You are on page 1of 210

BSR 64000 System

Administration
Guide
Compass ID: 391232199 Version 3
Release 6.3.1
Notice
EXCEPT AS INDICATED IN THE APPLICABLE SYSTEM PURCHASE AGREEMENT, THE SYSTEM,
DOCUMENTATION AND SERVICES ARE PROVIDED "AS IS", AS AVAILABLE, WITHOUT WARRANTY OF
ANY KIND. MOTOROLA MOBILITY, INC. DOES NOT WARRANT THAT THE SYSTEM WILL MEET
CUSTOMER'S REQUIREMENTS, OR THAT THEIR OPERATION WILL BE UNINTERRUPTED OR
ERROR-FREE, OR THAT ANY ERRORS CAN OR WILL BE FIXED. MOTOROLA MOBILITY, INC. HEREBY
DISCLAIMS ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, ORAL OR WRITTEN, WITH RESPECT
TO THE SYSTEM AND SERVICES INCLUDING, WITHOUT LIMITATION, ALL IMPLIED WARRANTIES OF
TITLE, NON-INFRINGEMENT, INTEGRATION, MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR
PURPOSE AND ALL WARRANTIES ARISING FROM ANY COURSE OF DEALING OR PERFORMANCE OR
USAGE OF TRADE.
EXCEPT AS INDICATED IN THE APPLICABLE SYSTEM PURCHASE AGREEMENT, MOTOROLA
MOBILITY, INC. SHALL NOT BE LIABLE CONCERNING THE SYSTEM OR SUBJECT MATTER OF THIS
DOCUMENTATION, REGARDLESS OF THE FORM OF ANY CLAIM OR ACTION (WHETHER IN
CONTRACT, NEGLIGENCE, STRICT LIABILITY OR OTHERWISE), FOR ANY (A) MATTER BEYOND ITS
REASONABLE CONTROL, (B) LOSS OR INACCURACY OF DATA, LOSS OR INTERRUPTION OF USE, OR
COST OF PROCURING SUBSTITUTE TECHNOLOGY, GOODS OR SERVICES, (C) INDIRECT, PUNITIVE,
INCIDENTAL, RELIANCE, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING, BUT
NOT LIMITED TO, LOSS OF BUSINESS, REVENUES, PROFITS OR GOODWILL, OR (D) DIRECT
DAMAGES, IN THE AGGREGATE, IN EXCESS OF THE FEES PAID TO IT HEREUNDER FOR THE SYSTEM
OR SERVICE GIVING RISE TO SUCH DAMAGES DURING THE 12-MONTH PERIOD PRIOR TO THE DATE
THE CAUSE OF ACTION AROSE, EVEN IF COMPANY HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES. THESE LIMITATIONS ARE INDEPENDENT FROM ALL OTHER PROVISIONS OF THIS
AGREEMENT AND SHALL APPLY NOTWITHSTANDING THE FAILURE OF ANY REMEDY PROVIDED
HEREIN.
All Motorola Mobility, Inc. products are furnished under a license agreement included with the product. If you are
unable to locate a copy of the license agreement, please contact Motorola Mobility, Inc.
No part of this publication may be reproduced in any form or by any means or used to make any derivative work (such
as translation, transformation, or adaptation) without written permission from Motorola Mobility, Inc.
Motorola Mobility reserves the right to revise this publication and to make changes in content from time to time
without obligation on the part of Motorola Mobility to provide notification of such revision or change. Motorola
Mobility provides this guide without warranty of any kind, implied or expressed, including, but not limited to, the
implied warranties of merchantability and fitness for a particular purpose. Motorola Mobility may make
improvements or changes in the product(s) described in this manual at any time.
MOTOROLA and the Stylized M Logo are trademarks or registered trademarks of Motorola Trademark Holdings,
LLC. All other trademarks are the property of their respective owners.
2011 Motorola Mobility, Inc. All rights reserved.
Compass ID: 391232199 Version 3
Release 6.3.1
Published: 12/11
Compass ID: 391232199 Version 3 i
Contents
Contents
Preface
Scope ............................................................................................................................................. xi
Audience........................................................................................................................................ xi
Documentation Set .......................................................................................................................xii
Conventions................................................................................................................................. xiv
Notes, Cautions, Warnings ........................................................................................................... xv
If You Need Help......................................................................................................................... xvi
Telephone Support............................................................................................................ xvi
Online Support.................................................................................................................xvii
Motorola BSR Customer Website..................................................................... xvii
1 Basic System Configuration
Introduction .................................................................................................................................1-1
Prerequisites ................................................................................................................................1-2
Required Servers ..............................................................................................................1-2
Setting System Passwords...........................................................................................................1-3
Specifying a Host Name..............................................................................................................1-7
Configuring User Login Accounts ..............................................................................................1-7
Defining a User Name without a Password......................................................................1-8
Defining a User Name with an Unencrypted Password ...................................................1-8
Defining a User Name with an Encrypted Password .......................................................1-9
Defining a Privilege Level................................................................................................1-9
BSR 64000 System Administration Guide Release 6.3.1
ii Compass ID: 391232199 Version 3
Defining a Group Access Level .....................................................................................1-10
Verifying Your User Account Login Configuration.......................................................1-10
Configuring Telnet and Console Access .................................................................................. 1-11
Specifying System Time Information .......................................................................................1-13
Sending Messages to BSR Users ..............................................................................................1-14
System Software........................................................................................................................1-15
Downloading Software...................................................................................................1-15
Before You Download Software ......................................................................1-15
Downloading Image Files to NVRAM on the SRM........................................1-17
Downloading Image Files to Flash Memory on the SRM...............................1-18
Upgrading BSR System Software ..................................................................................1-21
Specifying the System Image File Boot Location..........................................................1-22
System Configuration................................................................................................................1-23
Saving and Viewing Your Configuration .......................................................................1-23
Configuring SRM and Chassis Alias Information..........................................................1-24
Configuring SRM and Chassis Asset ID Information....................................................1-24
Displaying the System Configuration ............................................................................1-25
Displaying SRM and Chassis Alias Information .............................................1-25
Displaying the SRM and Chassis Asset ID Information..................................1-26
Displaying the Chassis Status ..........................................................................1-26
Displaying System Information ................................................................................................1-27
Displaying System Operation Information.....................................................................1-27
Displaying System Processing Information ...................................................................1-29
Displaying System Memory Information.......................................................................1-31
Displaying the System Version Information...................................................................1-32
Displaying System Buffer Information ..........................................................................1-33
Displaying Module Hardware Information ....................................................................1-34
2 Configuring Logging
Introduction .................................................................................................................................2-1
Flash and NVRAM Memory Management Guidelines...............................................................2-2
Setting Logging Control..............................................................................................................2-3
Restricting Logging Rates...........................................................................................................2-4
Creating a Loopback Interface for Source SYSLOG IP Address ....................................2-5
Release 6.3.1 Contents
Compass ID: 391232199 Version 3 iii
Configuring System Logging......................................................................................................2-6
Configuring Logging to a SYSLOG Server .....................................................................2-6
Configuring Console Logging..........................................................................................2-8
Configuring the Logging Buffer.......................................................................................2-9
Clearing the Logging Buffer ............................................................................2-10
Configuring Logging Reports.........................................................................................2-10
Restoring the Default Log Reporting Configuration ....................................... 2-11
Configuring EVT Logging........................................................................................................2-12
EVT Logging Default Configurations............................................................................2-13
Configuring EVT Logging .............................................................................................2-13
EVT Command Examples ...............................................................................2-14
Displaying the EVT Configuration..................................................................2-15
Displaying EVT Counts .................................................................................................2-15
Clearing EVT Counts .....................................................................................................2-15
Disabling EVT Logging .................................................................................................2-16
Restoring EVT Default Logging Configurations ...........................................................2-16
Disabling the DOCSIS Ranging CM Retries Message ..................................................2-16
Restoring All Logging Defaults ................................................................................................2-17
3 Configuring TCP/IP
Introduction .................................................................................................................................3-1
Adding a Permanent ARP Entry and Timeout Value ..................................................................3-2
Reverse ARP ....................................................................................................................3-3
Address Resolution Using Proxy ARP.............................................................................3-3
Configuring Broadcast Addressing .............................................................................................3-4
Configuring the MTU..................................................................................................................3-5
Configuring Static Routes ...........................................................................................................3-6
Clearing Route Table Entries ......................................................................................................3-7
Configuring the Internet Control Message Protocol ...................................................................3-8
About IRDP......................................................................................................................3-8
Enabling IRDP..................................................................................................................3-9
Managing IRDP..............................................................................................................3-10
Enabling ICMP............................................................................................................... 3-11
Tracing a Route .........................................................................................................................3-12
BSR 64000 System Administration Guide Release 6.3.1
iv Compass ID: 391232199 Version 3
Managing the Router .................................................................................................................3-12
Enabling IP Source Routing...........................................................................................3-12
Clearing Interface Counters............................................................................................3-13
Clearing IP Routes..........................................................................................................3-14
Clearing the ARP Cache.................................................................................................3-14
Clearing IP Traffic..........................................................................................................3-14
Clearing DNS Entries.....................................................................................................3-14
Displaying TCP/IP Related Information...................................................................................3-15
4 Configuring Interfaces
Introduction .................................................................................................................................4-1
Setting IP Interface Addresses ....................................................................................................4-2
Removing an IP Address ..................................................................................................4-5
Configuring Auto-Negotiation on the 10/100 Ethernet Module ......................................4-5
Verifying Your Ethernet Configuration..............................................................4-6
Configuring a Loopback Interface ..............................................................................................4-7
Configuring a Loopback Interface for TFTP Packets ......................................................4-9
Configuring Tunnels on an Interface...........................................................................................4-9
Configuring an Unnumbered Interface ..................................................................................... 4-11
Clearing Interface Counters ......................................................................................................4-13
Displaying Interface Information..............................................................................................4-14
5 Configuring Network Security
Introduction .................................................................................................................................5-1
Configuring RADIUS .................................................................................................................5-1
Configuring the RADIUS Client for Server Communication ..........................................5-2
Configuring a Loopback Interface for RADIUS Packets.................................................5-4
Configuring RADIUS Client Access................................................................................5-4
Non-Blank RADIUS Username and Password..................................................5-6
Viewing RADIUS Client Statistics ....................................................................5-6
Configuring Secure Shell Server Security ..................................................................................5-7
Enabling SSH...................................................................................................................5-7
Configuring SSH Passwords ............................................................................................5-9
Managing SSH Parameters.............................................................................................5-10
Release 6.3.1 Contents
Compass ID: 391232199 Version 3 v
Viewing and Logging out of SSH Sessions....................................................................5-13
Enabling RADIUS services for SSH Password Authentication.....................................5-13
Troubleshooting Your SSH Configuration .....................................................................5-13
Configuring TACACS+.............................................................................................................5-14
Configuring TACACS+ Servers.....................................................................................5-15
Specifying and Configuring a TACACS+ Server ............................................5-15
Specifying a Global Encryption Key ...............................................................5-16
Specifying a Global Port Number ....................................................................5-16
Specifying a Global Retry Count .....................................................................5-17
Specifying a Global Timeout Value .................................................................5-17
Configuring an Interface for TACACS+ Packets.............................................5-18
Enabling AAA................................................................................................................5-19
Configuring AAA Authentication....................................................................5-19
Configuring Login Authentication...................................................................5-19
Configuring Administrative Authentication ....................................................5-20
Configuring Local Authentication Through Local Override ...........................5-20
Configuring AAA Authorization....................................................................................5-21
Configuring Command Authorization .............................................................5-21
Configuring Privilege Level Authorization .....................................................5-21
Configuring AAA Accounting .......................................................................................5-22
Configuring Command Use Accounting..........................................................5-22
Configuring Terminal Session Accounting......................................................5-23
Displaying TACACS+ Information................................................................................5-24
Clearing TACACS+ Statistics ........................................................................................5-24
6 Configuring Network Servers
Introduction .................................................................................................................................6-1
Configuring DHCP Relay ...........................................................................................................6-2
Configuring DNS ........................................................................................................................6-3
Specifying DNS Name Servers ........................................................................................6-3
Configuring the Domain Name ........................................................................................6-4
Enabling Domain Lookup and Domain List ....................................................................6-4
Configuring LDAP......................................................................................................................6-5
Configuring SNTP.......................................................................................................................6-6
BSR 64000 System Administration Guide Release 6.3.1
vi Compass ID: 391232199 Version 3
Configuring UDP Broadcast Relay.............................................................................................6-9
Configuring FTP Access ...........................................................................................................6-10
7 Configuring Redundancy
Introduction .................................................................................................................................7-1
SRM Redundancy .......................................................................................................................7-1
SRM Switch-over Conditions...........................................................................................7-3
SRM Redundancy Hardware Considerations...................................................................7-3
SRM Redundancy Operational Considerations................................................................7-4
Identifying the Active or Standby SRM.............................................................7-4
Conditions that Cause the SRM to Switch-over ................................................7-4
Running SRM Redundancy Functions .............................................................................7-5
Saving Your Running Configuration..................................................................7-5
Manually Switching Service to the Standby SRM.............................................7-6
Synchronizing NVRAM Between Active and Standby SRM............................7-6
CMTS Redundancy.....................................................................................................................7-7
CMTS Redundancy Operation .........................................................................................7-8
Voice Over IP Support ......................................................................................................7-9
Automatic CMTS Switch-Over Conditions .....................................................................7-9
CMTS Redundancy Hardware Considerations ..............................................................7-10
Viewing Redundancy Status from Module LEDs ..........................................................7-10
Managing CMTS Redundancy....................................................................................... 7-11
Save the Running Configuration to the Startup Configuration........................ 7-11
Administratively Switching to the Standby CMTS ......................................... 7-11
Administratively Switching to a Primary CMTS.............................................7-15
Disabling Redundancy on a Primary CMTS Module ......................................7-16
Automatically Enabling Primary CMTS Modules...........................................7-17
Enabling Redundancy on a Primary CMTS Module .......................................7-17
NIM Redundancy ......................................................................................................................7-18
EBGP HSIM Redundancy Configuration ......................................................................7-18
Configuring Router 1 .......................................................................................7-19
Configuring Router 2 .......................................................................................7-20
Configuring the BSR........................................................................................7-21
OSPF NIM Redundancy Configuration .........................................................................7-23
Release 6.3.1 Contents
Compass ID: 391232199 Version 3 vii
Configuring Router 1 .......................................................................................7-24
Configuring Router 2 .......................................................................................7-24
Configuring the BSR........................................................................................7-25
TX32 Redundancy.....................................................................................................................7-27
Automatic CMTS Switch-Over Conditions ...................................................................7-27
Managing TX32 Redundancy.........................................................................................7-28
Save the Running Configuration to the Startup Configuration........................7-28
Administratively Switching to the Standby TX32...........................................7-28
Administratively Switching to a Primary TX32 ..............................................7-29
Disabling Redundancy on a Primary TX32 Module........................................7-29
Automatically Enabling Primary TX32 Modules ............................................7-30
RX48 Redundancy ....................................................................................................................7-31
Automatic RX48 Switchover Conditions.......................................................................7-31
Managing RX48 Redundancy ........................................................................................7-32
Save the Running Configuration to the Startup Configuration........................7-32
Administratively Switching to the Standby RX48...........................................7-32
Administratively Switching to a Primary RX48..............................................7-33
Disabling Redundancy on a Primary RX48 Module .......................................7-33
Automatically Enabling Primary RX48 Modules............................................7-34
8 Configuring the Ether-Flex
TM
Module
Introduction .................................................................................................................................8-1
Limitations of the Ether-Flex Module.........................................................................................8-1
Configuring the Ether-Flex Module for 10/100 Ethernet Mode ................................................8-2
Configuring the Ether-Flex Module for Gigabit Ethernet Mode ................................................8-2
Identifying an Ether-Flex Module in the System........................................................................8-3
Identifying the SFP Module Type ...............................................................................................8-4
Increased Hardware Accelerated Multicast Flow Support..........................................................8-5
8-Path ECMP...............................................................................................................................8-6
9 Configuring IPDR
Introduction .................................................................................................................................9-1
Minimum Configuration...................................................................................................9-2
Advanced Configuration ..................................................................................................9-2
BSR 64000 System Administration Guide Release 6.3.1
viii Compass ID: 391232199 Version 3
Enabling IPDR ............................................................................................................................9-3
Configuring the Collector............................................................................................................9-3
Configuring the Collection Interval ............................................................................................9-4
Configuring Unacknowledged IPDR records .............................................................................9-4
Configuring the Keepalive Interval for IPDR Connections ........................................................9-5
Configuring the Subscriber Transmision Rate ............................................................................9-6
Configuring a Source Interface ...................................................................................................9-6
Displaying IPDR Information .....................................................................................................9-7
10 Configuring IPv6
Introduction ...............................................................................................................................10-1
Configuring IPv6 Addresses .....................................................................................................10-2
Removing an IPv6 Address............................................................................................10-5
Configuring IPv6 Cable Helper and Helper Addresses ............................................................10-6
Configuring IPv6 Static Routes.................................................................................................10-7
Configuring IPv6 Static Neighbors ...........................................................................................10-8
Configuring IPv6 Neighbor Discovery .....................................................................................10-8
Configuring Duplicate Address Detection .....................................................................10-9
Dynamically Configuring IPv6 Header Information......................................................10-9
Configuring Neighbor Solicitation...............................................................................10-10
Configuring Router Advertisement .............................................................................. 10-11
Configuring Reachability ............................................................................................. 10-11
Enabling ICMPv6 Redirects....................................................................................................10-12
Configuring IPv4 to IPv6 Address Mapping...........................................................................10-12
Configuring IPv6 to IPv4 Address Mapping...........................................................................10-12
Tracing a Route .......................................................................................................................10-13
Pinging a Device .....................................................................................................................10-14
Creating an IPv6 Cable Bundle on a Loopback Interface.......................................................10-14
Displaying IPv6 Information...................................................................................................10-16
show ipv6 dhcp ..............................................................................................10-16
show ipv6 interface ........................................................................................10-16
show ipv6 interface brief................................................................................10-16
show ipv6 neighbor........................................................................................10-17
show ipv6 route..............................................................................................10-17
Release 6.3.1 Contents
Compass ID: 391232199 Version 3 ix
show ipv6 traffic ............................................................................................10-18
Clearing IPv6 Statistics ...........................................................................................................10-18
clear ipv6 neighbor-cache ..............................................................................10-18
clear ipv6 traffic .............................................................................................10-18
Index
Compass ID: 391232199 Version 3 xi
Preface
Scope
This document describes system administrative tasks used to configure and manage
the Motorola Broadband Services Router 64000 (BSR 64000). The following tasks
and procedures are described in this document:
n Basic System Configuration
n Configuring Logging
n Configuring TCP/IP
n Configuring Interfaces
n Configuring Network Security
n Configuring Network Servers
n Configuring Redundancy
n Configuring the Ether-FlexTM Module
n Configuring IPDR
n Configuring IPv6
Audience
This document is for use by those persons who will install and configure the
BSR 64000 product. Only trained service personnel should install, maintain, or
replace the BSR 64000.
BSR 64000 System Administration Guide Release 6.3.1
xii Compass ID: 391232199 Version 3
Documentation Set
The following documents comprise the BSR 64000 documentation set:
n BSR 64000 Quick Start Guide
The quick start guide provides a "roadmap" to the tasks involved in physically
installing the BSR 64000 product, physically connecting it to your network/HFC
infrastructure, and performing configuration tasks to enable the BSR 64000 to
operate in your networking environment.
n BSR 64000 Installation Guide
This guide provides detailed instructions for physically installing the BSR 64000
product including: procedures for rack mounting, making physical network cable
connections, connecting DC power, and for determining the status of the BSR
64000 after applying power to it. This document also provides a description of the
BSR 64000 chassis, its hardware components and modules.
n BSR 64000 Resource and I/O Module Installation Guide
This guide contains procedures for installing additional and replacement
Resource and I/O Modules in a BSR 64000 chassis and for making physical cable
connections to the modules.
n BSR 64000 Command Line Interface Users Guide
For users, this guide describes the structure of the BSR 64000 Command Line
Interface (CLI) and its various command modes. It also provides rules and
guidelines for navigating through the CLI.
n BSR 64000 Command Reference Guide
This guide contains individual descriptions of the entire set of commands that
comprise the BSR 64000 Command Line Interface (CLI). These commands are
used to interface with, configure, manage, and maintain the BSR 64000.
n BSR 64000 System Administration Guide
For system administrators, this guide provides detailed procedures for performing
initial configuration tasks including setting up: user accounts and passwords;
telnet and console access; system logging; and associated servers such as DHCP,
DNS, etc.
Release 6.3.1 Preface
Compass ID: 391232199 Version 3 xiii
n BSR 64000 CMTS Configuration and Management Guide
This guide provides the instructions and procedures for configuring and
managing BSR 64000 CMTS operation.
n BSR 64000 Routing Configuration and Management Guide
This guide contains the instructions and procedures for configuring and managing
BSR 64000 routing operation, including RIP, OSPF, and BGP.
n BSR 64000 SNMP Configuration and Management Guide
This guide provides the instructions and procedures for configuring and
managing BSR 64000 Simple Network Management Protocol (SNMP) operation.
It also describes SNMP MIBs; provides information that describes standard and
proprietary MIB support; describes how to walk MIBs; and how to compile and
load SNMP MIBs.
n BSR 64000 BGP/MPLS VPN Configuration Guide
This guide provides the instructions and procedures for configuring and
managing the BSR 64000 to support and implement Border Gateway Protocol/
MultiProtocol Label Switching Virtual Private Networks (BGP/MPLS VPNs).
n BSR 64000 Troubleshooting Guide
This guide contains instructions and procedures for troubleshooting typical
configuration problems that might be encountered using the BSR 64000. It also
offers suggestions for information to record, and have available should the need
arise to call Motorola support for assistance with BSR 64000 operational
problems.
n BSR 64000 Release Notes
These documents are specific to each release of the BSR 64000 product (software
and hardware). Release notes provide information about features not documented
or incorrectly documented in the main documentation set; known problems and
anomalies; product limitations; and problem resolutions.
BSR 64000 System Administration Guide Release 6.3.1
xiv Compass ID: 391232199 Version 3
Conventions
This document uses the conventions in the following table:
Convention Example Explanation
angle brackets < > ping <ip-address>
ping 54.89.145.71
Arguments in italic and enclosed by angle
brackets must be replaced by the text the
argument represents. In the example,
54.89.145.71 replaces <ip-address>. When
entering the argument, do not type the angle
brackets.
bar brackets [ ] disable [level] Bar brackets enclose optional arguments. The
example indicates you can use the disable
command with or without specifying a level.
Some commands accept more than one
optional argument. When entering the
argument, do not type the bar brackets.
bold text cable relay-agent-option Boldface text must be typed exactly as it
appears.
brace brackets {} page {on | off} Brace brackets enclose required text. The
example indicates you must enter either on or
off after page. The system accepts the
command with only one of the parameters.
When entering the text, do not type the brace
brackets.
italic text boot system <filename> Italic type indicates variables for which you
supply values in command syntax descriptions.
It also indicates file names, directory names,
document titles, or emphasized text.
screen display Wed May 6 17:01:03
2000
This font indicates system output.
vertical bar | page {on | off} A vertical bar separates the choices when a
parameter is required. The example indicates
you can enter either command:
page on or page off
When entering the parameter, do not type the
vertical bar or the brace brackets.
Release 6.3.1 Preface
Compass ID: 391232199 Version 3 xv
Notes, Cautions, Warnings
The following icons and associated text may appear in this document.
Note: A note contains tips, suggestions, and other helpful information, such
as references to material not contained in the document, that can help you
complete a task or understand the subject matter.
Caution: The exclamation point, within an equilateral triangle, is intended to
alert the user to the presence of important installation, servicing, and
operating instructions in the documents accompanying the equipment.
Warning: This symbol indicates that dangerous voltage levels are present
within the equipment. These voltages are not insulated and may be of
sufficient strength to cause serious bodily injury when touched. The symbol
may also appear on schematics.
BSR 64000 System Administration Guide Release 6.3.1
xvi Compass ID: 391232199 Version 3
If You Need Help
Support for your BSR 64000 hardware and software is available via telephone and the
Internet.
Telephone Support
If you need assistance while working with the BSR 64000, contact the Motorola
Technical Response Center (TRC):
The Motorola TRC is on call 24 hours a day, 7 days a week.
When calling for technical support, please have the following information available:
n Your customer information, including location, main contact, and telephone
number
n BSR product and modules
n Detailed description of the issue
n Specific information to assist with resolving the problem, including:
BSR hostname
BSR error messages and logs
Output of BSR show tech command
Cable modem information
n List of troubleshooting steps you have performed before calling the TRC.
n Current state of your BSR 64000 product
n Severity of the issue you are reporting
When calling for repair or Advanced Component Exchange (ACE) replacement,
please provide the following additional information:
n Output of BSR show version command, with part numbers and serial numbers of
BSR components
n Shipping information for the replacement, including contact name, company
name, address, phone number, and email address
U.S. 1-888-944-HELP (1-888-944-4357)
International +215-323-0044
Release 6.3.1 Preface
Compass ID: 391232199 Version 3 xvii
Online Support
Motorola BSR Customer Website
The BSR customer website, http://bsr.motorola.com, is available for BSR customers
with active service contracts to access the latest product information, software
updates, troubleshooting information, and technical publications for the BSR 64000,
BSR 2000, and BSR 1000 product line.
You may request access to the site by emailing the BSR product support team at
bsrsupportonline@motorola.com with the following information:
n Company name
n Contact name, phone number, and email address
n Motorola Support contact
n BSR product under service contract
The BSR product support team will email an invitation to you with further
instructions on how to set up an account on the BSR customer information website.
Compass ID: 391232199 Version 3 1-1
1
Basic System Configuration
Introduction
This chapter discusses the configuration required for basic operation of the BSR. The
following configuration tasks are described:
n Setting System Passwords
n Specifying a Host Name
n Configuring User Login Accounts
n Configuring Telnet and Console Access
n Specifying System Time Information
n Sending Messages to BSR Users
n System Software
n System Configuration
n Displaying System Information
BSR 64000 System Administration Guide Release 6.3.1
1-2 Compass ID: 391232199 Version 3
Prerequisites
Before you begin the initial configuration of the BSR, you should determine the
following information:
n Interface IP address(es) and subnet mask(s)
n Time of Day Server IP address
n DHCP Server IP address
n Cable Modem (CM) authentication string or hexadecimal key information
contained in the CM configuration file. You must have this information when you
configure authentication parameters on the BSR.
Required Servers
The following servers are required for the basic operation of the BSR on your
network, and must be configured to allow cable modems to range and register
properly on the HFC network:
n DHCP
n TFTP
The following DHCP server options are necessary:
n IP address
n Router address
n TFTP server address
n Bootfile for the CM configuration file
The following servers can be also configured to operate on the BSR for management,
provisioning, troubleshooting and billing purposes:
n LDAP
n Event (Syslog) Server
n Provisioning Server
n DNS
Note: The CM configuration file must be stored on the TFTP server.
Release 6.3.1 Basic System Configuration
Compass ID: 391232199 Version 3 1-3
For information on installing these servers, refer to the specific vendors server
software documentation.
Setting System Passwords
Follow these steps to access the CLI from a console session in order to configure
password privileges for enabled modes and telnet:
1. Start your terminal or terminal application to connect to the BSR. Refer to the
BSR 64000 CLI Users Guide for more information on configuring your terminal
or terminal application.
2. Power on the BSR 64000.
3. The terminal session begins and the password prompt displays. The password is a
null value by default. Press the Enter key. The MOT> prompt displays.
4. To enter Privileged EXEC mode, use the enable command in User EXEC mode,
as shown below:
MOT>enable
The Password prompt displays.
5. To enter Privileged EXEC mode, press the Enter key at the password prompt. The
password is a null value by default.
6. Use the configure command to enter Global Configuration mode in order to set
system passwords, as shown below:
MOT:7A#configure
The MOT:7A(config)# prompt displays.
Note: Make sure that the serial cable is connected properly and the terminal
application is configured correctly. Refer to the BSR 64000 Installation Guide
for more information.
Warning: Do not interrupt the boot process.
BSR 64000 System Administration Guide Release 6.3.1
1-4 Compass ID: 391232199 Version 3
System passwords should be set immediately. System passwords can contain up to 31
uppercase or lowercase alphanumeric characters and a numeric character cannot be
the first character. Spaces are valid password characters. The user must enter the
correct password to gain access to the BSR and privileged-level commands.
Follow these steps to configure the BSR system passwords:
1. Automatic encryption is disabled by default. If you want to encrypt all currently
unencrypted passwords and all future passwords entered on the BSR, use the
service password-encryption command, in Global Configuration mode, as
shown below:
MOT:7A(config)#service password-encryption
If you want to turn off the service password encryption feature so that passwords
entered in the future are no longer encrypted, use the no service
password-encryption command, in Global Configuration mode, as shown
below:
MOT:7A(config)#no service password-encryption
Note: Access to a telnet session is denied if the password for both the
console and telnet is not set.
Note: If you do not want to encrypt passwords on the BSR, do not use the
service password-encryption command.
Note: The no service password-encryption command does not unencrypt
passwords that are already encrypted. If you want to unencrypt encrypted
passwords, you must change them manually.
Release 6.3.1 Basic System Configuration
Compass ID: 391232199 Version 3 1-5
2. To set the password for a console (terminal) session that allows access to the BSR
in User EXEC mode, use the password console command in Global
Configuration mode, as shown below:
MOT:7A(config)#password console <WORD>
where:
WORD is the user-defined password that is no more than 31 characters.
3. To set the password for a telnet session that allows access to the BSR in User
EXEC mode, use the password telnet command in Global Configuration mode,
as shown below:
MOT:7A(config)#password telnet <WORD>
where:
WORD is the user-defined password for the BSR that is no more than 31
characters.
4. To set the Privileged EXEC password, use the enable password command, as
shown below:
MOT:7A(config)#enable password <WORD>
where:
WORD is the user-defined password for the BSR that is no more than 31
characters.
5. The show running-config command displays configuration information
currently running on the BSR. You have the option of displaying the entire
running configuration or displaying specific configuration information. Use the
show running-config command to verify that the changes you made were
implemented, as shown below:
MOT:7A#show running-config [interface [cable <X/Y> | ethernet <X/Y> |
gigaether <X/Y> | | pos <X/Y> | loopback <1-32> | tunnel <0-255>]] [ | {begin |
exclude | include} {<WORD>}]
Note: The show running-config command output identifies the system
password with the number 0 if it is unencrypted. If the system password is
encrypted, it is identified with the number 7.
BSR 64000 System Administration Guide Release 6.3.1
1-6 Compass ID: 391232199 Version 3
where:
interface displays running configuration information on all interfaces or a
specific interface.
cable X/Y is the slot and MAC Domain number of the CMTS module
ethernet X/Y is the Ethernet/Fast Ethernet IEEE 802.3 module slot and
interface number on the BSR.
gigaether X/Y is the Gigabit Ethernet module slot and interface number on
the BSR.
loopback 1-32 is the loopback interface number.
pos X/Y is the Packet over SONET slot and port number on the BSR.
tunnel 0-255 is the tunnel interface number.
| turns on output modifiers (filters).
begin filters for output that begins with the specified string.
exclude filters for output that excludes the specified string.
include filters for output that includes the specified string.
WORD is the specified string.
The configuration parameters that you have set should appear in the show
running-config command output.
Release 6.3.1 Basic System Configuration
Compass ID: 391232199 Version 3 1-7
Specifying a Host Name
To optionally assign or change your BSR system network name, use the hostname
command, in Global Configuration mode, as shown below:
MOT:7A(config)#hostname <WORD>
where:
WORD is the new system network name.
After you execute this command, the Command Line Interface (CLI) prompt changes
to the new host name, as shown below:
newhostname(config)#
Configuring User Login Accounts
Define a unique system login account for each user requiring access to the command
line interface. You can define a system login account with different levels of security
access to the system. The username command allows you to define a complete
system login including the user name, password, access-level, and user group.The
following commands are used for defining a user account:
username nopassword
username password
username privilege
username user-group
Table 1-1 gives a brief description of each parameter required to configure a user
login account. The sections that follow describe the procedural details for defining
each parameter.
Table 1-1 User Login Account Parameters
Parameter Description
username Defines the name of the user account.
A user name comprises a unique set of up to 16
case-sensitive characters.
nopassword Defines no password for the user account.
BSR 64000 System Administration Guide Release 6.3.1
1-8 Compass ID: 391232199 Version 3
Defining a User Name without a Password
If you want to define a user account with no password, use the following command in
Global Configuration mode:
MOT:7A(config)#username <WORD> nopassword
where:
WORD is the user account login name.
For example:
MOT:7A(config)#username newuser nopassword
Defining a User Name with an Unencrypted Password
Follow these steps to define a user account with an unencrypted password:
Use the username password command in Global Configuration mode to define an
unencrypted password for a user account, as shown below:
MOT:7A(config)#username <WORD> password <WORD>
where:
WORD is the user account login name.
password Defines the password for the user account.
A password comprises a unique set of up to 31
case-sensitive characters. Password can be specified to
appear encrypted or unencrypted in the running-config file.
privilege Defines user account privileges.
Read-only privileges allow a user access to the Privileged
EXEC command line mode only.
Read-write privileges allow a user access to all command
line modes
user-group Defines a user account group access level to CLI command
sets.
isp = internet service provider
mso = multiservice operator
sysadmin = System Administrator
Table 1-1 User Login Account Parameters
Parameter Description
Release 6.3.1 Basic System Configuration
Compass ID: 391232199 Version 3 1-9
WORD defines the user login account password.
For example:
MOT:7A(config)#username newuser password mypassword
Defining a User Name with an Encrypted Password
Follow these steps to define a user account that is encrypted:
1. Use the username password command in Global Configuration mode to define a
password for a user account that is encrypted, as shown below:
MOT:7A(config)#username <WORD> password [0 | 7] {<WORD>}
where:
WORD defines the user login name.
0 specifies that an unencrypted password follows.
7 specifies that an encrypted (hidden) password follows.
WORD defines the user login account password.
2. Automatic encryption is disabled by default. If you want to encrypt the user
account, use the service password-encryption command in Global
Configuration mode as shown below:
MOT:7A(config)#service password-encryption
For example:
MOT:7A(config)#username newuser password mypassword
MOT:7A(config)#service password-encryption
Defining a Privilege Level
To define a privilege level for a user account, use the following command in Global
Configuration mode:
MOT:7A(config)#username <WORD> privilege [ro | rw]
where:
WORD is the user account login name
ro defines a privilege level of read-only that restricts this user to Privileged
EXEC command mode access only
BSR 64000 System Administration Guide Release 6.3.1
1-10 Compass ID: 391232199 Version 3
rw defines a privilege level of read-write that allows this user access to any
command mode
For example:
MOT:7A(config)#username newuser privilege rw
Defining a Group Access Level
To define a group access level for a user account, use the following command in
Global Configuration mode:
MOT:7A(config)#username <WORD> user-group {isp <1-1> | mso |
sysadmin}
where:
WORD is the user account login name
user-group is one of the groups shown below. The ISP and MSO groups have
access to a specific set of CLI commands.
For example:
MOT:7A(config)#username newuser user-group mso
Verifying Your User Account Login Configuration
Use the show running-config command in Privileged EXEC mode to verify your
user account configuration, as shown below:
MOT:7A(config)#show running-config
User Group Command Line Access
sysadmin All CLI commands
ISP Most CLI commands including routing commands but
excluding cable commands.
MSO Most CLI commands including cable commands but
excluding routing commands.
Release 6.3.1 Basic System Configuration
Compass ID: 391232199 Version 3 1-11
In the following example, user account passwords have not been encrypted:
no service password-encryption
!
username root user-group sysadmin
username root password 0 root
username manuf user-group sysadmin
username manuf password 0 river
username diag user-group sysadmin
username diag password 0 delta
username ispuser user-group isp 1
username ispuser privilege rw
username ispuser password 0 ispuser
username msouser user-group mso
username msouser privilege rw
username msouser password 0 msouser
Configuring Telnet and Console Access
Follow these steps to configure telnet and console access to the BSR:
1. The default time-out value for a telnet session is five minutes. Use the
session-timeout telnet command, in Global Configuration mode, to configure the
amount of time (retroactively) that telnet sessions can stay connected to the BSR,
as shown below:
MOT:7A(config)#session-timeout telnet <0-30>
where:
0-30 is the telnet session limit in minutes.
Note: The show running-config command output identifies the user
account password with the number 0 if it is unencrypted. If the user account
password is encrypted, it is identified with the number 7.
Note: Setting the telnet session timeout to 0 allows telnet sessions to be
connected indefinitely.
BSR 64000 System Administration Guide Release 6.3.1
1-12 Compass ID: 391232199 Version 3
2. The default timeout value for a console session is five minutes. Use the
session-timeout console command in Global Configuration mode to configure
the amount of time (retroactively) that console sessions can stay connected to the
BSR, as shown below:
MOT:7A(config)#session-timeout console <0-30>
where:
0-30 is the console session limit in minutes.
3. The default number of concurrent telnet sessions are 64. Use the telnet
session-limit command in Global Configuration mode to specify a limit on the
number of concurrent telnet sessions allowed to the BSR, as shown below:
MOT:7A(config)#telnet session-limit <0-64>
where:
0-64 is the telnet session limit.
Note: Setting the console session timeout to 0 allows console sessions to be
connected indefinitely.
Note: Setting the session-limit to "0" disallows any telnet sessions from being
accepted. Setting a session-limit value does not affect any currently open
telnet sessions.
Release 6.3.1 Basic System Configuration
Compass ID: 391232199 Version 3 1-13
Specifying System Time Information
Follow these steps to specify the system time information:
1. Use the clock timezone command, in Global configuration mode, to set the
system clock time zone for the BSR, as shown below:
MOT:7A(config)#clock timezone <WORD> <Hours_offset>
[<Minute_offset>] [daylightsavings] [on | off ]
where:
WORD is the name of the time zone.
Hours_offset represents the number of hours offset from the Universal Time
Coordinated (UTC), which is a range between -23 and +23 hours from the
UTC.
Minute_offset represents the number of minutes offset from the UTC from 0
to 59.
daylightsavings is an option for the BSR to observe daylight savings.
on enables daylight savings.
off disables daylight savings.
2. Enter the end command to return to Privileged EXEC mode to set the system
clock and enter the clock set command, as shown below:
MOT:7A#clock set <hh:mm:ss> <1-31> <MONTH> <1993-2035>
where:
hh:mm:ss is the hour, minute, and second in hh:mm:ss format.
1-31 is the day of the month from 1 to 31.
MONTH is the first three letters of the month.
1993-2035 is any year between 1993 and 2035.
The following examples show how to manually set the clock to 4:30 a.m. on May
1, 2003:
MOT:7A#clock set 04:30:00 1 May 2003
- or -
MOT:7A#clock set 04:30:00 May 1 2003
BSR 64000 System Administration Guide Release 6.3.1
1-14 Compass ID: 391232199 Version 3
3. Use the show clock command in Privileged EXEC mode to check the BSR clock
settings that you set.
hh:mm:ss is the hour, minute, and second in hh:mm:ss format.
1-31 is the day of the month from 1 to 31.
MONTH is the first three letters of the month.
1993-2035 is any year between 1993 and 2035.
The following examples show how to manually set the clock to 4:30 a.m. on May
1, 2003:
MOT:7A#clock set 04:30:00 1 May 2003
- or -
MOT:7A#clock set 04:30:00 May 1 2003
Sending Messages to BSR Users
Use the following commands to send messages to BSR users:
n Use the broadcast command to broadcast a message to all connected users at any
given moment, as shown in Privileged EXEC mode, as shown below:
MOT:7A#broadcast <WORD>
where:
WORD is the message intended for broadcast.
n Use the banner motd command in Global Configuration mode to specify the
message-of-the-day (MOTD) that is displayed for all connected users before they
successfully login to the BSR, as shown below. The MOTD is not configured by
default.
MOT:7A(config)#banner motd [<WORD> | <1-10>]
where:
1-10 is the MOTD line number from 1 to 10. Up to 10 MOTD lines can be
configured.
WORD is the MOTD text.
Release 6.3.1 Basic System Configuration
Compass ID: 391232199 Version 3 1-15
Example
The following example configures a MOTD. The pound sign (#) is the delimiting
character.
MOT:7A(config)#banner motd The router will be rebooted at 12 a.m.
Use the no motd command to delete the MOTD banner.
System Software
This section discusses the following system software tasks:
n Downloading Software
n Upgrading BSR System Software
n Specifying the System Image File Boot Location
Downloading Software
The following sections show different methods for downloading software on the
BSR 64000:
n Before You Download Software
n Downloading Image Files to NVRAM on the SRM
n Downloading Image Files to Flash Memory on the SRM
Before You Download Software
Follow these steps before downloading software to the BSR 64000:
1. Use the dir command in Privileged EXEC mode to ensure that you have enough
memory space in Nonvolatile Random Access Memory (NVRAM), which is
located on the SRM module, for the new software, as shown below:
MOT:7A#dir
2. If you need to free additional memory space in NVRAM by deleting any
unwanted files, use the delete nvram: command in Privileged EXEC mode, as
shown below:
Caution: Ensure that you do not delete the current start-up configuration.
Also ensure that you do not delete any necessary application, or boot image
files.
BSR 64000 System Administration Guide Release 6.3.1
1-16 Compass ID: 391232199 Version 3
MOT:7A#delete nvram:<file>
where:
file is an application or boot image file.
For example:
MOT:7A#delete nvram:image_file.Z
3. Press the Enter key when asked for confirmation.
For example:
MOT:7A#delete nvram:image_file.Z ? [confirm]
4. In order to download files to the BSR 64000, you must properly configure your
FTP or TFTP server and verify that your local FTP or TFTP server is running and
configured properly by doing the following:
a. Check for the correct file names and ensure that these files are located in the
proper directory on the FTP or TFTP server.
b. Ensure that the proper IP address is configured for your TFTP or FTP
server.
5. Use the ping command in Privileged EXEC mode to verify the connectivity
status of your TFTP or FTP server, as shown below.
MOT:7A#ping [<A.B.C.D> | <Hostname>]
where
A.B.C.D is the IP address of the FTP or TFTP server.
Hostname is the DNS hostname of the FTP or TFTP server.
6. Ensure that the correct FTP username is configured on the BSR 64000 for
communication with the FTP server. If the required FTP user name is not
displayed in the running configuration or is incorrect, use the ip ftp username
command in Global Configuration mode as shown below:
Note: If you have a TFTP server, you do not need to set a user name or
password on the BSR.
Release 6.3.1 Basic System Configuration
Compass ID: 391232199 Version 3 1-17
MOT:7A(config)#ip ftp username <WORD>
where:
WORD is the username configured on the FTP server
7. Ensure that the correct FTP password is configured on the BSR 64000 for
communication with the FTP server. If the required FTP password is not
displayed in the running configuration or is incorrect, use the ip ftp password
command in Global Configuration mode as shown below:
MOT:7A(config)#ip ftp password <LINE>
where:
0 indicates that the following password is unencrypted (clear text).
7 indicates that the following password is encrypted.
LINE is the password configured on the FTP server.
Downloading Image Files to NVRAM on the SRM
Both boot and application image files can be downloaded to NVRAM on the SRM
using the FTP or TFTP file transfer process.
Follow these steps to download an image file to NVRAM on the SRM:
1. To download an image file to NVRAM, use the copy ftp: nvram: command in
Privileged EXEC mode and press the Enter key, as shown below:
MOT:7A#copy ftp: nvram:
2. Enter the IP address or DNS name of the remote FTP or TFTP server at the
Address or name of remote host prompt and press the Enter key.
For example:
Address or name of remote host[]? 10.10.10.1
Note: The following steps describe the process of transferring the new image
files from an FTP server to the SRM. If you are using FTP to transfer the
image files, ensure that the FTP username and password are set correctly on
the BSR 64000 using the ip ftp username and ip ftp password commands.
If you are using TFTP to transfer the image files, a username and password
are not necessary and the copy tftp: nvram: command can be substituted
for the copy ftp: nvram: command.
BSR 64000 System Administration Guide Release 6.3.1
1-18 Compass ID: 391232199 Version 3
3. Enter the full path from the FTP root directory and the new application or boot
image file name after the Source file name prompt and press the Enter key.
Source file name [ ]?
For example:
Source file name [ ]? /pub/image_file.Z
4. The Destination file name prompt displays with the new file name. Press the
Enter key to accept the new file name in NVRAM. For example:
Destination file name [ image_file.Z ]?
The file is successfully copied to NVRAM on the SRM module.
5. Compare each image file size (in bytes) in NVRAM on the SRM to the original
size of each image file size on the server. To view the new image files in
NVRAM on the SRM, use the dir command in Privileged EXEC mode as shown
below:
MOT:7A#dir
The following command output displays:
6. If the image file byte counts in NVRAM on the SRM match the image file byte
counts on the server, the image files on the SRM have been copied successfully.
Downloading Image Files to Flash Memory on the SRM
Both boot and application image files can be downloaded to flash memory on the
SRM using the FTP or TFTP file transfer process.
Note: You can optionally rename the image file name stored in NVRAM on
the SRM module. If you decide to enter a new file name in NVRAM on the
SRM, enter the new file name after the Destination file name prompt. For
example:
Destination file name [ image_file.Z ] ? <new file name>
Release 6.3.1 Basic System Configuration
Compass ID: 391232199 Version 3 1-19
Follow these steps to download an image file to flash memory on the SRM:
1. To download an image file to flash memory, use the copy ftp: flash: command in
Privileged EXEC mode and press the Enter key, as shown below:
MOT:7A#copy ftp: flash:
2. Enter the IP address or DNS name of the remote FTP or TFTP server at the
Address or name of remote host prompt and press the Enter key.
For example:
Address or name of remote host[]? 10.10.10.1
3. Enter the full path from the FTP root directory and the new application or boot
image file name after the Source file name prompt and press the Enter key.
Source file name [ ]?
For example:
Source file name [ ]? /pub/image_file.Z
4. The Destination file name prompt displays with the new file name. Press the
Enter key to accept the new file name in flash memory.
For example:
Destination file name [ image_file.Z ]?
The file is successfully copied to flash memory on the SRM module.
Note: The following steps describe the process of transferring the new image
files from an FTP server to the SRM. If you are using FTP to transfer the
image files, ensure that the FTP username and password are set correctly on
the BSR 64000 using the ip ftp username and ip ftp password commands.
If you are using TFTP to transfer the image files, a username and password
are not necessary and the copy tftp: nvram: command can be substituted
for the copy ftp: nvram: command.
Note: You can optionally rename the image file name stored in NVRAM on
the SRM module. If you decide to enter a new file name in NVRAM on the
SRM, enter the new file name after the Destination file name prompt. For
example:
Destination file name [ image_file.Z ] ? <new file name>
BSR 64000 System Administration Guide Release 6.3.1
1-20 Compass ID: 391232199 Version 3
5. Compare each image file size (in bytes) in flash memory on the SRM to the
original size of each image file size on the server. To view the new image files in
flash memory on the SRM, use the dir flash: command in Privileged EXEC
mode as shown below:
MOT:7A#dir flash:
If the image file byte counts in flash memory on the SRM match the image file
byte counts on the server, the image files on the SRM have been copied
successfully.
Release 6.3.1 Basic System Configuration
Compass ID: 391232199 Version 3 1-21
Upgrading BSR System Software
Use the update chassis command in Global Configuration mode to upgrade all
present BSR system software updates (bootrom, fpga, application) while the BSR is
in operation.
MOT:7A#update chassis {flash: <filename> | ftp: <filename> | nvram:
<filename>} [reload]
where:
flash: upgrade the BSR system software from the archive file stored in flash
memory.
ftp: copy the archive file stored on the File Transfer Protocol (FTP) server to
NVRAM and upgrade the BSR system software from this file.
nvram: upgrade the BSR system software from the archive file stored in
Nonvolatile Random Access Memory (NVRAM).
filename is the name of the operating image archive file, which contains the
application image, boot image, and FPGA files.
reload to optionally load the archive file again to upgrade the BSR.
For example:
MOT:7A#update chassis nvram:image_file.Z
Caution: When upgrading and downgrading BSR 64000 boot ROM images
and Application image, ensure that this is done through a console session
only and only during a scheduled maintenance window.
Note: Using the update chassis command may result in an audible loss of
voice-over-IP data for up to 20 seconds
BSR 64000 System Administration Guide Release 6.3.1
1-22 Compass ID: 391232199 Version 3
Specifying the System Image File Boot Location
Follow these steps to specify the system image file for use when starting the BSR:
1. The show boot command can be accessed from all CLI modes except User
EXEC mode. Use the show boot command to determine the current boot location
for the application image. For example:
MOT:7A#show boot
Boot location currently set to nvram:image_file.Z
2. Use the boot system command in Privileged EXEC mode only to indicate which
system software image file the BSR uses at the system startup.
MOT:7A#boot system {flash: <filename> | nvram: <filename>}
where:
flash: boot the BSR system software from the archive file stored in flash
memory.
nvram: boot the BSR system software from the archive file stored in
Nonvolatile Random Access Memory (NVRAM).
filename is the name of the operating image archive file, which contains the
application image, boot image, and FPGA files from which to boot.
For example:
MOT#boot system NVRAM:image_file.Z
Release 6.3.1 Basic System Configuration
Compass ID: 391232199 Version 3 1-23
System Configuration
This section discusses the following system configuration tasks:
n Saving and Viewing Your Configuration
n Configuring SRM and Chassis Alias Information
n Configuring SRM and Chassis Asset ID Information
n Displaying the System Configuration
Saving and Viewing Your Configuration
Saving the current running configuration to nonvolatile random access memory
(NVRAM) is done to prevent your current configuration from being lost the next time
the BSR is rebooted. Always save configuration changes.
Follow these steps to save the current running configuration:
1. To copy the current system configuration to the system startup configuration, use
the copy running-config startup-config command in Privileged EXEC mode as
shown below:
MOT:7A#copy running-config startup-config
2. The show running-config command displays configuration information
currently running on the BSR. You have the option of displaying the entire
running configuration or displaying specific configuration information. Use the
show running-config command in Privileged EXEC mode to verify that the
changes you made were implemented, as shown below:
MOT:7A#show running-config [interface [cable <X/Y> ethernet <X/Y> |
gigaether <X/Y> | | pos <X/Y> | loopback <1-32> | tunnel <0-255>]] [ | {begin |
exclude | include} {<WORD>}]
where:
interface displays running configuration information on all interfaces or a
specific interface.
cable X/Y is the slot and MAC Domain number of the CMTS module.
ethernet X/Y is the Ethernet/Fast Ethernet IEEE 802.3 module slot and port
number on the BSR.
gigaether X/Y is the Gigabit Ethernet module slot and port number on the
BSR.
BSR 64000 System Administration Guide Release 6.3.1
1-24 Compass ID: 391232199 Version 3
loopback 1-32 is the loopback interface number.
pos X/Y is the Packet over SONET slot and port number on the BSR.
tunnel 0-255 is the tunnel interface number.
| turns on output modifiers (filters).
begin filters for output that begins with the specified string.
exclude filters for output that excludes the specified string.
include filters for output that includes the specified string.
WORD is the specified string.
The configuration parameters that you have set should appear in the show
running-config command output.
Configuring SRM and Chassis Alias Information
To configure your alias name for the SRM module, use the srm alias command in
Privileged EXEC mode, as shown below:
MOT:7A#srm alias <string>
where:
string is the SRM alias name. Enclose the alias name within quotation marks if
the string contains spaces.
To configure your alias name for the BSR 64000 chassis, use the chassis alias
command in Privileged EXEC mode, as shown below:
MOT:7A#chassis alias <string>
where:
string is the BSR 64000 chassis alias name. Enclose the alias name within
quotation marks if the string contains spaces.
Configuring SRM and Chassis Asset ID Information
To configure your organizations asset ID number that is assigned to the SRM
module, use the srm assetid command in Privileged EXEC mode, as shown below:
MOT:7A#srm assetid <string>
where:
Release 6.3.1 Basic System Configuration
Compass ID: 391232199 Version 3 1-25
string is the SRM asset ID number. Enclose the alias name within quotation
marks if the string contains spaces.
To configure your organizations asset ID number that is assigned to your BSR
64000, use the chassis assetid command in Privileged EXEC mode, as shown below:
MOT:7A#chassis assetid <string>
where:
string is the BSR 64000 chassis asset ID number. Enclose the alias name within
quotation marks if the string contains spaces.
Displaying the System Configuration
The following sections discuss how to gather system information and learn the current
status of the BSR:
n Displaying SRM and Chassis Alias Information
n Displaying the SRM and Chassis Asset ID Information
n Displaying the Chassis Status
Displaying SRM and Chassis Alias Information
Use the show srm alias command in Privileged EXEC mode to show the alias name
for the SRM module, as shown below:
MOT:7A#show srm alias
To show the alias name for the BSR 64000 chassis, use the show chassis alias
command in Privileged EXEC mode, as shown below:
MOT:7A#show chassis alias
BSR 64000 System Administration Guide Release 6.3.1
1-26 Compass ID: 391232199 Version 3
Displaying the SRM and Chassis Asset ID Information
To view the asset ID number assigned to the SRM, use the show srm assetid
command in Privileged EXEC mode, as shown below:
MOT:7A#show srm assetid
To view the asset ID number assigned to your BSR 64000, use the show chassis
assetid command in Privileged EXEC mode, as shown below:
MOT:7A#show chassis assetid
Displaying the Chassis Status
The show chassis status command is an important diagnostic tool for learning the
operational status of the individual modules and upper and lower fan trays. This
command also allows you to determine where modules are populated on the BSR
64000.
To display chassis status information, use the show chassis status command in
Privileged EXEC mode, as shown below:
MOT:7A#show chassis status
Refer to the BSR 64000 Command Reference Guide to see typical screen output and
field descriptions for the show chassis status command.
Release 6.3.1 Basic System Configuration
Compass ID: 391232199 Version 3 1-27
Displaying System Information
The following sections provide information about common system management show
commands used to examine system processes:
n Displaying System Operation Information
n Displaying System Processing Information
n Displaying System Memory Information
n Displaying the System Version Information
n Displaying System Buffer Information
n Displaying Module Hardware Information
Displaying System Operation Information
Use the following options to view system information on the BSR:
n Use the show system command in all modes except User EXEC to display
various operating information for the BSR 64000 such as the module temperature
and status, and the number of each class of alarms, as shown below:
MOT:7A#show system [ | {begin | exclude | include} {<WORD>}]
where:
| turns on output modifiers (filters).
begin filters output that begins with the specified string.
exclude filters output that excludes the specified string.
include filters output that includes the specified string.
WORD is the specified string.
Refer to the BSR 64000 Command Reference Guide to see typical screen output and
field descriptions for the show system command.
n Use the show system alarms command in all modes except User EXEC to
provide a summary of central office alarm information for the entire BSR 64000.
The alarm summary display can be filtered according to whether the alarm is
active, critical, major, or minor, as shown below:
MOT:7A#show system alarms [active | critical | major | minor] [ | {begin |
exclude | include} {<WORD>}]
where
BSR 64000 System Administration Guide Release 6.3.1
1-28 Compass ID: 391232199 Version 3
active displays active alarms.
critical displays critical alarms.
major displays major alarms.
minor displays minor alarms.
| turns on output modifiers (filters).
begin filters output that begins with the specified string.
exclude filters output that excludes the specified string.
include filters output that includes the specified string.
WORD is the specified string.
Refer to the BSR 64000 Command Reference Guide to see typical screen output and
field descriptions for the show system alarms command.
n Use the show system fans command to the current state of the fan tray
subsystem. It is used for troubleshooting and operational verification.
MOT:7A#show system fans [ | {begin | exclude | include} {<WORD>}]
where
| turns on output modifiers (filters).
begin filters output that begins with the specified string.
exclude filters output that excludes the specified string.
include filters output that includes the specified string.
WORD is the specified string.
Refer to the BSR 64000 Command Reference Guide to see typical screen output and
field descriptions for the show system fans command.
Release 6.3.1 Basic System Configuration
Compass ID: 391232199 Version 3 1-29
Displaying System Processing Information
Use the following options to view system processing information. In the BSR
software, process and thread are used interchangeably and mean an independent
thread of execution.
n To display information about all active processes on the BSR, use the show
process command, as shown below:
MOT:7A#show process
n Use the show process msg-q-info command to display information about current
message queues, as shown below:
MOT:7A#show process msg-q-info
n Use the show process stack command to display the size, current usage, and
highest usage of each process stack, as shown below:
MOT:7A#show process stack [procID | procName]
where:
procID is the task ID number in decimal or hexidecimal form. 0x is required
for hexidecimal form.
procName is the task name.
n Use the show process memory command to display information about memory
usage, as shown below:
MOT#show process memory {process-id | process-name | slot <NUM> |
sorted} [bytes | kilobytes | megabytes ]
where:
process-id is the Process ID in hexidecimal notation.
process-name is the alphanumeric process name (up to 15 characters).
slot NUM specifies a CMTS slot number.
sorted specifies the memory information for all processes that are sorted.
bytes optionally displays the total sizes in bytes; which is the default.
kilobytes optionally displays the total sizes in kilobytes.
megabytes optionally displays the total sizes in megabytes.
BSR 64000 System Administration Guide Release 6.3.1
1-30 Compass ID: 391232199 Version 3
n Use the show process cpu command to display information about CPU
utilization by each process, which includes detailed CPU usage statistics for
active SRM and CMTS modules in the BSR 64000 chassis.
MOT:7A#show process cpu
n Use the show process cpu slot command to display information about CMTS
CPU utilization by each process, as shown below:
MOT:7A#show process cpu slot <NUM>
where:
NUM is the CMTS module slot number.
n Use the show process cpu restart command to restart the CPU utilization
measurement process, as shown below:
MOT:7A#show process cpu restart
n Use the show process cpu frequency command to determine how many times
per second that a CPU statistic measurement is taken, as shown below:
MOT:7A#show process cpu frequency <30-200>
where:
30-200 is the frequency value in Hertz.
Note: CPU usage statistics for a standby NIM or standby SRM modules are
not displayed using this command, however for NIM (HSIM) modules, the
module sub type is displayed.
For example:
Slot: 13 Module Type: HSIM Module Sub Type: 8-port 10/100
Ethernet (ETH8)
Note: The total utilization is approximate and may not total 100 per cent.
Release 6.3.1 Basic System Configuration
Compass ID: 391232199 Version 3 1-31
n Use the show process cpu stop command in Privileged EXEC Mode to stop the
utilization measurement process, as shown below:
MOT:7A#show process cpu stop
n Use the show process semaphores command in Privileged EXEC mode display
information about the Semaphore ID number on which process is waiting, as
shown below:
MOT:7A#show process semaphores
Refer to the BSR 64000 Command Reference Guide to see typical screen output for
the show process commands.
Displaying System Memory Information
Follow these options to display BSR system information:
n Use the show memory information command in Privileged EXEC mode to
show the number of blocks of memory, the hexadecimal address of each block of
memory, and the size of each block of memory in bytes, as shown below:
MOT:7A#show memory information [brief | slot <NUM> | <|> | <cr>]
where:
brief displays only the summary.
slot displays memory information for the BSR module slot only.
n Use the show memory command in Privileged EXEC mode to display the
starting address where memory is dumped in hexadecimal notation, as shown
below:
MOT:7A#show memory <address> <1-4294967295>
where:
address is the starting memory address expressed in hexadecimal notation to
dump memory.
1-4294967295 is the number of bytes to dump.
n Use the show memory fastpath [brief] command in Privileged EXEC mode to
display the number of bytes used to program the NIM FastPath, as shown below:
MOT:7A#show memory fastpath [brief]
where:
BSR 64000 System Administration Guide Release 6.3.1
1-32 Compass ID: 391232199 Version 3
brief displays the summary only.
Refer to the BSR 64000 Command Reference Guide to see typical screen output for
the show memory commands.
Displaying the System Version Information
Follow these options to display BSR system version information:
n Use the show version command in all modes except User EXEC mode to display
complete version information for the BSR, as shown below:
MOT:7A#show version
n Use the show version command in all modes except User EXEC mode to display
specific BSR system software and hardware version information, as shown
below:
MOT:7A#show version [slot <0-15>] [ | {begin | exclude | include}
{<WORD>}]
where:
slot is the module slot in the BSR 64000 chassis.
0-15 is the module slot number from which version information is to be
displayed.
| turns on output modifiers (filters).
begin filters for output that begins with the specified string.
exclude filters for output that excludes the specified string.
include filters for output that includes the specified string.
WORD is the specified string.
Refer to the BSR 64000 Command Reference Guide to see typical screen output and
field descriptions for the show version command.
Release 6.3.1 Basic System Configuration
Compass ID: 391232199 Version 3 1-33
Displaying System Buffer Information
Follow these options to evaluate system buffer information:
n Use the show pool command in Privileged EXEC mode to display information
about how the BSR is buffering data, as shown below:
MOT:7A#show pool [<WORD>]
where:
WORD is the name of the buffer pool.
Refer to the BSR 64000 Command Reference Guide to see typical screen output and
field descriptions for the show pool command.
n Use the show pool all command to view all memory buffer pools, as shown
below:
MOT:7A#show pool all
n Use the show pool application command to view all application-specific pools,
as shown below:
MOT:7A#show pool application
n Use the show pool icp command to view chassis control messages in the ICP
pool, as shown below:
MOT:7A#show pool icp
n Use the show pool network command to view the network pool, where network
data transfer information for the stack is located, as shown below:
MOT:7A#show pool network
n Use the show pool system command to view system physical structures, such as
the number of sockets, routes, interface addresses, PCB, and multicast addresses
in the system pool, as shown below:
MOT:7A#show pool system
n Use the show pool names command to view display names of all the mBuf pools,
as shown below:
MOT:7A#show pool names
BSR 64000 System Administration Guide Release 6.3.1
1-34 Compass ID: 391232199 Version 3
Displaying Module Hardware Information
The show controllers command displays detailed hardware and configuration
information for each module on installed in the BSR 64000 chassis.
n Use the show controllers cable command to display the following CMTS
module information:
MOT:7A#show controllers cable <X/Y> [upstream <NUM> | downstream
<port> | mac | <cr>]
where:
X/Y is the slot and MAC Domain number of the CMTS module.
upstream <NUM> displays information for an upstream port including the
upstream modulation type, channel width, frequency, and modulation profile
information (i.e minislots, interleave, preamble, etc).
downstream <port> displays information for a downstream port including
downstream modulation type, frequency (label), and symbol rate.
mac displays MAC layer information about the cable interface.
cr a command return displays RF signal information, the type of hardware
installed, FEC information for both corrected and uncorrected packets, the
spectrum group and the status of the cable interface.
n Use the show controllers ethernet command to display the following fast
Ethernet module information:
MOT:7A#show controllers ethernet <X/Y>
where:
X is the fast Ethernet module slot number.
Y is the Ethernet port number.
n Use the show controllers gigaether command to display the following Gigabit
Ethernet module information:
MOT:7A#show controllers gigaether <X/Y>
where:
X is the Gigabit Ethernet module slot number.
Y is the Gigabit Ethernet port number.
Compass ID: 391232199 Version 3 2-1
2
Configuring Logging
Introduction
Logging provides a means of monitoring a device or network to determine the overall
health of the system and gather data for proactive management through trend
analysis.The BSR generates log messages when there are configuration changes or
when network or device events occur. The BSR logging can be configured to save
these log messages to a file or direct log messages to a system console, memory
buffer, or other devices. BSR logging:
n Provides information for monitoring and troubleshooting.
n Allows you to select the types of logging information captured.
n Allows you to select the destination where logging information is stored or
displayed.
You can also log this information to multiple destinations such as several SYSLOG
servers. By default, the BSR logs normal but significant log messages to its internal
buffer and then sends these messages to the system console. You can specify which
system messages should be logged based on the severity level of the message.
Messages are time-stamped to provide real-time debugging and management.
BSR 64000 System Administration Guide Release 6.3.1
2-2 Compass ID: 391232199 Version 3
In addition, the BSR supports the following logging features:
n Logging control allows you to specify which type of log messages are logged to
which destinations - either through the CLI or automatically through the DOCSIS
docsDevEvControlTable (refer to Setting Logging Control on page 2-3).
n Restricting logging rates allows you to control the amount of logging traffic to
eliminate any potential congestion on the network (refer to Restricting Logging
Rates on page 2-4).
n EVT logging provides the ability to monitor internal system to allow additional
informational granularity for diagnostics and troubleshooting (refer to
Configuring EVT Logging on page 2-12).
The following sections describe how to configure logging on the BSR:
n Flash and NVRAM Memory Management Guidelines
n Setting Logging Control
n Restricting Logging Rates
n Configuring System Logging
n Configuring EVT Logging
n Restoring All Logging Defaults
Flash and NVRAM Memory Management
Guidelines
To enhance the performance and operation of the BSR Flash Memory and NVRAM,
observe these guidelines.
n Configure the BSR to log only errors by issuing the logging buffered errors
command.
The logging buffered errors command limits the number of log messages going
into flash memory. It does not affect syslog operation.
n Make sure NVRAM file system is only 50-60% full before copying files to the
Flash memory file system
n Do not run telnet and other commands in conjunction with commands which
perform operations involving the NRVAM.
n Delete the large files from the NVRAM file system during the maintenance
window.
Release 6.3.1 Configuring Logging
Compass ID: 391232199 Version 3 2-3
Setting Logging Control
Logging control allows you to specify which type of log messages are logged to
which destinations (console, SYSLOG, etc.) based on the severity of the message.
This can be specified manually through the CLI or automatically through the DOCSIS
docsDevEvControlTable.
n CLI logging control is specified with the logging <destination> <severity>
command. This is the default logging control. Refer to Table Table for the
default destination/severity levels associated with CLI logging control.
n DOCSIS logging control is specified with the logging control docsis
command.The logging control docsis command allows the
docsDevEvControlTable to determine which severity logs go to which
destinations. Any logging <destination> <severity> configurations are
overridden. Refer to Table Table for the default destination/severity levels
associated with DOCSIS logging control.
Any configurations set with the logging <destination> <severity> command are
overridden by the logging control docsis command. The no logging control docsis
disables the docsDevEvControlTable and re-establishes CLI logging control. Any
configurations previously set with the logging <destination> <severity> command
will now control which severity logs go to which destinations.
An entry for "logging control docsis" or "no logging control docsis" is always shown
in the running-configuration file. The default is "no logging control docsis".
Table CLI Logging Default Destination/Severity Levels
Destination Default Severity Level
console error or higher
log buffer (local) notification or higher
trap disabled
SYSLOG disabled
Table DOCSIS Logging Default Destination/Severity Levels
Destination Default Severity Level
console disabled
BSR 64000 System Administration Guide Release 6.3.1
2-4 Compass ID: 391232199 Version 3
Restricting Logging Rates
You can restrict logging rates to save space on a device and ensure that there is no
network performance degradation due to excessive logging traffic. Logging rates can
be restricted for both CLI and DOCSIS logging control modes. When the rate of
logging messages exceeds the configured rate limit, logging activity is disabled and
must be restarted.
To restrict the rate of log messages, specify the number of logged messages allowed
per number of seconds with the logging rate-limit command in Global configuration
mode, as shown below:
MOT:7A(config)#logging rate-limit <0-2147483647> <1-2147483647>
where:
0-2147483647 is the number of messages.
1-2147483647 is the number of seconds at which the specified number of
SYSLOG and trap messages are logged.
The following example indicates that the rate-limit on logged messages is 10
messages per second:
MOT:7A(config)#logging rate-limit 10 1s
The logging admin-status command controls the rate of log messages with respect to
the threshold, if any, specified with the logging rate-limit command. Use the logging
admin-status command as follows:
MOT:7A(config)#logging admin-status {inhibited | maintainBelowThreshold |
stopAtThres | unconstrained}
log buffer (local) notice or higher
trap notice, warning, error, critical
SYSLOG notice, warning, error, critical
Note: Rate limiting applies to all log messages and can not be restricted for a
particular type of log message.
Table DOCSIS Logging Default Destination/Severity Levels
Release 6.3.1 Configuring Logging
Compass ID: 391232199 Version 3 2-5
where:
inhibited causes all trap transmission and SYSLOG messages to be suppressed -
if a threshold has been specified with the logging rate-limit command, a warning
message will be displayed
maintainBelowThreshold causes trap transmission and SYSLOG messages to
be suppressed if the number of traps/messages would exceed the threshold
specified with the logging rate-limit command
stopAtThres causes trap transmission SYSLOG messages to cease at the
threshold specified with the logging rate-limit command - transmission will not
resume until the logging admin-status command is reset to an option other than
"stopAtThres" or the threshold is set to a higher value with the logging rate-limit
command.
unconstrained causes all traps and SYSLOG messages to be transmitted - if a
threshold has been specified with the logging rate-limit command, a warning
message will be displayed.
Creating a Loopback Interface for Source SYSLOG IP
Address
The logging source-interface loopback command allows an operator to control the
source IP address of SYSLOG packets generated by the BSR by specifying a
loopback interface as the source IP address for SYSLOG packets. The normal
convention for generated SYSLOG packets is to set the source IP address equal to the
IP address of the outgoing interface. Use the logging source-interface loopback
command to override this convention and instead use the IP address of the specified
loopback interface, as shown below:
Note: If using the logging admin-status commands
"maintainBelowThreshold" or "stopAtThres" options, a rate limit must be
specified with the logging rate-limit command.
Note: Before using the logging source-interface loopback command, the
loopback interface must be configured and assigned an IP address.
BSR 64000 System Administration Guide Release 6.3.1
2-6 Compass ID: 391232199 Version 3
MOT:7A(config)#logging source-interface loopback <1-32>
where:
1-32 is the loopback interface number.
Configuring System Logging
This section describes how to configure the BSR system logging. The tasks for
configuring the system log include the following:
n Configuring Logging to a SYSLOG Server
n Configuring Console Logging
n Configuring the Logging Buffer
n Configuring Logging Reports
Configuring Logging to a SYSLOG Server
Configuring logging to a SYSLOG server involves specifying the SYSLOG server,
the class (facility) of messages to log, the minimum severity level of the message, and
enabling logging. You can configure up to three remote SYSLOG servers.
Follow these steps to configure logging to a SYSLOG server:
1. Identify the SYSLOG server with the logging command in Global Configuration
mode, as shown below:
MOT:7A(config)#logging <A.B.C.D>
where:
A.B.C.D is the IP address of the SYSLOG server
For example:
MOT:7A(config)#logging 10.10.10.53
2. Specify the logging facility with the logging facility command in Global
Configuration mode, as shown below:
MOT:7A(config)#logging facility {local0 | local1 | local2 | local3 | local4 |
local5 | local6 | local7}
If you do not identify the logging facility using this command, the system defaults
to local7.
Release 6.3.1 Configuring Logging
Compass ID: 391232199 Version 3 2-7
3. Specify the severity level of messages to be logged to the SYSLOG server with
the logging trap command in Global Configuration mode, as shown below:
MOT:7A(config)#logging trap {alerts | critical | emergencies | errors |
informational | notifications | warnings}
Specify the severity level of messages to be logged to the SYSLOG server with
the logging snmp-trap command, in Global Configuration mode, as shown
below:
MOT:7A(config)#logging snmp-trap [alerts | critical | emergencies | errors
| informational | notifications | warnings]
where:
alerts logs conditions where immediate action is needed
critical logs critical conditions
emergencies logs emergency conditions where the system is unusable
errors logs error conditions
informational logs informational system messages
notifications logs normal but significant conditions
warnings logs warning conditions
The following example configure the SYSLOG server to log all messages from
warnings (severity level 4) up to emergencies (severity level 0):
MOT:7A(config)#logging trap warnings
MOT:7A(config)#logging snmp-trap warnings
4. Enable logging with the logging on command.
MOT:7A(config)#logging on
5. Verify that the SYSLOG server parameters are configured correctly with the
show running-config command in all modes except User EXEC, as shown
below:
Note: The logging trap and logging snmp-trap commands limit the logging
messages sent to a SYSLOG server to messages with a level up to and
including the severity level specified with these commands.
BSR 64000 System Administration Guide Release 6.3.1
2-8 Compass ID: 391232199 Version 3
MOT:7A(config)#show running-config | inc logg
Configuring Console Logging
Configuring logging to a local console involves specifying the minimum severity
level of the messages to log and enabling logging.
Follow these steps to configure logging to the local console:
1. Specify the severity level of messages to be logged to the local console with the
logging console command in Global Configuration mode, as shown below:
MOT:7A(config)#logging console {alerts | critical | emergencies | errors |
informational | notifications | warnings}
where:
alerts logs conditions where immediate action is needed
critical logs critical conditions
emergencies logs emergency conditions where the system is unusable
errors logs error conditions
informational logs informational system messages
notifications logs normal but significant conditions
warnings logs warning conditions
For example:
MOT:7A(config)#logging console notifications
2. Enable logging on your local console with the logging on command.
MOT:7A(config)#logging on
3. Verify the console logging configuration with the show running-config
command in all modes except User EXEC, as shown below:
MOT:7A(config)#show running-config | inc logg
Release 6.3.1 Configuring Logging
Compass ID: 391232199 Version 3 2-9
Configuring the Logging Buffer
Buffering is used to provide space on the BSRs internal buffer or on the SYSLOG
server for the latest log messages. Older messages are overwritten to allow space for
the latest messages when the internal buffer reaches maximum capacity, which is 16
Megabytes. Configuring the logging buffer involves setting the logging buffer size
and specifying the minimum severity level of the messages to log.
Follow these steps to configure the logging buffer:
1. Specify the logging buffer size with the logging buffered command in Global
Configuration mode, as shown below:
MOT:7A(config)#logging buffered <4096-5242880>
where:
4096-5242880 is the logging buffer size expressed in bytes.
2. Specify what logged information is buffered with the logging buffered
command, in Global Configuration mode, as shown below:
MOT:7A(config)#logging buffered {alerts | critical | emergencies | errors |
informational | notifications | warnings}
where:
alerts logs conditions where immediate action is needed
critical logs critical conditions
emergencies logs emergency conditions where the system is unusable
errors logs error conditions
informational logs informational system messages
notifications logs normal but significant conditions
warnings logs warning conditions
3. Verify the logging buffer configuration with the show running-config command
in all modes except User EXEC, as shown below:
MOT:7A(config)#show running-config | inc logg
4. Use the show log command to see messages logged in the internal buffer. The
oldest message is displayed first.
BSR 64000 System Administration Guide Release 6.3.1
2-10 Compass ID: 391232199 Version 3
Clearing the Logging Buffer
1. Clear the logging buffer with the clear log command in all modes except User
EXEC, as shown below:
MOT:7A#clear log
2. Verify that the log has been cleared with the show log command, as shown
below:
MOT:7A#show log
Configuring Logging Reports
You can configure the BSR to automatically generate logging reports. You can select
the report type, storage location, and the severity of log messages to be entered into
the report.
To configure a logging report, specify the logging report configuration with the
logging reporting command, in Global Configuration mode, as shown below:
MOT:7A(config)#logging reporting {alerts | critical | debug | default |
emergencies | errors | informational | notifications | warnings} {all-clear |
all-set | local | local-syslog | local-trap | local-trap-syslog}
where:
alerts logs conditions where immediate action is needed
critical logs critical conditions
debug logs debugging messages
default sets all severity levels to the default destination/severity
emergencies logs emergency conditions where the system is unusable
errors logs error conditions
informational logs informational system messages
notifications logs normal but significant conditions
warnings logs warning conditions
all-clear unsets all logging locations for the report.
all-set sets all logging locations for the report.
local log all messages to local-nonvolatile memory (NVRAM).
Release 6.3.1 Configuring Logging
Compass ID: 391232199 Version 3 2-11
local-syslog log all messages to local NVRAM and the SYSLOG server.
local-trap log messages, excluding the specified trap level, to local
NVRAM.
local-trap-syslog log messages, excluding the specified trap level, to local
NVRAM and the SYSLOG server.
For example, if you want to log critical log messages to local non-volatile
memory (NVRAM), use the logging reporting critical local command, as
shown below:
MOT:7A(config)#logging reporting critical local
Restoring the Default Log Reporting Configuration
Restore the default destination/severity log reporting configuration with the logging
reporting default command in Global Configuration mode, as shown below:
MOT:7A(config)#logging reporting default
The default destination/severity log reporting configuration depends on which
logging control mode is enabled. Refer to Table Table for the default destination/
severity levels associated with CLI logging control. Refer to Table Table for the
default destination/severity levels associated with DOCSIS logging control.
Note: Debug messages will not be reported unless debugging has been
turned on for a subsystem with the corresponding CLI debug command (e.g.
debug snmp).
BSR 64000 System Administration Guide Release 6.3.1
2-12 Compass ID: 391232199 Version 3
Configuring EVT Logging
The EVT system is an enhancement to the BSR logging mechanism that provides the
ability to monitor internal system events. This allows for additional granularity in
monitoring system activity. As EVT monitored events occur, they can be logged in a
similar manner as the existing BSR logging mechanism although the configuration
procedure for EVT logging is different. The EVT system monitors events by counting
the number of times that an event occurred. The EVT system can also optionally
display console messages, SYSLOG messages, SNMP traps or log entries in
non-volatile memory to provide more detailed information. Event counters are always
enabled, regardless of whether the generated event displays an optional message. The
counters can be queried to determine if a particular event has occurred. The EVT
reporting mechanism provides information as to when the event occurred. EVT
reporting has default options based on the severity level of the event which can be
customized.
EVT counts are organized into named groups which can be displayed, reset, and
logged on a per-group basis. Each event within an EVT group is numbered from 1 to
255 and additionally identified with the groups EVT base number. EVTs can always
be observed by displaying the EVT count with the show evt command while system
log messages are only observed if the log messages severity level is configured for
logging in advance. Logging for each EVT can be controlled on an individual basis to
any combination of four logging destinations (logging buffer, console, SNMP traps,
and SYSLOG).
Display of an EVT group provides a "snapshot" of the groups function (e.g. the
number of packets forwarded or the number of errors observed). Multiple EVT groups
can also provide a longer-term snapshot of the activities and overall system health
of the BSR.
Caution: Enabling EVT message displays can cause system performance
and timing problems due to the volume of messages generated. To avoid
these potential EVT floods, contact customer support before changing any
EVT default configuration.
Note: Contact customer support if EVT messages with a severity level of
"alert", "warning", or "error" are being generated.
Release 6.3.1 Configuring Logging
Compass ID: 391232199 Version 3 2-13
This section describes how to configure EVT logging parameters. The tasks for
configuring EVT logging include the following:
n Configuring EVT Logging
n Displaying EVT Counts
n Clearing EVT Counts
n Disabling EVT Logging
n Restoring EVT Default Logging Configurations
EVT Logging Default Configurations
Each individual EVT has a logging flags field that controls to which destination an
EVT message is sent when the EVT occurs. There are four potential logging
destinations associated with each EVT:
n Local logging to a local logging buffer
n Traps to an SNMP server
n Syslog messages to a SYSLOG server
n Console logging
Each EVT is also defined with one of eight severity levels (debug, informational,
notice, warning, error, critical, alert, or emergency). The severity level of an EVT
determines the destination where the EVT message will be logged based on the
default destination/severity configuration.
The default destination/severity configuration depends on which logging control
mode is enabled. Refer to Table Table for the default destination/severity levels
associated with CLI logging control. Refer to Table Table for the default destination/
severity levels associated with DOCSIS logging control.
Configuring EVT Logging
EVT logging can be configured to log EVT messages to a different destination by
setting the logging destination of the EVT<group> to local, trap, SYSLOG, and/or
console. Logging of EVT messages can also be configured on a per-slot, per-group, or
per-event basis. These configuration options allow an administrator to narrow EVT
output resulting in much fewer EVT log messages to consider when debugging a
problem. Follow these steps to configure EVT logging:
1. Specify the EVT configuration with the logging evt set command in Global
Configuration mode, as shown below:
BSR 64000 System Administration Guide Release 6.3.1
2-14 Compass ID: 391232199 Version 3
MOT:7A(config)# logging evt set [l|t|s|c] [<slot:group>] [<range>]
where:
l indicates Local logging to a local logging buffer.
t indicates Traps sent to an SNMP server
s indicates Syslog messages sent to a SYSLOG server
c indicates Console logging
one of the fifteen possible combinations of l, t, s, and c, appearing in
that order, determine which of the four logging flag bits are set.
slot is an optional slot number. If omitted, the command applies to the EVTs
that occur on all slots in the system.
group is an optional name of an EVT group.
range is an optional individual EVT number within an EVT group. If a single
EVT number or EVT number + EVT number is specified, only those
particular EVTs are affected by the command.
2. Verify the EVT configuration with the show running-config command in all
modes except User EXEC, as shown below:
MOT:7A(config)#show running-config | inc logg
EVT Command Examples
n MOT:7A(config)# logging evt set c bufmgr
sets console logging of all events for the EVT group BUFMGR on all slots.
n MOT:7A(config)# logging evt set c 6:bufmgr
sets console logging of all events for the EVT group BUFMGR only on slot 6.
n MOT:7A(config)# logging evt set lc bufmgr 3
sets local logging and console logging of the EVT BUFMGR.3 events on all
slots.
n MOT:7A(config)# no logging evt set c bufmgr
removes the previous configuration setting.
n MOT:7A(config)# logging evt set sc bufmgr
Release 6.3.1 Configuring Logging
Compass ID: 391232199 Version 3 2-15
sets SYSLOG and console logging of all events for the EVT group BUFMGR
events on all slots.
n MOT:7A(config)# logging evt set ltsc 6:bufmgr 3+4
sets local logging, SNMP trap, SYSLOG, and console logging for slot 6 EVT
BUFMGR.3 and BUFMGR.4 events.
n MOT:7A(config)# no logging evt set
removes all previous logging evt set configurations.
n MOT:7A(config)# no logging evt
removes all previous logging evt set and logging evt clear configurations.
Displaying the EVT Configuration
Use the following commands to display EVT configuration information:
n MOT:7A(config)# show logging evt
This command displays the EVT configuration entries in the running
configuration file.
n MOT:7A(config)# show logging reporting
This command displays the recording mechanism for logging messages based on
their severity level. The display output is in the format: logging reporting
<severity> <logging location> e.g. logging reporting alert local.
Displaying EVT Counts
The show evt command displays EVT counts or all groups on all slots, groups on a
specified slot, a specified group, or specified events, as shown below:
MOT:7A(config)# show evt [<slot:group>] [<range>]]
Clearing EVT Counts
EVT counts can be cleared for all groups on all slots, groups on a specified slot, a
specified group, or specified events, as shown below:
MOT:7A(config)# clear evt [<slot:group>] [<range>]]
BSR 64000 System Administration Guide Release 6.3.1
2-16 Compass ID: 391232199 Version 3
Disabling EVT Logging
The following command options disable EVT logging:
n MOT:7A(config)# logging evt clear [l|t|s|c] [<slot:group>] [<range>]
This command disables EVT logging for the specific logging destination(s). For
example, it may be useful to turn off console logging for a warning severity
message which is originally sent to the local console.
n MOT:7A(config)# logging evt clear
This command disables logging of all EVTs and can be used to stop a flood of
EVT log messages from going to the console.
Restoring EVT Default Logging Configurations
The following no logging evt clear command options restore the EVT default
logging configurations:
n MOT:7A(config)# no logging evt clear [<slot:group>] [<range>]
This command sequence removes the corresponding logging evt clear entry
from the running configuration file and restores the default logging control for the
EVT group.
n MOT:7A(config)# no logging evt clear
This command, with no other arguments, removes all logging evt clear entries
from the running configuration file and restores default logging controls for all
EVTs modified with the logging evt set command.
Disabling the DOCSIS Ranging CM Retries Message
The logging disable cm_ranging_fail_r103_0 command is useful in situations where
a high volume of the "Unable to Successfully Range CM Retries Exhausted" DOCSIS
error message is being generated and logged. Use the logging disable
cm_ranging_fail_r103_0 command in Privileged EXEC mode to disable these
extraneous logging error messages. The no logging disable
cm_ranging_fail_r103_0 enables the logging of this error message.
MOT:7A#logging disable cm_ranging_fail_r103_0
Release 6.3.1 Configuring Logging
Compass ID: 391232199 Version 3 2-17
Restoring All Logging Defaults
Restore the default settings for all logging components with the logging default
command in Global Configuration mode, as shown below:
MOT:7A(config)# logging default
The logging default command restores the default settings for all logging, including
logging <destination> <severity>, logging reporting, and EVT configurations.
n The docsDevEvControlTable is restored to its DOCSIS-specified default values.
n CLI logging control is re-established.
n All logging evt configuration entries are removed from the running configuration
file.
n Any logging <A.B.C.D> (for SYSLOG server) commands are unaffected.
n The logging rate-limit command is unaffected.
n The logging buffered <size> command is restored to its default size.
n The following entries are restored to the running configuration file:
no logging control docsis
logging buffered notifications
logging console error
no logging trap
no logging snmp-trap
logging facility local7
Compass ID: 391232199 Version 3 3-1
3
Configuring TCP/IP
Introduction
IP provides basic packet delivery service for all TCP/IP networks. The
connection-oriented TCP exchanges control information with a remote device to
verify that the device is ready to receive data before it is sent. However, IP uses other
protocols to establish the connection and to supply error detection and recovery such
as ICMP.
A datagram is a packet format defined by IP. An IP packet contains the necessary
destination address information. A packet-switching network uses the addressing
information to switch the packet from one physical network to another, moving it
toward its final destination. Each packet travels the network independent of any other
packet.
IP performs the following functions:
n Moves data between the Network Access layer and the Host-to-Host Transport
layer
n Routes datagrams to remote hosts
n Fragments and reassembles datagrams
BSR 64000 System Administration Guide Release 6.3.1
3-2 Compass ID: 391232199 Version 3
A router forwards traffic from one network to another. The router also transmits route
information to other routers. This route information is stored in routing tables that
enable a router without a direct physical connection to a packets destination to
forward the packet to a router that is closer to its destination. The process continues at
each router until the packet reaches a router attached to the same network as the
destination host. That router delivers the packet to the specified host on its local
network, and the packet reaches its final destination.
Adding a Permanent ARP Entry and Timeout Value
Since no relationship exists between an Ethernet (MAC) address and an Internet
address, a router uses the Address Resolution Protocol (ARP) to send a packet across
the network to a host with a known Internet address. A host that uses ARP maintains a
cache of Internet-to-Ethernet address mappings. Dated entries are removed to keep
the cache from growing too large. Before transmitting a packet, the host checks its
cache for the Internet-to-Ethernet address mapping. If the mapping is not found, the
host sends an ARP request.
Follow these steps to add a permanent ARP entry and timeout for a BSR interface:
1. Use the arp command in Global Configuration mode to add an entry to the ARP
cache, as shown below:
MOT:7A(config)#arp <A.B.C.D> <H.H.H> [arpa | snap] [alias |
cablebundle <X/Y>] [alias cablebundle <X/Y>]
where:
A.B.C.D is the IP address of the ARP entry, specified in dotted-decimal
notation.
H.H.H is a 48-bit hardware MAC address of the ARP entry.
arpa is the Advanced Research Projects Agency (ARPA) packet
encapsulation type.
snap is the Subnetwork Access Protocol (SNAP) packet encapsulation type.
alias specifies that the software respond to ARP as if it owns the specified
address, if proxy arp is enabled.
cablebundle specifies the cable bundle CMTS interface.
Release 6.3.1 Configuring TCP/IP
Compass ID: 391232199 Version 3 3-3
X/Y is the slot and MAC Domain number of the CMTS module.
2. The default ARP timeout is 60 minutes. Use the arp timeout command in
Interface Configuration mode to set the ARP cache timeout for a specific
interface, as shown below:
MOT:7A(config-if)#arp timeout <1-6000>
where:
1-6000 is ARP cache timeout value, expressed in minutes.
Use the no arp timeout command to restore the default.
Reverse ARP
Reverse ARP, defined in RFC 903, works like ARP, except that the RARP request
packet requests an Internet address instead of a hardware address. The BSR acts as an
RARP server. Use the ip rarp-server command in Interface Configuration mode to
enable RARP, as shown below. Set the IP address to one of the interface addresses.
MOT:7A(config-if)#ip rarp-server <A.B.C.D>
where:
A.B.C.D is the source protocol IP address in replies.
Address Resolution Using Proxy ARP
A proxy ARP request is defined as one for a target host that is not on one of the
logical IP subnets configured for the incoming physical interface. With this Release
4.4.0, When an interface configured with the ip proxy-arp command, the BSR
responds to a proxy ARP request only when the following two conditions are met:
1. the target is within a logical IP subnet defined on any interface of the BSR and
2. the link layer Ethernet MAC address of the target has been resolved.
This permits logical IP subnets for proxy ARP to be "overlapped" between two or
more BSRs connected to the same edge router in a head-end. This, in turn, permits
customers to maintain statically assigned subscriber IP addresses (e.g. for commercial
services) when expanding from one to two BSRs.
1. Proxy ARP is not enabled by default. Use the ip proxy-arp command in Interface
Configuration mode to enable Proxy ARP, as shown below:
MOT:7A(config-if)#ip proxy-arp
BSR 64000 System Administration Guide Release 6.3.1
3-4 Compass ID: 391232199 Version 3
2. Use the no ip proxy-arp command in Interface Configuration mode to disable
Proxy ARP, as shown below:
MOT:7A(config-if)#no ip proxy-arp
3. Use the show running-config command in Privileged EXEC mode to verify
ARP status, as shown below:
MOT:7A#show running-config
Configuring Broadcast Addressing
A broadcast is a data packet destined for all hosts on a particular physical network.
Network hosts recognize broadcasts by special addresses. The BSR system supports
the following broadcast packet types:
n Limited Broadcast - A packet is sent to a specific network or series of networks.
n Flooded Broadcast - A packet is sent to every network.
Use a single broadcast address scheme on a network and set the address to be used as
the broadcast address to avoid broadcast storms. The BSR can accept and interpret all
possible forms of broadcast addresses.
Use the ip broadcast-address command in Interface Configuration mode to specify a
broadcast IP address for an interface, as shown below:
MOT:7Aconfig-if)#ip broadcast-address <A.B.C.D>
where:
A.B.C.D is the broadcast IP address.
Release 6.3.1 Configuring TCP/IP
Compass ID: 391232199 Version 3 3-5
Configuring the MTU
Fragmentation occurs when an IP datagram is too large for a network maximum
transmission unit (MTU) size, and the large datagram is divided into several smaller
pieces for transmission. Lower layer protocols may also set the MTU. If the MTU
that is set in lower layers differs from the MTU that is set at the IP layer, the BSR uses
the lower value.
The default MTU is 1496 bytes. Use the ip mtu command in Interface Configuration
mode to change the MTU size, as shown below:
MOT:7A(config-if)#ip mtu <68-4000>
where:
68-4000 is the MTU size, expressed in bytes for an 10/100 Ethernet interface.
Note: The POS interface MTU range is from 68 to 4000 bytes. The loopback
interface MTU range is from 68 to 1514 bytes.
The MTU cannot be set on a CMTS interface.
BSR 64000 System Administration Guide Release 6.3.1
3-6 Compass ID: 391232199 Version 3
Configuring Static Routes
You can arrange for a router to receive and send traffic by a specific static route, and
you can set a default route to reduce the routing table size. If a path to a destination
network cannot be located by a router, the BSR forwards the traffic to the default
router, if one is defined. Static routes cause packets moving between a source and a
destination to take a specific path. Static routes are important when the software
cannot build a route to a particular destination and for specifying a gateway to which
all unroutable packets are sent.
Follow these steps to configure a static route:
1. Use the ip route command in Global Configuration mode to set a specific route
through a network, as shown below:
MOT:7A(config)#ip route <A.B.C.D> <A.B.C.D> [<A.B.C.D> | null <0-0> |
pos <X/Y> | tunnel <0-255>] [<1-255>] [tag <1-4294967295>]
where:
A.B.C.D is the static route destination IP address.
A.B.C.D is the static route destination IP address mask.
A.B.C.D is the forwarding routers IP address.
null 0-0 is null interface and port.
pos specifies the POS interface.
X is the POS module slot number.
Y is the POS port number.
tunnel 0-255 is a tunnel interface number.
1-255 is the administrative distance; the default is 1.
tag 1-4294967295 specifies the match value used to control the route-map
redistribution.
2. Use the IP address 0.0.0.0 with the ip route command in global Configuration
mode to set a default route, as shown below:
MOT:7A(config)#ip route 0.0.0.0 0.0.0.0 198.56.0.2
Release 6.3.1 Configuring TCP/IP
Compass ID: 391232199 Version 3 3-7
Use the no ip route command to remove a static route from the routing table.
Table Table lists the dynamic routing protocols and their default distances.
Clearing Route Table Entries
Use the clear ip route command in Privileged EXEC mode to clear dynamic entries
from the routing table, as shown below. You must specify the IP address of the routes
and the mask of the IP address.
MOT:7A(config-if)#clear ip route {* | <A.B.C.D> | <A.B.C.D> <A.B.C.D>}
where:
* is the asterisk character that clears all routes in the routing table.
A.B.C.D is the IP address of the route.
A.B.C.D is the subnet mask of the IP address.
Table Route Sources and Administrative Distances
Route Source Default Distance
Enhanced IGRP external route 170
Enhanced IGRP summary route 5
External BGP 20
IGRP 100
IGRP external route 170
Internal BGP 200
Internal Enhanced IGRP 90
OSPF 110
RIP 120
Static route 1
Unknown 255
BSR 64000 System Administration Guide Release 6.3.1
3-8 Compass ID: 391232199 Version 3
Configuring the Internet Control Message Protocol
The Internet Control Message Protocol (ICMP) allows a router or destination host to
report errors in data traffic processing to the original packet source. ICMP messages
occur when errors take place in processing an unfragmented data packet or in the first
fragment of a fragmented data packet. ICMP message delivery is not guaranteed. The
Router Discovery Protocol, enabled via ICMP, informs hosts of the existence of
routers by tracing router discovery packets.
Follow these sections to configure ICMP on the BSR:
n About IRDP
n Enabling IRDP
n Enabling ICMP
About IRDP
The router software provides router discovery, by which the router can dynamically
learn about routes to other networks using the ICMP Router Discovery Protocol
(IRDP) for detecting routers. IRDP uses router advertisement and router solicitation
messages to discover addresses of routers on directly attached subnets.
With IRDP, each router periodically multicasts or broadcasts router advertisement
messages from each of its interfaces. Hosts discover the addresses of routers on the
directly attached subnet by listening for these messages. Hosts can use router
solicitation messages to request immediate advertisements, rather than wait for
unsolicited messages.
IRDP offers several advantages over other methods of discovering addresses of
neighboring routers. Primarily, it does not require hosts to recognize routing
protocols, nor does it require manual configuration by an administrator.
Router advertisement messages allow hosts to discover the existence of neighboring
routers, but not which router is best to reach a particular destination. If a host uses a
poor first-hop router to reach a particular destination, it receives a redirect message
identifying a better choice.
Release 6.3.1 Configuring TCP/IP
Compass ID: 391232199 Version 3 3-9
Enabling IRDP
Use the following procedure to configure IRDP.:
1. Use the ip irdp command in Interface Configuration mode to enable IRDP, as
shown below:
MOT:7A(config-if)#ip irdp
2. Use the ip irdp address command in Interface Configuration mode to configure
a proxy IP address to advertise messages from an interface, as shown below
MOT:7A(config-if)#ip irdp address <A.B.C.D> | minadvertinterval |
multicast | preference ]
where:
address {<A.B.C.D>} is the IP address to proxy-advertise the preference
value message.
multicast indicates advertisements are sent with multicast.
preference indicates preference value for this interface.
-2147483648-2147483647 indicates preference value for this interface
(higher values are prefered); the default is 0.
3. The default peference level for IRDP routing is 0. Use the ip irdp preference
command in Interface Configuration mode to set the IRDP routing preference
level, as shown below:
MOT:7A(config-if)#ip irdp preference <-2147483648-2147483647>
where:
-2147483648-2147483647 is the IRDP routing preference level.
Note: IRDP is not availble on a CMTS interface.
BSR 64000 System Administration Guide Release 6.3.1
3-10 Compass ID: 391232199 Version 3
Managing IRDP
Use any of the following options to change IRDP default settings:
n The default duration for an IRDP advertisement is 1800 seconds. Use the ip irdp
holdtime command in Interface Configuration mode to change the duration of
IRDP advertisement ages, as shown below:
MOT:7A(config-if)#ip irdp holdtime {<1-9000>}
where:
1-9000 is the hold-time in seconds that advertisements are kept valid.
n The default IRDP maximum advertising interval is 600 seconds. Use the ip irdp
maxadvertinterval command in Interface Configuration mode to change the
maximum time between IRDP advertisements, as shown below:
MOT:7A(config-if)#ip irdp maxadvertinterval {<4-1800>}
where:
4-1800 is the maximum time in seconds.
n The default IRDP minimal advertisement interval is 450 seconds. Use the ip irdp
minadvertinterval command in Interface Configuration mode to change the
minimum time interval between IRDP advertisements, as shown below:
MOT:7A(config-if)#ip irdp minadvertinterval {<3-1800>}
where:
3-1800 is the minimal interval in seconds between IRDP advertisements.
n IRDP advertisements are broadcasted by default. Use the ip irdp multicast
command in Interface Configuration mode to send IRDP advertisements with
Multicast packets, as shown below:
MOT:7A(config-if)#ip irdp multicast
Release 6.3.1 Configuring TCP/IP
Compass ID: 391232199 Version 3 3-11
Enabling ICMP
Once IRDP is enabled, follow the steps in this section to enable ICMP:
1. Use the ip mask-reply command in Interface Configuration mode to enable
ICMP netmask reply messages, as shown below:
MOT:7A(config-if)#ip mask-reply
2. Use the ip unreachables command to enable the generation of ICMP
unreachable messages, as shown below:
MOT:7A(config-if)#ip unreachables
3. You can send ICMP echo request packets to a specified address. You can set an
optional packet count for a destination. Use the ping command from Privileged
EXEC mode to do this, as shown below:
MOT:7A#ping [<hostname> | <A.B.C.D>] [size <40-65515>] [<1-65535>]
[timeout <1-1024>] [source <A.B.C.D>] [tos <0-255>] [ttl <0-255>] [df]
where:
hostname is the DNS host name.
A.B.C.D is an IP address.
40-65515 is the packet size value expressed in bytes.
1-65535 is the packet number or request messages sent.
timeout is the duration.
1-1024 is the timeout value, expressed in seconds.
source A.B.C.D is the IP address of the source.
tos 0-255 specifies the type of service.
ttl 0-255 is the time to live value.
df sets the dont fragment flag in the IP header.
In the following example, a request packet is sent to address 192.35.42.1, with a
size of 55, a packet count of 10, and a timeout value of 10 seconds.
MOT:7A#ping 192.35.42.1 size 55 10 timeout 10
BSR 64000 System Administration Guide Release 6.3.1
3-12 Compass ID: 391232199 Version 3
Tracing a Route
A route path includes all IP level devices, such as routers and servers, that packets
travel through over the network on a hop-by-hop bases to get to their intended
destination.
Use the traceroute command in Privileged EXEC mode to identify the route path
from the route source to the route destination, as shown below:
MOT:7A#traceroute [<A.B.C.D> | <Hostname>]
where:
A.B.C.D is the source IP address.
Hostname is the Domain Name Server (DNS) hostname.
Managing the Router
Follow these sections to manage routing operations on the BSR:
n Enabling IP Source Routing
n Clearing Interface Counters
n Clearing IP Routes
n Clearing the ARP Cache
n Clearing IP Traffic
n Clearing DNS Entries
Enabling IP Source Routing
The BSR examines IP header options on every packet. It supports the IP header
options Strict Source Route, Loose Source Route, Record Route, and Time Stamp,
which are defined in RFC 791. If the software finds a packet with one of these options
enabled, it performs the appropriate action. If it finds a packet with an invalid option,
it sends an ICMP Parameter Problem message to the source of the packet and discards
the packet.
IP provides a provision that allows the source IP host to specify a route through the IP
network. This provision is known as source routing. Source routing is specified as an
option in the IP header. If source routing is specified, the software forwards the packet
according to the specified source route. This feature is employed when you want to
force a packet to take a certain route through the network. The default is to disable
source routing.
Release 6.3.1 Configuring TCP/IP
Compass ID: 391232199 Version 3 3-13
You can enable IP source-route header options if they have been disabled by using the
following command in Global Configuration mode:
MOT:7A(config)#ip source-route
Clearing Interface Counters
Use the clear counters command in Privileged EXEC mode to clear a specific or all
interface counters, as shown below:
MOT:7A#clear counters [ethernet <X/Y> cable <X/Y> | loopback <1-32> | pos <X/
Y> | gigaether <X/Y> | tunnel <0-255>]
where:
cable clears the cable interface counters. X/Y is the slot and MAC Domain
number of the CMTS module.
ethernet clears the Ethernet interface counters.
loopback clears the loopback interface counters.
1-32 is the loopback interface number.
tunnel clears the tunnel interface counters.
0-255 is the tunnel interface number.
pos clears the Packet over SONET (POS) interface counters.
gigaether clears the Gigabit Ethernet interface counters.
X identifies the module slot number.
Y identifies the port number.
BSR 64000 System Administration Guide Release 6.3.1
3-14 Compass ID: 391232199 Version 3
Clearing IP Routes
Use the clear ip route command in Privileged EXEC mode to clear one or more IP
routes from the IP routing table, as shown below:
MOT:7A#clear ip route {* | <A.B.C.D> | <A.B.C.D> <A.B.C.D>}
where:
* deletes all routes.
A.B.C.D the network or subnetwork address.
A.B.C.D the associated IP address of the removed routes.
Clearing the ARP Cache
Use the clear arp-cache command in Privileged EXEC mode to clear all dynamic
entries from the ARP cache or a single ARP entry on the BSR such as an ARP entry
from a CMs Customer Premisis Equipment (CPE), as shown below:
MOT:7A#clear arp-cache [<A.B.C.D>]
where:
A.B.C.D is the IP address for ARP table entry to be cleared.
Clearing IP Traffic
Use the clear ip traffic command in Privileged EXEC mode to reset the IP traffic
statistics counters to zero, as shown below:
MOT:7A#clear ip traffic
Clearing DNS Entries
Use the clear host command in Privileged EXEC mode to delete DNS host entries
from the host-name-and-address cache, as shown below:
MOT:7A#clear host {<Hostname> | *}
where:
Hostname deletes a specific DNS host entry.
* deletes all DNS host entries.
Release 6.3.1 Configuring TCP/IP
Compass ID: 391232199 Version 3 3-15
Displaying TCP/IP Related Information
Use the following commands display TCP/IP information:
n Use the show ip arp command to display ARP table information, as shown
below:
MOT:7A#show ip arp [<A.B.C.D>] [<Hostname>] [<H.H.H>] [cable <X/Y> |
ethernet <X/Y> | gigaether <X/Y>]
where:
A.B.C.D is the IP address of the ARP entry.
Hostname is the host name of the ARP entry.
H.H.H is the MAC address of the ARP entry.
cable specifies a CMTS module slot and interface. X/Y is the slot and MAC
Domain number of the CMTS module.
ethernet specifies a 10/100 Ethernet module or a module (with an Ethernet
interface) and the Ethernet interface.
gigaether specifies a Gigabit Ethernet module slot and interface.
X is the module slot number of the ARP entry.
Y is the port number of the ARP entry.
n Use the show ip interface command to view interface information, as shown
below:
MOT:7A#show ip interface [ brief | pos <X/Y>}| ethernet <X/Y>} | gigaether
<X/Y> | cable <X/Y> | loopback <1-32>]
where:
brief displays summary information.
pos is the Packet over SONET interface.
ethernet is any 10 or 10/100 Ethernet interface.
gigaether is the Gigabit Ethernet interface.
X/Y is the slot and port number.
cable X/Y is the slot and MAC Domain number of the CMTS module.
loopback 1-32 is the loopback interface.
BSR 64000 System Administration Guide Release 6.3.1
3-16 Compass ID: 391232199 Version 3
n Use the show ip route command to display the routing table status. You can
specify an optional IP mask that filters specific routes. You can enter this
command from any mode.
MOT:7A#show ip route [<hostname> | bgp | connected | ospf | rip | static |
<A.B.C.D> [mask]]
n Use the show ip route static command to display the status of static routes in the
routing table. You can specify an optional IP mask that filters specific routes.
MOT:7A#show ip route static [<hostname> | bgp | connected | ospf | rip | static
| <A.B.C.D> [mask]]
n Use the show ip traffic command from Privileged EXEC mode to display
statistics about IP traffic, which includes DHCP lease query statistics, as shown
below:
MOT:7A#show ip traffic
Refer to the BSR 64000 Command Reference Guide to see typical screen output and
field descriptions for the show ip arp, show ip interface, and show ip route
commands.
Compass ID: 391232199 Version 3 4-1
4
Configuring Interfaces
Introduction
This chapter discusses the following interface configuraion tasks on the BSR:
n Setting IP Interface Addresses
n Configuring a Loopback Interface
n Configuring Tunnels on an Interface
n Configuring an Unnumbered Interface
n Clearing Interface Counters
n Displaying Interface Information
BSR 64000 System Administration Guide Release 6.3.1
4-2 Compass ID: 391232199 Version 3
Setting IP Interface Addresses
You must configure the interfaces on the BSR in order for the BSR to transmit and
receive data and communicate with other network devices.
Follow these steps to assign an IP address and subnetwork mask to an interface on a
module:
1. Use the show chassis status command in Privileged EXEC mode to identify
where the module is in the chassis, as shown below:
MOT:7A#show chassis status
2. Determine the slot number of the module.
3. Use the configure command in Privileged EXEC mode to enter Global
Configuration mode, as shown below:
MOT:7A#configure
4. Use the interface command in Global Configuration mode to enter an interface,
as shown below:
MOT:7A(config)#interface [pos | ethernet | gigaether | cable] <X/Y>
where:
pos is the Packet over SONET interface.
ethernet is any 10 or 10/100 Ethernet interface.
gigaether is the Gigabit Ethernet interfac.e
X is the module slot on the BSR.
Y is the port number on the module.
cable X/Y is the slot and MAC Domain number of the CMTS module.
5. Use the ip address command to set a primary IP address and subnetwork mask
for an interface, as shown below:
MOT:7A(config-if)#ip address {<A.B.C.D> <A.B.C.D>}
Note: Refer to Configuring a Loopback Interface on page 4-7, Configuring
Tunnels on an Interface on page 4-9, and Configuring an Unnumbered
Interface on page 4-11 for more information on configuring these other
interface types.
Release 6.3.1 Configuring Interfaces
Compass ID: 391232199 Version 3 4-3
where:
A.B.C.D is the IP address of the interface.
A.B.C.D is the network mask of the IP network, on which the interface is
associated.
For example:
MOT:7A(config-if)#ip address 10.10.10.135 255.255.255.0
6. Use the ip address secondary command in Interface Configuration mode to
optionally configure a secondary IP address for an interface, as shown below:
MOT:7A(config-if)#ip address {<A.B.C.D> <A.B.C.D>} secondary
where:
A.B.C.D is the IP address of the BSR interface designated for the loopback
interface.
A.B.C.D is the subnetwork mask of the IP network, on which the interface is
associated.
secondary optionally designates the IP address as a secondary IP
address. Include the keyword secondary after the IP address and subnet
mask to specify additional secondary IP addresses.
For example:
In the sample below, 198.108.1.127 is the primary address and 172.45.7.17 is
a secondary address for Ethernet 0/0.
interface ethernet 0/0
Note: A secondary IP address can be used in some implementations as the
loopback interface. There are special options for configuring a secondary IP
address on the cable interface. Refer to Subneting DHCP Clients on the
Cable Interface in the BSR 64000 CMTS Configuration and Management
Guide for more information.
Note: If you are specifying a secondary IP address for a cable interface that
has a secondary CPE host or MTA IP address, refer to Subneting DHCP
Clients on the Cable Interface in the BSR 64000 CMTS Configuration and
Management Guide for more information.
BSR 64000 System Administration Guide Release 6.3.1
4-4 Compass ID: 391232199 Version 3
ip address 198.108.1.127 255.255.255.0
ip address 172.45.7.17 255.255.255.0 secondary
7. Optionally issue the description command in Interface Configuration mode to
specify descriptive information for the interface that you are configuring, as
shown below. This information is limited to 80 characters and spaces cannot be
used.
MOT:7A(config-if)#description <LINE>
where:
LINE is the text that describes the interface.
For example:
MOT:7A(config-if)#description charlestown_1
8. Use the show ip interface command to verify the configuration and current state
of the interface that you configured, as shown below:
MOT:7A(config-if)#show ip interface [ brief | pos <X/Y> | ethernet<X/Y> |
gigaether <X/Y> | cable <X/Y>]
where:
brief displays summary information.
pos is the Packet over SONET interface.
ethernet is any 10 or 10/100 Ethernet interface.
gigaether is the Gigabit Ethernet interface.
X is the desired module slot on the BSR.
Y is the port number on the module.
cable X/Y is the slot and MAC Domain number of the CMTS module.
Refer to the BSR 64000 Command Reference Guide to see typical screen output
and field descriptions for the show ip interface command.
Note: The entered description can be seen in the running configuration, and
in the command output of show commands such as the show ip interface
command.
Release 6.3.1 Configuring Interfaces
Compass ID: 391232199 Version 3 4-5
Removing an IP Address
You can disable IP processing on a particular interface by removing its IP address
with the no ip address command. If the router detects another host using one of its IP
addresses, it will print an error message on the console. The software supports
multiple IP addresses per interface. A specific IP address can be removed from an
interface or all IP addresses associated with the interface can be removed.
n Use the no ip address command in Interface Configuration mode to remove a
specific IP address from the interface, as shown below:
MOT:7A(config-if)#no ip address {<A.B.C.D> <A.B.C.D>} [secondary]
n Use the no ip address command in Interface Configuration mode to remove all
addresses from the interface, as shown below:
MOT:7A(config-if)#no ip address
Configuring Auto-Negotiation on the 10/100 Ethernet Module
The Ethernet interface on the 10/100 Ethernet module can be configured for the
Ethernet port speed (10 or 100), duplex mode (full or half), and to enable/disable
auto-negotiation:
speed {10 | 100 | auto}
duplex {half | full | auto}
The 10/100 Mbps Ethernet interface on the 10/100 Ethernet module is set to
auto-negotiate the speed and duplex mode by default.
Follow these options to manually set the speed and negotiation parameters for the
Ethernet port on the 10/100 Ethernet module:
Use the interface ethernet command in Global Configuration mode to enter the
Ethernet interface on the 10/100 Ethernet module, as shown below:
MOT:7A(config)#interface ethernet <X/Y>
where:
X is the 10/100 Ethernet module slot.
Note: The primary IP address can be removed only after all of the secondary
subnet addresses associated with the inteface have been removed.
BSR 64000 System Administration Guide Release 6.3.1
4-6 Compass ID: 391232199 Version 3
Y is the Ethernet port number.
Use the following options to change auto-negotiation parameters on the Ethernet
Interface:
n The Ethernet interface the duplex mode is auto-negotiated by default. Use the
duplex full command in Interface Configuration mode to manually set the duplex
mode for full-duplex so that the Ethernet interface can send and receive signals at
the same time, as shown below:
MOT:7A(config-if)#duplex full
- or -
Use the duplex half command in Interface Configuration mode to manually set
the duplex mode for half-duplex so that the Ethernet interface can either send or
receive signals, but cannot do both at the same time, as shown below:
MOT:7A(config-if)#duplex half
n The Ethernet Interface default speed is auto-negotiated. Use the speed 100
command in Interface Configuration mode to manually set the Ethernet interface
speed to 10 Mbps or 100 Mbps, as shown below:
MOT:7A(config-if)#speed [10 | 100]
Verifying Your Ethernet Configuration
Use the show interfaces ethernet command in any mode to verify the speed and
duplex mode for the Ethernet interface, as shown below:
MOT:7A(config-if)#show interfaces ethernet <X/Y>
where:
Note: Use the duplex auto command in Interface Configuration mode to
return to the default duplex mode.
Note: Use the speed auto command to return to the default.
Release 6.3.1 Configuring Interfaces
Compass ID: 391232199 Version 3 4-7
X is the 10/100 Ethernet module slot.
Y is the Ethernet port number.
Configuring a Loopback Interface
Logical interfaces called a loopback interfaces can be used to act as inbound logical
interfaces when physical interfaces go down. These logical interfaces are always
active and they allow the routing process associated with physical interfaces to stay
active. IP Packets routed to loopback interfaces are rerouted to the appropriate BSR
routing process. IP packets not destined to loopback interfaces are dropped by the
loopback interfaces.
Loopback interfaces are used for the following reasons:
n Collect accurate service-related information through an SNMP manager about
active or down interfaces on the BSR.
n Indirectly access an outbound physical interface that cannot be directly accessed.
n When the designated router election process occurs in OSPF, the designated
router choice can be forced by assigning a higher IP address for the loopback
address.
Up to 32 loopback interfaces can be configured on the BSR. Follow these steps to
define a loopback address:
1. Use the interface loopback command in Global Interface mode, to define a
loopback interface, as shown below:
MOT:7A(config)#interface loopback <1-32>
where:
1-32 is the number of the loopback interface.
2. Use the ip address command in Interface Configuration mode to define an IP
address for the loopback interface that is a network broadcast address, as shown
below:
MOT:7A(config-if)#ip address <A.B.C.D> <A.B.C.D>
where:
A.B.C.D is the IP address of the BSR interface designated for the loopback
interface.
BSR 64000 System Administration Guide Release 6.3.1
4-8 Compass ID: 391232199 Version 3
A.B.C.D is the subnetwork mask of the IP network, on which the interface is
associated.
3. Use the ip address secondary command to optionally configure a secondary IP
address for the loopback interface, in Interface Configuration mode, as shown
below:
MOT:7A(config-if)#ip address <A.B.C.D> <A.B.C.D> secondary [host |
mta]
where:
A.B.C.D is the secondary IP address of the BSR interface.
A.B.C.D is the subnetwork mask of the IP network, on which the interface is
associated.
secondary optionally designates the IP address as a secondary IP
address. Include the keyword secondary after the IP address and subnet
mask to specify additional secondary IP addresses.
host makes this IP address a secondary host (CPE) address.
mta makes this IP address a secondary MTA address.
4. Use the show interfaces loopback command in Interface configuration mode to
verify the loopback interface configuration, as shown below:
MOT:7A(config-if)#show interfaces loopback <1-32>
where:
1-32 is the number of the loopback interface.
Note: A 32-bit mask (255.255.255.255) is permitted for a loopback IP
address.
Note: The host or mta option used when assigning a secondary IP address
to a loopback interface have no effect unless this loopback interface is
configured as a virtual cable bundle master. Refer to Bundling Cable
Interfaces into a Single IP Subnet in the BSR 64000 CMTS Configuration and
Management Guide for more information.
Release 6.3.1 Configuring Interfaces
Compass ID: 391232199 Version 3 4-9
Configuring a Loopback Interface for TFTP Packets
The ip tftp source-interface loopback command allows an operator to control the
source IP address of TFTP packets generated by the BSR by specifying a loopback
interface as the source IP address for TFTP packets. The normal convention for
generated TFTP packets is to set the source IP address equal to the IP address of the
outgoing interface. Use the ip tftp source-interface loopback command in Global
Configuration mode to override this convention and instead uses the IP address of the
specified loopback interface, as shown below:
MOT:7A(config)#ip tftp source-interface loopback <1-32>
where:
1-32 is the loopback interface number.
Configuring Tunnels on an Interface
A tunnel interface is a logical interface that is used to encapsulate various packet
types and send them over a created a point-to-point link between two devices at
remote points over an IP internetwork. Multi-protocol packets are encapsulated using
IP in IP tunnel encapsulation to traverse the link.
Tunneling is used for the following reasons:
n Allows multiprotocol LANs to connect over a single-protocol backbone.
n Solves problems for routed networks with restricted hop counts.
n Connects disjointed subnetworks.
n Permits virtual private networks (VPNs) across the internet.
Up to 255 tunnel interfaces can be configured on the BSR. A separate tunnel for each
link must be configured, since it is a point-to-point link. When configuring tunnels on
an interface, you must specify the tunnel source and tunnel destination.
Follow these steps to define a tunnel address:
1. Use the interface tunnel command in Global Interface mode, to define a tunnel
interface, as shown below:
Note: Before using the ip tftp source-interface loopback command, the
loopback interface must be configured and assigned an IP address.
BSR 64000 System Administration Guide Release 6.3.1
4-10 Compass ID: 391232199 Version 3
MOT:7A(config)#interface tunnel <0-255>
where:
255 is the number of the tunnel interface from 0 to 255
2. Use the ip address command in Interface Configuration mode to define an IP
address for the tunnel interface, as shown below:
MOT:7A(config-if)#ip address <A.B.C.D> <A.B.C.D>
where:
A.B.C.D is the IP address of the tunnel interface.
A.B.C.D is the subnetwork mask of the tunnel interface.
3. Use the ip address secondary command to optionally configure a secondary IP
address for the tunnel interface in Interface Configuration mode, as shown below:
MOT:7A(config-if)#ip address <A.B.C.D> <A.B.C.D> secondary
where:
A.B.C.D is the IP address of the tunnel interface.
A.B.C.D is the subnetwork mask of the tunnel interface.
secondary optionally designates the IP address as a secondary IP address.
Include the keyword secondary after the IP address and subnet mask to
specify additional secondary IP addresses.
4. Use the tunnel source command in Interface Configuration mode to specify the
tunnel source, as shown below:
MOT:7A(config-if)#tunnel source [<A.B.C.D> | cable <X/Y> | default
<X/Y> | ethernet <X/Y> | gigaether <X/Y> | loopback {<1-32>} | pos<X/Y>]
where:
A.B.C.D is the source IP address of the tunnel.
cable X/Y is the slot and MAC Domain number of the CMTS module.
default selects the source based on the destination IP address.
ethernet is any 10 or 10/100 Ethernet interface.
gigaether is the Gigabit Ethernet interface.
loopback 1-32 is the loopback interface number.
Release 6.3.1 Configuring Interfaces
Compass ID: 391232199 Version 3 4-11
pos is the Packet over SONET interface.
X is the slot number on the BSR.
Y is the port number on the module.
5. Use the tunnel destination command in Interface Configuration mode to
specify the tunnel destination, as shown below:
MOT:7A(config-if)#tunnel destination {<A.B.C.D> | <Hostname>}
where:
A.B.C.D is the IP address of the tunnel interface destination.
Hostname is the DNS name of the destination.
6. Use the show interfaces tunnel command in Interface configuration mode to
verify your tunnel interface configuration, as shown below:
MOT:7A(config-if)#show interfaces tunnel <0-255>
where:
0-255 is the tunnel interface number.
7. Use the no tunnel source command in Interface Configuration mode to
delete a tunnel source, as shown below:
MOT:7A(config-if)#no tunnel source
8. Use the no tunnel destination command in Interface Configuration mode to
delete a tunnel destination, as shown below:
MOT:7A(config-if)#no tunnel destination
Configuring an Unnumbered Interface
An unnumbered interface is used in point-to-point connections when an IP address is
not required. This enables IP processing on an interface without assigning an explicit
IP address to the interface. You supply the interface location, which is the type and
number of another interface on which the router has an assigned IP address, and this
interface cannot be another unnumbered interface.
Note: An unnumbered interface can only be configured on the POS module.
BSR 64000 System Administration Guide Release 6.3.1
4-12 Compass ID: 391232199 Version 3
Follow these steps to set an unnumbered interface on the POS module:
1. Before configuring the unnumbered interface, a loopback interface must be
configured. Refer to Configuring a Loopback Interface on page 4-7 for more
information.
2. Use the end command to go back to Global Configuration mode.
3. Use the interface pos command in Global Configuration mode to enter the POS
interface, as shown below:
MOT:7A(config)#interface pos <X/Y>
where:
X is the POS module slot number.
Y is the POS port number.
4. Use the ip unnumbered command in Interface Configuration mode to enable an
interface for data processing without an explicit IP address, as shown below:
MOT:7A(config-if)#ip unnumbered [loopback <1-32> | pos <X/Y> | serial
<X/Y> | ethernet <X/Y> | gigaether <X/Y>]
where:
loopback is the loopback interface on the POS module.
1-32 is the loopback interface.
pos is POS interface on the POS module.
serial is the Serial interface on the POS module.
ethernet is the loopback interface on the 10/100 Ethernet module or Ethernet
management interface or serial interfaces on the SRM.
gigaether is the loopback interface on the Gigabit Ethernet module.
X identifies the module slot number.
Y identifies the port number.
Release 6.3.1 Configuring Interfaces
Compass ID: 391232199 Version 3 4-13
Clearing Interface Counters
Use the clear counters command in Privileged EXEC mode to clear a specific or all
interface counters, as shown below:
MOT:7A#clear counters [ethernet <X/Y> cable <X/Y> | loopback <1-32> | pos <X/
Y> | gigaether <X/Y> | tunnel <0-255>]
where:
cable clears the cable interface counters. X/Y is the slot and MAC Domain
number of the CMTS module.
ethernet clears the Ethernet interface counters.
loopback clears the loopback interface counters.
1-32 is the loopback interface number.
tunnel clears the tunnel interface counters.
0-255 is the tunnel interface number.
pos clears the Packet over SONET (POS) interface counters.
gigaether clears the Gigabit Ethernet interface counters.
X is the module slot number.
Y is module the port number.
BSR 64000 System Administration Guide Release 6.3.1
4-14 Compass ID: 391232199 Version 3
Displaying Interface Information
Use the show ip interface command to view interface information, as shown below:
MOT:7A#show ip interface [ brief | pos <X/Y>}| ethernet <X/Y>} | gigaether
<X/Y> | cable <X/Y> | loopback <1-32>]
where:
brief displays summary information.
pos is the Packet over SONET interface.
ethernet is any 10 or 10/100 Ethernet interface.
gigaether is the Gigabit Ethernet interface.
X/Y is the slot and port number.
cable X/Y is the slot and MAC Domain number of the CMTS module.
loopback 1-32 is the loopback interface.
Refer to the BSR 64000 Command Reference Guide to see typical screen output and
field descriptions for the show ip interface command.
Compass ID: 391232199 Version 3 5-1
5
Configuring Network Security
Introduction
This chapter describes configuring the following network security and authentication
features on the BSR:
n Configuring RADIUS
n Configuring Secure Shell Server Security
n Configuring TACACS+
Configuring RADIUS
Remote Authentication Dial In User Service (RADIUS) provides additional secure
remote network access through authentication, authorization and accounting services.
The BSR 64000 uses a RADIUS client to authenticate user login information
(passwords) stored on a remote RADIUS server.
The RADIUS client feature is disabled by default. Once the RADIUS client feature is
enabled and configured, a user enters a password in their telnet or console session to
access the BSR 64000. The BSR 64000 uses the RADIUS client to authenticate this
RADIUS encrypted password with a remote RADIUS server. If the RADIUS server
validates the password, the user gains access to the BSR 64000.
BSR 64000 System Administration Guide Release 6.3.1
5-2 Compass ID: 391232199 Version 3
Configuring the RADIUS Client for Server Communication
Follow these steps to configure the RADIUS client for RADIUS server
communication:
1. Use the radius-server host auth-port primary command, in Global
Configuration mode, to specify a primary RADIUS server for RADIUS client
requests, as shown below:
MOT:7A(config)#radius-server host [<A.B.C.D> | <Hostname>] auth-port
<0-65535> primary
where:
A.B.C.D is the IP address of the remote RADIUS server.
Hostname is the Hostname of the remote RADIUS server.
0-65535 is the optionally defined UDP port for the RADIUS authentication
server. The default port is 1812.
primary specifies the server as the primary RADIUS server.
2. Use the radius-server host command, in Global Configuration mode, to specify
a secondary or back-up RADIUS server for RADIUS client requests, as shown
below:
MOT:7A(config)#radius-server host [<A.B.C.D> | <Hostname>] [auth-port
<0-65535> ]
where:
A.B.C.D is the IP address of the remote RADIUS server.
Hostname is the hostname of the remote RADIUS server.
0-65535 is the optionally defined UDP port for the RADIUS authentication
server. The default port is 1812.
3. Use the radius-server key command in Global Configuration mode to define the
shared encryption key that is exchanged between the RADIUS server and BSR
RADIUS client, as shown below:
Note: It is recommended that the authentication key text string be more than
22 characters in length.
Release 6.3.1 Configuring Network Security
Compass ID: 391232199 Version 3 5-3
MOT:7A(config)#radius-server key <WORD>
where:
WORD is the shared encryption key text.
Use the following options to change the default RADIUS server settings:
n Use the radius-server retransmit command, in Global Configuration mode, to
specify the number of retry attempts to get a response from an active RADIUS
server, as shown below:
MOT:7A(config)#radius-server retransmit <0-100>
where:
0-100 is the number of retransmissions. The default is 3 retransmissions.
n Use the radius-server timeout command in Global Configuration mode to
configure the wait time interval for when there is no response from the server
before retransmitting to the RADIUS server, as shown below:
MOT:7A(config)#radius-server timeout <1-1000>
where:
1-1000 is the wait time interval in seconds. The default value is 5 seconds.
Caution: Ensure that the RADIUS server authentication key on the BSR is
the same as the RADIUS server authentication key on your RADIUS server.
If the keys are mismatched, communication does not occur between the BSR
and RADIUS server.
BSR 64000 System Administration Guide Release 6.3.1
5-4 Compass ID: 391232199 Version 3
Configuring a Loopback Interface for RADIUS Packets
The radius-server source-interface loopback command allows an operator to
control the source IP address of RADIUS authentication protocol packets generated
by the BSR by specifying a loopback interface as the source IP address for RADIUS
authentication protocol packets. The normal convention for generated RADIUS
authentication protocol packets is to set the source IP address equal to the IP address
of the outgoing interface. Use the radius-server source-interface loopback
command in Global Configuration mode to override this convention and instead use
the IP address as shown below:
MOT:7A(config)#radius-server source-interface loopback <1-32>
where:
1-32 is the loopback interface number
Configuring RADIUS Client Access
Before you configure RADIUS client access parameters, ensure that user password
parameters are configured on the BSR 64000 and the RADIUS server. Refer to
Setting System Passwords on page 1-3 for more information.
Use one or more of the following options to enable and configure the RADIUS Client
feature:
1. Use the telnet authentication radius command in Global Configuration mode to
enable RADIUS client authentication for telnet session access to the BSR, as
shown below:
MOT:7A(config)#telnet authentication radius [local-password]
Note: Before using the radius-server source-interface loopback
command, the loopback interface must be configured and assigned an IP
address.
Note: User password attributes in the RADIUS request sent from the
RADIUS client on the BSR to the RADIUS server are encrypted.
Release 6.3.1 Configuring Network Security
Compass ID: 391232199 Version 3 5-5
where:
local-password allows password authentication by a locally configured
password if there is no response from the RADIUS server. If the RADIUS
client is not configured with the local-password command argument, access
to the BSR is denied if there is no response from the RADIUS server.
2. If you are experiencing failed telnet login authentications, use the telnet
authentication radius fail-message command in Global Configuration mode to
display failed radius client logins and authentications, as shown below:
MOT:7A(config)#telnet authentication radius fail-message [<LINE>]
where:
LINE is the text message for the failed login and authentication. If a text
message is not specified, a default failed logging and authentication message
is used.
3. Use the console authentication radius username command in Global
Configuration mode to configure a username for RADIUS client authentication
for console session access to the BSR, as shown below:
MOT:7A(config)#console authentication radius username {<WORD>}
where:
WORD is the username to use for authentication.
4. Use the console authentication radius local-password command in Global
Configuration mode to enable RADIUS client authentication for console session
access to the BSR, as shown below. This command allows you to configure a user
name for RADIUS access, use of a locally set password or both.
MOT:7A(config)#console authentication radius local-password
where:
local-password allows password authentication by a locally configured
password if there is no response from the RADIUS server. If the RADIUS
client is not configured with the local-password command argument, access
to the BSR is denied if there is no response from the RADIUS server.
BSR 64000 System Administration Guide Release 6.3.1
5-6 Compass ID: 391232199 Version 3
5. Use the enable authentication radius command in Global Configuration mode
to enable RADIUS client authentication for Privileged EXEC mode access to the
BSR, as shown below:
MOT:7A(config)#enable authentication radius [local-password]
where:
local-password allows password authentication by a locally configured
password if there is no response from the RADIUS server. If the RADIUS
client is not configured with the local-password command argument, access
to the BSR is denied when there is no response from the RADIUS server.
Non-Blank RADIUS Username and Password
RADIUS does not allow a user to enter blank usernames or passwords.
n If a user does not enter a username, the BSR will not allow the user to enter a
password as the "password" prompt will never appear.
n If a user does not enter a password, the blank password field is "padded" with
some random data so that the password field is never left blank. This will prevent
all RADIUS accounts that use a blank password from gaining authentication.
Viewing RADIUS Client Statistics
Use the show ip traffic command to display packet statistics for communication
between the RADIUS client and RADIUS server, as shown below:
MOT:7A#show ip traffic
Refer to the BSR 64000 Command Reference Guide to see typical screen output and
field descriptions for the show ip traffic command.
Release 6.3.1 Configuring Network Security
Compass ID: 391232199 Version 3 5-7
Configuring Secure Shell Server Security
Secure Shell server (SSH) is a program that allows remote hosts to login to the BSR
over a non-secure network and execute commands in a secure manner. SSH
provides strong authentication and secure communications over non-secure
networks such as the public Internet.
The SSH protocol uses TCP as the transport layer. An SSH server listens for
connections from SSH clients on a well-known TCP port. An SSH client is
launched from a remote host and connects to the SSH server. The SSH server and
SSH client then handle key exchange, encryption, authentication, command
execution, and data exchange.
Use the following sections to configure and view SSH parameters:
n Enabling SSH
n Managing SSH Parameters
n Viewing and Logging out of SSH Sessions
n Enabling RADIUS services for SSH Password Authentication
Enabling SSH
Follow these steps to enable SSH on the BSR:
1. Host keys are required for the SSH Server and can either be generated in the BSR
64000 or generated on another BSR 64000 and copied into the BSR. Use the
ssh-keygen2 tool in Privileged EXEC mode to generate authentication key files
for the BSR 64000 Secure Shell Server, as shown below:
Note: The SSH Server must be disabled on the BSR 64000 before running
the ssh-keygen2 tool.
BSR 64000 System Administration Guide Release 6.3.1
5-8 Compass ID: 391232199 Version 3
MOT:7A#ssh-keygen2 [bits <512-1024> | hostkeyfile {flash: <filename> |
nvram: <filename>} | type {dsa | rsa}]
where:
512-1024 specifies the key strength in bits.
flash: <filename> creates the private hostkey file name stored in Flash.
nvram: <filename> creates private hostkey file name stored in NVRAM.
type dsa Digital Signature Algorithm key type.
type rsa Rivest-Shamir-Adleman public-key algorithm key type
2. Use the configure command in Privileged EXEC mode to enter Global
Configuration mode.
3. Use the ssh enable command in Global Configuration mode to enable the SSH
process, as shown below:
MOT:7A(config)#ssh enable
Caution: The BSR 64000 Secure Shell Server only accepts host key files
generated with the ssh-keygen2 tool. Keys files generated using the
OpenSSH ssh-keygen tool will not work with the BSR 64000 Secure Shell
Server.
The ssh-keygen2 tool resolves interoperability problems associated with
OpenSSH. A key file must be generated using the ssh-keygen2 tool for the
BSR 64000 Secure Shell Server to inter operate properly with OpenSSH
Secure Shell clients.
Note: The no ssh enable command disables the SSH process. If SSH is
disabled, all existing SSH sessions will be terminated.
Release 6.3.1 Configuring Network Security
Compass ID: 391232199 Version 3 5-9
Configuring SSH Passwords
To properly configure SSH passwords (passphrases), you must use three CLI
commands in a specific order. If using the passphrase option to access the SSH
server and generate the SSH key, perform the following steps in the following order:
1. Use the ssh-keygen2 command, in Privileged EXEC mode, to generate the
passphrase authentication key file for the BSR Secure Shell Server.
MOT:7A# ssh-keygen2 passphrase <WORD>
where:
WORD set a password (31 character maximum) for SSH connections. The
"%" and "!" characters must not be used.
2. Use the password ssh-passphrase command, in Global Configuration mode, to
establish a password.
MOT:7A(config)# password ssh-passphrase [0 | 7] <WORD>
where:
0 specifies that a plain text password follows.
7 specifies that an encrypted password follows.
WORD is the password (31 character maximum, 78 character maximum for
option 7) - enclosed with double quotes if the key contains spaces) - the "%"
and "!" characters must not be used. If using option 7, the password must be
entered as an encrypted password.
3. Use the ssh enable command, in Global Configuration mode, to enable the SSH
session.
MOT:7A(config)# ssh enable
BSR 64000 System Administration Guide Release 6.3.1
5-10 Compass ID: 391232199 Version 3
Managing SSH Parameters
Use the following options to make changes to default SSH Parameters to better suit
your networking environment:
n Use the ssh load-host-key-files command in Global Configuration mode to
specify the new private or public hostkey authentication file, as shown below:
MOT:7A(config)#ssh load-host-key-files {flash: | nvram:} {<filename>}
where:
flash: specifies flash memory as the location of the SSH hostkey
authentication file.
nvram: specifies Non-volatile Random Access Memory (NVRAM) as the
location of the hostkey authentication file.
filename is the filename of the hostkey authentication file stored in flash or
NVRAM.
n Use the ssh ciphers command in Global Configuration mode to configure a
cipher for the encryption of SSH session data.
MOT:7A(config)#ssh ciphers [3des-cbc | aes128-cbc | aes192-cbc |
aes256-cbc | any | arcfour | blowfish-cbc | cast128-cbc | none | twofish-cbc |
twofish192-cbc | twofish256-cbc]
where:
3des-cbc is the three-key triple DES in cbc mode, with 168-bit keys.
aes128-cbc is the Advanced Encryption standard (AES) with 128-bit keys.
aes192-cbc is the AES with 192-bit keys.
aes256-cbc is the AES with 256-bit keys.
any attempts all possible Ciphers, none excluded.
arcfour streams cipher with 128-bit keys.
blowfish-cbc Blowfish in CBC mode, with 128-bit keys.
Note: If the hostkey authentication files are invalid, SSH will not run. Use the
UNIX ssh-keygen2 tool to generate a new hostkey authentication file.
Release 6.3.1 Configuring Network Security
Compass ID: 391232199 Version 3 5-11
cast128-cbc CAST cipher in cbc mode.
none no encryption.
twofish-cbc alias for twofish128-cbc.
twofish192-cbc Twofish in cbc mode with 192-bit keys.
twofish256-cbc Twofish in cbc mode with 256-bit keys
n Use the ssh message-authentication command, in Global Configuration mode,
to specify the message authentication (data integrity) algorithm used for SSH
sessions, as shown below:
MOT:7A(config)#ssh message-authentication [any | hmac-md5 |
hmac-md5-96 | hmac-sha1 | hmac-sha1-96 | none]
where:
any attempts all possible MAC algorithms.
hmac-md5 uses digest length = key length = 20.
hmac-md5-96 uses first 96 bits of HMAC-MD5 (digest length=12, key
length=16).
hmac-sha1 uses the digest length = key length = 20.
hmac-sha1-96 uses the first 96 bits of HMAC-SHA1 (digest length=12, key
length=20).
none uses no message authentication.
n The default number of SSH sessions is 8. Use the ssh session-limit command, in
Global Configuration mode, to change the maximum number of simultaneous
SSH sessions that the BSR accepts, as shown below:
MOT:7A(config)#ssh session-limit <0-8>
where:
0-8 is the number of simultaneous SSH sessions.
BSR 64000 System Administration Guide Release 6.3.1
5-12 Compass ID: 391232199 Version 3
n The default time-out for an SSH session is 5 minutes. Use the ssh timeout
command in Global Configuration mode to specify an inactivity timeout value for
SSH sessions, as shown below:
MOT:7A(config)#ssh timeout <0-60>
where:
0-60 is the timeout value in minutes.
n The default TCP port for SSH connections is port 22. Use the ssh port command
in Global Configuration mode to change the SSH port number that SSH uses to
listen for incoming connections, as shown below:
MOT:7A(config)#ssh port <1-65535>
where:
1-65535 is the desired port number for SSH connections.
n The default number of attempted guesses for trying an SSH password is 3. The
ssh password-guesses command in Global Configuration mode to specify how
many authentication attempts (login and password exchange) are permitted for an
SSH client attempting a connection.
MOT:7A(config)#ssh password-guesses <1-5>
where:
1-5 is the number of attempted guesses for trying a password.
Note: Specifying a value of "0" will disable time-out for SSH sessions.
Release 6.3.1 Configuring Network Security
Compass ID: 391232199 Version 3 5-13
Viewing and Logging out of SSH Sessions
Follow these steps to view and log out SSH sessions:
1. The show users ssh command displays information about active SSH sessions
including the username, user group and privilege level, the IP address of the
originating host, and the session ID. Use the show users ssh command in
Privileged EXEC mode to determine which SSH sessions are active including
SSH resource use and active calls, as shown below:
MOT:7A#show users ssh
2. Use the ssh logout session-id command in Privileged EXEC mode to terminate
an SSH session in progress. This command can be used when a user wants to
reconnect using new configuration parameters.
MOT:7A#ssh logout session-id <0-7>
where:
0-7 is the session ID number.
3. Use the show users ssh command again to verify which SSH sessions are
active.
Enabling RADIUS services for SSH Password Authentication
The ssh password-authentication radius command in Global Configuration mode to
enable RADIUS services to be used for SSH password authentication, as shown
below:
MOT:7A(config)#ssh password-authentication radius [local-password]
where:
local-password authenticates with a locally configured password if there is no
response from the RADIUS server.
Troubleshooting Your SSH Configuration
Use the show ssh config command in Privileged EXEC mode to view debugging
information that can help you troubleshoot or evaluate your SSH configuration, as
shown below:
MOT:7A#show ssh config
Refer to the BSR 64000 Command Reference Guide to see typical screen output and
field descriptions for the show ssh config command.
BSR 64000 System Administration Guide Release 6.3.1
5-14 Compass ID: 391232199 Version 3
Configuring TACACS+
This section describes the Terminal Access Controller Access Control System Plus
(TACACS+), a Cisco Systems proprietary version of TACACS. TACACS+ is an
access-control protocol that allows the BSR to provide security through a centralized
server. TACACS+ consists of three services: authentication, authorization, and
accounting (AAA). AAA is a software mechanism that provides a framework to
configure authentication, authorization, and accounting in a consistent manner.
n Authentication is a service that determines who the user is and whether they are
allowed access to the BSR.
n Authorization is a service that determines what tasks the user is allowed to do on
the BSR.
n Accounting is a service that collects data related to resource usage.
In large enterprise networks, the task of administering security on every individual
device is resource intensive. TACACS+ provides the means to remotely manage
network security from one TACACS+ server. The network administrator provides the
BSR with the IP address or hostname of the TACACS+ server. The TACACS+ client
runs on the BSR and interacts with the TACACS+ server to:
n Authenticate each user before allowing access to the management console.
n Perform authorization when a user attempts to run a command or access a
privilege level.
n Provide an accounting of resource usage.
Configuring TACACS+ on the BSR involves the following tasks:
n Configuring TACACS+ Servers
n Enabling AAA
n Configuring AAA Authentication
n Configuring AAA Authorization
n Configuring AAA Accounting
Release 6.3.1 Configuring Network Security
Compass ID: 391232199 Version 3 5-15
Configuring TACACS+ Servers
The tacacs-server host command specifies the names of the IP host or hosts
maintaining a TACACS+ server. The following additional options can also be
configured for TACACS+ servers:
n Specifying a Global Encryption Key - A global encryption key is used to encrypt
all traffic between all BSR TACACS+ client and the TACACS+ server to provide
security.
n Specifying a Global Port Number - A global port number specifies one port that
will be used for all communication between the TACACS+ server and the
TACACS+ client. This is a the TCP/IP port (socket on which TACACS+ server
listens). When connecting to this TACACS+ server, the BSR should open the use
this destination port.
n Specifying a Global Retry Count - A global retry count is the number of
command authentication attempts that all TACACS+ clients make with all
TACACS+ server before going to the next configured/available TACACS+
server. The global retry count is used if no retry count is specifically configured
for this TACACS+ server.
n Specifying a Global Timeout Value - A global timeout value is a number (in
seconds) that specifies the interval that all TACACS+ clients wait for a
TACACS+ server host to reply before an attempt to contact the TACACS+ server
times out.
n Configuring an Interface for TACACS+ Packets - An operator can control the
source IP address of all TACACS+ packets generated by the BSR by specifying a
loopback interface as the source IP address.
Specifying and Configuring a TACACS+ Server
Use the tacacs-server host command to specify and configure individual TACACS+
servers. The command can be used to configure multiple TACACS+ servers. The
TACACS+ client will contact the servers in the order in which they are specified.
MOT:7A(config)#tacacs-server host {<hostname> | <A.B.C.D>} [key <WORD> |
port <0-65535> | retry <0-100> | timeout <1-1000>]
where:
hostname is the name of the TACACS+ server host.
A.B.C.D is the IP address of the TACACS+ server host.
BSR 64000 System Administration Guide Release 6.3.1
5-16 Compass ID: 391232199 Version 3
key WORD specifies an alphanumeric authentication and encryption key. This
key must match the key used for this TACACS+ server.
port 0-65535 specifies a server port number. The port number specified here
overrides the default port number of 49.
retry 0-100 specifies the number of attempts that a TACACS+ client can make
when entering a command that is being authenticated by this TACACS+ server.
The default value is 3.
timeout 1-1000 specifies a timeout value in seconds for this TACACS+ server.
The default value is 10.
Specifying a Global Encryption Key
Use the tacacs-server key command to specify a global encryption key for all
communication between TACACS+ clients and TACACS servers. A global
encryption key is used if no encryption key is specifically configured for this
TACACS+ server. Use the tacacs-server key command, as follows:
MOT:7A(config)#tacacs-server key <WORD>
where:
WORD specifies an alphanumeric authentication and encryption key. This key
must match the key used by the TACACS+ server.
Specifying a Global Port Number
Use the tacacs-server port command to specify a global port number for all
communication between the TACACS+ server and the TACACS+ client. A global
port number is used if no port number is specifically configured for this TACACS+
server. Use the tacacs-server port command, as follows:
Note: Specifying timeout or key parameters with the tacacs-server host
command overrides any global values entered with the tacacs-server key,
tacacs-server retry, or tacacs-server timeout commands.
Release 6.3.1 Configuring Network Security
Compass ID: 391232199 Version 3 5-17
MOT:7A(config)#tacacs-server port <0-65536>
where:
0-65536 specifies the global port number used for all communication between
TACACS+ clients and TACACS+ servers. The default port number is 49. If a
TACACS+ server is listening on any other port other than port 49, the port
number can be specified using this command.
Specifying a Global Retry Count
Use the tacacs-server retry command to change the global retry count which is the
number of times the TACACS+ client retries before moving on to the next configured
TACACS+ server. A global retry count is used if no retry count is specifically
configured for this TACACS+ server. Use the tacacs-server retry command, as
follows:
MOT:7A(config)#tacacs-server retry <0-100>
where:
0-100 specifies the number of connection attempts that TACACS+ client makes
with TACACS+ server for authentication, authorization or accounting. The
default value is 3.
Specifying a Global Timeout Value
Use the tacacs-server timeout command to specify the interval that the BSR waits
for a TACACS+ server to reply before the attempt to contact the TACACS+ server
times out. A global timeout value is used if no timeout value is specifically configured
for this TACACS+ server. Use the tacacs-server timeout command, as follows:
MOT:7A(config)# tacacs-server timeout <1-1000>
where:
1-1000 the interval, in seconds, that the BSR waits for a TACACS+ server host to
reply.
BSR 64000 System Administration Guide Release 6.3.1
5-18 Compass ID: 391232199 Version 3
Configuring an Interface for TACACS+ Packets
The ip tacacs source-interface command allows an operator to control the source IP
address of TACACS+ packets generated by the BSR by specifying an Ethernet or
loopback interface as the source IP address for TACACS+ packets. The normal
convention for generated TACACS+ packets is to set the source IP address equal to
the IP address of the outgoing interface. Use the ip tacacs source-interface command
in Global Configuration mode to override this convention and instead use the IP
address of a specified Ethernet or loopback interface, as shown below:
Use the ip tacacs source-interface ethernet command, in Global Configuration
mode, to configure an Ethernet interface, as follows:
MOT:7A(config)#ip tacacs source-interface ethernet <X/Y>
where:
X/Y is the Ethernet interface slot and port number.
Use the ip tacacs source-interface loopback command, in Global Configuration
mode, to configure an Ethernet interface, as follows
MOT:7A(config)#ip tacacs source-interface loopback <1-32>
where:
1-32 is the loopback interface number.
Note: Before using the ip tacacs source-interface command, the interface
must be configured, assigned an IP address, and up and running. Any
configuration change with this command will not take effect until after the next
BSR connection attempt.
Release 6.3.1 Configuring Network Security
Compass ID: 391232199 Version 3 5-19
Enabling AAA
AAA is a network security model that consists of a software framework that provides
methods for authentication, authorization and accounting on the BSR. Use the aaa
new-model command, in Global Configuration mode, to enable the AAA network
security model, as follows:
MOT:7A(config)#aaa new-model
Configuring AAA Authentication
Configuring AAA authentication on the BSR involves the following tasks:
n Configuring Login Authentication
n Configuring Administrative Authentication
n Configuring Local Authentication Through Local Override
Configuring Login Authentication
Configuring AAA login authentication establishes one or more login authentication
methods that determine if a user can login into the BSR. If multiple login
authentication methods are specified, the methods are invoked in the sequence that
they were specified.
Use the aaa authentication login default command, in Global Configuration mode,
to enable AAA authentication for login, as follows:
MOT:7A(config)#aaa authentication login default {enable | local | none | radius |
tacacs}
where:
enable uses the enable password command setup as the authentication method.
local uses the local database as the authentication method.
none uses no method as the authentication method.
radius uses RADIUS as the authentication method.
tacacs uses TACACS+ as the authentication method.
BSR 64000 System Administration Guide Release 6.3.1
5-20 Compass ID: 391232199 Version 3
Configuring Administrative Authentication
Configuring AAA administrative authentication determines if a user can access
privilege level 15 (system administrator) on the BSR by establishing one or more
authentication methods that are invoked when an attempt is made to access this
privilege level. If multiple authentication methods are specified, the methods are
invoked in the sequence that they were specified.
Use the aaa authentication enable command, in Global Configuration mode, to
enable AAA administrative authentication, as follows:
MOT:7A(config)#aaa authentication enable {enable | local | none | radius |
tacacs}
where:
enable uses the enable password command setup as the authentication method.
local uses the local database as the authentication method.
none uses no method as the authentication method.
radius uses RADIUS as the authentication method.
tacacs uses TACACS+ as the authentication method.
Configuring Local Authentication Through Local Override
Enabling local override authentication configures the BSR to first check the local user
database for authentication information before attempting to use another form of
authentication.
Use the aaa authentication local-override command, in Global Configuration mode,
to enable local authentication. This command overrides any configured default
authentication method. A configured default authentication method will be used only
if local authentication fails.
MOT:7A(config)#aaa authentication local-override
Release 6.3.1 Configuring Network Security
Compass ID: 391232199 Version 3 5-21
Configuring AAA Authorization
AAA authorization is used to determine if a user has permission to run a process or a
command or which privilege levels (command modes) a user has access to.
Configuring AAA authorization on the BSR involves the following tasks:
n Configuring Command Authorization
n Configuring Privilege Level Authorization
Configuring Command Authorization
Command authorization determines if a user is allowed to run commands at a
specified privilege level. Use the aaa authorization commands default command, in
Global Configuration mode, to configure command authorization, as follows:
MOT:7A(config)#aaa authorization commands {exec | isp-ro | isp-rw | mso-ro |
mso-rw | sysadmin} default {local | none | tacacs}
where:
exec authorizes commands in the Privileged EXEC privilege level.
isp-ro authorizes commands in the ISP Read/Only privilege level.
isp-rw authorizes commands in the ISP Read/Write privilege level.
mso-ro authorizes commands in the MSO Read/Only privilege level.
mso-rw authorizes commands in the MSO Read/Write privilege level.
sysadmin authorizes commands in the SYSADMIN privilege level.
local uses the local database as the authorization method.
none uses no method as the authorization method.
tacacs uses TACACS+ as the authorization method.
Configuring Privilege Level Authorization
Privilege level authorization determines if a user is allowed to run an EXEC shell
(user session). Use the aaa authorization exec default command, in Global
Configuration mode, to configure privilege level authorization, as follows:
MOT:7A(config)#aaa authorization exec default {local | none | tacacs}
where:
local uses the local database as the authorization method.
none uses no method as the authorization method.
BSR 64000 System Administration Guide Release 6.3.1
5-22 Compass ID: 391232199 Version 3
tacacs uses TACACS+ as the authorization method.
Configuring AAA Accounting
AAA accounting collects resource usage data for commands used at a specified
privilege level or an overall terminal session. Configuring AAA accounting on the
BSR involves the following tasks:
n Configuring Command Use Accounting
n Configuring Terminal Session Accounting
Configuring Command Use Accounting
Configuring command use accounting provides resource usage data for commands
used at a specified privilege level. Use the aaa accounting commands default
command, in Global Configuration mode, to enable command use accounting, as
follows:
MOT:7A(config)#aaa accounting commands {exec | isp-ro | isp-rw | mso-ro |
mso-rw | sysadmin} default {none | start-stop | stop-only | wait-start} {local |
none | radius | tacacs}
where:
exec provides accounting for commands in the Privileged EXEC privilege level.
isp-ro provides accounting for commands in the ISP Read/Only privilege level.
isp-rw provides accounting for commands in the ISP Read/Write privilege level.
mso-ro provides accounting for commands in the MSO Read/Only privilege
level.
mso-rw provides accounting for commands in the MSO Read/Write privilege
level.
sysadmin provides accounting for commands in the SYSADMIN privilege level.
none disables accounting services.
start-stop sends a "start" accounting notice at the beginning of a process and a
"stop" accounting notice at the end of a process. The requested user process
begins regardless of whether the "start" accounting notice was received by the
accounting server.
stop-only sends a "stop" accounting notice at the end of the requested user
process. A "start" accounting request is not sent at the start of the process.
Release 6.3.1 Configuring Network Security
Compass ID: 391232199 Version 3 5-23
wait-start sends a "start" accounting notice at the beginning of a process and a
"stop" accounting notice at the end of a process. The requested user process does
not begin until the "start" accounting notice is received by the server.
local uses the local database as the accounting method.
none uses no method as the accounting method.
radius uses RADIUS as the accounting method.
tacacs uses TACACS+ as the accounting method.
Configuring Terminal Session Accounting
Configuring terminal session accounting provides resource usage data for a specified
terminal session. Use the aaa accounting exec default command, in Global
Configuration mode, to enable privilege level authorization, as follows:
MOT:7A(config)#aaa accounting exec {none | start-stop | stop-only | wait-start}
default {local | none | tacacs}
where:
none disables accounting services.
start-stop sends a "start" accounting notice at the beginning of a process and a
"stop" accounting notice at the end of a process. The requested user process
begins regardless of whether the "start" accounting notice was received by the
accounting server.
stop-only sends a "stop" accounting notice at the end of the requested user
process. A "start" accounting request is not sent at the start of the process.
wait-start sends a "start" accounting notice at the beginning of a process and a
"stop" accounting notice at the end of a process. The requested user process does
not begin until the "start" accounting notice is received by the server.
local uses the local database as the accounting method.
none no method is specified as the accounting method.
tacacs uses TACACS+ as the accounting method.
BSR 64000 System Administration Guide Release 6.3.1
5-24 Compass ID: 391232199 Version 3
Displaying TACACS+ Information
Use the show tacacs command to display statistics for all TACACS+ servers on the
network including the IP address of the servers, connections, failed connection
attempts, and packets sent and received. If there is more than one TACACS+ server
configured, the command output displays statistics for all servers in the order in which
they were configured.
MOT:7A#show tacacs
Use the show tacacs statistics command to display overall TACACS+ statistics
including the total number of access (AAA) requests, the number of denied requests,
and the number of allowed requests.
MOT:7A#show tacacs statistics
Refer to the BSR 64000 Command Reference Guide to see typical screen output for
the show tacacs, show tacacs statistics, and show ip traffic commands.
Clearing TACACS+ Statistics
Use the clear ip traffic command to clear TACACS+ statistics on the BSR, as shown
below:
MOT:7A#clear ip traffic
These are the same TACACS+ statistics displayed with the show tacacs and show
tacacs statistics commands.
Note: TACACS+ statistics can also be displayed with the show ip traffic
command.
Compass ID: 391232199 Version 3 6-1
6
Configuring Network Servers
Introduction
This chapter describes how to configure server-related parameters on the BSR in
order to establish proper communication between the BSR and the different types of
servers that are connected to the BSR.
The following sections discuss configuring server-related parameters on the BSR:
n Configuring DHCP Relay
n Configuring DNS
n Configuring LDAP
n Configuring SNTP
n Configuring UDP Broadcast Relay
n Configuring FTP Access
BSR 64000 System Administration Guide Release 6.3.1
6-2 Compass ID: 391232199 Version 3
Configuring DHCP Relay
This section describes how to configure the BSR to forward UDP broadcasts,
including IP address requests, from Dynamic Host Configuration Protocol (DHCP)
clients. You can configure the BSR to act as a DHCP relay agent. In this case, a
locally attached host can issue a DHCP or BOOTP request as a broadcast message. If
the router sees this broadcast message, it relays the message to a specified DHCP or
BOOTP server.
The DHCP client-server protocol enables devices on an IP network (the DHCP
clients) to request configuration information from a DHCP server. DHCP Relay
configures the BSR to forward UDP broadcasts, including IP address requests, from
DHCP clients.Configure the BSR to be a DHCP relay agent if you have locally
attached hosts and a distant DHCP or BOOTP server.
Follow these steps to configure the BSR for DHCP relay:
1. Enter Interface Configuration mode for the Ethernet interface.
MOT:7A(config)#interface ethernet <X/Y>
where:
X is the module slot number.
Y is the port number.
2. Use the ip helper-address command in Interface Configuration mode to forward
default UDP broadcasts including IP configuration requests to the DHCP server,
as shown below:
MOT:7A(config-if)#ip helper-address <A.B.C.D>
where:
A.B.C.D is the destination address.
Example
MOT:7A(config-if)#ip helper-address 200.200.200.1
You can use the cable helper-address command in Interface Configuration mode
to configure DHCP relay on the cable interface. Refer to Use for more
information.
3. Enable the Ethernet interface and the configuration change with the no shutdown
command.
Release 6.3.1 Configuring Network Servers
Compass ID: 391232199 Version 3 6-3
MOT:7A(config-if)#no shutdown
4. Exit Interface Configuration mode.
MOT:7A(config-if)#exit
5. Exit Global Configuration mode.
MOT:7A(config)#exit
6. Verify that the information was entered correctly by displaying the running
configuration in Privileged EXEC mode.
MOT:7A#show running-config
Configuring DNS
Domain Name System (DNS) maps host names to IP addresses. For example, it
allows you to reference the host motorola.com instead of having to remember that its
IP address is 198.93.23.13.
Configuring DNS involves the following tasks:
n Specifying DNS Name Servers
n Configuring the Domain Name
n Enabling Domain Lookup and Domain List
Specifying DNS Name Servers
Use the ip name-server command in Global Configuration mode to specify a Domain
Name Server (DNS) that helps the BSR match DNS host names with their IP
addresses, as shown below:
MOT:7A(config)#ip name-server <A.B.C.D>
where:
A.B.C.D is the IP address of the Domain Name Server (DNS).
For example:
MOT:7A(config)#ip name server 192.168.1.253
BSR 64000 System Administration Guide Release 6.3.1
6-4 Compass ID: 391232199 Version 3
Configuring the Domain Name
For each BSR, you should configure the name of the domain in which the BSR is
located. This is the default domain name that is appended to host names that are not
fully qualified. To configure the domain name, use the ip domain-name command in
Global Configuration mode.
MOT:7A(config)#ip domain-name <name>
where:
name is the default domain name.
For example:
MOT:7A(config)#ip domain-name motorola.com
Enabling Domain Lookup and Domain List
DNS servers provide forward lookups, which determine the IP address of a provided
device name. This is the most common kind of lookup performed. DNS servers also
provide a domain list function which completes unqualified host names.
1. To enable IP domain name system hostname translation, use the ip
domain-lookup command in Global Configuration mode. This feature is enabled
by default.
MOT:7A(config)#ip domain-lookup
2. To create a domain list of up to six (6) host names to complete unqualified host
names, use the ip domain-list command in Global Configuration mode. If the
primary domain-name fails to resolve, the software uses these names.
MOT:7A(config)#ip domain-list <WORD>
where:
WORD indicates the domain name to use to resolve unqualified host names
when the primary domain fails to resolve.
3. Verify that the information was entered correctly by displaying the running
configuration.
MOT:7A#show running-config
Release 6.3.1 Configuring Network Servers
Compass ID: 391232199 Version 3 6-5
Configuring LDAP
Lightweight Directory Access Protocol (LDAP) servers provide a way to name,
manage, and access collections of attribute-value pairs. LDAP servers consist of
entries that hold information about some thing or concept, such as a person or
organization. Every entry in an LDAP server belongs to one or more object classes.
n Specifying the primary or secondary LDAP server addresses
n Starting the LDAP client
n Specifying the start of the search-tree
Follow these steps to configure LDAP server parameters:
1. Use the ldap server command, in Global Configuration mode, to configure a
primary or secondary LDAP server address, as shown below:
MOT:7A(config)#ldap server primary <A.B.C.D> port <1-1024>
where:
A.B.C.D is the LDAP server IP address.
1-1024 is the port number of the LDAP server.
For example:
MOT:7A(config)#ldap server primary 192.168.1.253 port 389
Use the options in Table Table to further define ldap server parameters:
2. Use the ldap client command, in Global configuration mode, to start the LDAP
client, as shown below:
Table Command options for the ldap server command.
Option Description
ldap server binddn Distinguished LDAP server name required to bind to this server.
nobinddn Distinguished LDAP server name not required to bind to this
server.
nopassword Password not required
password Password
BSR 64000 System Administration Guide Release 6.3.1
6-6 Compass ID: 391232199 Version 3
MOT:7A(config)#ldap client
3. Use the ldap search-base command, in Global Configuration mode, to specify
the portion of the LDAP tree where the configuration is located, as shown below:
MOT:7A(config)#ldap search-base <WORD>
where:
WORD is the distinguished location name of entry from which to start a
search.
4. Verify that the information was entered correctly by displaying the running
configuration.
MOT:7A(config)#show running-config
Configuring SNTP
The Simple Network Time Protocol (SNTP) provides system time with high
accuracy, but it does not provide the complex filtering and statistical mechanisms of
the Network Time Protocol (NTP). Configure the BSR to operate in client mode with
the remote system at the specified address. In this mode, the BSR can be synchronized
to the remote system, but the remote system never can be synchronized to the BSR.
Follow these steps to configure SNTP server parameters on the BSR:
1. Configure the SNTP server with the sntp server command in Global
Configuration mode.
Note: If the primary LDAP server has not been specified, the following
message appears when attempting to start the LDAP client:
Please configure Primary LDAP server address before starting
the client.
Note: Ensure that the clock timezone command is configured before
configuring SNTP on the BSR. If the clock timezone command is not
configured, then time fluctuation occurs during a switchover if the Primary
SRM switches to the Standby SRM (which does not have the timezone
initialized). Refer to Setting System Passwords on page 1-3 for more
information.
Release 6.3.1 Configuring Network Servers
Compass ID: 391232199 Version 3 6-7
MOT:7A(config)#sntp server {<224.0.1.1> | <A.B.C.D> | <Hostname>}
where
224.0.1.1 is the NTP Multicast server IP address.
A.B.C.D is the IP address of the server.
Hostname is the DNS name of the server.
For example:
MOT:7A(config)#sntp server 192.168.1.253
MOT:7A(config)#sntp server sntpd.motorola.com
2. Authenticate SNTP time sources with the sntp authenticate command in Global
Configuration mode.
MOT:7A(config)#sntp authenticate
3. Configure an authentication a key for the trusted time source with the sntp
authentication-key md5 command on Global Configuration mode. You
configure SNTP authentication keys so that the BSR can send authenticated
packets. The key must be identical between a set of peers sharing the same key
number.
MOT:7A(config)#sntp authentication-key <1-4294967295> [md5
<WORD>]
where:
1-4294967295 is the SNTP authentication key.
Note: When the server address is 224.0.1.1, the IANA assigned multicast
address for NTP, the client transmits a multicast request to this multicast
address and waits for replies. It then binds to the first server that replies. All
subsequent transactions happen in unicast mode.
Note: If you configure the BSR to operate in authenticated mode, you must
also configure an authentication key and a trusted key.
BSR 64000 System Administration Guide Release 6.3.1
6-8 Compass ID: 391232199 Version 3
md5 WORD is the MD5 authentication key, which is from 1 to 12
alphanumeric characters.
4. Configure an SNTP broadcast service to listen to SNTP broadcasts with the sntp
broadcast client command in Global Configuration mode.
MOT:7A(config)#sntp broadcast client
5. Configure an SNTP broadcast delay, which is, with the sntp broacastdelay
command in Global Configuration mode.
MOT:7A(config)#sntp broadcastdelay <1-999999>
where:
1-999999 is the estimated round-trip delay in microseconds.
6. Configure a key number for trusted time sources with the sntp trusted-key
command in Global Configuration mode. For SNTP, configure the keys you are
allowed to use when you configure the BSR to synchronize its time with other
systems on the network.
MOT:7A(config)#sntp trusted-key <1-4294967295>
where:
1-4294967295 is the key number for the trusted time sources.
7. To display information about SNTP, use the show sntp command, as follows:
MOT:7A#show sntp
8. Verify that the information was entered correctly by displaying the running
configuration.
MOT:7A#show running-config
Release 6.3.1 Configuring Network Servers
Compass ID: 391232199 Version 3 6-9
Configuring UDP Broadcast Relay
Network hosts occasionally employ UDP broadcasts to determine address,
configuration, and name information. If such a host is on a network segment that does
not include a server, UDP broadcasts are normally not forwarded. You can configure
an interface to forward certain classes of broadcasts to a helper address. You can have
more than one helper address per interface. You can specify a UDP destination port to
control which UDP services are forwarded.
1. Use the ip forward-protocol udp command in Global Configuration mode to
enable forwarding of UDP broadcasts for a specific UDP port and specify the
protocols to forward and over which ports, as shown below:
MOT:7A(config)#ip forward-protocol udp [<0-65535> | bootpc | bootps |
domain | netbios-dgm | netbios-ns | tacacs | tftp | time ]
where:
0-65535 is the UDP port number.
bootpc is the Bootstrap Protocol (BOOTP) client (68).
bootps is the Bootstrap Protocol (BOOTP) server (67).
domain is the Domain Name Server (DNS, 53).
netbios-dgm is the NetBios datagram service (138).
netbios-ns is the NetBios name service (137).
tacacs is the TAC Access Control System (49).
tftp is the Trivial File Transfer Protocol (69).
time is the Time (37).
For example:
MOT:7A(config)#ip forward-protocol udp 35
2. Enter the Cable Interface Configuration mode from Global Configuration mode,
as follows:
MOT:7A(config)#interface cable <X/Y>
BSR 64000 System Administration Guide Release 6.3.1
6-10 Compass ID: 391232199 Version 3
where:
X/Y is the slot and MAC Domain number of the CMTS module.
3. Use the ip helper-address command, in Interface Configuration mode, to specify
a destination IP address for forwarding UDP broadcast packets, including
BOOTP, as shown below:
MOT:7A(config-if)#ip helper-address <A.B.C.D>
where:
A.B.C.D is the destination IP address.
4. Verify that the information was entered correctly by displaying the running
configuration:
MOT:7A(config-if)#show running-config
Configuring FTP Access
You can configure the BSR to transfer files between systems on the network using the
Internet File Transfer Protocol (FTP). FTP is typically used to transfer upgrade files
from an FTP server on the network to the BSR. To configure FTP connections on the
BSR, you must specify the FTP username and password that the BSR must use when
contacting the FTP server.
Follow these steps to configure FTP Access on the BSR:
1. To specify the FTP user name to be used for the FTP connection, use the ip ftp
username command in Global Configuration mode, as shown below:
Note: An FTP username can contain up to 31 characters.
Release 6.3.1 Configuring Network Servers
Compass ID: 391232199 Version 3 6-11
MOT:7A(config)#ip ftp username <WORD>
where:
WORD is the FTP user name that is up to 31 characters.
Use the no ip ftp username command to delete the entry.
2. To specify the FTP password to be used for the FTP connection, use the ip ftp
password command in Global Configuration mode, as shown below.
MOT:7A(config)#ip ftp password [0 | 7] <LINE>
where:
0 indicates a unencrypted password follows.
7 indicates an encrypted password follows.
LINE is the FTP password, which comprises the password (31 character
minimum, 78 character maximum for option 7) - enclosed with double quotes
if the password contains spaces). The "%" and "!" characters must not be
used.
Use the no ip ftp password command to delete the entry.
Compass ID: 391232199 Version 3 7-1
7
Configuring Redundancy
Introduction
This chapter discusses the following BSR 64000 redundancy configuration tasks:
n SRM Redundancy
n CMTS Redundancy
n NIM Redundancy
n TX32 Redundancy
n RX48 Redundancy
SRM Redundancy
The BSR 64000 supports1:1sparing for the Supervisory Resource Module (SRM)
redundancy by using a Standby SRM and an Active SRM in slot 7 or 8. The Standby
SRM is used to protect the Active SRM, which controls the chassis. The Standby
SRM contains the static configuration information for the Active SRM causing no
configuration changes when a switch-over situation occurs because information is
continuously updated on the Standby SRM.
BSR 64000 System Administration Guide Release 6.3.1
7-2 Compass ID: 391232199 Version 3
When the BSR 64000 is initially powered with SRMs seated in module slots 7 and 8,
the SRM in slot 7 becomes active and the SRM in slot 8 becomes the standby. If there
is an SRM in either Slot 7 or Slot 8 and a second SRM is inserted, this second SRM
becomes the Standby SRM. Once the Standby SRM boots, it immediately gets a copy
of the startup configuration from the Active SRM.
Note: For an SRM Redundant BSR 64000 or BSR 64000 HD where the SRM
installed in Slot 8 is the Active SRM, replacing a fan or blower module (or
removing and re-installing the existing one) can cause all CMTS and NIM
(HSIM) Resource Modules operating in the chassis to reset. Therefore,
perform a manual switchover (through the BSR CLI redundancy
force-switchover srm command) to make the SRM installed in Slot 7 the
Active SRM before replacing (or re-installing) a fan or blower module in a
BSR 64000 HD or BSR 64000 chassis.
Note: After the first administrative (manual) switchover you perform for BSR
64000 systems employing Redundant SRMs, Redundant CMTS modules, or
both; wait a minimum of 5 minutes for SRMs and 60 seconds for CMTS
modules before initiating another administrative switchover.
Release 6.3.1 Configuring Redundancy
Compass ID: 391232199 Version 3 7-3
SRM Switch-over Conditions
If a failure occurs on the Active SRM or the Active SRM is physically removed from
the chassis, service is automatically and instantly transferred to the Standby SRM,
which assumes the role of the Active SRM. At the time of a switch-over, event log
messages and SNMP traps are generated by the BSR.
An automatic switch-over condition occurs under the following circumstances:
n The Active SRM is physically removed from the BSR.
n The ejector switch is pulled down on the Active SRM causing it to power down.
n System crash occurs.
n A hardware failure occurs.
n Administrative switch-over using the redundancy force-switchover srm
command, where the Active SRM forces the switch-over to the standby.
SRM Redundancy Hardware Considerations
Use the serial console port on the SRM I/O module instead of the serial console ports
on the Active SRM and Standby SRM resource modules for your console
connections. Using the console port on the SRM I/0 module ensures that you stay
connected during a switch-over situation. You can still use the serial console ports on
the Active SRM and Standby SRM resource modules, but the connection is
terminated during switch-over situations.
Caution: To prevent hardware damage, do not insert the SRM I/O module in
I/O Slot 8. The SRM I/O Module must be inserted in I/O Slot 7.
BSR 64000 System Administration Guide Release 6.3.1
7-4 Compass ID: 391232199 Version 3
SRM Redundancy Operational Considerations
When the system boots, the status LED on both SRMs remains off until the SRM
assumes the role of either active or standby. The SRM that becomes the Active SRM
displays a solid green status LED and the Standby SRM displays a blinking green
status LED. The CLI prompt indicates which SRM is the active module. When the
boot process is complete, the Active SRM Status LED is lit a steady green and the
Standby SRM Status LED blinks green.
Identifying the Active or Standby SRM
When a CLI session is established, the Active or Standby SRM is identified in the
prompt. In the instance where there is no redundant SRM, the slot number and its
status is shown in the CLI prompt.
For example if the SRM in slot 7 is active, the following CLI prompt displays:
MOT:7A#
Conditions that Cause the SRM to Switch-over
When a failure is detected on the Active SRM, control is quickly transferred to the
standby module, which then becomes the active module. This Active SRM now
controls the common I/O module in slot 7 that is shared between both active and
Standby SRMs. If there is a switch-over, client applications must be restarted (in most
instances) and applications and protocols on the BSR are restarted automatically upon
switch-over. When there is a switch-over from the Active SRM to the Standby SRM,
all of the following applications and protocols are affected and must restart and any
existing client(s) using these applications and protocols experience a temporary
interruption of service:
n Telnet
n FTP and TFTP
n SNMP requests
n OSPF Version 2
n BGP 4
n RIP Version 1 and 2
n ARP database
n Radius Client
n SSH2 Server
n Statistics
Release 6.3.1 Configuring Redundancy
Compass ID: 391232199 Version 3 7-5
n IGMP, PIM, and DVMRP multicast protocols.
n Unicast and Multicast Forwarding Table
n SNTP
n MPLS
n IS-IS
n PPP
The routing protocol tasks restart and have the following affects:
n Communications with peer routing systems are lost and must be reestablished.
n Routing tables are rebuilt.
The following tasks controlling the CLI, Telnet and SNMP are affected:
n SNMP and CLI commands in process are aborted.
n A console user may be logged out of the system and may be required to login
again.
n Telnet users are logged out of the system and must login again.
Running SRM Redundancy Functions
The following sections are used to manage SRM redundancy operation on the BSR:
n Saving Your Running Configuration
n Manually Switching Service to the Standby SRM
n Synchronizing NVRAM Between Active and Standby SRM
Saving Your Running Configuration
It is important to save any configuration changes made in the running configuration to
the startup configuration so that these changes are guaranteed to stay if the Active
SRM switches over service to the Standby SRM or the Standby SRM gives back
service to the Active SRM.
If you have made configuration changes to the Active SRM that must be transferred to
the Standby SRM, issue the copy running-config startup-configuration command
in Privileged EXEC mode, as shown below:
MOT:7A#copy running-config startup-configuration
This command is issued so that if the Standby SRM takes over, the Standby SRM uses
the most current startup configuration, which prevents network configuration
problems in the event of a switch-over.
BSR 64000 System Administration Guide Release 6.3.1
7-6 Compass ID: 391232199 Version 3
Manually Switching Service to the Standby SRM
Service is manually switched from the Active SRM to the Standby SRM under the
following circumstances:
n The Active SRM must be tested.
n The Active SRM needs to be replaced.
n An unsuccessful automatic switch-over occurs.
Follow these steps to force the Active SRM to the Standby SRM:
1. Use the redundancy force-switchover srm in Privileged EXEC mode to
manually switch-over service from the Active SRM to the Standby SRM, as
shown below:
MOT:7A#redundancy force-switchover srm
2. Use the show chassis status command to check the redundancy status
information for both the Active SRM and the Standby SRM in the BSR 64000
chassis.
Refer to the BSR 64000 Command Reference Guide to see typical screen output
and field descriptions for the show chassis status command.
Synchronizing NVRAM Between Active and Standby SRM
Use the sync file nvram: command in Privileged EXEC mode to synchronize the
CLI, which synchronizes all files stored in NVRAM between the Active SRM and
Standby SRM, including the startup and running configurations, as shown below:
MOT:7A#sync file nvram:
Release 6.3.1 Configuring Redundancy
Compass ID: 391232199 Version 3 7-7
CMTS Redundancy
Redundancy for CMTS module operation on the BSR is enabled through a 1:N
redundancy scheme. In this scheme, specialized hardware modules (the Standby
CMTS Resource Module and its associated I/O Module) mirror the operational
configuration of the other operating CMTS modules in the chassis (the Primary
CMTS Modules) and are able to assume the operation of a failed Primary CMTS
Module automatically without disruption to data and voice traffic on the HFC
Network. The Standby CMTS Module in Slot 6 protects up to 12 Primary CMTS
Modules and supports the first failed Primary CMTS Module. Subsequent Primary
CMTS Module failures are not supported until service is manually given back from
the Standby CMTS module to the Primary CMTS Module that had previously failed.
Primary CMTS Modules can be installed in Slots 0 through 5 or 9 through 14 of the
BSR. All Primary CMTS Modules are enabled for redundancy by default unless they
are specifically configured not to participate in the redundancy scheme.
The system automatically switches-over to the Standby CMTS module if a Primary
CMTS fails. The operator may also administratively force a switch-over from a
Primary CMTS to the Standby CMTS with a CLI command. Once the operation of a
failed Primary CMTS Module is restored, the operator must enter a CLI command to
administratively force a switch-over from the Standby CMTS module back to a
Primary CMTS.
All Primary CMTS Module configuration information and cable modem (CM)
registration information is continuously updated on the Standby CMTS Module
during normal BSR operation. As a result, CMs initially registered with a primary
CMTS Module remain registered and data and voice traffic is virtually unaffected
during a switch-over to the Standby CMTS Module or a give-back to a Primary
CMTS Module. Also, CMs do not deregister during a switch-over unless they are in
the process of registering. In this event, some CMs are forced to reregister and voice
calls must be re-established.
During a switch-over, all Multimedia Terminal Adapters (MTAs) that provide voice
services are given priority over CMs carrying data services.
Note: CMs must have implemented ECN RFI-N-00089 to remain registered
across a CMTS switch-over.
BSR 64000 System Administration Guide Release 6.3.1
7-8 Compass ID: 391232199 Version 3
CMTS Redundancy Operation
The CMTS Redundancy feature is designed to minimize any disruption to CMs on the
DOCSIS network when a CMTS switch-over occurs. A Primary CMTS module and
the Standby CMTS module are synchronized by hardware to transmit the same
DOCSIS and Euro-DOCSIS synchronization master clock timestamp value. The
time-interval that the CM needs to reacquire DOCSIS synchronization, depends on
the amount of data a CM has lost during a switch-over. Most CM vendor
time-intervals vary between one to two seconds.
When there is a switch-over from a Primary CMTS module to the Standby CMTS
module, a critical severity log message is displayed on the console, informing that
action is required to restore normal operation. If enabled, this critical severity log
message can be sent as an SNMP trap and/or as a Syslog message.
The CLI command redundancy force-switchover cmts 6 is entered in Privileged
EXEC mode to restore normal operation on a Primary CMTS. When operation is
switched from Standby to Primary CMTS module in this way, only information
severity log messages are generated, which are not usually displayed to the console or
forwarded to SNMP or Syslog.
For example, an operator can force a switch-over from an active Primary CMTS in
Slot 3 to the Standby CMTS module, by entering the Privileged EXEC mode
command redundancy force-switchover cmts 3. This allows a Primary CMTS
hardware to be replaced or upgraded.
The Standby CMTS Module that takes over service for a Primary CMTS Module or a
Primary CMTS Module that is given back its service from the Standby CMTS
Module resets all cable interface statistics to zero. The ifCounterDiscontinuityTime
object for the cable interface is updated so that SNMP management scripts can detect
the transition.
The CMTS Redundancy feature is not intended to be used for software upgrades or
downgrades. Both Primary and Standby CMTS modules must be running the same
software release.
The CMTS redundancy feature adjusts output power to account for the frequency
dependent loss through the RF Switch of the BSR 64000. When the Standby CMTS is
active, output power levels at a Primary CMTS slot I/O module downstream
connector should differ by no more than 1.0 db from the configured downstream
output power level.
Release 6.3.1 Configuring Redundancy
Compass ID: 391232199 Version 3 7-9
If there are any internal software errors encountered when an operator performs a
CMTS module switch-over, the system software automatically resets a Primary
CMTS module, the Standby CMTS module, or both in an attempt to automatically
recover. In this event, all CMs reregister.
Voice Over IP Support
The CMTS Redundancy feature is designed to minimize the impact of a CMTS
module switch-over on VoIP calls. All BSR CMTS modules can derive their network
timing (master clock frequency) using the network-clock-select CLI command in
Global Configuration mode to limit VoIP slips. This clocking source can be derived
internally from the SRMs Stratum 3 clock or externally using the SONET network
timing or from an external E1 or T1 clock connected directly to the BSRs E1 or T1
ports on the SRM I/O. When CMTS switch-over occurs, any CMs with active VOIP
calls are prioritized to be switched first, minimizing their disruption.
Automatic CMTS Switch-Over Conditions
If a failure occurs on a Primary CMTS Module or a Primary CMTS Module is
physically removed from the chassis, service is automatically transferred to the
standby CMTS in Slot 6, which assumes the role of the failed Primary CMTS
Module. During the switch-over, the backplane RF switch connects HFC transmit and
receive signals from a Primary CMTS Module to the standby CMTS.
An automatic switch-over condition occurs under the following circumstances when a
Primary CMTS Module is enabled for redundancy and the Standby CMTS Module is
present in Slot 6 and has not already taken over service for another failed Primary
CMTS Module:
n CMTS software detects a "hung" software task, which is not responding to
requests properly.
n The ejector switch is pulled down on an Primary CMTS Module causing it to
power down.
n A Primary CMTS Module is administratively reset by issuing the reset slot
command.
n A downstream upconverter hardware failure occurs.
n Any hardware failure is detected.
n A software exception or crash occurs on a Primary CMTS Module.
BSR 64000 System Administration Guide Release 6.3.1
7-10 Compass ID: 391232199 Version 3
CMTS Redundancy Hardware Considerations
The BSR supports CMTS redundancy operation for both DOCSIS and Euro-DOCSIS
with the following requirements:
n The Standby CMTS Resource Module must be in Slot 6 and its associated I/O
module is installed in I/O Module Slot 6. The Standby CMTS Resource module
must also be finished booting and in a standby state.
n Slot 15 only supports a NIM resource module or NIM I/O module.
For further information, refer to the BSR 64000 Installation Guide (50 Amp chassis)
and the BSR 64000 HD Installation Guide (100 Amp chassis).
Viewing Redundancy Status from Module LEDs
The following table describes the redundancy status of both a Primary CMTS Module
and the Standby CMTS Module used to determine their redundancy status.
For further information on CMTS module LED display states, refer to the BSR 64000
Installation Guide (50 Amp chassis) and the BSR 64000 HD Installation Guide (100
Amp) chassis.
Caution: Do not insert a Primary CMTS I/O module PCA-0042 in Slot 6 of a
BSR 64000 (50 Amp) chassis. Doing so can permanently damage the
backplane connector. Only insert the Standby CMTS I/O module PCA-0043
in a BSR 64000 (50 Amp) chassis.
Module Status LED State Description
Primary
CMTS
Blinking Green Service is switched over to the Standby CMTS
Module.
Solid Green Primary CMTS is operational.
Standby
CMTS
Blinking Green Standby CMTS Module is in a standby state.
Solid Green Service is switched over from a Primary CMTS
Module and the Standby CMTS Module is
operational.
Release 6.3.1 Configuring Redundancy
Compass ID: 391232199 Version 3 7-11
Managing CMTS Redundancy
Use the procedures in the following sections to manage CMTS redundancy functions
on the BSR:
n Save the Running Configuration to the Startup Configuration
n Manually Switching Service to the Standby SRM
n Administratively Switching to a Primary CMTS
n Disabling Redundancy on a Primary CMTS Module
n Enabling Redundancy on a Primary CMTS Module
Save the Running Configuration to the Startup Configuration
It is important to save any configuration changes made to a primary CMTS interface
in the running configuration to the startup configuration so that these changes are
guaranteed to be maintained when a Primary CMTS Module switches over service to
the Standby CMTS Module or the Standby CMTS Module gives back service to a
Primary CMTS Module.
Use the copy running-config startup-config command in Privileged EXEC mode to
copy the running configuration (current system configuration) to the startup
configuration (system startup configuration), as shown below:
MOT:7A#copy running-config startup-config
Administratively Switching to the Standby CMTS
Service can be administratively switched from a Primary CMTS Module to the
standby CMTS in Slot 6 for some of the following reasons:
n A Primary CMTS Module is being tested.
n A Primary CMTS Module is being replaced with another CMTS module.
Follow these steps to administratively switch service from a Primary CMTS Module
to the Standby CMTS Module:
1. Use the redundancy force-switchover cmts in Privileged EXEC mode to
administratively switch-over service from the specified Primary CMTS Module
to the Standby CMTS Module, as shown below:
MOT:7A#redundancy force-switchover cmts <NUM>
where:
NUM is the specified Primary CMTS Module.
BSR 64000 System Administration Guide Release 6.3.1
7-12 Compass ID: 391232199 Version 3
2. Use the show chassis status or show redundancy cmts command in all modes
except User EXEC mode to check the redundancy status information for both a
Primary CMTS Module and the Standby CMTS Module:
The following figure displays sample command line output from the show
chassis status command:
Running archive: FLASH:6203.srm4
Slot Type Sub Red State RM IO UpTime LastUpTime Success Failure
0 - - - x 0 0
1 - - - x 0 0
2 DTX TX32 - RUN x x 0w2d21h 1 1
3 DTX TX32 - RUN x p 0w2d21h 1 1
4 DTX TX32 - RUN x p 0w2d21h 1 1
5 HSIM GE2/ETH8 - RUN x x 0w2d21h 1 1
6 CMTS 2x8(2.0) - stby x x 0w2d21h 0 1
7 SRM4 - RUN x x 0w2d21h 0 0
8 - - - - 0 0
9 DRX RX48 - RUN x x 0w2d21h 1 1
10 CMTS 2x8(2.0) 6 RUN x x 0w2d21h 1 2
11 CMTS 2x8(2.0) 6 RUN x x 0w2d21h 1 1
12 CMTS 2x8(2.0) 6 RUN x x 0w2d21h 1 1
13 CMTS 2x8(2.0) 6 RUN x x 0w2d21h 1 1
14 DRX RX48 - RUN x x 0w2d21h 1 1
15 - - - x 0 0
Note: After the BSR is rebooted, each Primary and Standby CMTS Module is
given 12-minutes to complete the boot process. If, after 12 minutes a CMTS
module has not booted, a timer starts that tracks the amount of time a CMTS
is unavailable (the Unavailable Timer). The Unavailable Timer indicates how
much time service belonging to a CMTS module has been unavailable to
subscribers since its last successful boot.
Release 6.3.1 Configuring Redundancy
Compass ID: 391232199 Version 3 7-13
Filed descriptions from the show chassis command output are described below::
Field Description
Slot Module slot number from 0 to 15
Type The type of module that is inserted into the BSR 64000. HSIM (NIM)
indicates either the 8-port Fast Ethernet, POS or Gigabit Ethernet Network
Interface module. CMTS indicates the CMTS module. DTX and DRX
indicate TX32 and RX48 modules, respectively. SRM indicates the
Supervisory Resource Module.
Sub Indicates the module sub-type. For example 2x8 would indicate the type of
the CMTS module that is installed in the slot number.
Red Indicates the slot that takes over if this slot is forced to switch over.
State ROM The modules bootrom is running.
Flash The module is downloading a software image.
Boot The module is booting using the software image.
Cfg The module is in the configuration state after booting.
RUN The module is running and actively providing service. The module
reaches this state after successful configuration.
stby The module is in a standby state, ready to accept a switch-over
from another running module. The module STATUS LED blinks to indicate
it is in standby.
RM Resource module. An x indicates that this module is inserted in the BSR. A
- (dash) indicates that this slot is empty.
IO Physical I/O module. An x indicates that this module is inserted in the
BSR. A - (dash) indicates that this module is not currently inserted in the
BSR. Non-redundant I/O modules (PCA-007) cannot be detected as
present by the system software, and are denoted as absent with a "-"
symbol.
UpTime If the system clock has been set using the clock set command, the
UpTime column displays the amount of time that the module has been
operational. The time is expressed in hours, minutes, seconds (hh:mm:ss)
days (1-31), and the month (first 3 letters of the month).
LastUpTime When a module is down, the last operational time for the module.
Success The number of times the module booted successfully.
Failure The number of times the module failed to boot.
BSR 64000 System Administration Guide Release 6.3.1
7-14 Compass ID: 391232199 Version 3
The following figure displays the show redundancy cmts command output for the
Standby CMTS module and Primary CMTS module. The display includes; logging,
service switch-over instances, amount of time a CMTS module has been switched
over in minutes, and the current status of each CMTS module slot.
The following tablr describes the module states displayed in the show redundancy
cmts command output:
Field Description
CMTS Chassis
Slot
A CMTS slot configured for CMTS redundancy.
Slot Status RUN indicates that the Standby or a Primary CMTS module is in an
operational state, or stby (standby) state indicating that either the
Standby or a Primary CMTS module is ready to accept a switch-over.
Red Slot The redundant slot column indicates the chassis slot number to which
this slot switches over.
A dash - in the Red Slot column for Primary CMTS modules indicates
that the Primary CMTS module is either not inserted in the BSR chassis
or is booting.
A dash - in the Red Slot column for Slot 6 indicates that the Standby
CMTS module is in a standby state and does not have a redundant
peer.
If the Standby CMTS module has taken over for a Primary CMTS, this
Primary CMTS is now the Standby CMTS redundant peer and is
displayed in the Red Slot column for Slot 6.
A dash in the Red Slot column for a Primary CMTS module indicates
that it has been taken over by the Standby CMTS module in Slot 6.
For example, if the Standby CMTS module takes over for the Primary
CMTS module in Slot 4, the number 4 is displayed in the Red Slot
column for Slot 6. When the Primary CMTS module is in the stby state,
(because it has been taken over by the Standby CMTS module in Slot
6), the Red Slot column for Slot 4 is 6.
CMTS Manual Auto
Chassis Slot Red Primary Logging Take- Take- Unavail
Slot Status Slot Slot Status overs overs Time

2 RUN 6 2 full 0 0 0:00:00
3 RUN 6 3 full 0 0 0:00:00
6 stby - - inactive 0 0 0:00:00
Release 6.3.1 Configuring Redundancy
Compass ID: 391232199 Version 3 7-15
Administratively Switching to a Primary CMTS
Service can be administratively switched back to a Primary CMTS module when the
Primary CMTS is in a standby state.
Follow these steps to give back service to a Primary CMTS and verify the result:
1. Use the redundancy force-switchover cmts 6 command in Privileged EXEC
mode to cause the standby CMTS in Slot 6 to give back Primary CMTS service to
the Slot for which it had switched over, as shown below:
MOT:7A#redundancy force-switchover cmts 6
2. Use the show chassis status or show redundancy cmts command in all modes
except User EXEC mode to check the redundancy status information for both a
Primary CMTS Module and the Standby CMTS Module.
Primary Slot Describes the context in which this Primary CMTS module slot is active.
The chassis slot number is the same as a Primary CMTS module slot
when a Primary CMTS module slot is active. However, when the
Standby CMTS module slot is active, a Primary slot for which it is
running is indicated.
Logging Status The full status indicates that CMTS information has been fully
replicated to the Standby CMTS module for this slot. The "inactive"
status indicates that the CMTS is not running or has no redundant slot
to which to replicate. The "partial" status indicates that replication is
currently underway. A CMTS cannot be forced to switchover until it has
completed replication.
Manual
Takeovers
Describes the number of operator-directed takeovers.
Auto-takeovers Describes the number of takeovers prompted by a CMTS module
failure, reset, or de-insertion. Each takeover count represents the
number of times for which the slot has been taken over by the Standby
CMTS module. For example, the takeover counts for Slot 3 give the
number of times that Slot 6 (Standby CMTS Module) has taken over for
Slot 3. The takeover counts for Slot 6 give the number of givebacks
from Slot 6.
Unavailable
Time
Describes the cumulative amount of time that subscribers associated
with a Primary CMTS module have been without service since this
Primary CMTS failed and the Standby CMTS Module could not
takeover for it for any reason.
Field Description
BSR 64000 System Administration Guide Release 6.3.1
7-16 Compass ID: 391232199 Version 3
Disabling Redundancy on a Primary CMTS Module
When a Standby CMTS Module is present and a Primary CMTS Module is inserted,
this Primary CMTS Module is automatically enabled for redundancy. The cable
operator can disable redundancy on any Primary CMTS Module for testing purposes
or to control the priority of Primary CMTS Modules in the chassis. For example, the
cable operator may disable redundancy on lower priority Primary CMTS Modules so
they are not switched over to the Standby CMTS Module in the event of a failure. As
a result, the higher priority Primary CMTS Modules are protected.
In the absence of an explicit configuration to disable CMTS redundancy protections,
all Primary CMTS modules are automatically configured to enable redundancy
protection.
Follow these steps to disable CMTS redundancy on a Primary CMTS Module:
1. Use the no redundancy cmts command in Global Configuration mode to remove
this Primary CMTS Module from the standby redundancy scheme, as shown
below:
MOT:7A(config)#no redundancy cmts <NUM>
where:
NUM is a Primary CMTS Module slot number.
2. Use the show chassis status or show redundancy cmts command in all modes
except User EXEC mode to check the redundancy status information for both a
Primary CMTS Module and the Standby CMTS Module.
Caution: When you test a new CMTS Resource Module that is removed from
the BSR, replace a Primary CMTS Module with a NIM Module, or intend to
remove a Primary CMTS Resource Module after migrating its subscribers to
another module, disable redundancy for the Primary CMTS Resource
Module before removing it from the BSR. This prevents the Standby
CMTS Resource Module from automatically taking over operation for the
Primary CMTS Module after you remove it.
If the Standby CMTS Module takes over operation for a Primary CMTS
Module and this Primary CMTS is removed from the chassis, the Standby
CMTS Module cannot take over operation for any remaining operational
Primary CMTS Resource Modules until the Primary CMTS Module is
returned, booted and service is restored to this module from the Standby
CMTS module.
Release 6.3.1 Configuring Redundancy
Compass ID: 391232199 Version 3 7-17
Automatically Enabling Primary CMTS Modules
Primary CMTS modules are enabled for CMTS redundancy if a Standby CMTS
module is present and operational in Slot 6 by default. When a Standby CMTS
module is inserted into a BSR chassis that contains active Primary CMTS modules,
these Primary CMTS modules automatically enable once the Standby CMTS in Slot 6
is booted and operational.
Enabling Redundancy on a Primary CMTS Module
CMTS redundancy is manually re-enabled by a cable operator typically after testing is
completed or if a scheme has changed for controlling which Primary CMTS modules
carry the highest priority for protection if a switch-over situation occurs. If CMTS
redundancy is disabled for testing or priority reasons, it may be re-enabled by CLI
commands.
Follow these steps to re-enable redundancy on a Primary CMTS Module:
1. Use the redundancy cmts command in Global Configuration mode to re-enable
a Primary CMTS Module for redundancy protection, as shown below:
MOT:7A(config)#redundancy cmts <NUM>
where:
NUM is a Primary CMTS Module slot number.
2. Use the show chassis status or show redundancy cmts command in all modes
except User EXEC mode to check the redundancy status information for both a
Primary CMTS Module and the Standby CMTS Module.
If you need to disable a Primary CMTS module, refer to Disabling Redundancy on a
Primary CMTS Module on page 7-16, for more information.
BSR 64000 System Administration Guide Release 6.3.1
7-18 Compass ID: 391232199 Version 3
NIM Redundancy
NIM redundancy for the Gigabit Ethernet module uses multipath load sharing based
on Equal-Cost Multi-path (ECM) which is supported through the BGP and OSPF
routing protocols.
EBGP HSIM Redundancy Configuration
This section describes how EBGP HSIM (NIM) redundancy works on the BSR by
establishing two Equal-Cost Multi-path (ECM) routes. The following figure
illustrates that the BSR 64000 is EBGP peering with Router 1 and Router 2 in AS
200. BSR 64000 is receiving identical updates about the destination network of
2.2.2.0/24 over its (host 1) Ethernet interface 1 on module slot 13 (with an interface IP
address of 195.168.16.65) and Ethernet interface 0 on module 12 (with an interface IP
address of 194.168.16.65). The BSR 64000 installs two routes for the learned
destination network 2.2.2.0/24 as they are being learned with identical path
information.
Release 6.3.1 Configuring Redundancy
Compass ID: 391232199 Version 3 7-19
The following sections provide examples for configuring EBGP HSIM redundancy.
Configuring Router 1
Follow these steps to configure Router 1:
1. Use the router bgp 200 command in Global Configuration mode to enable BGP
routing in autonomous system (AS) 200 and enter Router Configuration mode, as
shown below:
router1(config)#router bgp 200
2. Use the network mask command in Router Configuration mode to specify the
destination BGP network IP address and subnetwork IP mask, as shown below:
router1(config-bgp)#network 2.2.2.0 mask 255.255.255.0
where:
2.2.2.0 is the IP address of the destination EBGP network for Router 1.
255.255.255.0 is the 24-bit IP subnetwork address mask.
3. Use the neighbor remote-as command in Router Configuration mode to specify
the BSR neighbor network IP address and its remote autonomous system number,
as shown below:
router1(config-bgp)#neighbor 195.168.16.65 remote-as 100
where:
195.168.16.65 is the IP address of BSR Ethernet interface 1 on module slot
13.
remote-as 100 is the remote autonomous system number of the BSR.
4. Use the neighbor remote-as command in Router Configuration mode to specify
the Router 2 neighbor network IP address and its remote autonomous system
number, as shown below:
router1(config-bgp)#neighbor 2.2.2.2 remote-as 200
where:
Note: The maximum number of paths is 2 by default. The maximum number
of paths must be set to 2 in order to establish two Equal-Cost Multi-path
(ECM) routes. If this parameter has been changed to 1, issue the
maximum-paths 2 command in Router Configuration mode.
BSR 64000 System Administration Guide Release 6.3.1
7-20 Compass ID: 391232199 Version 3
2.2.2.2 is the IP address of Router 2 (associated with the 2.2.2.0 network).
remote-as 200 is the remote autonomous system number to which Router 2
belongs.
Configuring Router 2
Follow these steps to configure Router 2:
1. Use the router bgp 200 command in Global Configuration mode to enable BGB
routing in autonomous system (AS) 200 and enter Router Configuration mode, as
shown below:
router2(config)#router bgp 200
2. Use the network mask command in Router Configuration mode to specify the
destination BGP network IP address and subnetwork IP mask, as shown below:
router2(config-bgp)#network 2.2.2.0 mask 255.255.255.0
where:
2.2.2.0 is the IP address of the destination EBGP network for Router 2.
255.255.255.0 is the 24 bit IP subnetwork address mask.
3. Use the neighbor remote-as command in Router Configuration mode to specify
the BSR neighbor network IP address and its remote autonomous system number,
as shown below:
router2(config-bgp)#neighbor 194.168.16.65 remote-as 100
where:
194.168.16.65 is the IP address of the BSR Ethernet interface 0 on module
slot 12.
remote-as 100 is the remote autonomous system number.
4. Use the neighbor remote-as command in Router Configuration mode to specify
the Router 1 neighbor network IP address and its remote autonomous system
number, as shown below:
router2(config-bgp)#neighbor 2.2.2.1 remote-as 200
where:
2.2.2.1 is the IP address of Router 1 (associated with the 2.2.2.0 network).
Release 6.3.1 Configuring Redundancy
Compass ID: 391232199 Version 3 7-21
remote-as 200 is the remote autonomous system number to which Router 1
belongs.
Configuring the BSR
Follow these steps to configure the BSR:
1. Use the router bgp 100 command in Global Configuration mode to enable BGP
routing in autonomous system (AS) 100 and enter Router Configuration mode, as
shown below:
BSR64000:7A(config)#router bgp 100
2. Use the neighbor remote-as command in Router Configuration mode to specify
the BSR neighbor network IP address and its remote autonomous system number
for Router 1, as shown below:
BSR64000:7A(config-bgp)#network 195.168.16.66 remote-as 200
where:
195.168.16.66 is the IP address of the Router 1 interface (associated with the
195.168.16.64 network).
remote-as 200 is the remote autonomous system number for Router 1.
3. Use the neighbor remote-as command in Router Configuration mode to specify
the BSR neighbor network IP address and its remote autonomous system number
for Router 2, as shown below:
BSR64000:7A(config-bgp)#network 194.168.16.65 remote-as 200
where:
194.168.16.66 is the IP address of the Router 2 interface (associated with the
194.168.16.64 network).
remote-as 200 is the remote autonomous system number for Router 2.
4. Use the show ip route bgp command to view the Equal-cost Multi-path routes to
the 2.2.2.0 network, as shown below:
BSR64000:7A#show ip route bgp
BSR 64000 System Administration Guide Release 6.3.1
7-22 Compass ID: 391232199 Version 3
The following figure displays typical show ip route bgp command output:
The show ip route bgp command output shows the redundant EBGP routes to
destination network 2.2.2.0 through interface 195.168.16.66 on Router 1 and
through interface 194.168.16.66 on Router 2.
5. Use the show ip route ospf command to view the OSPF Equal-cost Multi-path
routes to the 2.2.2.0 network within the EBGP network, as shown below:
BSR64000:7A#show ip route ospf
The following figure displays typical show ip route ospf command output:
The show ip route ospf command output shows the redundant next hop routes to
destination network 2.2.2.0 through host 2, which is comprised of interface
195.168.16.66 (on Router 1) and through interface 194.168.16.66 (on Router 2).
BGP table version is 272, local router ID is 43.43.43.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Wght Path
*> 2.2.2.0/24 195.168.16.66 0 0 200 i
*> 194.168.16.66 0 200 i
O E2 10.1.0.0/16 [110/20] via 172.50.1.10, gigaether 15/0
O E2 10.2.0.0/16 [110/20] via 172.50.1.10, gigaether 15/0
O E2 10.3.0.0/16 [110/20] via 172.50.1.10, gigaether 15/0
O E2 10.4.0.0/16 [110/20] via 172.50.1.10, gigaether 15/0
O E2 10.5.0.0/16 [110/20] via 172.50.1.10, gigaether 15/0
O E2 10.6.0.0/16 [110/20] via 172.50.1.10, gigaether 15/0
Release 6.3.1 Configuring Redundancy
Compass ID: 391232199 Version 3 7-23
OSPF NIM Redundancy Configuration
This section describes how OSPF NIM redundancy works on the BSR by establishing
two Equal-Cost Multi-path (ECM) routes. The following figure illustrates that the
BSR 64000 (host 1) has Ethernet interface 1 on module slot 13 (with an interface IP
address of 195.168.16.65) and Ethernet interface 0 on module 12 (with an interface IP
address of 194.168.16.65) configured for OSPF Area 0. The BSR 64000 learns the
destination network 2.2.2.0/24 over this interface with equal cost equal to 10. The
BSR installs two routes for this learned destination as they are being learned with
equal cost.
The following sections provide examples for configuring OSPF NIM redundancy.
Note: The maximum number of paths is 2 by default. The maximum number
of paths must be set to 2 in order to establish two Equal-Cost Multi-path
(ECM) routes. If this parameter has been changed to 1, issue the
maximum-paths 2 command in Router Configuration mode.
BSR 64000 System Administration Guide Release 6.3.1
7-24 Compass ID: 391232199 Version 3
Configuring Router 1
Follow these steps to configure Router 1:
1. Use the router ospf command in Global Configuration mode to enable OSPF
routing and enter Router Configuration mode, as shown below:
router1(config)#router ospf
2. Use the network area command in Router Configuration mode to specify the
OSPF network IP address, wildcard mask and Area ID for the BSR and Router 1,
as shown below:
router1(config-ospf)#network 195.168.16.64 0.0.0.3 area 0
where:
195.168.16.64 is the IP address of the OSPF network that is associated with
Ethernet interface 1 on module slot 13.
0.0.0.3 is the IP address type mask with dont care bits (wildcard bit mask).
This 30 bit wildcard bit mask matches all the bits of the network IP address
except the last three bits.
0 is the area number.
3. Use the network area command in Router Configuration mode to specify the
destination OSPF network IP address, wildcard mask and Area ID, as shown
below:
router1(config-ospf)#network 2.2.2.0 0.0.0.255 area 0
where:
2.2.2.0 is the IP address of the destination OSPF network for Router 1.
0.0.0.255 is the IP address type mask with dont care bits (wildcard bit
mask). This 24 bit wildcard bit mask matches all the bits of the network IP
address.
0 is the area number.
Configuring Router 2
Follow these steps to configure Router 2:
1. Use the router ospf command in Global Configuration mode to enable OSPF
routing and enter Router Configuration mode, as shown below:
Release 6.3.1 Configuring Redundancy
Compass ID: 391232199 Version 3 7-25
router2(config)#router ospf
2. Use the network area command in Router Configuration mode to specify the
OSPF network IP address, wildcard mask and Area ID for the BSR and Router 2,
as shown below:
router2(config-ospf)#network 194.168.16.64 0.0.0.3 area 0
where:
194.168.16.64 is the IP address of the OSPF network for the BSR and Router
2.
0.0.0.3 is the IP address type mask with dont care bits (wildcard bit mask).
This 30 bit wildcard bit mask matches all the bits of the network IP address
except the last three bits.
0 is the area number.
3. Use the network area command in Router Configuration mode to specify the
destination OSPF network IP address, wildcard mask and Area ID, as shown
below:
router2(config-ospf)#network 2.2.2.0 0.0.0.255 area 0
where:
2.2.2.0 is the IP address of the destination OSPF network.
0.0.0.255 is the IP address type mask with dont care bits (wildcard bit
mask). This 24 bit wildcard bit mask matches all the bits of the network IP
address.
0 is the area number.
Configuring the BSR
Follow these steps to configure the BSR:
1. Use the router ospf command in Global Configuration mode to enable OSPF
routing and enter Router Configuration mode, as shown below:
BSR64000:7A(config)#router ospf
2. Use the network area command in Router Configuration mode on the BSR to
specify the OSPF network IP address, wildcard mask and Area ID for the BSR
and Router 1, as shown below:
BSR64000:7A(config-ospf)#network 195.168.16.64 0.0.0.3 area 0
BSR 64000 System Administration Guide Release 6.3.1
7-26 Compass ID: 391232199 Version 3
where:
195.168.16.64 is the IP address of the OSPF network for Router 1.
0.0.0.3 is the IP address type mask with dont care bits (wildcard bit mask).
This 30 bit wildcard bit mask matches all the bits of the network IP address
except the last three bits.
0 is the area number.
3. Use the network area command in Router Configuration mode on the BSR to
specify the OSPF network IP address, wildcard mask and Area ID for the BSR
and Router 2, as shown below:
BSR64000:7A(config-ospf)#network 194.168.16.64 0.0.0.3 area 0
where:
194.168.16.64 is the IP address of the OSPF network for the BSR and Router
2.
0.0.0.3 is the IP address type mask with dont care bits (wildcard bit mask).
This 30 bit wildcard bit mask matches all the bits of the network IP address
except the last three bits.
0 is the area number.
4. Use the show ip route ospf command in Router Configuration mode on the BSR
to view the Equal-cost Multi-path routes to the 2.2.2.0 network, as shown below:
MOT:7A(config-ospf)#show ip route ospf
The show ip route ospf command output shows the redundant next hop routes to
destination network 2.2.2.0 through host 2, which is comprised of interface
195.168.16.66 (on Router 1) and through interface 194.168.16.66 (on Router 2).
Refer to the BSR 64000 Command Reference Guide to see typical screen output
from the show ip ospf route command.
Release 6.3.1 Configuring Redundancy
Compass ID: 391232199 Version 3 7-27
TX32 Redundancy
The TX32 Redundancy feature is designed to minimize any disruption to the network
in the event of a TX32 failure. A Primary TX32 module and the Standby TX32
module are synchronized by hardware to transmit the same synchronization master
clock timestamp value. The system automatically switches-over to the Standby
TX32 module if a Primary TX32 module fails. The operator may also
administratively force a switch-over from a Primary TX32 to the Standby TX32.
Once the operation of a failed Primary TX32 module is restored, the operator must
administratively force a switch-over from the Standby TX32 module back to a
Primary TX32 in order to restore redundancy protection.
The hardware foundation for TX32 redundancy is a 3-slot redundancy module. The
3-slot I/O module consists of 2 Primary TX32 modules and 1 Standby TX32 module
and is designed so that the Primary TX32s are the first and third slots in the module.
The center slot is reserved for the Standby TX32 module. The I/O design is such that
the center slot will only support the Standby TX32 and cannot be used by a Primary
TX32 module. The Standby TX32 will always be the center slot in the 3-slot
redundancy module. The TX32 3-slot I/O module can be inserted anywhere in the
BSR chassis with the exception of slots 7 and 8 which are reserved for SRM modules,
slot 6 which is reserved for a standby CMTS, and slot 15 which does not support the
necessary backplane signals.
Automatic CMTS Switch-Over Conditions
If a failure occurs on a Primary TX32 Module or a Primary TX32 Module is
physically removed from the chassis, service is automatically transferred to the
Standby TX32 which assumes the role of the failed Primary TX32 Module. During
the switch-over, the backplane RF switch connects HFC signals from a Primary TX32
slot to the Standby TX32.
An automatic switch-over condition occurs under the following circumstances when a
Primary TX32 Module is enabled for redundancy and the Standby TX32 Module has
not already taken over service for another failed Primary TX32 Module:
n Software detects a "hung" software task, which is not responding to requests
properly.
n The ejector switch is pulled down on an Primary TX32 Module causing it to
power down.
n A Primary TX32 Module is administratively reset by issuing the reset slot
command.
n Any hardware failure is detected.
BSR 64000 System Administration Guide Release 6.3.1
7-28 Compass ID: 391232199 Version 3
n A software exception or crash occurs on a Primary TX32 Module.
Managing TX32 Redundancy
Use the following procedures to manage TX32 redundancy functions on the BSR:
n Save the Running Configuration to the Startup Configuration
n Administratively Switching to a Primary CMTS
n Disabling Redundancy on a Primary CMTS Module
n Enabling Redundancy on a Primary CMTS Module
Save the Running Configuration to the Startup Configuration
It is important to save any configuration changes in the running configuration so that
these changes are maintained whenever any primary module switches over to a
redundant module or is restored back to a primary module.
Use the copy running-config startup-config command, in Privileged EXEC mode,
to copy the running configuration (current system configuration) to the startup
configuration (system startup configuration), as shown below:
MOT:7A#copy running-config startup-config
Administratively Switching to the Standby TX32
Service can be administratively switched from a Primary TX32 Module to the standby
TX32 Module for some of the following reasons:
n A Primary TX32 Module is being tested.
n A Primary TX32 Module is being replaced with another TX32 module.
Follow these steps to administratively switch service from a Primary TX32 Module to
the Standby TX32 Module:
1. Use the redundancy force-switchover dtx command, in Privileged EXEC mode,
to administratively switch-over service from the specified Primary TX32 Module
to the Standby TX32 Module, as shown below:
MOT:7A#redundancy force-switchover dtx <NUM>
where:
NUM is the slot number of the Primary TX32 Module.
Release 6.3.1 Configuring Redundancy
Compass ID: 391232199 Version 3 7-29
2. Use the show chassis status or show redundancy dtx command, in all modes
except User EXEC mode, to check the redundancy status information for both a
Primary TX32 Module and the Standby TX32 Module:
Administratively Switching to a Primary TX32
Service can be administratively switched back to a Primary TX32 module when the
Primary TX32 is in a standby state.
Follow these steps to give back service to a Primary TX32 and verify the result:
1. Use the redundancy force-switchover dtx command, in Privileged EXEC mode,
to cause the standby TX32 to give back Primary TX32 service to the slot for
which it had switched over, as shown below:
MOT:7A#redundancy force-switchover dtx <NUM>
where:
NUM is the slot number of the Standby TX32 module.
2. Use the show chassis status or show redundancy dtx command, in all modes
except User EXEC mode, to check the redundancy status information for both a
Primary TX32 Module and the Standby TX32 Module.
Disabling Redundancy on a Primary TX32 Module
When a Standby TX32 Module is present and a Primary TX32 Module is inserted,
this Primary TX32 Module is automatically enabled for redundancy. The cable
operator can disable redundancy on any Primary TX32 Module for testing purposes or
to control the priority of Primary TX32 Modules in the chassis. For example, the
cable operator may disable redundancy on lower priority Primary TX32 Modules so
they are not switched over to the Standby TX32 Module in the event of a failure. As a
result, the higher priority Primary TX32 Modules are protected.
In the absence of an explicit configuration to disable TX32 redundancy protections,
all Primary TX32 modules are automatically configured to enable redundancy
protection.
Follow these steps to disable TX32 redundancy on a Primary TX32 Module:
1. Use the no redundancy dtx command, in Global Configuration mode, to remove
this Primary TX32 Module from the standby redundancy scheme, as shown
below:
MOT:7A(config)#no redundancy dtx <NUM>
BSR 64000 System Administration Guide Release 6.3.1
7-30 Compass ID: 391232199 Version 3
where:
NUM is a Primary TX32 Module slot number.
2. Use the show chassis status or show redundancy dtx command, in all modes
except User EXEC mode, to check the redundancy status information for both a
Primary TX32 Module and the Standby TX32 Module.
Automatically Enabling Primary TX32 Modules
By default, Primary TX32 modules are enabled for redundancy if a Standby TX32
module is present and operational in the spare slot of the TX32 redundancy group.
When a Standby TX32 module is inserted into a BSR chassis that contains active
Primary TX32 modules, these Primary TX32 modules are automatically enabled for
redundant operation (or redundancy) once the Standby TX32 is operational.
Enabling Redundancy on a Primary TX32 Module
TX32 redundancy is manually re-enabled by a cable operator typically after testing is
completed or if a scheme has changed for controlling which Primary TX32 modules
carry the highest priority for protection if a switch-over situation occurs. If TX32
redundancy is disabled for testing or priority reasons, it may be re-enabled by CLI
commands.
Follow these steps to re-enable redundancy on a Primary TX32 Module:
1. Use the redundancy dtx command, in Global Configuration mode, to re-enable a
Primary TX32 Module for redundancy protection, as shown below:
MOT:7A(config)#redundancy dtx <NUM>
where:
NUM is a Primary TX32 Module slot number.
2. Use the show chassis status or show redundancy dtx command, in all modes
except User EXEC mode, to check the redundancy status information for both a
Primary TX32 Module and the Standby TX32 Module.
If you need to disable a Primary TX32 module, refer to Disabling Redundancy on a
Primary CMTS Module for more information.
Release 6.3.1 Configuring Redundancy
Compass ID: 391232199 Version 3 7-31
RX48 Redundancy
The RX48 redundancy feature is designed to minimize any disruption to the network
in the event of a RX48 failure. A primary RX48 module and the standby RX48
module are synchronized by hardware to transmit the same synchronization master
clock timestamp value. The system automatically switches-over to the standby RX48
module if a primary RX48 module fails. The operator can also administratively force
a switch-over from a primary RX48 to the standby RX48. Once the operation of a
failed primary RX48 module is restored, the operator must administratively force a
switch-over from the standby RX48 module back to a primary RX48 in order to
restore redundancy protection.
The standby RX48 Resource Module is designed to operate only in slot 6 of the BSR
chassis. A single standby RX48 module supports redundancy for the primary RX48
Resource Modules. However, it can assume the operation for only one of the primary
RX48 Resource Modules at one time.
Automatic RX48 Switchover Conditions
If a failure occurs on a primary RX48 module or if a primary RX48 module is
physically removed from the chassis, service is automatically transferred to the
standby RX48 which assumes the role of the failed primary RX48 module. During the
switch-over, the backplane RF switch connects HFC signals from a primary RX48
slot to the standby RX48.
An automatic switch-over condition occurs under the following circumstances when a
primary RX48 module is enabled for redundancy and the standby RX48 module has
not already taken over service for another failed primary RX48 module:
n Software detects a hung software task, which is not responding to requests
properly.
n The ejector switch is pulled down on an primary RX48 module causing it to
power down.
n A primary RX48 module is administratively reset by issuing the reset slot
command.
Note: When the standby RX48 Resource Module is used, 2:8 CMTS
redundancy cannot be used since the 2:8 CMTS and RX48 modules use the
same slot. A standby RX48 Resource Module does not provide redundancy
for 2:8 CMTS modules.
BSR 64000 System Administration Guide Release 6.3.1
7-32 Compass ID: 391232199 Version 3
n Any hardware failure is detected.
n A software exception or crash occurs on a primary RX48 module.
Managing RX48 Redundancy
Use the following procedures to manage RX48 redundancy functions on the BSR:
n Save the Running Configuration to the Startup Configuration
n Administratively Switching to the Standby RX48
n Administratively Switching to a Primary RX48
n Disabling Redundancy on a Primary RX48 Module
n Automatically Enabling Primary RX48 Modules
Save the Running Configuration to the Startup Configuration
It is important to save any configuration changes in the running configuration so that
these changes are maintained whenever any primary module switches over to a
redundant module or is restored to service as a primary module.
Use the copy running-config startup-config command, in all modes except User
EXEC, to copy the running configuration (current system configuration) to the startup
configuration (system startup configuration), as shown:
MOT:7A#copy running-config startup-config
Administratively Switching to the Standby RX48
Service can be administratively switched from a Primary RX48 Module to the
standby RX48 module for some of the following reasons:
n A primary RX48 module is being tested.
n A primary RX48 module is being replaced with another RX48 module.
Follow these steps to administratively switch service from a primary RX48 module to
the standby RX48 module:
1. Use the redundancy force-switchover drx command, in Privileged EXEC
mode, to administratively switch-over service from the specified primary RX48
module to the standby RX48 module, as shown:
MOT:7A#redundancy force-switchover drx <X>
where:
X is the slot number of the primary RX48 module.
Release 6.3.1 Configuring Redundancy
Compass ID: 391232199 Version 3 7-33
2. Use the show chassis status or show redundancy drx command, in all modes
except User EXEC mode, to check the redundancy status information for both a
primary RX48 module and the standby RX48 module:
Administratively Switching to a Primary RX48
Service can be administratively switched back to a primary RX48 module when the
primary RX48 is in a standby state.
Follow these steps to return service to a primary RX48 and verify the result:
1. Use the redundancy force-switchover drx command, in Privileged EXEC
mode, to cause the standby RX48 to return primary RX48 service to the slot for
which it had taken over, as shown:
MOT:7A#redundancy force-switchover drx <X>
where:
X is the slot number of the standby RX48 module.
2. Use the show chassis status or show redundancy drx command, in all modes
except User EXEC mode, to check the redundancy status information for both a
primary RX48 module and the standby RX48 module.
Disabling Redundancy on a Primary RX48 Module
When a standby RX48 module is present and a primary RX48 module is inserted, this
primary RX48 module is automatically enabled for redundancy. The cable operator
can disable redundancy on any primary RX48 module for testing purposes or to
control the priority of primary RX48 modules in the chassis. For example, the cable
operator can disable redundancy on lower priority primary RX48 modules so they are
not switched over to the standby RX48 module in the event of a failure. As a result,
the higher priority primary RX48 modules are protected.
In the absence of an explicit configuration to disable RX48 redundancy protections,
all primary RX48 modules are automatically configured to enable redundancy
protection.
Follow these steps to disable RX48 redundancy on a primary RX48 module:
1. Use the no redundancy drx command, in Global Configuration mode, to remove
this primary RX48 module from the standby redundancy scheme, as shown:
MOT:7A(config)#no redundancy drx <X>
where:
BSR 64000 System Administration Guide Release 6.3.1
7-34 Compass ID: 391232199 Version 3
X is a primary RX48 module slot number.
2. Use the show chassis status or show redundancy drx command, in all modes
except User EXEC mode, to check the redundancy status information for both a
primary RX48 module and the standby RX48 module.
Automatically Enabling Primary RX48 Modules
By default, primary RX48 modules are enabled for redundancy if a standby RX48
module is present and operational in the spare slot of the RX48 redundancy group.
When a standby RX48 module is inserted into a BSR chassis that contains active
primary RX48 modules, these primary RX48 modules are automatically enabled for
redundant operation (or redundancy) once the standby RX48 is operational.
Enabling Redundancy on a Primary RX48 Module
RX48 redundancy is manually re-enabled by a cable operator typically after testing is
completed or after a change in the scheme for controlling which primary RX48
modules carry the highest priority for protection if a switch-over situation occurs. If
RX48 redundancy is disabled for testing or priority reasons, it may be re-enabled by
CLI commands.
Follow these steps to re-enable redundancy on a primary RX48 module:
1. Use the redundancy drx command, in Global Configuration mode, to re-enable
a primary TX32 module for redundancy protection, as shown:
MOT:7A(config)#redundancy drx <X>
where:
X is a primary RX48 module slot number.
2. Use the show chassis status or show redundancy drx command, in all modes
except User EXEC mode, to check the redundancy status information for both a
primary RX48 module and the standby RX48 module.
If you need to disable a primary RX48 module, refer to Disabling Redundancy on a
Primary RX48 Module for more information.
Compass ID: 391232199 Version 3 8-1
8
Configuring the Ether-Flex
TM
Module
Introduction
The Ether-Flex module can be configured for two Gigabit Ethernet or eight 10/100
Ethernet interfaces. This chapter provides information on configuring the Ether-Flex
Module. This chapter includes the following sections:
n Limitations of the Ether-Flex Module
n Configuring the Ether-Flex Module for 10/100 Ethernet Mode
n Configuring the Ether-Flex Module for Gigabit Ethernet Mode
n Identifying an Ether-Flex Module in the System
n Identifying the SFP Module Type
Limitations of the Ether-Flex Module
In the current implementation of the Ether-Flex Module, the module does not yet
support simultaneous GIG-E and 10/100 operation.
BSR 64000 System Administration Guide Release 6.3.1
8-2 Compass ID: 391232199 Version 3
Configuring the Ether-Flex Module for 10/100
Ethernet Mode
When initially brought online in a given slot, the default operational condition for the
Ether-Flex module is Gigabit Ethernet mode. To configure the Ether-Flex module to
operate in 10/100 Ethernet mode, do the following:
1. Use the hsim4 slot command:
MOT:7A#hsim4 slot <0-5, 9-15> ethernet
where:
0-5, 9-15 is the module slot number.
2. Use the reset slot command to make the configuration take effect:
MOT:7A#reset slot <num>
where:
<num> is the slot number of the module that you specified in Step 1.
Configuring the Ether-Flex Module for Gigabit
Ethernet Mode
When initially brought online in a given slot, the default operational condition for the
Ether-Flex module is Gigabit Ethernet mode. However, if the module was
subsequently configured to run in 10/100 Ethernet mode and you wish to switch it
back to Gigabit Ethernet mode, do the following:
1. Use the hsim4 slot command:
MOT:7A#hsim4 slot <0-5, 9-15> gigaether
where:
0-5, 9-15 is the module slot number.
2. Use the reset slot command to make the configuration take effect:
MOT:7A#reset slot <num>
where:
<num> is the slot number of the module that you specified in Step 1.
Release 6.3.1 Configuring the Ether-Flex
TM
Module
Compass ID: 391232199 Version 3 8-3
Identifying an Ether-Flex Module in the System
To identify if an Ether-Flex module is installed in your system, do the following:
1. Use the show chassis status command, in all modes except User EXEC, to
display the operational status of the individual modules in the BSR chassis.
MOT:7A#show chassis status
Figure Figure is typical screen output from the show chassis status command.
Ether-Flex modules appear in the display as HSIM GE2/ETH8. The command output
shows that there are Ether-Flex modules in slots 10 and 15.
Figure show chassis status Command Output
Current Time: 10/27-07:54:45
Running archive: NVRAM:archive3.Z
Slot Type Sub Red State RM IO UpTime LastUpTime Success Failure
0 - - - - 0 0
1 CMTS 2x8(2.0) 6 RUN x x 19:06:40 1 1
2 CMTS 2x8 - RUN x - 19:06:30 1 1
3 - - - - 0 0
4 - - - - 0 0
5 CMTS 1x8 6 RUN x x 19:08:48 1 1
6 CMTS 2x8(2.0) - stby x x 19:06:30 0 1
7 SRM3 - RUN x x 19:11:32 0 0
8 - - - - 0 0
9 - - - - 0 0
10 HSIM GE2/ETH8 - RUN x x 19:05:05 1 1
11 - - - - 0 0
12 - - - - 0 0
13 - - - - 0 0
14 - - - - 0 0
15 HSIM GE2/ETH8 - RUN x x 19:09:25 1 1
BSR 64000 System Administration Guide Release 6.3.1
8-4 Compass ID: 391232199 Version 3
Identifying the SFP Module Type
To identify the type of SFP Modules installed in your system, do the following:
1. Use the show interfaces gigaether command in any mode to display the status
and statistics for the gigaether interface:
MOT:7A#show interfaces gigaether <X/Y>
where:
X is the Ether-Flex module slot.
Y is the port number.
Figure Figure is typical screen output from the show interfaces gigaether command.
The display shows that the SFP module type is 1000BaseSX. Table Table lists and
describes the detected SFP module that can be indicated in the SFP Type field.
Figure show interfaces Command Output Showing SFP Type
gigaether 14/0 is up, line protocol is up
Hardware address is 00:30:b8:c6:5c:70
Internet address is 150.31.90.10/16
MTU 1500 bytes, BW 10000 Kbits
Encapsulation Arpa
(Auto) Half-duplex, (Auto) 1000Mb/s, SFP Type: 1000BaseSX
ARP Timeout 01:00:00
Last input 00:00:00, output 00:00:00
Last clearing of "show interface" counters never









Last state change never, 0 interface resets
Queueing strategy: FIFO
Output queue 0/100, 0 drops; input queue 0/0, 0 drops
5 minute Input rate 22 bytes/sec, 0 packets/sec
5 minute Output rate 21 bytes/sec, 0 packets/sec
963 packets input, 60742121 bytes
Received 931 broadcasts, 157816 multicasts
0 input errors, 0 CRC, 0 overruns
0 runts, 0 giants, 0 alignments
652840 packets output, 58690119 bytes
0 output errors, 0 collisions, 0 underruns
0 late collisions, 0 deferred, 0 lost carrier
Release 6.3.1 Configuring the Ether-Flex
TM
Module
Compass ID: 391232199 Version 3 8-5
Increased Hardware Accelerated Multicast Flow
Support
Release 5.3.0 increased the hardware accelerated multicast flows on the Ether-Flex
(HSIM4) module to a maximum of 512 flows while maintaining a maximum of 16 on
the HSIM2 module. Multicast flows exceeding the maximum hardware accelerated
limit per module will continue to be processed by the SRM.
Table SFP Type Field Display
SFP Type Displayed Description
1000BaseSX Indicates the presence of an 850 nm Multimode Fiber SFP
module.
1000BaseLX/EX/ZX Indicates the presence of either a 1000BaseLX 1000 (1310
nm, 10KM), a 1000BaseEX (1310 nm, 40KM), or a
1000BaseZX (1550 nm) Singlemode Fiber SFP module. The
BSR display does not distinguish between these three
different subtypes of singlemode fiber SFP modules.
1000BaseT Indicates the presence of a copper Shielded Twisted Pair
SFP module.
<not installed> Indicates that no SFP modules are physically present.
Note: BSR 64000 Software Release 6.3 and later do not support the HSIM2
module.
BSR 64000 System Administration Guide Release 6.3.1
8-6 Compass ID: 391232199 Version 3
8-Path ECMP
Equal-cost multi-path (ECMP) routing is a common method used by operators to
support load sharing and redundancy. Earlier releases of the BSR 64000 software
supported two equal-cost paths across two Gig-E modules commonly installed in the
BSR 64000. The ECMP feature has been enhanced in Release 5.2.0 to support a
maximum of three equal-cost multi-paths for the installed HSIM2 and Ether-Flex
modules, and further enhanced in Release 5.3.0 to support a maximum of eight
equal-cost multi-paths required to support four Ether-Flex modules installed in a BSR
64000 chassis.
There are two Gigabit Ethernet interfaces on each HSIM4 module, which means that
two ECMP paths are supported on each HSIM4. BSR support of up to 8 ECMP routes
to distribute upstream IP traffic across dual Gigabit Ethernet interfaces is based on the
configurations shown in the following table:
Multi-path routing maybe used with many of the common routing protocols such as
OSPF, IS-IS, RIP and BGP. The routing protocols learn the paths and the best routes
are added to the forwarding table for the HSIM modules.
Installed HSIM Modules
Maximum Number of
Equal-Cost Multi-Paths
HSIM4 2
HSIM4 and HSIM4 4
HSIM4, HSIM4 and HSIM4 6
HSIM4, HSIM4, HSIM4, and HSIM4 8
Compass ID: 391232199 Version 3 9-1
9
Configuring IPDR
Introduction
IPDR.org is an open consortium of leading service providers, equipment vendors,
system integrators, and billing and mediation vendors collaborating to facilitate the
exchange of usage and control data between network and hosting elements and
operations and business support systems by deployment of Internet Protocol Detail
Record (IPDR) standards. IPDR data formatting and streaming standards are
incorporated into CableLabs' DOCSIS specifications, by ongoing collaboration
between the two organizations, specifically in CableLabs Subscriber Account
Management Interface Specification (SAMIS). The SAMIS format for providing
subscriber account and billing information is specified by the DOCSIS Operations
Support System Interface (OSSI) specification.
The IPDR Streaming Protocol is now a mandatory element within the DOCSIS 2.0
Subscriber Accounting Management Interface Specification (SAMIS), and is
expected to be widely deployed by cable operators worldwide. With this most recent
adoption of the IPDR Streaming Protocol, to be implemented within Cable Modem
Termination Systems (CMTS), cable operators will be able to practice advanced
accounting data collection processing with the benefits of IPDR's plug-and-play
interoperability for network and business systems in the usage domain.
BSR 64000 System Administration Guide Release 6.3.1
9-2 Compass ID: 391232199 Version 3
IPDR based subscriber usage data accounting allows MSOs to accurately and reliably
collect and account for user traffic data from a DOCSIS access network. IPDR
support on the BSR offers a cost-effective and scalable solution for cable network
infrastructure. MSOs can use the BSR for interconnecting a cable network to the ISP
network or interconnecting distributed enterprise sites over a common backbone
network. The BSR provides layer 3 routing and limited layer 2 bridging services
through the cable access and backbone network to satisfy the above mentioned
application scenarios.
IPDR based export of subscriber usage accounting data from the BSR uses a standard
protocol interface with the collectors (servers). The typical deployment scenario is for
the BSR to interface with an IPDR collection network which is a network comprised
of IPDR collection systems.
Minimum Configuration
At a minimum, a user needs to enable IPDR on the BSR and configure the IP address
and priority of the collector. This allows the operation of the IPDR Exporter on the
BSR with all other parameters using their default values. Refer to the following:
n Enabling IPDR
n Configuring the Collector
Advanced Configuration
In addition to enabling IPDR and configuring the IP address and priority of the
collector, a user can change some of the other operational parameters (collect interval,
poll-rate, keepalive interval, etc.) to a value other than the default setting for the
optimal operation of the IPDR Exporter on BSR. Refer to the following:
n Enabling IPDR
n Configuring the Collector
n Configuring the Collection Interval
n Configuring Unacknowledged IPDR records
n Configuring the Keepalive Interval for IPDR Connections
n Configuring the Subscriber Transmision Rate
n Configuring a Source Interface
Release 6.3.1 Configuring IPDR
Compass ID: 391232199 Version 3 9-3
Enabling IPDR
Use the ipdr enable command, in Global Configuration mode, to enable the IPDR
export of subscriber usage based accounting information. The default is disabled.
MOT(config)# ipdr enable
Configuring the Collector
Use the ipdr collector command to add, delete, or modify authorized IPDR
collectors, as follows:
MOT(config)#ipdr collector <A.B.C.D> {<0-3>} [<1024-65535>]
[cpe-list-suppress]
where:
A.B.C.D is the IP Address of the collector.
0-3 is the priority value of the collector. The collector with highest priority value
(the one with highest numerical value) is selected as the primary collector for a
given IPDR session. If the priority value for two or more collectors is the same,
the collector with the lowest IP Address will be selected as the primary collector.
If the primary collector is unreachable for any reason, a session will be
established with the next highest priority collector.
1024-65535 specifies the TCP port for the collector connection - this should be
one of the non-reserved non-assigned TCP port number for the IPDR connection.
If not specified, the default port of 4737 will be used.
cpe-list-suppress optionally suppresses the inclusion of the CPE IP address list
as part of IPDR data record being exported to the collector. This could be useful
for improving performance and also for disabling the inclusion of CPE IP
Address List in IPDR records to be sent to collectors which do not support CPE
IP Address List ECN. If not specified, by default CPE IP Address list will be
included in IPDR records sent to a particular collector.
Note: The Session Id should be configured as "0" in the IPDR Collector when
configuring the Exporter (BSR) information in the IPDR Collector.
BSR 64000 System Administration Guide Release 6.3.1
9-4 Compass ID: 391232199 Version 3
Configuring the Collection Interval
Use the ipdr collection-interval command, in Global Configuration mode, to
configure the collection interval for exporting the subscribers IPDR records to the
collector, as follows:
MOT(config)#ipdr collection-interval <15-1440>
where:
15-1440 is the collection interval in minutes. The default collection interval is 30
minutes.
Configuring Unacknowledged IPDR records
Use the ipdr acksequenceinterval command, in Global configuration mode, to
configure the maximum number of unacknowledged IPDR records within a session
with a collector. Unacknowledged IPDR records are the maximum number of ACKs
which will be allowed to be pending at any given time.
MOT(config)#ipdr acksequenceinterval <1-128>
where:
1-128 is the maximum number of unacknowledged (pending) IPDR records. The
default maximum number of unacknowledged IPDR records is 64.
Note: The ipdr collector command allows for the provisioning of a maximum
of four IPDR collectors. An IPDR collector configured with this command is
uniquely identified using its IP address.
Note: Changing the ackSequenceInterval value will not affect an existing
IPDR session with the collector. A changed ackSequenceInterval value will
be used for a new, subsequently established IPDR session.
Release 6.3.1 Configuring IPDR
Compass ID: 391232199 Version 3 9-5
Use the ipdr acktimeinterval command, in Global Configuration mode, to configure
the maximum time between ACKs received from a collector within a session.
MOT(config)#ipdr acktimeinterval <1-60>
where:
1-60 is the maximum time between ACKs in seconds. The default maximum time
between ACKs is 30 seconds.
Configuring the Keepalive Interval for IPDR
Connections
Use the ipdr keepaliveinterval command, in Global Configuration mode, to
configure the keepalive interval for IPDR connections. A keepalive interval is the
maximum amount of idle time on an IDPR connection before a keepalive message is
sent to verify that the underlying TCP connection is still available.
MOT(config)# ipdr keepaliveinterval <10-300>
where:
10-300 is the keepalive interval in seconds. The default keepalive interval is 60
seconds.
Note: Changing the ackTimeInterval value will not affect an existing IPDR
session with the collector. A changed ackTimeInterval value will be used for a
new, subsequently established IPDR session.
Note: Changing the KeepAliveInterval value will not affect any existing IPDR
connection(s) with a collector(s). The existing IPDR connection(s) will
continue to use the previously negotiated value (as per the previous
configuration) with the collector. A changed KeepAliveInterval value will be
used for a new, subsequently established IPDR connection.
BSR 64000 System Administration Guide Release 6.3.1
9-6 Compass ID: 391232199 Version 3
Configuring the Subscriber Transmision Rate
Use the ipdr poll-rate command, in Global Configuration mode, to configure the
subscriber accounting information transmission rate from CMTS to SRM. The
subscriber accounting information transmission rate is the number of subscriber
accounting records per second.
MOT(config)#ipdr poll-rate {<16-100> | slot <NUM>{<16-100>}}
where:
16-100 is the number subscriber accounting records transmitted per second. The
default number of subscriber accounting records transmitted per second is 32.
slot NUM configures the subscriber accounting information transmission rate for
a specific the BSR 64000 CMTS slot number. The no ipdr poll-rate slot
command resets the poll rate value for a specified slot to the default.
Configuring a Source Interface
Use the ipdr source-interface command, in Global Configuration mode, to
optionally configure a source protocol address for IPDR transport (TCP) connections
to any of the configured collectors as an IP address associated with one of the BSRs
physical or loopback interfaces, as follows:
MOT(config)# ipdr source-interface {cable <X/Y> | ethernet <X/Y> | gigaether
<X/Y> | loopback <1-255>}
where:
cable X/Y is the slot and MAC Domain number of the CMTS module.
ethernet X/Y is the Ethernet interface slot and port number.
gigaether X/Y is the Gigabit Ethernet interface slot and port number.
loopback 1-255 is the loopback interface number.
Release 6.3.1 Configuring IPDR
Compass ID: 391232199 Version 3 9-7
Displaying IPDR Information
The show ipdr connection command displays the current transport status of an IPDR
connection with a specific collector or for all the configured collectors.
MOT:7A# show ipdr connection [<A.B.C.D>]
where:
A.B.C.D is the IP Address of a specific collector.
Refer to Chapter 7 to see typical screen output for the show ipdr connection
command.
The show ipdr session command displays the current status of a specific IPDR
session or all of the currently active sessions.
MOT:7A# show ipdr session [<NUM> [ detail ]]
where:
NUM is the IPDR unique session identifier. "0" indicates that the statistics
associated with session ID 0 will be displayed.
detail display the details of a specific IPDR session,
Refer to Chapter 7 to see typical screen output for the show ipdr session command.
The show cable metering-status command displays the status of most recent IPDR
streaming operation to currently selected IPDR collector
MOT:7A# show cable metering-status
Refer to the BSR 64000 Command Reference to see typical screen output for the show
cable metering-status command.
Compass ID: 391232199 Version 3 10-1
10
Configuring IPv6
Introduction
IPv6 represents the evolution of the Internet Protocol from IPv4. IPv6 maintains the
same basic operational principles of IPv4 but makes some important modifications
particularly in the area of addressing. One of the most significant changes is the
creation of an entirely new support protocol for IPv6 which combines several tasks
previously performed by other protocols in IPv4. This new protocol is called the IPv6
Neighbor Discovery (ND).
The Internet Control Message Protocol (ICMPv6) provides a method for error
reporting, route discovery and diagnostics. In addition, it provides information about
multicast group membership, and performs address resolution (Address Resolution
Protocol (ARP) in IPv4). Significant functionality of ICMPv6 includes neighbor
discovery and auto configuration. Neighbor discovery allows one device in a network
to find out about other nearby devices, and stateless address auto configuration allows
a device to dynamically configure an IPv6 address.
This chapter describes the following procedures:
n Configuring IPv6 Addresses
n Configuring IPv6 Cable Helper and Helper Addresses
n Configuring IPv6 Static Routes
n Configuring IPv6 Static Neighbors
BSR 64000 System Administration Guide Release 6.3.1
10-2 Compass ID: 391232199 Version 3
n Configuring IPv6 Neighbor Discovery
n Enabling ICMPv6 Redirects
n Configuring IPv4 to IPv6 Address Mapping
n Configuring IPv6 to IPv4 Address Mapping
n Tracing a Route
n Pinging a Device
n Creating an IPv6 Cable Bundle on a Loopback Interface
n Displaying IPv6 Information
n Clearing IPv6 Statistics
Configuring IPv6 Addresses
IPv6 addresses are hexadecimal and are made up of eight pairs of octets separated by
colons. An example of a valid address is fe80:0000:0000:0000:0340:0000:98ff:44bb.
This address may be abbreviated by omitting the leading zeros
fe80:0:0:0:340:0:98ff:44bb or consecutive zeros can be replaced with a double colon
fe80::340:0:98ff:44bb but the address can contain only one double colon.
The following rules apply to IPv6 addressing:
n The default link local address for the interface is automatically configured when
first IPv6 prefix is configured on that interface.
n A user specified link-local address can be configured before any primary or
secondary IPv6 address is configured for the interface, or to overwrite an existing
link-local address on an interface.
n BSR will not allow IPv6 address to be configured on an interface if TRI is
enabled on that interface (via the encapsulation dot1q command). Similarly the
BSR will not allow TRI to be enabled on an interface if IPv6 subnets are already
configured on that interface.
n The automatically generated default link local address for the interface is deleted
when the primary IPv6 prefix is deleted on that interface.
n The user configured link local address for the interface will not be automatically
be deleted when the primary IPv6 prefix is deleted on that interface.
n Deleting the primary IPv6 prefix of the interface without deleting all the
secondary prefixes of the interface is not allowed.
Release 6.3.1 Configuring IPv6
Compass ID: 391232199 Version 3 10-3
n When the user specified link local address for the interface is deleted, the default
link local address for the interface is automatically generated if the primary IPv6
subnet is previously configured for the interface.
n The BSR will not allow the IPv4-Mapped IPv6 Addresses to be configured as
part of the ipv6 address command.
1. Use the ipv6 address command, in Interface Configuration mode, to configure a
primary IPv6 address for an interface, as shown below:
MOT:7A(config-if)#ipv6 address <A:B:C:D:E:F:G:H/1-128>
where:
A:B:C:D:E:F:G:H/1-128 is the IPv6 address/Prefix Length.
2. Use the ipv6 address secondary command to optionally configure this IPv6
address as a secondary IPv6 address for the interface.
MOT:7A(config-if)#ipv6 address <A:B:C:D:E:F:G:H/1-128> [ secondary |
eui-64 secondary]
where:
A:B:C:D:E:F:G:H/1-128 is the IPv6 address/Prefix Length.
secondary optionally designates the IPv6 address as a secondary IPv6
address. Include the keyword secondary after the IPv6 address to specify
additional secondary IP addresses.
3. Use the ipv6 address eui-64 command to optionally specify an EUI-64 interface
identifier.
The Extended Unique Identifier (EUI). EUI-64 is a 64-bit identifier that is formed
by concatenating the 24-bit Organizationally Unique Identifier (OUI) with a
40-bit extension identifier that is assigned by the organization that purchased the
OUI. The resulting identifier is generally represented as a set of octets separated
by dashes (hexadecimal notation) or colons (bit-reversed notation) as in
xx-xx-xx-xx-xx-xx-xx-xx or xx:xx:xx:xx:xx:xx:xx:xx. RFC 3513 specifies the use of
EUI-64 identifiers as part of an IPv6 address.
BSR 64000 System Administration Guide Release 6.3.1
10-4 Compass ID: 391232199 Version 3
MOT:7A(config-if)#ipv6 address <A:B:C:D:E:F:G:H/1-128> eui-64
[secondary]
where:
A:B:C:D:E:F:G:H/1-128 is the IPv6 address/Prefix Length.
secondary optionally designates the IPv6 address as a secondary IPv6
address. Include the keyword secondary after the IPv6 address to specify
additional secondary IP addresses.
4. Use the ipv6 address { FE80:0:0:0:E:F:G:H } link-local command to configure a
link local address.
MOT:7A(config-if)#ipv6 address FE80:0:0:0:E:F:G:H link-local
where:
FE80:0:0:0:E:F:G:H link-local is the user-configured link-local address.
5. Use the description command to optionally specify descriptive information for
the interface that you are configuring. This information is limited to 80 characters
and spaces cannot be used.
MOT:7A(config-if)#description <LINE>
where:
LINE is the text that describes the interface.
6. Use the show ipv6 interface command to verify the configuration and current
state of the interface that you configured, as shown below:
MOT:7A(config-if)#show ipv6 interface [ brief | cable <X/Y> | ethernet
<X/Y> | gigaether <X/Y> | loopback <1-255> ]
Note: The link-local option will not be visible until the correct upper 8 octets
of the link-local address, which must be FE80:0:0:0, is entered. The lower 8
octets can be any valid entry.
Note: The entered description can be seen in the running configuration, and
in the command output of show commands such as the show ipv6 interface
command.
Release 6.3.1 Configuring IPv6
Compass ID: 391232199 Version 3 10-5
where:
brief displays summary information.
cable X/Y is the slot and MAC Domain number of the CMTS module.
ethernet X/Y is the Ethernet interface slot and port number.
gigaether X/Y is the Gigabit Ethernet interface slot and port number.
loopback 1-255 is the loopback interface number.
Refer to the IPv6 Commands in the BSR 64000 Command Reference Guide to see
typical screen output and field descriptions for the show ipv6 interface
command.
Removing an IPv6 Address
You can disable IP processing on a particular interface by removing its IP address
with the no ip address command. If the router detects another host using one of its IP
addresses, it will print an error message on the console. The software supports
multiple IP addresses per interface. A specific IP address can be removed from an
interface or all IP addresses associated with the interface can be removed.
n Use the no ip address command in Interface Configuration mode to remove a
specific IP address from the interface, as shown below:
MOT:7A(config-if)#ipv6 address {<A:B:C:D:E:F:G:H> |
<A:B:C:D:E:F:G:H/1-128>} [eui-64 [secondary] | secondary ]]
n Use the no ipv6 address command without arguments in Interface Configuration
mode to remove all addresses from the interface, as shown below:
MOT:7A(config-if)#no ipv6 address
Note: The primary IP address can be removed only after all of the secondary
subnet addresses associated with the interface have been removed.
BSR 64000 System Administration Guide Release 6.3.1
10-6 Compass ID: 391232199 Version 3
Configuring IPv6 Cable Helper and Helper
Addresses
The cable helper IPv6 address function disassembles a cable modem DHCP broadcast
packet, and reassembles it into a unicast packet so that the packet can traverse the
BSR and communicate with the DHCP server.
The cable helper address function is used in conjunction with the DHCP relay
function. If the ip dhcp relay information option command is not set, all requests
are sent to the IP address defined by the ip helper-address command. When ip dhcp
relay information option is enabled, the BSR can distinguish between requests from
cable modems, secondary hosts and secondary MTAs, and forwards the DHCP
requests to the cable helper IP address specifically defined for the requesting device.
Follow the steps in this section to configure the cable helper and IP helper address:
1. Use the cable ipv6 helper-address command, in Interface Configuration mode,
to configure the helper IPv6 address for the cable interface to forward only DHCP
broadcasts:
MOT:7A(config-if)#cable ipv6 helper-address <A:B:C:D:E:F:G:H>
cable-modem
where:
A:B:C:D:E:F:G:H is the IP address of the destination DHCP server.
Note: Multiple cable-helper addresses can be configured for cable modems,
hosts, and MTAs. If you want both cable modem and host DHCP requests to
be sent to the same DHCP server, configure the same cable helper IP
address for hosts and cable modems.
Release 6.3.1 Configuring IPv6
Compass ID: 391232199 Version 3 10-7
2. Specifying an IP helper address is only necessary when the BSR is required to
forward packets to the DHCP server. Use the ipv6 helper-address command in
Interface Configuration mode to forward default UDP broadcasts including IP
configuration requests to the DHCP server:
MOT:7A(config-if)#ipv6 helper-address <A:B:C:D:E:F:G:H>
where:
A.B.C.D is the destination DHCP server IP address.
3. Use the show ipv6 dhcp command in Interface Configuration mode to display
information about DHCP upstream and downstream port statistics:
MOT:7A(config-if)#show ipv6 dhcp
Configuring IPv6 Static Routes
The BSR can receive and send traffic by configuring a specific static route and a
default route can be set to reduce the routing table size. If a path to a destination
network cannot be located, the BSR forwards the traffic to a default router if one is
defined. Static routes cause packets moving between a source and a destination to take
a specific path.
Use the ipv6 route command, in Global Configuration mode, to establish a static
route through a network.
MOT:7A(config)#ipv6 route <A:B:C:D:E:F:G:H/0-128> {<A:B:C:D:E:F:G:H> |
<A:B:C:D:E:F:G:H>} [<1-255>]
where:
A:B:C:D:E:F:G:H/0-128 is the IPv6 address/Prefix Length.
A:B:C:D:E:F:G:H is the forwarding router's IPv6 address
A:B:C:D:E:F:G:H is the Link Local Address.
1-255 is the administrative distance; the default is 1.
Note: The IP helper address must be entered for the DHCP Lease Query
function to work regardless of whether the relay agent option is used.
BSR 64000 System Administration Guide Release 6.3.1
10-8 Compass ID: 391232199 Version 3
Configuring IPv6 Static Neighbors
Use the ipv6 neighbor command, in Global Configuration mode, to establish IPv6
static neighbors. The is referred to as a static arp configuration.
MOT:7A(config)#ipv6 neighbor <A:B:C:D:E:F:G:H> <H.H.H> {arpa | snap}
interface {ethernet <X/Y>| gigaether <X/Y>}
where:
A:B:C:D:E:F:G:H the IPv6 address of the ARP entry associated with the local
data link address.
H.H.H the 48-bit local data link address (MAC address) in the format
xxxx.xxxx.xxxx.
arpa is standard Ethernet-style ARP (RFC 826).
snap is IEEE 802.3 usage of ARP packets conforming to RFC 1042.
interface ethernet X/Y is the Ethernet interface slot and port number.
interface gigaether X/Y is the Gigabit Ethernet interface slot and port number.
Configuring IPv6 Neighbor Discovery
In IPv6, the Neighbor Discovery (ND) protocol is responsible for address resolution.
When a host wants to obtain the layer two address of a destination it sends a Neighbor
Solicitation ICMPv6 message containing the IP address of the device whose layer two
address it wants to determine. That device responds back with a Neighbor
Advertisement message that contains its layer two address. Instead of using a
broadcast message that would disrupt each device on the local network, the
solicitation is sent using a special multicast to the destination device's solicited-node
address.
Neighbor Discovery is an ICMPv6 function that allows a router or host to identify
other devices on its links. The discovered information is used in address auto
configuration to redirect a node to use a more appropriate router if necessary, and to
maintain reachability information with its neighbors. IPv6 Neighbor Discovery is
similar to the combination of the ARP, ICMP Router Discovery and ICMP Redirect
IPv4 protocols.
Release 6.3.1 Configuring IPv6
Compass ID: 391232199 Version 3 10-9
Configuring Duplicate Address Detection
When a host uses the IPv6 auto configuration facility, one of the steps in the process is
to ensure that the address it is trying to use doesn't already exist on the network. This
is accomplished by sending a Neighbor Solicitation message to the address the device
wishes to use. If a Neighbor Advertisement is received in reply, the address is already
in use and it cannot be used by the local host. Use the ipv6 nd dad attempts
command, in Interface Configuration mode, to enable Duplicate Address Detection
(DAD).
MOT:7A(config-if)# ipv6 nd dad attempts <0-600>
where:
0-600 is the number of DAD attempts
Dynamically Configuring IPv6 Header Information
This release adds the ability to dynamically configure the "Managed" configuration
flag (the "M" bit) and the "Other" configuration flag (the "O" bit) in an IPv6 header.
These bit settings were previously hard-coded into the BSR. The configuration is
made on a per-interface basis. Once set, the bit values are persistent through
configuration changes.
MOT:7A(config-if)# ipv6 nd managed-config-flag
This sets the "M" bit to 1 (true). This is the default setting.
MOT:7A(config-if)# ipv6 nd other-config-flag
This sets the "O" bit to 1 (true). This is the default setting.
MOT:7A(config-if)# no ipv6 nd managed-config-flag
This sets the "M" bit to 0 (false).
MOT:7A(config-if)# no ipv6 nd other-config-flag
This sets the "O" bit to 0 (false).
BSR 64000 System Administration Guide Release 6.3.1
10-10 Compass ID: 391232199 Version 3
Configuring Neighbor Solicitation
Neighbor Solicitation and Neighbor Advertisement messages are most often
associated with address resolution but also have other purposes. One of these
additional purposes is Neighbor Unreachability Detection. Each device maintains
information about each of its neighbors and updates this information dynamically as
network conditions change. The information is kept for both host and router devices
that are neighbors on the local network. The Neighbor Solicitation message allows a
device to check that a neighbor exists and is reachable, and to initiate address
resolution. The Neighbor Advertisement message confirms the existence of a host or
router, and also provides layer-two address information when needed.
Use the ipv6 nd ns-interval command, in Interface Configuration mode, to configure
the neighbor solicitation retransmission interval value.
MOT:7A(config-if)#ipv6 nd ns-interval <1000-3600000>
where:
1000-3600000 is neighbor solicitation retransmission interval value in
milliseconds.
Release 6.3.1 Configuring IPv6
Compass ID: 391232199 Version 3 10-11
Configuring Router Advertisement
Router advertisement messages contain information about the router and the network
on which it is located. Neighbor Discovery involves the regular transmission of router
advertisement messages.
Use the ipv6 nd ra-interval command, in Interface Configuration mode, to configure
the timer that controls how often a router advertisement is sent from the BSR.
MOT:7A(config-if)#ipv6 nd ra-interval {<3-1800> | msec <500-1800000>}
where:
3-1800 is the router advertisement interval value in seconds.
msec 500-180000 is the router advertisement interval value in milliseconds.
Use the ipv6 nd ra-lifetime command, in Interface Configuration mode, to configure
a timeout value for router advertisement messages.
MOT:7A(config-if)#ipv6 nd ra-lifetime <0-9000>
where:
0-9000 is sets the router advertisement lifetime value in seconds.
Use the ipv6 nd ra suppress command, in Interface Configuration mode, to suppress
all router advertisement messages.
MOT:7A(config-if)#ipv6 nd ra suppress
Configuring Reachability
Determining that a device has become unreachable is important because a host can
adapt its behavior accordingly. In the case of an unreachable host, a device may wait a
certain period of time before trying to send packets to an unreachable host instead of
flooding the network with repeated attempts to send to the host. An unreachable
router is a signal that the device needs to find a new router to use, if an alternate is
available.
Use the ipv6 nd reachable-time command, in Interface Configuration mode, to
configure the reachability time on the BSR.
MOT:7A(config-if)#ipv6 nd reachable-time <0-3600000>
where:
0-3600000 is the reachability time in milliseconds.
BSR 64000 System Administration Guide Release 6.3.1
10-12 Compass ID: 391232199 Version 3
Enabling ICMPv6 Redirects
A major responsibility of the IPv6 Neighbor Discovery is the redirect function. The
redirect function is used by the BSR to inform a host of a better route to use for
packets sent to a particular destination. It is similar to the IPv4 redirect feature and is
implemented using ICMPv6 redirect messages.
When the BSR sends a redirect message, it may also include in the message the data
link layer address of the destination to which it is redirecting. This address is used by
the host to update its address resolution cache.
Use the ipv6 redirects command, in Interface Configuration mode, to enable packets
to be redirected.
MOT:7A(config-if)# ipv6 redirects
Configuring IPv4 to IPv6 Address Mapping
IPv6-mapped addresses are used by an IPv4 host to communicate with an IPv6 host.
The IPv4 host addresses the packet to the mapped address.
Use the ipv4 range command, in Global Configuration mode, to establish IPv4 to
IPv6 address mapping.
MOT:7A(config)#ipv4 range <A:B:C:D/1-32> mapto <A:B:C:D:E:F:G:H>
where:
A:B:C:D/1-32 is the IPv4 address/Prefix Length to be mapped to an IPv6 address.
mapto translates the above IPv4 address/Prefix Length into an IPv6 address.
A:B:C:D:E:F:G:H maps to this IPv6 address.
Configuring IPv6 to IPv4 Address Mapping
IPv4-mapped addresses are used by an IPv6 host to communicate with an IPv4 host.
The IPv6 host addresses the packet to the mapped address.
Use the ipv6 range command, in Global Configuration mode, to establish IPv6 to
IPv46 address mapping.
MOT:7A(config)#ipv6 range <A:B:C:D:E:F:G:H/1-128> mapto <A.B.C.D>
where:
A:B:C:D:E:F:G:H/1-128 is the IPv6 address/Prefix Length to be mapped to an
IPv4 address.
Release 6.3.1 Configuring IPv6
Compass ID: 391232199 Version 3 10-13
mapto translates the above IPv6 address/Prefix Length into an IPv4 address.
A:B:C:D maps to this IPv4 address.
Tracing a Route
A route path includes all IP level devices, such as routers and switches, that packets
travel through to get to their intended destination.
Use the traceroute6 command, in User EXEC or Privileged EXEC modes, to identify
the route path from the route source to the route destination.
MOT:7A# traceroute6 {<A:B:C:D:E:F:G:H > | options <WORD>
{<A:B:C:D:E:F:G:H >}} [source <A:B:C:D:E:F:G:H >] [timeout <1-1024>]
[nprobes <1-1024>] [maxhops <2-1024>] [port <0-65535>]
where:
A:B:C:D:E:F:G:H is the destination IPv6 address.
options WORD is any combination of d, l, n, r, or v;
d = SO_DEBUG, l = hostnames and addresses, n = addresses, r =
SO_DONTROUTE, v = verbose
source A:B:C:D:E:F:G:H is the IPv6 address of the source interface.
timeout 1-1024 is the number of seconds to wait for a response to a probe packet.
nprobes 1-1024 is the number of probes to send.
maxhops 2-1024 is the maximum TTL value - the traceroute6 command
terminates when the destination or this value is reached.
port 0-65535 is the destination port used by the UDP probe messages.
BSR 64000 System Administration Guide Release 6.3.1
10-14 Compass ID: 391232199 Version 3
Pinging a Device
The Packet Internet Groper (PING) ping6 command sends an Internet Control
Message Protocol (ICMPv6) echo request to a remote host that reports errors and
provides information relevant to IP packet addressing.
Use the ping6 command, in all modes except User EXEC, to check host reachability
and network connectivity or to confirm basic network connectivity
MOT:7A#ping6 <A:B:C:D:E:F:G:H>
where:
A:B:C:D:E:F:G:H is the destination IPv6 address.
Creating an IPv6 Cable Bundle on a Loopback
Interface
Configuring a loopback interface as a cable bundle master provides a mechanism for
configuring the IPv6 parameters of a cable bundle in a virtual interface which is
independent of physical cable interfaces. The advantage of configuring a virtual
interface as the cable bundle master is that IPv6 configuration information will be
always available regardless of the state of the CMTS hardware. The slave cable
interfaces of a bundle whose master is a virtual interface will not lose their IPv6
information when the hardware module for one of the cable interfaces has either
failed or been removed.
Follow these steps to configure an IPv6 cable bundle on a loopback interface on the
BSR 64000:
1. Use the interface loopback command, in Global Configuration mode, to enter
the loopback interface that you want to designate as the master cable bundle:
MOT:7A(config)#interface loopback <1-255>
where:
1-255 is the loopback interface number for the master cable bundle.
2. Use the ipv6 address command, in Interface Configuration mode, to define an
IPv6 address for the loopback interface:
MOT:7A(config-if)#ipv6 address <A:B:C:D:E:F:G:H/1-128>
where:
A:B:C:D:E:F:G:H/1-128 is the IPv6 address/Prefix Length.
Release 6.3.1 Configuring IPv6
Compass ID: 391232199 Version 3 10-15
3. Use the ipv6 address secondary command, in Interface Configuration mode, to
optionally configure a secondary IPv6 address for the loopback interface:
MOT:7A(config-if)#ipv6 address <A:B:C:D:E:F:G:H> |
<A:B:C:D:E:F:G:H/1-128>} secondary
where:
A:B:C:D:E:F:G:H/1-128 is the IPv6 address/Prefix Length.
secondary designates the IPv6 address as a secondary IPv6 address.
4. Use the show running-config command to make sure that DHCP relay is enabled
on the master cable loopback interface. Check the command output to see if the
IP v6helper address or cable helper address is assigned to the master cable
loopback interface.
If the IPv6 helper address or cable helper address is not assigned to the master
cable loopback address, use the ip helper-address or cable ipv6 helper-address
commands, in Interface configuration mode, to enable DHCP relay. The ipv6
helper-address or cable ipv6 helper address specifies the DHCP server.
5. Use the show interfaces loopback command to determine if an IP address is
assigned to the master cable loopback interface:
MOT:7A(config-if)#show interfaces loopback <1-255>
where:
1-255 is the loopback interface number.
If the master cable loopback interface does not have IPv6 address, use the ipv6
address command to specify the master cable loopback interface IP address.
6. Use the cable bundle master command in Interface Configuration mode to
assign the loopback interface as the master cable interface and assign the bundle a
number:
MOT:7A(config-if)#cable bundle <0-255> [master]
where:
0-255 is the number of the cable bundle identifier.
7. Use the end command in Interface Configuration mode to exit the master cable
interface.
BSR 64000 System Administration Guide Release 6.3.1
10-16 Compass ID: 391232199 Version 3
8. Use the show interfaces cable command to make sure that the slave cable
interface does not have an IP address assigned to it:
MOT:7A(config)#show interfaces cable <X/Y>
where:
X/Y is the slot and MAC Domain number of the CMTS module:
9. Use the show running-config command verify your cable bundle configuration
for each loopback interface.
10. Use the show cable bundle command to display a particular cable bundle or the
show cable bundle 0 command to display all configured cable bundles.
Displaying IPv6 Information
show ipv6 dhcp
The show ipv6 dhcp stats command displays DHCP messages sent and received for
all slots on the BSR.
MOT:7A# show ipv6 dhcp
show ipv6 interface
The show ipv6 interface command displays the status, statistical information, and
configuration for the network interfaces. The show ipv6 interface command without
any command arguments displays status, statistical information, and configuration for
all interfaces.
MOT:7A# show ipv6 interface [cable <X/Y> | ethernet <X/Y> | gigaether <X/Y> |
loopback <1-255>]
where:
cable X/Y is the cable interface slot and MAC domain number.
ethernet X/Y is the Ethernet interface slot and port number.
gigaether X/Y is the Gigabit Ethernet interface slot and port number.
loopback 1-255 is the loopback interface number.
show ipv6 interface brief
The show ipv6 interface brief command provides a summary of IPv6 status and
configuration.
Release 6.3.1 Configuring IPv6
Compass ID: 391232199 Version 3 10-17
MOT:7A# show ipv6 interface brief [cable <X/Y> | ethernet <X/Y> | gigaether <X/
Y> | loopback <1-255>]
where:
cable X/Y is the cable interface slot and MAC domain number.
ethernet X/Y is the Ethernet interface slot and port number.
gigaether X/Y is the Gigabit Ethernet interface slot and port number.
loopback 1-255 is the loopback interface number.
show ipv6 neighbor
The show ipv6 neighbor command displays the known IPv6 neighbors.
MOT:7A# show ipv6 neighbor <A:B:C:D:E:F:G:H> [cable <X/Y> | ethernet <X/Y>
| gigaether <X/Y> | loopback <1-255>]
where:
A:B:C:D:E:F:G:H the IPv6 address of the neighbor entry.
cable X/Y is the cable interface slot and MAC domain number.
ethernet X/Y is the Ethernet interface slot and port number.
gigaether X/Y is the Gigabit Ethernet interface slot and port number.
loopback 1-255 is the loopback interface number.
show ipv6 route
The show ipv6 route command displays active entries in the IPv6 routing table.
MOT:7A# show ipv6 route [ <A:B:C:D:E:F:G:H> | <A:B:C:D:E:F:G:H/ 1-128 > |
connected | static | summary]
where:
A:B:C:D:E:F:G:H is the destination IPv6 Address.
A:B:C:D:E:F:G:H/ 1-128 is the IPv6 address/Prefix Length.
connected displays connected routes.
static displays static routes.
summary displays a summary of routes in the IPv6 routing table.
BSR 64000 System Administration Guide Release 6.3.1
10-18 Compass ID: 391232199 Version 3
show ipv6 traffic
The show ipv6 traffic command displays IPv6, ICMPv6, UDPv6, and DHCPv6
statistics.
MOT:7A# show ipv6 traffic [detail]
where:
detail displays detailed statistical information.
Clearing IPv6 Statistics
clear ipv6 neighbor-cache
The clear ipv6 neighbor-cache command clears the entire IPv6 neighbor cache or a
specific neighbor cache entry.
MOT:7A# clear ipv6 neighbor-cache [<A:B:C:D:E:F:G:H> | <A:B:C:D:E:F:G:H>]
where:
A:B:C:D:E:F:G:H is the IPv6 address of the neighbor cache entry.
A:B:C:D:E:F:G:H is the Link Local address of the neighbor cache entry.
clear ipv6 traffic
The clear ipv6 traffic command clears IPv6 protocol statistics.
MOT:7A# clear ipv6 traffic
Compass ID: 391232199 Version 3 Index-1
A
adding
ARP cache entry, 3-2
permanent ARP entry, 3-2
Address Resolution Protocol
configuring, 3-2
addresses
Ethernet, 3-2
Internet, 3-2
MAC, 3-2
ARP
configuring, 3-2
ARP cache
adding entry, 3-2
ARP entry
adding permanent, 3-2
ARP table information
displaying, 3-15
B
broadcast address
scheme, 3-4
broadcast packets
directed, 3-4
flooded, 3-4
limited, 3-4
broadcast storms
avoiding, 3-4
buffer
clearing, 2-10
C
chassis information, 1-25
clear ip route, 3-14
clearing
buffer, 2-10
routing table entry, 3-7
commands
router ospf process-id, 7-19, 7-20, 7-21, 7-24,
7-25
configuring
console logging, 2-8
FTP access, 6-10
console logging
configuring, 2-8
D
datagram
fragmentation, 3-1
packet format, 3-1
reassembly, 3-1
routing to remote host, 3-1
default route
setting, 3-6
default router
definition, 3-6
directed broadcast packets, 3-4
displaying
ARP table information, 3-15
IP interface state, 3-15, 4-14
routing table status, 3-16
Index
Index-2 Compass ID: 391232199 Version 3
BSR 64000 System Administration Guide Release 6.3.1
static routes
status, 3-16
E
E1 clock, 7-9
enabling
ICMP netmask reply, 3-11
Ethernet
auto-negotiation, 4-5
Ethernet address, 3-2
F
flooded broadcast packets, 3-4
fragmentation, 3-5
FTP
access
configuring, 6-10
G
generating
ICMP unreachable messages, 3-11
H
Host-to-Host Transport layer, 3-1
I
ICMP, 3-8
ICMP echo request packets
sending, 3-11
ICMP netmask reply
enabling, 3-11
ICMP unreachable messages
generating, 3-11
Internet address, 3-2
Internet Control Message Protocol, 3-8
IP
packet, 3-1
IP interface state
displaying, 3-15, 4-14
L
limited broadcast packets, 3-4
M
MAC address, 3-2
Multimedia Terminal Adapters (MTAs), 7-7
N
Network Access layer, 3-1
O
optional packet count
setting, 3-11
P
Primary CMTS Module, 7-7
R
reducing
routing table size, 3-6
Remote Authentication Dial In User Service
(RADIUS)
configuring, 5-1 to 5-6
remote hosts, 3-1
route
configuring, 3-6
setting specific, 3-6
specifying, 3-6
router discovery packets
tracing, 3-8
Router Discovery Protocol, 3-8
routing
datagram
to remote host, 3-1
routing table
information, 3-2
status
displaying, 3-16
routing table entry
Compass ID: 391232199 Version 3 Index-3
Release 6.3.1 Index
clearing, 3-7
S
Secure Shell server (SSH)
configuring, 5-7 to ??
security access
system, 1-7
sending
ICMP echo request packets, 3-11
setting
default route, 3-6
optional packet count, 3-11
specific route, 3-6
SONET
deriving network clocking from, 7-9
SRM Redundancy, 7-1
Standby CMTS Resource Module, 7-7
static routes
status
displaying, 3-16
Stratum 3 clock, 7-9
system
login
account, 1-7
security access, 1-7
system information, 1-26
T
T1 clock, 7-9
telnet
access, 1-3
configuration of, 1-11
password configuration, 1-5
RADIUS authentication, 5-4
tracing
router discovery packets, 3-8
V
VoIP calls, 7-9
Compass ID: 391232199 Ver-
sion 3
12/11
Visit our website at:
www.motorola.com

You might also like