cc/td/doc/product/rtrmgmt/baccable/cable25
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table of Contents

Setting Up a Device Provisioning Engine
Setup Sequence
Connecting the Device Provisioning Engine
Configuring and Running a Terminal Emulation Program
Logging In
Configuring a Device Provisioning Engine for Data
Configuring a Device Provisioning Engine for Voice Technology
Debugging

Setting Up a Device Provisioning Engine


A Cisco Device Provisioning Engine caches provisioning information and handles all configuration requests including downloading configuration files to devices. It is integrated with the Cisco Network Registrar DHCP server to control the assignment of IP addresses. Multiple DPEs can communicate with a single DHCP server. DPEs come with factory installed software that enables provisioning, but you must perform some initial configuration.

You need to set up at least one DPE for every 500,000 devices on your network. This chapter describes the set up procedure.

Setup Sequence

Table 5-1 identifies the sequence of events for setting up a DPE.

Table 5-1   DPE Setup Sequence

Item  To do this . . .  See this section... 
1.

Connect the DPE to the serial port of a computer.

Connecting the Device Provisioning Engine

2.

Configure and run a terminal emulation program on the computer.

Configuring and Running a Terminal Emulation Program

3.

Log in to the DPE and change the login/enable password.

Logging In

4.

Configure the DPE for data.

Configuring a Device Provisioning Engine for Data

5.

Configure the DPE to support voice technology.

Configuring a Device Provisioning Engine for Voice Technology

Connecting the Device Provisioning Engine

Each DPE comes with a console cable. To begin setting up the DPE, complete these steps:


Step 1   Attach one end of the cable to the console port of the DPE.

Step 2   Attach the other end of the cable to the serial port on the computer that you want to use to configure the DPE.

Step 3   Proceed to the "Configuring and Running a Terminal Emulation Program" section.



Configuring and Running a Terminal Emulation Program

You must configure and then run a terminal emulation program on the computer that you have connected to the DPE.

To configure and run a terminal emulation program, complete these steps:


Step 1   Log in to the computer as root.

At the command line, enter the name of a terminal emulator. Choose a terminal emulation program that enables communication with the DPE through the serial port on the host computer.

Step 2   Configure these settings on the terminal emulator:

When you have correctly configured the terminal emulation program, you are prompted to log in to the DPE.

Step 3   Proceed to the "Logging In" section.



Logging In

To log in to the DPE, complete these steps:


Step 1   At the password prompt, enter the login password. The default user and enable passwords are changeme. For example:

localhost BPR Device Provisioning Engine

User Access Verification

Password:

Note    For security reasons, Cisco Systems strongly recommends that you change the original password.

The system displays this user mode prompt:

localhost>

Step 2   Run the enable command to enter privileged mode. You must be working in privileged mode to configure the DPE. For example:

localhost> enable

The system prompts you for the enable password.

Step 3   At the prompt, enter the enable password. The default is changeme.

The system displays this privileged mode prompt:

localhost#

Step 4   To change the login and enable password, as Cisco Systems recommends:

    a. At the localhost# prompt, enter the password command. For example:

localhost# password

The system prompts you for the new password.

    b. Enter the new password. The system prompts you to enter the new password again.

    c. Re-enter the new password. The system displays a message that you successfully changed the password.

Remember that this is your new log in password. If you want to change the privileged mode password, use the enable password command.

Step 5   Proceed to the "Configuring a Device Provisioning Engine for Data" section.



Configuring a Device Provisioning Engine for Data

To configure a DPE, have this information available:


Tip You can use the show run command to view the running configuration. A complete list of show commands is available through the use of the show commands command. Refer to the BAC for Cable Administrator's Guide for additional information.


Note   The commands pertaining to security are only enabled when connected to the DPE serial port. Refer to the Refer to the BAC for Cable Administrator's Guide for additional information.

To configure a DPE, complete these steps:


Step 1   Assign a static IP address and subnet mask to the first ethernet port on the DPE. For example, to assign IP address 10.10.10.1 and the subnet mask 255.255.255.0, enter these commands:

localhost# interface ethernet 0 ip address 10.10.10.1 255.255.255.0 
localhost# interface ethernet 0 ip enabled true 
localhost# interface ethernet 0 provisioning enabled true 

Note    The values provided here are sample values only. Use values appropriate for your network.

Step 2   Enter the IP address for the RDU or its domain name if you are implementing DNS. Also, identify the port on which the RDU is listening. The default listening port is 49187. For example:

localhost# dpe rdu-server 10.10.10.1 49187

Step 3   Specify the provisioning group or groups of which the DPE is part. Where appropriate, specify the secondary provisioning group of which it is part. For example:

localhost# dpe provisioning-group primary group1
localhost# dpe provisioning-group secondary group2

Step 4   If your network topology has a default gateway IP address, enter that information. For example:

localhost# ip default-gateway 10.10.10.1

Step 5   To set up DNS for the DPE, enter the IP address of the DNS server. For example:

localhost# ip name-server 10.20.10.1


Note    To enter more than one DNS server name, lists the servers with a space between each entry.

Step 6   Provide the DNS hostname and domain name for the DPE. For example:

localhost# hostname DPE1
localhost# ip domain-name example.com 

Step 7   Configure the current time on the DPE. For example:

localhost# clock set 23:59:59 20 12 2003

Step 8   Set the shared secret password to be the same as that on the RDU.


Note    This is one of the security related commands mentioned earlier in this chapter. This command can only be run if the console is connected to the DPE serial port.

Step 9   For the configuration to take effect, you must reload the DPE. For example:

localhost# reload

After you reload the DPE, you can establish a Telnet session using the IP address of the DPE. Remember to use the new login and enable password that you created in the "Logging In" section.



Configuring a Device Provisioning Engine for Voice Technology

This section describes those configuration activities that must be performed to properly set up a DPE to support voice technology.


Note   The tips provided in this section refer to the dpe.properties file, located in the <BPR_HOME>/dpe/conf directory, for a lab installation of BAC. You change the properties specified, as indicated in the tip, to enable the described feature. If you edit the properties, you must restart the DPE.


Caution   In the dpe.properties file, there should only be a single instance of each property described in these tips.

Setting Up Voice Technology

Complete these steps to set up voice technology on your DPEs.


Step 1   Enter these commands to set the FQDN for each enabled DPE interface:

interface ethernet 0 provisioning fqdn <fqdn-value>
interface ethernet 1 provisioning fqdn <fqdn-value>

Tip dpe.properties: /server/provFQDNs=FQDN[IP address]:port. This could translate, for example, into c3po.pcnet.cisco.com[10.10.10.5]:49186.


Note    The FQDN is sent as the SNMPEntity in DHCP option 177 suboption 3.

Step 2   Enter these commands to configure voice technology at DPE:

packetcable registration kdc-service-key <password>


Note    This is a protected mode security command, accessible only on the local console. The contents of this property are only visible when logged into the local console.



Caution   The DPE password entered using this CLI command must match the corresponding password used in Keygen utility when generating Service Keys for KDC.


Tip dpe.properties: /pktcbl/regsvr/KDCServiceKey=(xx: ... xx) Where (xx: ... xx) represents a 24 byte randomly selected, colon separated, hexadecimal value; for example: 31:32:33:34:35:36:37:38:39:30:31:32:33:34:3 5:36:37:38:39:30:31:32:33:34.

For a lab installation, the KDC and DPE are installed on the same host, and the installation program automatically generates a random KDC service key for both the KDC and the DPE.

Step 3   Enter this command to control the choice of encryption algorithm for use during SNMPv3:

packetcable registration policy-privacy <value>


Note    If you enter a value of zero (which is the default value) for this policy privacy, the MTA will choose a privacy option for SNMPv3. Entering any non-zero value means Provisioning Server will set its privacy option in SNMPv3 to a specific protocol. Although, at publication, DES is the only privacy option supported by voice technology.


Tip dpe.properties: /pktcbl/regsvr/policyPrivacy=1 - This enables DES privacy.

Step 4   Enter this command to set the SNMP service key used for SNMPv3 cloning to the RDU.

packetcable snmp key-material <password> 


Note    This is a protected mode security command, accessible only on the local console. The contents of this property are only visible when logged into the local console.

The default value for this command is <null>. Enter this default to turn SNMPv3 cloning off at this DPE.


Tip dpe.properties: to turn SNMPv3 cloning off, use /pktcbl/snmp/keyMaterial= to turn it on, use /pktcbl/snmp/keyMaterial=<key>. For example, /pktcbl/snmp/keyMaterial=31:32:33:34: 35:36:37:38:39:30:31:32:33:34:35:36:37:38:39:30:31:32:33:34:35:36:37:38:39:30:31:32:33:
34:35:36:37:38:39:30:31:32:33:34:35:36


Caution   Set this property, to the same 46 hexadecimal bytes that are used at the RDU (rdu.properties file located in the <BPR_HOME>/rdu/conf directory) to enable SNMP cloning.

Step 5   Enter this command to enable the PacketCable voice technology.

packetcable enable


Note    PacketCable provisioning is disabled at the DPE by default. If you change this property, you must reboot the DPE for the new setting to take effect. Also, you can turn voice technology on or off by entering either packetcable enable or no packetcable respectively.


Tip dpe.properties: /pktcbl/enable=enabled

Step 6   Run the dpe reload command.



Controls Available

These commands described in this section, provide additional configuration settings. Changing these properties on the DPE-590 causes the change to take effect immediately, without a DPE restart. If you are working with a lab install, and modify any DPE property, you must restart the DPE for the change to take effect.


Tip dpe.properties: /pktcbl/regsvr/configEncrypt=1


Tip dpe.properties: /pktcbl/regsvr/configEncrypt=0


Tip dpe.properties: /pktcbl/snmp/timeout=1 and /pktcbl/snmp/timeout=10

Debugging

Complete these steps to verify that your DPEs are operating properly before configuring them for operation with voice technology.


Step 1   Enter this command to collect all the log, property, and network configuration files on the DPE :

support bundle state

This command places the collected log files in the /outgoing directory. From there, the bundle is accessible using FTP.

Step 2   Enter this command to check the status of both the DPE and voice technology settings:

show dpe
Example show dpe command output

BPR Agent for BPR Provisioning Engine is running
dpe is running

Version BPR 2.5 (cbpr_25_L_200302040515).
Caching 51970 device configs and 2 external files.
Received 312 cache hits and 0 misses.
Received 0 lease updates.
Connection status is Disconnected.
Sent 77 SNMP informs and 77 SNMP sets.
Received 77 MTA provisioning successful SNMP informs.
Received 0 MTA provisioning failed SNMP informs.
Running for 11 days 1 hours 59 mins 15 secs.

This command also checks if voice technology provisioning is running, and displays the current health of the SNMPv3 service.




hometocprevnextglossaryfeedbacksearchhelp
Posted: Thu Jan 15 06:58:40 PST 2004
All contents are Copyright © 1992--2004 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.