Table Of Contents
Setting Up a Device Provisioning Engine
Hardware DPE Setup Sequence
Connecting the Device Provisioning Engine
Configuring and Running a Terminal Emulation Program
Logging In
Configuring a Device Provisioning Engine for Data
Configuring a Device Provisioning Engine for Voice Technology
Setting Up Voice Technology
Controls Available
Debugging
Setting Up a Device Provisioning Engine
A Cisco Device Provisioning Engine caches provisioning information and handles all configuration requests including downloading configuration files to devices. It is integrated with the Cisco Network Registrar DHCP server to control the assignment of IP addresses. Multiple DPEs can communicate with a single DHCP server. DPEs come with factory installed software that enables provisioning, but you must perform some initial configuration.
This chapter describes the setup procedure.
Hardware DPE Setup Sequence
Table 7-1 identifies the sequence of events for setting up a hardware DPE.
Connecting the Device Provisioning Engine
Each DPE comes with a console cable. To begin setting up the DPE, complete these steps:
Step 1 
Attach one end of the cable to the console port of the DPE.
Step 2 Attach the other end of the cable to the serial port on the computer that you want to use to configure the DPE.
Step 3 Proceed to the "Configuring and Running a Terminal Emulation Program" section.
Configuring and Running a Terminal Emulation Program
You must configure and then run a terminal emulation program on the computer that you have connected to the DPE.
To configure and run a terminal emulation program, complete these steps:
Step 1 Log in to the computer as root.
At the command line, enter the name of a terminal emulator. Choose a terminal emulation program that enables communication with the DPE through the serial port on the host computer.
Step 2 Configure these settings on the terminal emulator:
•Speed:9600
•Data Bits:8
•Parity:None
•Stop Bits:1
•Flow Control:Hardware
When you have correctly configured the terminal emulation program, you are prompted to log in to the DPE.
Step 3 Proceed to the "Logging In" section.
Logging In
To log in to the DPE, complete these steps:
Step 1 At the password prompt, enter the login password. The default user and enable passwords are changeme. For example:
localhost BPR Device Provisioning Engine
User Access Verification
Password:
Note For security reasons, Cisco Systems strongly recommends that you change the original password.
The system displays this user mode prompt:
localhost>
Step 2 Run the enable command to enter privileged mode. You must be working in privileged mode to configure the DPE. For example:
localhost> enable
The system prompts you for the enable password.
Step 3 At the prompt, enter the enable password. The default is changeme.
The system displays this privileged mode prompt:
localhost#
Step 4 To change the login and enable password, as Cisco Systems recommends:
a. At the localhost# prompt, enter the password command. For example:
localhost# password
The system prompts you for the new password.
b. Enter the new password. The system prompts you to enter the new password again.
c. Re-enter the new password. The system displays a message that you successfully changed the password.
Remember that this is your new log in password. If you want to change the privileged mode password, use the enable password command.
Step 5 Proceed to the "Configuring a Device Provisioning Engine for Data" section.
Configuring a Device Provisioning Engine for Data
To configure a DPE, have this information available:
•The static IP address that you want to assign to the DPE.
•The IP address or fully qualified domain name of the RDU for the DPE.
•The provisioning group or groups of which the DPE is part.
•The IP address of the default gateway on your network, if the default gateway is implemented on your network.
•The host and domain names of the DPE.
Tip You can use the show run command to view the running configuration. A complete list of show commands is available through the use of the show commands command. Refer to the Broadband Access Center for Cable CLI Reference Guide for additional information.
Note The commands pertaining to security are only enabled when connected to the DPE serial port. Refer to the Refer to the Broadband Access Center for Cable CLI Reference Guide for additional information.
To configure a DPE, complete these steps:
Step 1 Assign a static IP address and subnet mask to the first ethernet port on the DPE. For example, to assign IP address 10.10.10.1 and the subnet mask 255.255.255.0, enter these commands:
localhost# interface ethernet 0 ip address 10.10.10.1 255.255.255.0
localhost# interface ethernet 0 ip enabled true
localhost# interface ethernet 0 provisioning enabled true
Note The values provided here are sample values only. Use values appropriate for your network.
Step 2 Enter the IP address for the RDU or its domain name if you are implementing DNS. Also, identify the port on which the RDU is listening. The default listening port is 49187. For example:
localhost# dpe rdu-server 10.10.10.1 49187
Step 3 Specify the provisioning group or groups of which the DPE is part. Where appropriate, specify the secondary provisioning group of which it is part. For example:
localhost# dpe provisioning-group primary group1
localhost# dpe provisioning-group secondary group2
Step 4 If your network topology has a default gateway IP address, enter that information. For example:
localhost# ip default-gateway 10.10.10.1
Step 5 To set up DNS for the DPE, enter the IP address of the DNS server. For example:
localhost# ip name-server 10.20.10.1
Note To enter more than one DNS server name, lists the servers with a space between each entry.
Step 6 Provide the DNS hostname and domain name for the DPE. For example:
localhost# hostname DPE1
localhost# ip domain-name example.com
Step 7 Configure the current time on the DPE. For example:
localhost# clock set 23:59:59 20 12 2003
Step 8 Set the shared secret password to be the same as that on the RDU.
Note This is one of the security related commands mentioned earlier in this chapter. This command can only be run if the console is connected to the DPE serial port.
Step 9 For the configuration to take effect, you must reload the DPE. For example:
localhost# reload
After you reload the DPE, you can establish a Telnet session using the IP address of the DPE. Remember to use the new login and enable password that you created in the "Logging In" section.
Configuring a Device Provisioning Engine for Voice Technology
This section describes those configuration activities that must be performed to properly set up a DPE to support voice technology.
Note The tips provided in this section refer to the dpe.properties file, located in the <BACC_HOME>/dpe/conf directory, for a lab installation of BAC. You change the properties specified, as indicated in the tip, to enable the described feature. If you edit the properties, you must restart the DPE.
Caution In the dpe.properties file, there should only be a single instance of each property described in these tips.
Setting Up Voice Technology
Complete these steps to set up voice technology on your DPEs.
Step 1 Enter these commands to set the FQDN for each enabled DPE interface:
interface ethernet 0 provisioning fqdn <fqdn-value>
interface ethernet 1 provisioning fqdn <fqdn-value>
Tip dpe.properties: /server/provFQDNs=FQDN[IP address]:port. This could translate, for example, into c3po.pcnet.cisco.com[10.10.10.5]:49186.
Note The FQDN is sent as the SNMPEntity in DHCP option 177 suboption 3.
Step 2 Enter these commands to configure voice technology at DPE:
packetcable registration kdc-service-key <password>
Note This is a protected mode security command, accessible only on the local console. The contents of this property are only visible when logged into the local console.
Caution The DPE password entered using this CLI command must match the corresponding password used in Keygen utility when generating Service Keys for KDC.
Tip dpe.properties: /pktcbl/regsvr/KDCServiceKey=(xx: ... xx) Where (xx: ... xx) represents a 24 byte randomly selected, colon separated, hexadecimal value; for example: 31:32:33:34:35:36:37:38:39:30:31:32:33:34:3 5:36:37:38:39:30:31:32:33:34.
For a lab installation, the KDC and DPE are installed on the same host, and the installation program automatically generates a random KDC service key for both the KDC and the DPE.
Step 3 Enter this command to control the choice of encryption algorithm for use during SNMPv3:
packetcable registration policy-privacy <value>
Note If you enter a value of zero (which is the default value) for this policy privacy, the MTA will choose a privacy option for SNMPv3. Entering any non-zero value means Provisioning Server will set its privacy option in SNMPv3 to a specific protocol. Although, at publication, DES is the only privacy option supported by voice technology.
Tip dpe.properties: /pktcbl/regsvr/policyPrivacy=1 - This enables DES privacy.
Step 4 Enter this command to set the SNMP service key used for SNMPv3 cloning to the RDU.
packetcable snmp key-material <password>
Note This is a protected mode security command, accessible only on the local console. The contents of this property are only visible when logged into the local console.
The default value for this command is <null>. Enter this default to turn SNMPv3 cloning off at this DPE.
Tip dpe.properties: to turn SNMPv3 cloning off, use /pktcbl/snmp/keyMaterial= to turn it on, use /pktcbl/snmp/keyMaterial=<key>. For example, /pktcbl/snmp/keyMaterial=31:32:33:34: 35:36:37:38:39:30:31:32:33:34:35:36:37:38:39:30:31:32:33:34:35:36:37:38:39:30:31:32:33:
34:35:36:37:38:39:30:31:32:33:34:35:36
Caution Set this property, to the same 46 hexadecimal bytes that are used at the RDU (rdu.properties file located in the <BACC_HOME>/rdu/conf directory) to enable SNMP cloning.
Step 5 Enter this command to enable the PacketCable voice technology.
packetcable enable
Note PacketCable provisioning is disabled at the DPE by default. If you change this property, you must reboot the DPE for the new setting to take effect. Also, you can turn voice technology on or off by entering either packetcable enable or no packetcable respectively.
Tip dpe.properties: /pktcbl/enable=enabled
Step 6 Run the dpe reload command.
Controls Available
These commands described in this section, provide additional configuration settings. Changing these properties on the DPE-590 causes the change to take effect immediately, without a DPE restart. If you are working with a lab install, and modify any DPE property, you must restart the DPE for the change to take effect.
•packetcable registration encryption—This command optionally enables encryption of the MTA configuration file.
Tip dpe.properties: /pktcbl/regsvr/configEncrypt=1
•no packetcable registration encryption—This command optionally disables encryption of the MTA configuration file.
Tip dpe.properties: /pktcbl/regsvr/configEncrypt=0
•packetcable snmp timeout <timeout>—This command dynamically sets the number of seconds that the DPE waits for a response to an SNMPv3 SET operation. The timeout is expressed in seconds and the default value is 10 seconds.
Tip dpe.properties: /pktcbl/snmp/timeout=1 and /pktcbl/snmp/timeout=10
Debugging
Complete these steps to verify that your DPEs are operating properly after configuring them for operation with voice technology.
Step 1 Enter this command to collect all the log, property, and network configuration files on the DPE :
support bundle state
This command places the collected log files in the /outgoing directory. From there, the bundle is accessible using FTP.
Step 2 Enter this command to check the status of both the DPE and voice technology settings:
show dpe
Example show dpe command output
BPR Agent is running
dpe is running
Version BPR 2.5 (cbpr_25_L_200302040515).
Caching 51970 device configs and 2 external files.
Received 312 cache hits and 0 misses.
Received 0 lease updates.
Connection status is Disconnected.
Sent 77 SNMP informs and 77 SNMP sets.
Received 77 MTA provisioning successful SNMP informs.
Received 0 MTA provisioning failed SNMP informs.
Running for 11 days 1 hours 59 mins 15 secs.
This command also checks if voice technology provisioning is running, and displays the current health of the SNMPv3 service.
