type cable upstream {0-3} {0|1} frequency
to specify the upstream center frequency.
– The parameter {0-3} indicates the physical
upstream port you are configuring
– The parameter {0|1} indicates the channel mode
to which the center frequency will apply.
• 0 for TDMA
• 1 for S-CDMA
– The frequency value’s valid ranges are:
• <5MHz – 42MHz> for North-America
• <5MHz – 65MHz> for Europe
• <5MHz – 55MHz> for Japan
RF Configuration
Certificate
– Use the cable privacy certificate {root | manufacturer} cert-ref-no
command to enable or disable CA certificates.
– The CMTS maintains a list of known certificates classified in three
categories,Root and Manufacturer Certificates.
– Root Certificates added are marked as ‘root’ and by default marked
trusted.for operation purposes , the system requires only one active Root
Certificate.
– Manufacturer Certificates added are marked as ‘trusted’ by default.The
command cable privacy hotlist allows marking a Certificate as ‘un-
trusted’.
Configuring cable privacy
Certificate (continue)
– Manufacturer Certificates can be added/
modified.When the certificate be added , a unique
reference number is automatically assigned to it and
displayed on the command line.This reference number
may be used later to display information about this
certificate or to delete this certificate from the database.
– Example:
Terayon CMTS(config)# cable privacy certificate root cert-ref-
no 2 for American or Japan.
Terayon CMTS(config)# cable privacy certificate root cert-ref-
no 3 for Europe.
Configuring cable privacy
Self-signed Certificates
– The CMTS policy to accept self-signed manufacturer
certificates from cable modems at authorization time.
– Use the accept-self-signed-certificate command to accept self-
signed manufacturer certificates.
– It is always set on a per-cable-line-card basis.
Enabling the Validity Period Check
– The CMTS verifies the validity period of cable modem
certificates( at KEK exchange times), using its time-of-day clock
as the time reference for the verification.
– Use the validity-period-check command to force verification of
the modem certificate validity period.
Configuring cable privacy
Key Encryption Key/Traffic Encryption Key lifetime
– When BPI is enabled (in the cable modem configuration file),the
CMTS and the cable modem use authorization and encryption /
decryption for packet across the HFC interface.The BPI is
configured with KEKs and TEKs.
– A KEK is assigned to a cable modem based on the cable modem’s
service identifier(SID) and permits the connection when baseline
privacy is activated.
– The TEK is assigned to a cable modem when its KEK has been
established.It is used to encrypt data traffic between cable modems.
– KEK and TEK can be set to expire based on a lifetime value.New
keys are requested before the current ones expire.
– Use the no form of the command to return to the default condition .
Configuring cable privacy
Aging timeout
– This allows you to set the threshold when you
want dynamic ARPs to age out
– Terayon CMTS(config)# arp timeout <30-86401>.
Where <30-86401> is the timeout value in seconds.
The value 86401 indicates that there is no timeout
and the dynamic ARPs do not age out.
ARP configuration
Proxy ARP
– The Proxy ARP feature works on only the cable network side of
the CMTS.
– This reduces network ARP traffic overhead ,thus improving
network performance, and at the same time increases network
security
– When a cable network host send an ARP request to the CMTS,
instead of broadcasting that request to the cable modem
network ,the CMTS responds to the ARP request and then relays
the request to the appropriate host on the cable network.In the host
ARP tables, the destination MAC address is always the CMTS
MAC address
– The default condition of the Proxy ARP feature is enabled
ARP configuration
ARP Learning feature
– This enables you to stop clients that obtain IP addresses via dynamic
ARP from passing traffic,thus forcing the client (CPE) to obtain an IP
address via a DHCP transaction.
– If you disable ARP Learning on the access side, the CMTS ARP table
entries only from Static ARP and DHCP ARP assignments.Dynamic
ARPs and host MAC addresses for Static-host ARPs are not learned.
– The ability to enable and disable ARP Learning gives you strict
control over ARP table entries,resulting in a higher degree of
protection against IP address spoofing.(unauthorized devices
attempting to steal or mimic a valid IP address).
– The default condition for ARP learning on the access side is enabled
ARP configuration
Setup
1. Start 2. Setting 3.Control Panel 4.
Add/Remove Programs 5.Add/Remove Windows
Component 6.Windows Component Wizard
7.Select IIS 8. Press Next Finish
IIS setup
IIS setup
IIS setup
Enabling FTP
service
DHCP Configuration
Software setup
Login in the system
Add scope
Policy configuration
Time offset
Router
DHCP lease time
Time Server
Packet file name
Log server
Use interface configuration
TOD setup
Log into your Windows NT system as a user with
administrative privileges. Tardis 2000 NT must be
installed and configured by someone with
administrative privileges.
Run the tardis2000NT.exe program and Tardis
2000 will automatically be installed.
Choose start service / stop service as show in the
following figure
Run Tardis 2000 NT
TFTP setup
Terayon CM State
– Offline
Offline , Offline(lr) , offline (ad) state
– Ranging Process
init(r ) ,init(rc) ,init(ds) ,init(os) ,init(ip) state
– Online
Online(pd),Online(tek) ,Online(kek) ,Online(t)
Troubleshooting
DHCP state
After successful ranging ,it needs to acquire network
configuration via DHCP. The CM sends a DHCP request and
the CMTS relays those DHCP packets in both direction.
DHCP request received
– Cisco : init (d)
– Terayon
init (rc) : the modem is unable to get a DHCP address.
init (ds) : DHCP discover is sent and waiting for offer.
Troubleshooting
Reject state
– Cisco
Reject(pk) and Reject(pt) state
Reject(m)
– Reject(m)
Some problem with the MIC
Troubleshooting
Full of log
– application program log
Clear log at the server
– CM record log
Clear log at CMTS
Example:
Terayon CMTS # clear cable modem offline delete
Thank you !
Devil