Table of Contents
Advertisement
cable dynamic-secret
cable dynamic-secret
To enable the Dynamic Shared Secret feature, so that Data-over-Cable Service Interface Specifications
(DOCSIS) configuration files are verified with a Message Integrity Check (MIC) that has been created
with a dynamically generated shared secret, use the cable dynamic-secret command in cable interface
configuration mode. To disable this feature, use the no form of this command.
Syntax Description
lock
lock-qos
mark
reject
nocrypt
Defaults
The Dynamic Shared Secret feature is disabled. When enabled, the filenames for DOCSIS configuration
files are encrypted.
Command Modes
Interface configuration (cable interface only)
Cisco Broadband Cable Command Reference Guide
2-72
cable dynamic-secret {lock [lock-qos] | mark | reject} [nocrypt]
no cable dynamic-secret
Allows CMs that do not pass MIC verification to come online, but with
a restrictive quality of service (QoS) configuration that limits access to
the network. The CMTS also locks those CMs so that they must be
offline for 24 hours before being allowed to reregister with a valid
DOCSIS configuration file. (You can also manually unlock a cable
modem using the
clear cable modem lock
(Optional) Specifies the QoS profile to be assigned to the CM while it
is locked. The valid range is 1 to 256. If not specified, the CM is locked
into a CMTS-created profile that limits both the upstream and
downstream to 10 Kbps.
The QoS profile must have already been created before it can
Note
assigned using the lock lock-qos option.
Allows CMs to come online even if they do not present a DOCSIS
configuration file with a valid CMTS MIC, but the CMTS prints a
warning message and marks those CMs with an exclamation point (!)
in the show cable modem command.
Rejects registration for CMs with DOCSIS configuration files that
contain an invalid CMTS MIC.
(Optional) Specifies that the filename for DOCSIS configuration files
should not be encrypted when the Cisco CMTS sends the files to CMs.
The CMTS instead transmits the files using their original filenames.
The nocrypt option slightly decreases the security provided by the
dynamic shared secret feature, but it allows the operator to poll the
DOCSIS config file name listed by the cable modem for more
convenient network management.
Note
A cable modem that is running unauthorized or hacked
software can return whatever SNMP values the user desires.
This information should therefore not be trusted by the billing
and provisioning systems.
Chapter 2
Cisco CMTS Configuration Commands
command.)
OL-1581-08
Advertisement
Table of Contents
