|
|
Table Of Contents
Upgrading Using the Existing Cisco IOS Software Image
Upgrading Using the Existing BootFlash Software Image
Sample DOCSIS 1.0 Configuration File for Certificate and Image Upgrade
Sample DOCSIS 1.1 Configuration File with BPI+ Enabled (Normal Operations)
Sample DOCSIS 1.1 Configuration File for Secure Software Download
Sample Configuration File for Upgrading the Cisco IOS Software Image Using the BootFlash
Sample Configuration File for Upgrading the BPI+ Certificates Using the BootFlash
Upgrading the DOCSIS Certificates in Cisco uBR905/uBR925 Cable Access Routers and CVA122 Cable Voice Adapters
May 17, 2004
78-14971-01 Rev. C0Feature History
12.2(15)CZ
This feature was introduced on the Cisco uBR905/uBR925 cable access routers and Cisco CVA122 Cable Voice Adapters.
This document describes how to use the certificate upgrade CD-ROM (p/n UBR/CVA-CERT-UPG) to upgrade the DOCSIS Baseline Privacy Interface Plus (BPI+) certificates in the Cisco uBR905 and Cisco uBR925 cable access routers, and in the Cisco CVA122 Cable Voice Adapters. This document contains the following major sections:
•
Overview
Note
Migrating Simple Data over Cable Services to DOCSIS 1.1 at the following URL:
http://www.cisco.com/warp/public/109/migrating_to_docsis11_22030_1.shtml
DOCSIS 1.1 for Cisco uBR905/uBR925 Cable Access Routers and Cisco CVA122 Cable Voice Adapters at the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122limit/122cz/index.htm
Overview
The Cisco uBR905/uBR925 cable access routers and Cisco CVA122 Cable Voice Adapters support DOCSIS 1.1 operations when running Cisco IOS Release 12.2(15)CZ. For full DOCSIS 1.1 support, the routers must contain valid DOCSIS certificates in non-volatile memory.
Some routers were produced when the DOCSIS 1.1 specification was still being finalized, and the certificates in these routers do not conform to the requirements in the final specification. Cisco has produced valid certificates for these routers, which can be downloaded to the routers using the procedures given in this document.
The upgrade procedure performs the following steps:
1.
2.
3.
4.
This procedure can be used to upgrade all Cisco uBR905/uBR925 cable access routers and Cisco CVA122 Cable Voice Adapters for DOCSIS 1.1 operations. If the router already has a valid certificate, it will ignore the commands to upgrade the certificate and will download only the Cisco IOS Release 12.2(15)CZ software image for DOCSIS 1.1 support.
Note
Restrictions
The Cisco uBR905 and Cisco uBR925 cable access routers and Cisco CVA122 cable voice adapters must be running Cisco IOS Release 12.2(15)CZ (or later) to support DOCSIS 1.1. The CMTS must also support the DOCSIS 1.1 feature set.
Related Documents
The following documents describe the DOCSIS 1.1 feature and how to configure the router for its feature set:
•
•
The following documents describe the hardware of the Cisco uBR905 and Cisco uBR925 cable access routers and Cisco CVA122 cable voice adapters, as well as general software configuration:
•
•
•
•
•
•
•
•
•
•
•
•
Supported Platforms
•
•
•
Determining Platform Support Through Cisco Feature Navigator
Cisco IOS software is packaged in feature sets that are supported on specific platforms. To get updated information regarding platform support for this feature, access Cisco Feature Navigator. Cisco Feature Navigator dynamically updates the list of supported platforms as new platform support is added for the feature.
Cisco Feature Navigator is a web-based tool that enables you to quickly determine which Cisco IOS software images support a specific set of features and which features are supported in a specific Cisco IOS image. You can search by feature or release. Under the release section, you can compare releases side by side to display both the features unique to each software release and the features in common.
To access Cisco Feature Navigator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions found at this URL:
Cisco Feature Navigator is updated regularly when major Cisco IOS software releases and technology releases occur. For the most current information, go to the Cisco Feature Navigator home page at the following URL:
Availability of Cisco IOS Software Images
Platform support for particular Cisco IOS software releases is dependent on the availability of the software images for those platforms. Software images for some platforms may be deferred, delayed, or changed without prior notice. For updated information about platform support and availability of software images for each Cisco IOS software release, refer to the online release notes or, if supported, Cisco Feature Navigator.
Prerequisites
You must meet the following prerequisites to be able to upgrade the Cisco IOS software image and DOCSIS certificates on the Cisco uBR905 and Cisco uBR925 cable access routers and Cisco CVA122 Cable Voice Adapters:
•
•
•
•
•
http://www.cisco.com/cgi-bin/tablebuild.pl/cbc40-demo
Note
•
Configuration Tasks
See the following sections for configuration tasks for upgrading both the Cisco IOS software image and DOCSIS 1.1 certificates (if needed) on the Cisco uBR905/uBR925 cable access routers and Cisco CVA122 Cable Voice Adapters. Each task in the list is identified as either required or optional.
Typical users who need to upgrade a large number of cable modems that are already at customers' sites or are still in a distribution center, should use the following set of procedures, which are in the "Upgrading Using the Existing Cisco IOS Software Image" section. These procedures perform the upgrade using the existing Cisco IOS software image that is on the cable access routers and should be used in most cases:
•
•
•
If you need to upgrade a small number of cable modems or have a few problem cable modems that you could not successfully upgrade using the procedures given above, use the following procedure. This method also performs the upgrade but uses the existing Cisco IOS bootflash software image that is on the routers:
•
Caution
Upgrading Using the Existing Cisco IOS Software Image
Most users who need to upgrade a large number of cable modems that are already at customers' sites or are still in a distribution center, should use the following set of procedures. You should typically use these procedures unless otherwise instructed by Cisco TAC or field engineer.
•
•
•
Upgrading a DOCSIS 1.0 Cable Modem to a DOCSIS 1.1 Image and Certificates (Required)
To upgrade the Cisco IOS software image and DOCSIS 1.1 certificates on a Cisco uBR905/uBR925 cable access router or Cisco CVA122 Cable Voice Adapter that is currently running DOCSIS 1.0 or DOCSIS 1.0+ software, use the following procedures:
•
•
•
•
Completing these procedures will upgrade the Cisco IOS software image to Cisco IOS Release 12.2(15)CZ and will upgrade the router's DOCSIS certificate if the current certificate is invalid.
Tip
Copy the Certificates and Cisco IOS Software Image to a TFTP Server (Required)
Use the following procedure to copy the Cisco IOS software image and new DOCSIS 1.1 certificates to the TFTP server used by the cable modems.
Step 1
For a DOCSIS 1.0 software download, you must use a software image that is not digitally signed.
Note
Step 2
tftpserver% cp -rf /dev/cdrom/bpicerts.tar /tftpbootStep 3
tftpserver% cd /tftpboottftpserver% tar xvf bpicerts.tartftpserver%If using a Windows PC, use a utility such as WinZip to extract the certificates from the TAR file.
Note
Step 4
tftpserver% chmod a+rx /tftpboot/bpi-certstftpserver% chmod a+r /tftpboot/bpi-certs/*Continue to the next section to create the DOCSIS configuration file that is needed to perform the software image and certificate upgrade.
Create a DOCSIS 1.0 Configuration File for the Certificate and Software Upgrade (Required)
You must create a DOCSIS 1.0 configuration file that instructs the Cisco uBR905/uBR925 cable access router or Cisco CVA122 Cable Voice Adapter to download the new Cisco IOS Release 12.2(15)CZ software image and to upgrade the DOCSIS certificates. This information is contained in the following configuration file options:
•
•
–
–
–
For a sample DOCSIS 1.0 configuration file, see the "Sample DOCSIS 1.0 Configuration File for Certificate and Image Upgrade" section. This configuration file is also available in binary form as the cfg10upg.cm file on the distribution CD-ROM.
You must modify this configuration file with the following information that is specific to your network:
•
•
•
•
You can modify this file with your network-specific information using any DOCSIS 1.0 configuration file editor, such as the Cisco Broadband Configurator Tool (release 4.0 or later).
Upgrade the Cisco IOS Software Image and Certificates (Required)
After you have copied the software images and new certificates to the TFTP server, and have created the required DOCSIS configuration files, perform the upgrade using the following procedure:
Step 1
Step 2
Step 3
When each Cisco uBR905/uBR925 cable access router or Cisco CVA122 Cable Voice Adapter is restarted, it downloads the DOCSIS 1.0 configuration file, which forces the router to download the Cisco IOS Release 12.2(15)CZ software image. The router then reloads and boots the Release 12.2(15)CZ image.
The router then downloads the DOCSIS 1.0 configuration file again and executes the commands to upgrade the certificates. As it upgrades the certificates, it reports the progress to the SYSLOG event server.
After the router downloads the new certificates, it reloads a second time and router reboots with the Release 12.2(15)CZ image and valid DOCSIS 1.1 certificates. The router then downloads the DOCSIS 1.0 configuration file a third time and begins operating as a DOCSIS 1.0 cable modem.
Note
Reload the CM for Normal DOCSIS 1.1 Operations (Optional)
To test whether the Cisco uBR905/uBR925 cable access router or Cisco CVA122 Cable Voice Adapter has been successfully upgraded, you can create a DOCSIS 1.1 configuration file that enables BPI+ authentication and encryption. See the "Sample DOCSIS 1.1 Configuration File with BPI+ Enabled (Normal Operations)" section for a sample file that you can use as a template for use and testing. This configuration file is also available in binary form as the cfg11ope.cm file on the distribution CD-ROM.
Replace the DOCSIS 1.0 configuration file with the DOCSIS 1.1 configuration file you have created and reload one or all of the cable modems to begin DOCSIS 1.1 operations.
Upgrading a DOCSIS 1.1 Cable Modem to a DOCSIS 1.1 Image and Certificates (Required)
If you have already upgraded a Cisco uBR905/uBR925 cable access router or Cisco CVA122 Cable Voice Adapter to Cisco IOS Release 12.2(15)CZ, the router must use the DOCSIS 1.1 secure software download feature to upgrade its software image. To upgrade a Cisco uBR905/uBR925 cable access router or Cisco CVA122 Cable Voice Adapter that is currently running DOCSIS 1.1 software, use the following procedures:
•
•
•
•
Completing these procedures will upgrade the Cisco IOS software image to Cisco IOS Release 12.2(15)CZ and will upgrade the router's DOCSIS certificate if the current certificate is invalid.
Copy the Certificates and Cisco IOS Software Image to a TFTP Server (Required)
Use the following procedure to copy the Cisco IOS software image and new DOCSIS 1.1 certificates to the TFTP server used by the cable modems.
Step 1
For a DOCSIS secure software download, you must use a digitally-signed software image, which includes "cvc" as part of the filename.
Note
Step 2
tftpserver% cp -rf /dev/cdrom/bpicerts.tar /tftpbootStep 3
tftpserver% cd /tftpboottftpserver% tar xvf bpicerts.tartftpserver%If using a Windows PC, use a utility such as WinZip to extract the certificates from the TAR file.
Note
Step 4
tftpserver% chmod a+rx /tftpboot/bpi-certstftpserver% chmod a+r /tftpboot/bpi-certs/*Continue to the next section to create the DOCSIS configuration file that is needed to perform the software image and certificate upgrade.
Create a DOCSIS 1.1 Configuration File for the Certificate and Software Upgrade (Required)
You must create a DOCSIS 1.1 configuration file that instructs the Cisco uBR905/uBR925 cable access router or Cisco CVA122 Cable Voice Adapter to download the new Cisco IOS Release 12.2(15)CZ software image and to upgrade the DOCSIS certificates. This information is contained in the following configuration file options:
•
Note
•
–
–
–
•
•
For a sample DOCSIS 1.1 configuration file, see the "Sample DOCSIS 1.1 Configuration File for Secure Software Download" section.
You must also modify this configuration file with the following information that is specific to your network:
•
•
•
•
You can modify this file with your network-specific information using any DOCSIS 1.0 configuration file editor, such as the Cisco Broadband Configurator Tool (release 4.0 or later).
Upgrade the Cisco IOS Software Image and Certificates (Required)
After you have copied the software images and new certificates to the TFTP server, and have created the required DOCSIS configuration files, perform the upgrade using the following procedure:
Step 1
Step 2
Step 3
When each Cisco uBR905/uBR925 cable access router or Cisco CVA122 Cable Voice Adapter is restarted, it downloads the DOCSIS 1.1 configuration file, which forces the router to download the Cisco IOS Release 12.2(15)CZ software image using the DOCSIS secure software download. The router then reloads and boots the Release 12.2(15)CZ image.
The router then downloads the DOCSIS 1.1 configuration file again and executes the commands to upgrade the certificates. As it upgrades the certificates, it reports the progress to the SYSLOG event server.
After the router downloads the new certificates, it reloads a second time and router reboots with the Release 12.2(15)CZ image and valid DOCSIS 1.1 certificates. The router then downloads the DOCSIS 1.1 configuration file a third time and begins operating as a DOCSIS 1.1 cable modem.
Note
Reload the CM for Normal DOCSIS 1.1 Operations (Optional)
To test whether the Cisco uBR905/uBR925 cable access router or Cisco CVA122 Cable Voice Adapter has been successfully upgraded, you can create a DOCSIS 1.1 configuration file that enables BPI+ authentication and encryption. See the "Sample DOCSIS 1.1 Configuration File with BPI+ Enabled (Normal Operations)" section for a sample file that you can use as a template for testing. This configuration file is also available in binary form as the cfg11ope.cm file on the distribution CD-ROM.
Replace the DOCSIS 1.1 configuration file you used for the upgrade with the DOCSIS 1.1 configuration file you have created and reload one or all of the cable modems to begin normal DOCSIS 1.1 operations.
Downgrading the CM to DOCSIS 1.0 After Upgrading the Certificates (Optional)
After you have upgraded a Cisco uBR905/uBR925 cable access router or Cisco CVA122 Cable Voice Adapter to Cisco IOS Release 12.2(15)CZ, the router must use the DOCSIS 1.1 secure software download feature to change its software image. However, if the router contains a DOCSIS 1.0 bootflash, you can avoid using the secure software download by manually downloading the older image.
If, for some reason, you would like to downgrade the router to an earlier, DOCSIS 1.0 or 1.0+ software image, use one of the following procedures, depending on the version of bootflash that the router is currently using.
•
•
Downgrading with a DOCSIS 1.0 Bootflash (without Secure Software Download)
If the Cisco uBR905/uBR925 cable access router or Cisco CVA122 Cable Voice Adapter contains a DOCSIS 1.0 version of bootflash, you can avoid using the secure software download feature by erasing the current Cisco IOS image and manually loading the older image. To do so, use the following procedure:
Step 1
Step 2
Router> enablePassword: <password>Router#
Note
Step 3
Router# dir bootflash:Directory of bootflash:/1 -rw- 2170804 Feb 01 2002 05:32:29 ubr925-k8boot-mz.122-4.T.bin7471104 bytes total (5300236 bytes free)Router#If possible, use the filename to determine the Cisco IOS version of the bootflash code. For example, the above lines show that the bootflash was from Cisco IOS Release 12.2(4)T, which is a DOCSIS 1.0 release.
If the bootflash filename indicates a software release before Cisco IOS Release 12.2(15)CZ, then proceed to the next step. If this is not the case or if you cannot determine the software release, you must use the instructions given in the "Downgrading with a DOCSIS 1.1 Bootflash (with Secure Software Download)" section.
Step 4
Router# ping 10.10.172.1Sending 5, 100-byte ICMP Echos to 10.10.172.1, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 msRouter#Step 5
Router# copy tftp flashAddress or name of remote host []? 10.10.172.1Source filename []? ubr925-k8v6y5-122-8T-mzDestination filename [ubr925-k8v6y5-122-8T-mz]?Accessing tftp://10.10.172.1/ubr925-k8v6y5-122-8T-mz...Erase flash: before copying? [confirm] YErasing the flash filesystem will remove all files! Continue? [confirm] YErasing device... eeeeeeeeeeeeeeeeeeeeeeeeeeeeeee ...erasedErase of flash: completeLoading ubr925-k8v6y5-122-8T-mz from 10.10.172.1 (via cable-modem0): !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!![OK - 3755588/7511040 bytes]Verifying checksum... OK (0xD65F)3755588 bytes copied in 99.254 secs (37935 bytes/sec)Router#Step 6
Router# reloadProceed with reload? [confirm] Y133.CABLEMODEM.CISCO: 01:05:23: %SYS-5-RELOAD: Reload requestedSystem Bootstrap, Version 12.2(4)T, RELEASE SOFTWARE (fc1)Copyright (c) 2001 by cisco Systems, Inc.Downgrading with a DOCSIS 1.1 Bootflash (with Secure Software Download)
If the Cisco uBR905/uBR925 cable access router or Cisco CVA122 Cable Voice Adapter was shipped with Cisco IOS Release 12.2(15)CZ, then both its bootflash image and Cisco IOS software image support DOCSIS 1.1. In this situation, the router must use the DOCSIS 1.1 secure software download procedure to upgrade the software image. To do so, use the following procedure:
Step 1
Step 2
If you are using this file as a template, make the following changes:
•
•
•
Step 3
Step 4
Step 5
When each Cisco uBR905/uBR925 cable access router or Cisco CVA122 Cable Voice Adapter is restarted, it downloads the DOCSIS 1.1 configuration file, which forces the router to download the DOCSIS 1.0 software image using the DOCSIS secure software download. The router then reloads and boots the DOCSIS 1.0 image. For normal DOCSIS 1.0 operations, you will have to reconfigure the DOCSIS cable provisioning software so that it uses the original DOCSIS 1.0 configuration files for each router.
Upgrading Using the Existing BootFlash Software Image
You can upgrade both the Cisco IOS software image and the BPI+ certificates by using the bootflash image that is onboard the router. You typically will need to use this method only in the following situations:
•
•
•
•
If none of these situations apply to you, you should first use the procedures given in the "Upgrading Using the Existing Cisco IOS Software Image" section, unless you have been instructed otherwise by a Cisco TAC or field service engineer.
Note
To upgrade the Cisco IOS software image and BPI+ certificates on the Cisco uBR905 and Cisco uBR925 cable access routers or the Cisco CVA122 Cable Voice Adapter, use the following set of procedures:
•
•
•
•
•
•
Completing these procedures will upgrade the Cisco IOS software image to Cisco IOS Release 12.2(15)CZ and will upgrade the router's DOCSIS certificate if the current certificate is invalid.
Copy the Certificates and Cisco IOS Software Image to a TFTP Server (Required)
Use the following procedure to copy the Cisco IOS software image and new DOCSIS 1.1 certificates to the TFTP server used by the cable modems.
Step 1
For a DOCSIS 1.0 software download, you must use a software image that is not digitally signed.
Note
Step 2
tftpserver% cp -rf /dev/cdrom/bpicerts.tar /tftpbootStep 3
tftpserver% cd /tftpboottftpserver% tar xvf bpicerts.tartftpserver%If using a Windows PC, use a utility such as WinZip to extract the certificates from the TAR file.
Note
Step 4
tftpserver% chmod a+rx /tftpboot/bpi-certstftpserver% chmod a+r /tftpboot/bpi-certs/*Continue to the next section to create the DOCSIS configuration file that is needed to perform the software image upgrade.
Create a DOCSIS 1.0 Configuration File for the Software Upgrade (Required)
You must create a DOCSIS 1.0 configuration file that instructs the Cisco uBR905/uBR925 cable access router or Cisco CVA122 Cable Voice Adapter to download the new Cisco IOS Release 12.2(15)CZ software image. This information is contained in the following configuration file options:
•
•
–
For a sample DOCSIS 1.0 configuration file, see the "Sample Configuration File for Upgrading the Cisco IOS Software Image Using the BootFlash" section. You must modify this configuration file with the following information that is specific to your network:
•
•
•
You can modify this file with your network-specific information using any DOCSIS 1.0 configuration file editor, such as the Cisco Broadband Configurator Tool (release 4.0 or later).
Upgrade the Cisco IOS Software Image (Required)
After you have copied the software images and new certificates to the TFTP server, and have created the required DOCSIS configuration files, upgrade the Cisco IOS software using the following procedure:
Step 1
Step 2
Step 3
When each Cisco uBR905/uBR925 cable access router or Cisco CVA122 Cable Voice Adapter is restarted, it downloads the DOCSIS 1.0 configuration file, which forces the router to boot into its bootflash software image. The router then downloads the Cisco IOS Release 12.2(15)CZ software image.
Create a DOCSIS 1.0 Configuration File for the BPI+ Certificates Required)
You must create a second DOCSIS 1.0 configuration file that instructs the Cisco uBR905/uBR925 cable access router or Cisco CVA122 Cable Voice Adapter to download the new BPI+ certificates. This information is contained in the following configuration file options:
•
–
–
–
–
For a sample DOCSIS 1.0 configuration file, see the "Sample Configuration File for Upgrading the BPI+ Certificates Using the BootFlash" section. You must modify this configuration file with the following information that is specific to your network:
•
•
•
You can modify this file with your network-specific information using any DOCSIS 1.0 configuration file editor, such as the Cisco Broadband Configurator Tool (release 4.0 or later).
Upgrade the BPI+ Certificates (Required)
After you have copied the software images and new certificates to the TFTP server, and have created the required DOCSIS configuration files, perform the upgrade using the following procedure:
Step 1
Step 2
Step 3
When each Cisco uBR905/uBR925 cable access router or Cisco CVA122 Cable Voice Adapter is restarted, it downloads the DOCSIS 1.0 configuration file, which forces the router to boot the Cisco IOS Release 12.2(15)CZ software image. The router then executes the commands to upgrade the certificates. As it upgrades the certificates, it reports the progress to the SYSLOG event server.
After the router downloads the new certificates, it reloads again time and router reboots with the Release 12.2(15)CZ image and valid DOCSIS 1.1 certificates. The router can then begin normal operations.
Note
Reload the CM for Normal DOCSIS 1.1 Operations (Optional)
To test whether the Cisco uBR905/uBR925 cable access router or Cisco CVA122 Cable Voice Adapter has been successfully upgraded, you can create a DOCSIS 1.1 configuration file that enables BPI+ authentication and encryption. See the "Sample DOCSIS 1.1 Configuration File with BPI+ Enabled (Normal Operations)" section for a sample file that you can use as a template for use and testing. This configuration file is also available in binary form as the cfg11ope.cm file on the distribution CD-ROM.
Replace the DOCSIS 1.0 configuration file with the DOCSIS 1.1 configuration file you have created and reload one or all of the cable modems to begin DOCSIS 1.1 operations.
Configuration Examples
This section provides the following configuration examples that can be used when upgrading the Cisco IOS software image and BPI+ upgrade certificates, using the procedures given in the "Upgrading Using the Existing Cisco IOS Software Image" section:
•
•
•
If you are using the procedure given in the "Upgrading Using the Existing BootFlash Software Image" section, use the following configuration examples instead:
•
•
Tip
Sample DOCSIS 1.0 Configuration File for Certificate and Image Upgrade
The following example shows a sample DOCSIS 1.0 configuration file that will instruct the router to download the Cisco IOS Release 12.2(15)CZ software image and to upgrade its DOCSIS 1.1 certificates. You must change the following parts of this sample configuration to match your local network's configuration:
•
•
•
•
•
You can optionally change the Class of Service Encodings Block (option 4) and Maximum Number of CPE (option 18) values, if desired.
03 (Net Access Control) = 104 (Class of Service Encodings Block)S01 (Class ID) = 5S02 (Max DS rate) = 10000000S03 (Max US rate) = 2000000S06 (Max US transmit rate) = 152209 (Software Upgrade Filename) = iosimages/cva120-k8y5-12215cz-mz##--->Modify the path and filename for an unsigned software image11 (SNMP MIB Object) = docsDevEvSyslog.0 (IP Address) = 10.0.0.23##-------------------------------------->Modify Syslog IP address11 (SNMP MIB Object) = docsDevEvReporting.1 (Octet String) = 0xe011 (SNMP MIB Object) = docsDevEvReporting.2 (Octet String) = 0xe011 (SNMP MIB Object) = docsDevEvReporting.3 (Octet String) = 0xe011 (SNMP MIB Object) = docsDevEvReporting.4 (Octet String) = 0xe011 (SNMP MIB Object) = docsDevEvReporting.5 (Octet String) = 0xe011 (SNMP MIB Object) = docsDevEvReporting.6 (Octet String) = 0xe011 (SNMP MIB Object) = docsDevEvReporting.7 (Octet String) = 0xe011 (SNMP MIB Object) = docsDevSwAdminStatus.0 (Integer) = 218 (Maximum Number of CPE) = 421 (TFTP Server IP) = 10.0.0.100##------------>Modify TFTP Server IP address43 (Vendor Cisco Systems Specific Info Block)S131 (IOS Config Command) = upgrade-bpkm-cert tftp-server 1.0.0.100##----------------------------------------->Modify TFTP Server IP addressS131 (IOS Config Command) = upgrade-bpkm-cert directory-path bpi-certs##-------------------------->Modify Subdirectory path for DOCSIS certificatesS131 (IOS Config Command) = upgrade-bpkm-cert start-upgradeS131 (IOS Config Command) = enable password labS131 (IOS Config Command) = line vty 0 4S131 (IOS Config Command) = password labS131 (IOS Config Command) = end
Tip
Sample DOCSIS 1.1 Configuration File with BPI+ Enabled (Normal Operations)
The following example shows a sample DOCSIS 1.1 configuration file that can be used to enable normal DOCSIS 1.1 operations after you have upgraded the router to the new software image and DOCSIS certificates. You can change the upstream and downstream service flows as desired to match the design of your network.
Note
03 (Net Access Control) = 117 (Baseline Privacy Block)S01 (Authorize Wait Timeout) = 10S02 (Reauthorize Wait Timeout) = 10S03 (Authorize Grace Timeout) = 300S04 (Operational Wait Timeout) = 1S05 (Rekey Wait Timeout) = 1S06 (TEK Grace Time) = 300S07 (Authorize Reject Wait Timeout)= 6018 (Maximum Number of CPE) = 424 (Upstream Service Flow Block)S01 (Flow Reference) = 1S06 (QoS Parameter Set Type) = 7S07 (Traffic Priority) = 4S08 (Max Sustained Traffic Rate) = 250000S09 (Max Traffic Burst) = 2000S10 (Max Reserved Traffic Rate) = 0S11 (Assumed Min Reserved Rate Packet Size) = 0S15 (Service Flow Scheduling Type) = 224 (Upstream Service Flow Block)S01 (Flow Reference) = 2S06 (QoS Parameter Set Type) = 7S07 (Traffic Priority) = 1S08 (Max Sustained Traffic Rate) = 256000S09 (Max Traffic Burst) = 2000S10 (Max Reserved Traffic Rate) = 0S11 (Assumed Min Reserved Rate Packet Size) = 0S12 (Timeout for Active QoS Parameters) = 0S13 (Timeout for Admitted QoS Parameters) = 0S15 (Service Flow Scheduling Type) = 225 (Downstream Service Flow Block)S01 (Flow Reference) = 3S06 (QoS Parameter Set Type) = 7S07 (Traffic Priority) = 1S08 (Max Sustained Traffic Rate) = 10000000S09 (Max Traffic Burst) = 2000S10 (Max Reserved Traffic Rate) = 0S11 (Assumed Min Reserved Rate Packet Size) = 0S12 (Timeout for Active QoS Parameters) = 0S13 (Timeout for Admitted QoS Parameters) = 025 (Downstream Service Flow Block)S01 (Flow Reference) = 4S06 (QoS Parameter Set Type) = 7S07 (Traffic Priority) = 3S08 (Max Sustained Traffic Rate) = 10000000S09 (Max Traffic Burst) = 2000S10 (Max Reserved Traffic Rate) = 0S11 (Assumed Min Reserved Rate Packet Size) = 028 (Max Number of Classifiers) = 429 (Privacy Enable) = Yes43 (Vendor Cisco Systems Specific Info Block)S131 (IOS Config Command) = enable password labS131 (IOS Config Command) = line vty 0 4S131 (IOS Config Command) = password labS131 (IOS Config Command) = end
Tip
Sample DOCSIS 1.1 Configuration File for Secure Software Download
If you have already upgraded a Cisco uBR905/uBR925 cable access router or Cisco CVA122 Cable Voice Adapter to Cisco IOS Release 12.2(15)CZ, or another version of DOCSIS 1.1 software, you must use a DOCSIS 1.1 configuration file when booting. The following example shows a sample DOCSIS 1.1 configuration file that will instruct a DOCSIS 1.1 CM to use DOCSIS secure software download to download the Cisco IOS Release 12.2(15)CZ software image. This configuration file also contains the commands needed to upgrade the DOCSIS 1.1 certificates.
This configuration file is similar to the DOCSIS 1.0 configuration file shown in the "Sample DOCSIS 1.0 Configuration File for Certificate and Image Upgrade" section, except for the following:
•
•
You must change the following parts of this sample configuration to match your local network's configuration:
•
Note
•
•
•
•
You can optionally change the Upstream and Downstream Service Flow Block (options 24 and 25) and Maximum Number of CPE (option 18) values, if desired.
03 (Net Access Control) = 109 (Software Upgrade Filename) = iosimages/cva120cvc-k8o3v9y5-mz##------>Modify the path and filename for a signed software image11 (SNMP MIB Object) = docsDevEvSyslog.0 (IP Address) = 10.0.0.23##-------------------------------------->Modify Syslog IP address11 (SNMP MIB Object) = docsDevEvReporting.1 (Octet String) = 0xe011 (SNMP MIB Object) = docsDevEvReporting.2 (Octet String) = 0xe011 (SNMP MIB Object) = docsDevEvReporting.3 (Octet String) = 0xe011 (SNMP MIB Object) = docsDevEvReporting.4 (Octet String) = 0xe011 (SNMP MIB Object) = docsDevEvReporting.5 (Octet String) = 0xe011 (SNMP MIB Object) = docsDevEvReporting.6 (Octet String) = 0xe011 (SNMP MIB Object) = docsDevEvReporting.7 (Octet String) = 0xe011 (SNMP MIB Object) = docsDevSwAdminStatus.0 (Integer) = 218 (Maximum Number of CPE) = 421 (TFTP Server IP) = 10.0.0.100##------------>Modify TFTP Server IP address24 (Upstream Service Flow Block)S01 (Flow Reference) = 1S06 (QoS Parameter Set Type) = 7S08 (Max Sustained Traffic Rate) = 250000025 (Downstream Service Flow Block)S01 (Flow Reference) = 2S06 (QoS Parameter Set Type) = 7S08 (Max Sustained Traffic Rate) = 400000029 (Privacy Enable) = No32 (Manufacturer CVC) = ./ciscoCVC.der43 (Vendor Cisco Systems Specific Info Block)S131 (IOS Config Command) = upgrade-bpkm-cert tftp-server 1.0.0.100##----------------------------------------->Modify TFTP Server IP addressS131 (IOS Config Command) = upgrade-bpkm-cert directory-path bpi-certs##-------------------------->Modify Subdirectory path for DOCSIS certificatesS131 (IOS Config Command) = upgrade-bpkm-cert start-upgradeS131 (IOS Config Command) = enable password ciscoS131 (IOS Config Command) = line vty 0 4S131 (IOS Config Command) = password ciscoS131 (IOS Config Command) = endSample Configuration File for Upgrading the Cisco IOS Software Image Using the BootFlash
The following example shows a sample DOCSIS 1.0 configuration file that will instruct the router to boot into the bootflash software image and then download the Cisco IOS Release 12.2(15)CZ software image. You must change the following parts of this sample configuration to match your local network's configuration:
•
•
•
You can optionally change the Class of Service Encodings Block (option 4) and Maximum Number of CPE (option 18) values, if desired.
03 (Net Access Control) = 104 (Class of Service Encodings Block)S01 (Class ID) = 5S02 (Max DS rate) = 10000000S03 (Max US rate) = 2000000S06 (Max US transmit rate) = 152209 (Software Upgrade Filename) = iosimages/cva120-k8y5-12215cz-mz##--->Modify the path and filename for an unsigned software image11 (SNMP MIB Object) = docsDevEvSyslog.0 (IP Address) = 10.0.0.23##-------------------------------------->Modify Syslog IP address11 (SNMP MIB Object) = docsDevEvReporting.1 (Octet String) = 0xe011 (SNMP MIB Object) = docsDevEvReporting.2 (Octet String) = 0xe011 (SNMP MIB Object) = docsDevEvReporting.3 (Octet String) = 0xe011 (SNMP MIB Object) = docsDevEvReporting.4 (Octet String) = 0xe011 (SNMP MIB Object) = docsDevEvReporting.5 (Octet String) = 0xe011 (SNMP MIB Object) = docsDevEvReporting.6 (Octet String) = 0xe011 (SNMP MIB Object) = docsDevEvReporting.7 (Octet String) = 0xe011 (SNMP MIB Object) = docsDevSwAdminStatus.0 (Integer) = 218 (Maximum Number of CPE) = 421 (TFTP Server IP) = 10.0.0.100##------------>Modify TFTP Server IP address43 (Vendor Cisco Systems Specific Info Block)S131 (IOS Config Command) = config-register 0x0001##----------------------------------------->Boot the Bootflash Software ImageS131 (IOS Config Command) = enable password labS131 (IOS Config Command) = line vty 0 4S131 (IOS Config Command) = password labS131 (IOS Config Command) = end
Tip
Sample Configuration File for Upgrading the BPI+ Certificates Using the BootFlash
The following example shows a sample DOCSIS 1.0 configuration file that will instruct the router to boot the Cisco IOS Release 12.2(15)CZ software image and then download the BPI+ certificates, if needed. You must change the following parts of this sample configuration to match your local network's configuration:
•
•
•
•
You can optionally change the Class of Service Encodings Block (option 4) and Maximum Number of CPE (option 18) values, if desired.
03 (Net Access Control) = 104 (Class of Service Encodings Block)S01 (Class ID) = 5S02 (Max DS rate) = 10000000S03 (Max US rate) = 2000000S06 (Max US transmit rate) = 152211 (SNMP MIB Object) = docsDevEvSyslog.0 (IP Address) = 10.0.0.23##-------------------------------------->Modify Syslog IP address11 (SNMP MIB Object) = docsDevEvReporting.1 (Octet String) = 0xe011 (SNMP MIB Object) = docsDevEvReporting.2 (Octet String) = 0xe011 (SNMP MIB Object) = docsDevEvReporting.3 (Octet String) = 0xe011 (SNMP MIB Object) = docsDevEvReporting.4 (Octet String) = 0xe011 (SNMP MIB Object) = docsDevEvReporting.5 (Octet String) = 0xe011 (SNMP MIB Object) = docsDevEvReporting.6 (Octet String) = 0xe011 (SNMP MIB Object) = docsDevEvReporting.7 (Octet String) = 0xe011 (SNMP MIB Object) = docsDevSwAdminStatus.0 (Integer) = 218 (Maximum Number of CPE) = 421 (TFTP Server IP) = 10.0.0.100##------------>Modify TFTP Server IP address43 (Vendor Cisco Systems Specific Info Block)S131 (IOS Config Command) = config-register 0x2102##----------------------------------------->Boot the Cisco IOS Software ImageS131 (IOS Config Command) = upgrade-bpkm-cert tftp-server 1.0.0.100##----------------------------------------->Modify TFTP Server IP addressS131 (IOS Config Command) = upgrade-bpkm-cert directory-path bpi-certs##-------------------------->Modify Subdirectory path for DOCSIS certificatesS131 (IOS Config Command) = upgrade-bpkm-cert start-upgradeS131 (IOS Config Command) = enable password labS131 (IOS Config Command) = line vty 0 4S131 (IOS Config Command) = password labS131 (IOS Config Command) = end
Tip
Posted: Fri May 28 11:40:09 PDT 2004
All contents are Copyright © 1992--2004 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.
