cc/td/doc/product/dsl_prod/c600s/cbos
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table of Contents

Introduction to the Cisco Broadband Operating System

Introduction to the Cisco Broadband Operating System

This chapter provides an overview of the Cisco Broadband Operating System (CBOS) and its features. CBOS is the common operating system for all Cisco Customer Premise Equipment (CPE), including the Cisco 627, Cisco 633, Cisco 673, Cisco 675, the Cisco 675e, the Cisco 677, and the Cisco 678.


Note These products are referred to as the Cisco 67x product line. When you see 67x in this documentation, substitute the hardware product you are using.

The CBOS is modeled after the Cisco Internetworking Operating System (IOS) and features a similar command syntax and format.

This chapter includes the following sections:

For more information on using the CBOS, refer to "Using the Command Line Interface."

The list below defines the terminology used in this chapter.

1.1 New Features for CBOS Release 2.3.0

1.1.1 Port Address Translation Enhancements

CBOS Release 2.3.0 adds Port Address Translation (PAT) enhancements as discussed in the following sections.

Support for Microsoft WINS Applications

CBOS Release 2.3.0 adds PAT support for Microsoft WINS-based applications:

Support for UDP Broadcast

CBOS Release 2.3.0 adds PAT support for UDP network-directed as well as subnetwork-directed broadcasts.

1.1.2 Support for Remote Shell (rsh), Remote Copy (rcp), and Remote Login (rlogin)

CBOS Release 2.3.0 adds PAT support for non-encrypted remote shell (rsh), remote copy (rcp), and remote login (rlogin) protocols.

1.1.3 Network Address Translation Enhancements

CBOS Release 2.3.0 adds Network Address Translation (NAT) enhancements that allow NAT to be applied to each interface. This means you can apply NAT to the Ethernet, logical WAN interfaces and the VIPs (virtual interfaces). With the latest NAT enhancements, eth0, vip0 through vip2 can be configured as inside or outside interfaces and wan0-0 through wan 0-3 can be configured as outside interfaces for NAT.

When NAT is enabled, NAT translates only inside to outside and outside to inside traffic. Traffic that remains within its own respective boundary (inside to inside or outside to outside) is not translated.

NAT Commands with No Changes

Use the current commands to globally configure interface timeout values. No new commands are added to create dynamic NAT table entries because the network generates these based on traffic. The NAT commands in Table 1 have not changed:


Table 1: NAT Commands with No Changes
Command Description

set nat { enable | disable }

Global on and off command for all interfaces

set nat disable

Disables NAT on all interfaces

set nat entry add

Adds a static NAT entry

set nat entry delete

Deletes a static NAT entry

set nat outside ip address

Adds a specific static NAT entry to the WAN0-0 table

show nat

Displays all NAT entries, including static and wildcard Wildcard entries display as asterisks.

NAT Commands with Changes

Table 2 lists new commands to set NAT protocols for specific interfaces.


Table 2: NAT Commands with Changes
Command Description

set nat outside ip ip address

Sets Outside Global IP Address for the WAN0-0 Interface as in CBOS 2.2

set interface wan0-1 outside ip 172.167.20.42

Sets a specific outside IP address for WAN0-1 interface

set int eth0 inside

Sets ETH0 interface as an inside network

set int vip0 inside

Sets virtual interface 0 as an inside network


Note The command set interface eth0 outside ip address is invalid.

Enhancements to the show nat command includes the NAT Status and Network Side for all Interfaces. The following is an example of the new format:

sh nat Example cbos#sh nat NAT is currently enabled Port Network Global eth0 Inside wan0-0 Outside 192.161.23.4 vip0 Outside vip1 Outside vip2 Outside Local IP Port Global IP Port Timer Flags Proto Interface ***** ********** 0 0x3041 *** eth0

1.1.4 Support for IP Precedence

CBOS Release 2.3.0 recognizes IP Precedence bits defining Type of Service (TOS) in the IP header and routes IP packets based on this value. With this enhancement, you can use IP Precedence to route packets to a specific interface.

IP Precedence bits map to individual interfaces according to the following rules:

IP Precedence bits route IP packets to individual interfaces according to the following rules:

New extensions to the CBOS Release 2.3.0 CLI allow users with enable-level access to configure and map IP Precedence values to different interfaces. The syntax for the new command is:

set route add ip ip_address gateway gw_address precedence n

Table 3 shows examples of this command.


Table 3: Sample IP Precedence Setting Commands
Command Description

set route add ip 192.200.1.0 gw 192.100.10.1 precedence 5

Routes packet from network 192.200.1.0 with a precedence of 5 to the gateway at 192.100.10.1

set route add ip 192.200.1.0 gw wan0-1 precedence 5

Sets IP Precedence to 5 for gateway interface

set route default wan0-1 precedence 5

Sets a default route for precedence 5 packets to wan0-1

The set route command can accept either an IP address or an interface as valid entries according to the command syntax set route default { ip-address | interface } or set route add ip ip-address gw { ip-address | interface }. When using IP address as a gateway, the gateway address must exist in one of WAN interfaces. Use show route to display WAN addresses.

Enhancements to the set route default command include a precedence field that defines the default routes for packets with Precedence bits set. The syntax for the set route default command is:

set route default { ip address | interface } precedence n

The show route command now includes a column [P] showing the precedence level. The following is an example of the new format:

#show route [TARGET] [MASK] [GATEWAY] [M] [P] [TYPE] [IF] [AGE 0.0.0.0 0.0.0.0 0.0.0.0 1 SA WAN0-0 0 0.0.0.0 0.0.0.0 0.0.0.0 1 5 SAR WAN0-1 0 192.168.10.0 255.255.255.0 0.0.0.0 1 LA ETH0 0 192.168.1.0 255.255.255.0 0.0.0.0 1 A WAN0-0 0 192.168.2.0 255.255.255.0 0.0.0.0 1 AR WAN0-1 0 WAN Interfaces... 192.168.1.72 255.255.255.255 0.0.0.0 1 HA WAN0-0 0 192.168.2.72 255.255.255.255 0.0.0.0 1 HA WAN0-1 0 192.168.3.72 255.255.255.255 0.0.0.0 1 HA WAN0-2 0

1.1.5 Support for TFTP Checksum

CBOS Release 2.3.0 enhances its TFTP Client and Server programs to perform checksum validation for image and configuration file transfers. Image and configuration files will be written to NVRAM only after a successful checksum validation.

Caution The running configuration will be deleted when a TFTP file transfer is done.

1.1.6 New Default Settings

CBOS Release 2.3.0 defines new factory default settings. These settings apply to the Cisco 675 only:

set ppp wan0-0 ipcp 0.0.0.0

set ppp wan0-0 dns 0.0.0.0

set ppp wan0-0 subnet 0.0.0.0

set multicast forwarding disabled

set broadcast forwarding disabled


Note The show run command does not show these services as enabled. Default settings are not displayed in the running configuration.

1.1.7 Support for GSI 3.2 Firmware Update

The GSI 3.2 firmware update provides for lower baud rates to the 17 Kbaud and 64 Kbaud. CBOS Release 2.3.0 supports these rates in the Cisco 675 and 675e. The Cisco 677 can support these rates after downloading the CBOS Release 2.3 image. Service providers now have wider range of desirable rates from which to chose for these products. (See Table 4 and Table 5.)


Table 4: Downstream Channel Bit Rate per Constellation Size (kb/s)
Bit Rate per Constellation Size (kb/s)
Symbol Rate (Kbaud) Signal 256 uncoded 256 128 64 32 16 8

136

Payload with RS

1024

896

768

640

512

384

256

340

Payload with RS

2560

2240

1920

1600

1280

960

640

680

Payload with RS

5120

4480

F/A

3200

F/A

1920

F/A

952

Payload with RS

7168

6272

F/A

4480

F/A

2688

F/A

RS = Reed-Solomon error correction
F/A = Future Availability


Table 5: Available Downstream/Upstream Baud Rates
Downstream Kbaud Upstream Kbaud

136

17

136

68

136

136

340

68

340

136

680

136

952

136

The show rates command now includes entries with the additional baud rate combinations. The following is an example of the additional listings:

cbos#show rates Possible ATM/ADSL Line Rates Downstream Upstream (Kbps) --------------------------------------------- 952 Kbaud Downstream ----- 136 Kbaud Upstream 7168 1088 6272 952 4480 680 2688 408 --------------------------------------------- 680 Kbaud Downstream ----- 136 Kbaud Upstream 5120 1088 4480 952 3200 680 1920 408 --------------------------------------------- 340 Kbaud Downstream ----- 136 Kbaud Upstream 2560 1088 2240 952 1920 816 1600 680 1280 544 960 408 640 272 91 340 Kbaud Downstream ----- 68 Kbaud Upstream 2560 544 2240 476 1920 408 1600 340 1280 272 960 204 640 136 45 --------------------------------------------- 136 Kbaud Downstream ----- 136Kbaud Upstream 1024 1088 896 952 768 816 640 680 512 544 384 408 256 272 136 Kbaud Downstream ----- 68 Kbaud Upstream 1024 544 896 476 768 408 640 340 512 272 384 204 256 136 45 136 Kbaud Downstream ----- 17 Kbaud Upstream 1024 136 896 119 768 102 640 85 512 68 384 51 256 34 11

1.1.8 CBOS Modifications for Setting Upstream Transmit Power

New extensions to the CBOS Release 2.3.0 CLI allow a user with exec-level access to set the upstream transmit power. The syntax for the command is:

set interface wan0 txpower value_in_db

Valid values are:

1 = full
2 = -3 db
3 = -6 db
4 = -9 db
5 = -12 db
6 = -15 db

1.1.9 Enhancements to DHCP Pool Start Addressing

CBOS Release 2.3.0 enables you to learn the starting addresses for the DCHP pool. CBOS Release 2.3.0 enhancements use the mask learned during IPCP negotiation to define the range of IP addresses.

1.1.10 Enhancements to WAN-LNK LED Blink Pattern

CBOS Release 2.3.0 adds new blink patterns to the WAN Link LED to indicate the connection state of the Cisco 675 in more detail.


Table 6: WAN Link LED Blink Patterns
Blink Pattern/Rate Description

Steady ON

A link is established to the WAN port. All parameters for physical and logical connections are correctly set. The equipment successfully transmits and receives data.

Continuous rapid blinking, about 3 blinks per second

The equipment is trying to establish a connection. The pattern continues until a connection is established.

Intermittent blinking.

For the Cisco 675: 6 rapid blinks followed by a 2-second pause before repeating.

For the Cisco 676 or 677: 5 rapid blinks followed by a 2-second pause before repeating.

The equipment is trying to establish a physical connection. At this time, the training session is not yet completed; there are no logical connections and negotiated line conditions with other equipment (such as DSLAMs) are not yet established.

OFF

Check all connections. Ensure the WAN0 interface is not disabled.

1.1.11 Enhancements to the Set Filter Command

Use the set filter command to specify and modify IP filtering conventions for the Cisco 67x.

set filter {code} {on | off | reset} [deny | allow] {incoming | outgoing} {interface eth0 | wan0-0 | all}{src-ip src-mask dest-ip dest-mask} [protocol TCP | UDP | ICMP] [srcport lo - hi] [destport lo - hi]

Syntax Description

code

Enter the filter number to be modified. Valid filter code values are 0 through 19.

on | off | reset

Enables, disables or resets the filter. Reset allows you to reset a filter to default values without removing an entire configuration.

deny | allow

Specifies whether the filter is to allow or deny packets that match the filter's address and mask.

incoming | outgoing

Specifies direction of traffic to be filtered; required.

interface eth0 | wan0-0 | all

Displays the Interface on which to apply the filter. This can be a particular interface such as eth0 or wan0-x or all interfaces.

src-ip

Enter the source IP address for packets.

src-mask

Enter the mask to be applied to source IP address. This allows the filter to match a group of incoming IP addresses.

dest-ip

Enter the destination IP address of outgoing packets.

dest-mask

Enter the mask to be applied to destination IP address. This allows the filter to match a group of outgoing IP addresses.

protocol TCP | UDP | ICMP

Specify which protocol to match; optional.

srcport lo - hi

Displays the inclusive range of source port numbers to block; 1 - 65535 matches all source ports.

destport lo - hi

Displays the inclusive range of destination port numbers to block; 1 - 65535 matches all destination ports.

Command Mode

Enable

Usage Guidelines

Use the set filter command to specify IP filtering conventions. The Cisco 67x has 20 filters that can be applied to TCP, UDP and ICMP packets passing through the router's interfaces. Enabled filters are applied to packets in sequential order according to filter number.

The rules that govern the filter command are:

Examples

The following example blocks all web access.

set filter 0 on deny all 0.0.0.0. 0.0.0.0 0.0.0.0. port 80

The following example blocks all telnet access from the 192.168.0.25 network.

set filter 1 on deny all 192.168.0.0 255.255.255.0 0.0.0.0. 0.0.0.0 port 23

The following example accepts telnet access from the host 192.168.0.25.

set filter 2 on allow all 192.168.0.25 255.255.255.255 0.0.0.0. 0.0.0.0 port 23

The following example blocks all FTP access on a wan port.

set filter 3 on deny wan0-1 0.0.0.0. 0.0.0.0 0.0.0.0. 0.0.0.0 port 21

The following example turns off the first filter.

set filter 0 off
Note Press enter only after entering all command parameters. A command may appear on two lines here for readability.

1.2 Common Features

This section describes the CBOS-supported features that are common to the Cisco Customer Premise Equipment (CPE) product line.

DHCP automatically configures the IP addresses of both the Cisco CPE 67x series products and PC clients within the SOHO network. NAT uses one or more public IP address to translate the SOHO network's private IP address space into real, Internet-valid network IP addresses (Figure 1-7).

Figure 1-7: Configurationless Provisioning with DHCP and NAT


Benefits of Configurationless Provisioning

Configurationless provisioning provides:


Note The Cisco 67x CPE products and the CBOS are Y2K compliant.

1.2.1 Configurationless Provisioning Process

The combination of DHCP and NAT in the Cisco PPP/ATM environment supports a configurationless CPE provisioning by automatically configuring both the Cisco 67x and the associated SOHO network at power-on. A minimal configuration is required in the user PC (typically a single check-box to enable DHCP operation) but all PCs within the network have identical settings which simplifies initial provisioning and network support.

Understanding the DHCP Server and DHCP Client

Two components make up the dynamic host configuration protocol on the Cisco 67x:

Using the Cisco 67x as a DHCP Server

When the Cisco 67x DHCP server operates in:

The configuration information that the Cisco 67x DHCP server is able to assign to SOHO clients includes, but is not limited to, the following:


Note The Cisco 67x does not automatically resolve DNS addresses. Therefore, you must enter the following configuration parameters as IP addresses.

Note Not all DHCP clients accept or understand every configuration parameter option passed to them.
Using the Cisco 67x as a DHCP Client

The Cisco 67x operates as a DHCP client as follows:

    1. A PPP session is established over wan0-0.

    2. The Cisco 67x (see Figure 1-7) sends a DHCP client request to the service provider's network.

    3. The Cisco 67x obtains configuration information from the service provider's DHCP server.

    4. The Cisco 67x turns into a DHCP server and can configure SOHO clients (PC#1, PC#2, and PC#3).


Note If you use the DHCP client mode, you must also use the DHCP server mode.

    5. When the DHCP server is enabled, the Cisco 67x must contain a valid DHCP configuration, which has been either manually provisioned or obtained during a previous client transaction.

    6. The Cisco 67x saves the client configuration information obtained during the client transaction to NVRAM for subsequent use.

Understanding NAT

NAT in the Cisco 67x translates private (or Internet-invalid) IP addresses to public (Internet-valid) IP addresses. By dynamically creating a table of translation information each time data is exchanged with any network outside of the SOHO network, the CPE device allows multiple PCs to oversubscribe a single, public IP address. This powerful feature both conserves IP addresses and minimizes customer reconfiguration of a local SOHO network.

Use NAT if you cannot use a network's internal private addresses outside either for security reasons or because the addresses are invalid outside the network.


Note Cisco CPE products do not support basic NAT for the 2.1.0 Release.

When NAT is enabled, the Cisco 67x obtains a public IP address from the upstream router (in most cases a Cisco 7200) using either PPP's IPCP protocol or a DHCP client transaction. The upstream router, in turn, may obtain the IP addresses from a locally provisioned pool, either a DHCP server or a RADIUS server. This allows the service provider to easily configure the customer premise network and router.

Network Address Translation is predominantly application-independent, with the exception of FTP. However, the Cisco implementation of NAT fully supports full-rate FTP. Applications that include IP addresses within the packet payload will fail without special NAT-wise consideration.

Other benefits of the Cisco implementation of NAT on CPE products include:

DHCP and NAT Together

When both NAT and DHCP are enabled, the Cisco 67x becomes virtually configurationless. NAT obtains the public address used for translation in the same manner as described above. However, DHCP does not require any additional provisioning since NAT translates all address information to the outside, public address. You can use a DHCP client transaction to obtain DNS, WINS, and other information for subsequent SOHO DHCP server operation, but this is not required.

When a DHCP client transaction is in progress, the Cisco 67x delays NAT implementation until the client transaction completes. This ensures that the most current information is used for server operation.

The end result for the SOHO users (PC#1, PC#2, and PC#3) (see Figure 1-7) is as follows:

    1. SOHO users turn on their un-configured machines with DHCP enabled. Within seconds, they are surfing the Internet using a configuration totally and transparently supplied by their service provider.

    2. Clients are not affected by changes at the service provider.


Note When you do not use Network Address Translation, you must maintain a consistent relationship between the information you obtain during the client phase and the configurations passed to the clients on the SOHO network. This occurs because clients retain their DHCP configuration for the configurable lease time.

After a SOHO host's lease time expires, it must request an IP address from the DHCP server. If a Cisco 67x obtains different configuration information during the client phase, the SOHO clients must obtain new address leases. And further, because their default gateway system (the Cisco 67x) has changed addresses, they can no longer access the outside network.

1.3 Supported Applications

In addition to DHCP and NAT, CBOS also supports the applications, listed below, for management and control of the system:

Cisco CPE products support the standard version of ping (packet Internet groper), which tests whether a particular network destination is online by sending an Internet control message protocol (ICMP) echo request and waiting for a response.
Remote Authentication Dial-In User Service (RADIUS) authenticates users for access to a network. The RADIUS server uses an authentication scheme, such as PAP, to authenticate incoming messages from RADIUS clients. When a password is present, it is hidden using a method based on the RSA Message Digest Algorithm MD5.
The Cisco 67x has been successfully tested for compatibility with the following RADIUS server providers:
Cisco 67x Implementation of the RADIUS Client:
The Cisco 67x supports a RADIUS client. However, for most environments, the RADIUS client is not used. The RADIUS client exists on the service provider's remote access server. The Cisco 67x communicates with the RADIUS client through PAP packets.
The CBOS supports the Routing Information Protocol (RIP) and RIP2. RIP is an interior gateway protocol used with TCP/IP to automatically add IP routes to the routing table. It provides routing information such as what networks are accessible and the number of hops required to reach each one. RIP2 includes a larger command set to expand RIP functionality.

SYSLOG logs significant system information to a remote SYSLOG server for processing without requiring large amounts of local storage or local processing.
Implementing SYSLOG:
Using the CBOS, the Cisco 67x allows you to specify a remote server for logging system messages. Cisco supports the following levels of severity:

  • Debug

  • Info

  • Warning

  • Alarm

  • Critical

  • Crash

These are similar to the standard BSD style severity levels for SYSLOG; however, they do not include None and Mark.
To configure your syslog daemon to receive Cisco SYSLOG messages, modify the /etc/syslog.conf configuration file (remember to use tabs, not spaces). Several systems, such as Linux and FreeBSD, have SYSLOG set up properly by default.
Use Telnet as a command line interface and as a means of providing remote login connections between machines on several networks, including the Internet.
Use the Trivial File Transfer Protocol (TFTP) to transfer files to and from a Cisco 67x using a TFTP client. Cisco 67x runs a TFTP daemon, which allows users from remote machines who have TFTP client software to remotely transfer files to and from the Cisco 67x. The TFTP client can be enabled and disabled from the CBOS or the Web Management Interface.
For security reasons, Cisco recommends that you disable the TFTP application, except when uploading or downloading a file. Typically, use TFTP to transfer new software from Cisco to your Cisco 67x, where the file name equals
nsrouter.c67x.<version #>ima.hr. You can also use TFTP to archive an image of your CBOS configuration file. This configuration file can be named anything you wish as long as you can view and edit the file with a standard text editor. Use the.cfg extension to make the configuration file easy to locate and to assure that it can be viewed and edited by a standard text editor. Archive an image of your configuration file before making changes to it so you can easily recover the old file if necessary. When uploading a configuration file to the 67x, you must name the configuration file nscfg.cfg before uploading.
Use traceroute to determine if there is a connection between two systems and to view the intermediate routers between the two systems.
Use the Cisco CPE product's web interface for configuring and changing system settings.

Note These applications are only accessible when the Cisco 67x is in routing mode except for TFTP, ping, and Telnet in managed bridging mode.

1.4 Using CBOS User Interfaces

The CBOS includes two interfaces you can use to configure and operate the Cisco 67x:

1.5 Using the CBOS Help System

From the CBOS prompt, use the help command to display the online help system for a specified command. Refer to "Using the Command Line Interface," for more information on the help command. To access the Help Facility, enter the following command from the command line:

help [command-name]

or

? [command-name]

For example, to display information about the show version command, enter:

help show version

or

? show version


hometocprevnextglossaryfeedbacksearchhelp
Posted: Thu Mar 23 05:41:59 PST 2000
Copyright 1989 - 2000©Cisco Systems Inc.