Table of Contents
Advertisement
cable shared-secondary-secret
cable shared-secondary-secret
To configure one or more secondary shared-secret keys that CMs can use to successfully process the
DOCSIS configuration file and register with the CMTS, use the cable shared-secondary-secret
command in cable interface configuration mode. To remove the secondary shared secrets, use the no
form of this command.
Syntax Description
index index-num
0
7
authentication-key
Defaults
No secondary shared secret is used. If no encryption option is specified, the key is stored in the
configuration file as encrypted text if the service password-encryption command has also been given.
Command Modes
Interface configuration (cable interface only)
Command History
Release
12.2(8)BC2
Usage Guidelines
The cable shared-secondary-secret command can be used to supplement the
command so as to prevent unauthorized interception and alteration of the DOCSIS configuration file that
is downloaded to the CM during the registration process. The DOCSIS specification allows for a CM
and CMTS to use a shared secret (a secret encryption string) to calculate the MD5 Message Integrity
Check (MIC) value for the DOCSIS configuration file that is downloaded to the CM.
The CM must use the proper shared secret encryption string to successfully decrypt and process the
configuration file, and then register with the CMTS. If the CM does not have the proper encryption
string, it will be unable to calculate the proper MIC value, and the
show reject(m) for the modem to indicate a MIC authentication failure.
Cisco Broadband Cable Command Reference Guide
2-216
cable shared-secondary secret index index-num [0 | 7] authentication-key
no cable shared-secondary secret index index-num
Specifies the order in which the CMTS will use the secondary shared-secrets
to verify the CM during the registration process. The valid range is 1 to 16.
(Optional) Specifies that an unencrypted message will follow.
(Optional) Specifies that an encrypted message will follow.
Note
Text string specifying the shared secret string. When you also use the service
password-encryption command, the key is stored in encrypted form. The
text string can be any arbitrary string up to 80 characters in length.
Modification
This command was introduced.
As a general rule, the 7 option is not used by users at the command
line because it requires a pre-encrypted password. Typically, the 7
option is useful only when cutting and pasting commands from
another router's configuration file.
Chapter 2
Cisco CMTS Configuration Commands
cable shared-secret
show cable modem
command will
OL-1581-08
Advertisement
Table of Contents
