Table Of Contents
Configuration Workflows and Checklists
Component Workflows
RDU Checklist
DPE Checklist
Technology Workflows
RDU Configuration Workflow
DPE Configuration Workflow
Provisioning Group Configuration Workflow
Configuration Workflows and Checklists
This chapter is divided into two major sections that define the processes to follow when configuring BAC components to support various technologies. These sections are:
•
Component Workflows
• Technology Workflows
Component Workflows
This section describes the workflows you must follow to configure each BAC component for the technologies supported by BAC. These configuration tasks are performed before configuring BAC to support specific technologies.
The component workflows described in this section are arranged in a checklist format and include:
• RDU Checklist
• DPE Checklist
RDU Checklist
Table 3-1 identifies the workflow to follow when configuring the RDU.
DPE Checklist
You must perform the tasks described in Table 3-2 after those described in Table 3-1.
Note Items marked with an asterisk (*) are mandatory tasks or procedures.
Table 3-2 DPE Configuration Checklist
Procedure
|
Refer to ...
|
1. Configure the system syslog service for use with BAC.
|
Installation Guide for Cisco Broadband Access Center, 3.0.
|
2. Change the passwords.*
|
The password command described in the Cisco Broadband Access Center DPE CLI Reference, 3.0.
|
3. Configure the provisioning interface.
|
The interface ethernet [intf0 | intf1] command described in the Cisco Broadband Access Center CPE CLI Reference, 3.0.
|
4. Configure the BAC shared secret.*
|
The dpe shared-secret command described in the Cisco Broadband Access Center DPE CLI Reference, 3.0.
|
5. Configure the DPE to connect to the desired RDU.*
|
The dpe rdu-server command described in the Cisco Broadband Access Center DPE CLI Reference, 3.0.
|
6. Configure the network time protocol (NTP).
|
Solaris documentation for configuration information.
|
7. Configure the provisioning group name.*
|
The dpe provisioning-group primary command described in the Cisco Broadband Access Center DPE CLI Reference, 3.0.
|
8. Configure the required routes to the RDU as well as to the devices in the network.
|
Solaris documentation for configuration information.
|
9. Configure the DPE SNMP agent.
|
The SNMP agent commands in the Cisco Broadband Access Center DPE CLI Reference, 3.0.
|
Note You can configure the SNMP agent using either the DPE command line interface or the snmpAgentCfgUtil.sh tool. For more information, see Using the snmpAgentCfgUtil.sh Tool, page 11-5.
|
10. Verify that the DPE successfully connected to the RDU and was registered.
|
Viewing Servers, page 16-21
|
Technology Workflows
This section describes the tasks that you must perform when configuring BAC to support specific technologies; in this case, CWMP. These configuration tasks are performed subsequent to configuring BAC components.
The CWMP technology workflows described in this section are arranged in a checklist format and include:
• RDU Configuration Workflow
• DPE Configuration Workflow
• Provisioning Group Configuration Workflow
RDU Configuration Workflow
Table 3-3 identifies the configuration tasks you must perform to configure the RDU for the CWMP technology.
Table 3-3 RDU Configuration Workflow
Procedure
|
Refer to ...
|
1. Create service profiles by using the BAC Class of Service.
Define custom properties referenced in templates from the administrator user interface. The custom properties can be referenced in configuration and firmware rules templates.
For each service, you must:
|
Configuring Custom Properties, page 17-5
|
a. Create a configuration template.
Add the configuration template to the RDU from the administrator user interface.
|
Adding Files, page 17-13
|
b. Create a firmware rules template.
–Add the firmware image(s) to the RDU from the administrator user interface.
–Add the firmware rules template to the RDU from the administrator user interface.
|
Adding Files, page 17-13
Adding Files, page 17-13
|
c. Create a Class of Service from the administrator user interface.
Remember to:
–Specify the configuration template file.
–Specify the firmware rules file.
–Optionally, specify properties.
|
Configuring the Class of Service, page 17-1
|
2. Configure default settings for the CWMP technology from the administrator user interface.
–Set the default Class of Service; for example, for unknown devices.
–Set the Connection Request Service defaults from any of the following pages: Configuration > Class of Service; Configuration > Defaults; and Devices.
|
Configuring Defaults, page 17-6
|
3. Preregister the CWMP devices.
|
Preregistering Device Data in BAC
|
Preregistering Device Data in BAC
Preregistering adds the device record to the RDU before the device makes initial contact with the DPE. The DPE is also known as the autoconfiguration server (ACS). This task is typically executed from the provisioning API; however, you can preregister device data from the administrator user interface as well.
To preregister device data in BAC:
Step 1 Add the device record to the RDU database by using the API or the administrator user interface.
To add a device record from the administrator user interface:
a. Choose Devices > Manage Devices.
b. On the Manage Devices page, click Add.
c. The Add Device page appears. Enter values in the appropriate fields. The required and recommended provisioning attributes for a preregistered device are:
Required
|
•Device identifier
|
•Registered Class of Service
|
•Home provisioning group
|
Additional Typical Attributes
Note Additional attributes may be required or supported depending on customer premises equipment (CPE) authentication methods.
|
•Owner identifier
|
•CPE password, if client authentication using unique client certificates is not enabled.
|
•Connection Request username. This step is optional.
|
•Connection Request password. This step is optional.
|
Optional
|
Connection Request Methods on the Class of Service. This step is optional.
Configuring the connection request method enables device authentication of the autoconfiguration server. Choose from:
•Discovered
•Use FQDN
•Use IP
|
Step 2 Verify if the device record is preregistered. To do this:
•Examine the Device Details. To do this:
From the Devices > Manage Devices page, click the View Details icon (
) corresponding to the device. From the Device Details page:
–Check if the device settings are correct.
–Look for discovered parameters; these parameters are not displayed if the device is yet to initiate its first contact with the DPE.
–Also, check the Device History log.
•Examine the RDU and the DPE log files (see Logging, page 19-2).
Step 3 Configure the device to send periodic informs to the DPE. To do this, set the PeriodicInformEnable and the PeriodicInformInterval variables in a configuration template.
Step 4 Initiate device contact with BAC for the first time. To do this:
•Initiate a connection request from the API.
•Wait for the next periodic contact from the device.
•Reboot.
Step 5 Verify the first device contact with BAC. From Device > Manage Devices > Device Details, check if discovered properties are visible. Also, check the history log for details.
DPE Configuration Workflow
This section describes how you can provide CWMP support at the DPE, by configuring:
•CWMP services for CWMP management on the DPE.
See Configuring CWMP Service on the DPE.
•HTTP file services for firmware management on the DPE.
See Configuring HTTP File Service on the DPE.
Configuring CWMP Service on the DPE
Table 3-4 identifies the configuration tasks that you must perform to configure the CWMP services on the DPE.
Table 3-4 DPE Configuration Workflow - CWMP Management
Procedure
|
Refer to ...
|
Configure the CWMP services that run on the DPE.
Configuring the CWMP technology on the DPE requires that you enable at least one CWMP service. To enable a CWMP service, enter:
service cwmp num enable true
where num identifies the CWMP service, which could be 1 or 2.
By default, the CWMP service is:
–Enabled on service 1.
–Disabled on service 2.
|
The CWMP Technology Commands described in the Cisco Broadband Access Center DPE CLI Reference, 3.0.
|
1. Configure the port on which the CWMP service communicates with the CPE.
By default, the CWMP service is configured to listen on:
–Port 7547 for service 1.
–Port 7548 for service 2.
|
The service cwmp num port port command described in the Cisco Broadband Access Center DPE CLI Reference, 3.0.
|
2. Configure client authentication by using HTTP for the CWMP service.
Note To limit security risks during client authentication, Cisco recommends using the Digest mode (the default configuration). It is not advisable to allow client authentication in the Basic mode, or altogether disable Basic and Digest authentication.
|
The service cwmp num client-auth mode command described in the Cisco Broadband Access Center DPE CLI Reference, 3.0.
|
3. Configure client authentication using certificates through SSL for the CWMP service.
|
The service cwmp num ssl client-auth mode command described in the Cisco Broadband Access Center DPE CLI Reference, 3.0.
|
4. Configure the DPE to request configuration from the RDU for devices unknown to the DPE.
Note Enabling this feature may allow a Denial of Service attack on the RDU.
|
The service cwmp num allow-unknown-cpe command described in the Cisco Broadband Access Center DPE CLI Reference, 3.0.
|
Configuring HTTP File Service on the DPE
Table 3-5 identifies the configuration tasks that you must perform to configure the HTTP file services running on the DPE.
Table 3-5 DPE Configuration Workflow - Firmware Management
Procedure
|
Refer to ...
|
Configure the HTTP file service that runs on the DPE.
Configuring firmware management on the DPE requires that you enable at least one HTTP file service. To enable a HTTP file service, enter:
service http num enable true
where num identifies the HTTP file service, which could be 1 or 2.
By default, the HTTP service is:
–Enabled on service 1.
–Disabled on service 2.
|
The CWMP Technology Commands described in the Cisco Broadband Access Center DPE CLI Reference, 3.0.
|
1. Configure the port on which the HTTP file service communicates with the CPE.
By default, the HTTP file service is configured to listen on:
–Port 7549 for service 1.
–Port 7550 for service 2.
|
The service http num port port command described in the Cisco Broadband Access Center DPE CLI Reference, 3.0.
|
2. Configure client authentication for the HTTP file service.
Note To limit security risks during client authentication, Cisco recommends using the Digest mode (the default configuration). You should not allow client authentication in the Basic mode, or altogether disable Basic and Digest authentication.
|
The service http num client-auth mode command described in the Cisco Broadband Access Center DPE CLI Reference, 3.0.
|
3. Configure client authentication by using certificates through SSL for the HTTP file service.
|
The service http num ssl client-auth mode described in the Cisco Broadband Access Center DPE CLI Reference, 3.0.
|
Provisioning Group Configuration Workflow
Provisioning groups are automatically created when the DPE is first configured to be in a particular provisioning group (see Adding DPE to a Provisioning Group), and then it registers with the RDU. Once the provisioning group is created, you can configure it by assigning the URL of the BAC server from the administrator user interface.
Before configuring the provisioning group URL, familiarize yourself with BAC concepts regarding local and regional redundancy, which are described in Provisioning Group Scalability and Failover.
Note Cisco recommends that you assign a URL to the provisioning group right when you create the provisioning group. Assigning the URL enables CPE redirection between provisioning groups. If you are using a load balancer, ensure that the address of the load balancer is used as the ACS URL.
To configure the ACS URL of a provisioning group from the administrator user interface:
Step 1 On the primary navigation bar, click Servers > Provisioning Groups.
Step 2 The Manage Provisioning Groups page appears. Click the identifier link of the correct provisioning group.
Step 3 The View Provisioning Group Details page appears. In the Provisioning Group Properties area, enter the URL in the ACS URL field.
Note Remember that the URL that you configure overrides the discovered ACS URL.
Step 4 Click Submit.
The provisioning group now contacts BAC at the URL that you configured.
