Cable Modem Terminate

System
Setup

: Devil_huang

What is CMTS ?
Cable Modem Terminate
System (CMTS)
1. The Router
2. Gateway

1.The Router
Route data between a cable modem
network and a head-end internetwork

2.Gateway
CMTS provides the encapsulation
and de-capsulation of DOCSIS traffic.
In upstream traffic ,it translates DOCSIS data to IP
data then forwards to backbone network.
In downstream traffic , it translates IP data to DOCSIS
data and forwards the result to a cable modem.
2

Simplified Cable Headend Configuration for Two-way Data

CMTS function

Performing MAC and PHY

reception and transmission
functions
Packet classification
Priority queuing Data encryption
Modification
Encapsulating packets in the
Filtering
data link layer
Routing
Extracts Ethernet packets
Priority routing
Tunes each upstream channel
Proxy services
Demodulates upstream data
Modulates downstream data
Adding forward error correction

Abbreviation

CMTS: Cable Modem Terminate System

CM: Cable Modem
DOCSIS: Data Over Cable Service Interface
Specification
DHCP: Dynamic Host Configuration Protocol
CPE: Customer Premises Equipment
ISP: Internet Service Provider

SNMP: Simple Network

Management Protocol

TFTP: Trivial File Transfer Protocol

BPI: Baseline Privacy Initialization

TOD: Time Of Date

ACL: Access Control List

ARP: Address Resolution Protocol

CLI: Command Line Interface

AAI: Aggregate Access Interface

QoS: Quality Of Service

MIC: Message Integrity Check

CMS: Call Management Server

CA: Certificate Authority

RKS: Record Keeping server

MIB: Management Information Base

Architecture
MSO Backbone Network
Next-hop Router
DHCP/FTP/WEB Server
ISP

CM Access Network
CPE
CM
6

Packet-Cable Functionality chart

Sample Network

What should be specify ?

Cable Access

Interface
Fast Ethernet Interface
Backbone Router
DHCP / TFTP / TOD / Log server
MIC Configuration
Privacy Configuration
RF Configuration
CMTS Unit Interfaces
9

Logging In CMTS
Privilege modes

Non-privileged Mode:can access all reports and

diagnostics cannot modify the system configuration

Privileged Mode: can modify the system configuration

Logging In

Type enable puts the CLI in Privileged mode.

Need password to access
Type config terminate to get into the configuration context.
And type username devil password letmein to create new user account.
Type do show username to verify the account.
10

Configuring A Backbone Fast

Ethernet Interface
Type configure t to get into configuration context , where

you can start configuring

Type interface fastethernet {0/0/0 | 0/0/1| 0/0/2 | 0/0/3}
This command identifies specific fast Ethernet interface
you are about to configure.
Type ip address a.b.c.d e.f.g.h
This command identifies a.b.c.d as the fast Ethernet s IP
address, e.f.c.d as its subnet mask.
Type do show interface ip to verify the configuration
Type no shutdown to enable the interface.
Example: Terayon CMTS(config-if 0/0/0) # ip add
192.168.24.11 255.255.255.0

11

Configuring the Next-Hop Route

The next-hop route defines the backbone router the CMTS

is connected to.In the factory , it always be combined to
the server directly.So the route IP address will be replaced
with the servers IP address.
Type ip route {network prefix} {netmask} {next-hop route
IP address}
Example: Terayon CMTS (config)# ip route 0.0.0.0 0.0.0.0
192.168.24.12.
In this example ,network prefix and netmask are fill with
0. This identifies all packet data should route to
192.168.24.12.
12

AAI concept
Aggregate Access Interface
Cable modem access interface provided by CMTS.
Handles the routing of IP packets to the multiple

physical cable interface ,thus keeping the HFC-plant

configuration independent of the IP address domains.
You can configure the baseline IP network to use a
private or non-routable network IP address for CMs
only. This avoids the use of public IP addresses for
CMs
13

Aggregated Access Interface

Configuring the AAI

Type interface access 0 to get into the access

configuration context.
Type ip address a.b.c.d e.f.g.h to identifies the CM
access network IP
Type ip address a.b.c.d e.f.g.h secondary to identifies
the CPE access network IP
Type cable helper-address {ip-address} [cable-modem
| host] to identifies the DHCP servers address.
Example: Terayon CMTS(config-if-AAI-0)# cable
helper 192.168.24.12
15

Configuring the AAI

Configure the gateway interface address (giaddr) for the
CM and CPE access networks on the global Aggregated
Access using the command:
cable dhcp-giaddr {policy | primary}
If you select policy , the CM and CPE networks use a
different giaddr .
If you select primary , the CM and CPE networks use the
same giaddr.

Example: Terayon CMTS ( config-if-AAI-0) # cable dhcpgiaddr policy

16

MIC configuring

Type interface cable CMTS unit number to

specify the unit you want to configure.
Type cable shared-secret word to specify the
shared-secret authentication string.
Use no prefix to disable MIC.
Example: Terayon CMTS (config-if-1) # cable
shared-secret DOCSIS
Default string.

annex A : Euro-DO
annex B : DOCSIS

One of the many features the CMTS has is its ability to verify
the authentication of a DOCSIS modem. This is accomplished
through the authentication string the modem downloads in its
configuration file.The authentication string is encrypted , then the
modem transmits the string to the CMTS for verification. The
process is called Message Integrity Check.

RF Configuration

Type interface cable CMTS unit number to specify the unit you want to configure.

Downstream

configuration

Type cable downstream frequency to specify the center frequency

of the downstream channel. The valid ranges for the value are :
<91MHz 857MHz> for no.America and Japan
<112MHz 858MHz> for Europe.

Type cable downstream power to specify the power level that

CMTS output.
Use the following command to set the downstream modulation
type
cable downstream modulation {64qam | 256qam}

RF Configuration
Upstream

configuration

Type cable upstream {0-3} {0|1} frequency

to specify the upstream center frequency.
The parameter {0-3} indicates the physical
upstream port you are configuring
The parameter {0|1} indicates the channel mode
to which the center frequency will apply.
0 for TDMA
1 for S-CDMA
The frequency values valid ranges are:
<5MHz 42MHz> for North-America
<5MHz 65MHz> for Europe
<5MHz 55MHz> for Japan

RF Configuration
Verify

the US / DS center frequencies

Terayon CMTS (config-if-1)# do show cable 1

upstream 0 0
Terayon CMTS (config-if-1)# do show cable 1
upstream 0 1
Terayon CMTS (config-if-1)# do show cable 1
downstream

Enabling

the interface

Type no shutdown to enable CMTS unit interfaces.

RF Configuration
Example:

Terayon CMTS (config-if-1)#cable upstream 0 0 freq

30000000
Terayon CMTS (config-if-1)#cable downstream freq
802000000
Terayon CMTS (config-if-1)# no shutdown
This command enables the CMTS Unit MAC interface
Terayon CMTS (config-if-1)# no cable upstream 0 shutdown
Terayon CMTS (config-if-1)# no cable upstream 0 0
shutdown
Terayon CMTS (config-if-1)# no cable downstream shutdown

DOCSIS 1.0 / 1.1 /2.0

Item

upstream

BPI

DOCSIS1.0

TDMA

disable

DOCSIS1.1

TDMA

enable

DOCSIS2.0

S-CDMA

enable

Viewing Status

Viewing Cable Interface Status

Terayon CMTS(config-if-1) # do show interfaces cable

Intf
Type
MTU
Speed MACaddr. Oper Admin
status
(bps)
status status

Viewing Cable Modem Status

do show cable modem

MAC
IP
Cable Prim Chan MAC Timing RxPwr Unm
Address Address I/F
SID Mode State offset (db)
CPE
00e0.6f23.72c0 111.121.1.200 1/1/0/0

tdma

online(t)

285

BPI
Baseline

Privacy Initialization

Security is an issue of prime importance with the

CMTS. By the term security we mean access and
privilege levels ,authentication ,network privacy
,data filtering, and hostile-attack protection.
download configuration file from server to
determine enable BPI or disable.
Use the cable privacy command to enter the
configuration for privacy and BPI

Configuring cable privacy

Create a list of trusted / un-trusted cable modem

Use the cable privacy hotlist command to create a list (Hotlist)

of un-trusted cable modem
Cable modem on the Hotlist are never authorized and are
always denied service.
Use the cable privacy trusted-list command to create a list
(trusted-list) of trusted cable modem
Cable modem on the trusted-list are always authorized for
service and no authentication checking is performed.
The same cable modem cannot be entered on both Hotlist and
Trusted-list lists.
Terayon CMTS(config)# [no] cable privacy hotlist H.H.H
{manufacturer cert-ref-no} . Where H.H.H specifies a MAC
address and cert-ref-no is the reference number assigned to this
Manufacturers Certificate.

Configuring cable privacy

Certificate

Use the cable privacy certificate {root | manufacturer} cert-ref-no

command to enable or disable CA certificates.
The CMTS maintains a list of known certificates classified in three
categories,Root and Manufacturer Certificates.
Root Certificates added are marked as root and by default marked
trusted.for operation purposes , the system requires only one active Root
Certificate.
Manufacturer Certificates added are marked as trusted by default.The
command cable privacy hotlist allows marking a Certificate as untrusted.

Configuring cable privacy

Certificate (continue)
Manufacturer Certificates can be added/ modified.When

the certificate be added , a unique reference number is

automatically assigned to it and displayed on the
command line.This reference number may be used later
to display information about this certificate or to delete
this certificate from the database.
Example:

Terayon CMTS(config)# cable privacy certificate root cert-refno 2 for American or Japan.
Terayon CMTS(config)# cable privacy certificate root cert-refno 3 for Europe.

Configuring cable privacy

Self-signed Certificates

The CMTS policy to accept self-signed manufacturer certificates

from cable modems at authorization time.
Use the accept-self-signed-certificate command to accept selfsigned manufacturer certificates.
It is always set on a per-cable-line-card basis.

Enabling the Validity Period Check

The CMTS verifies the validity period of cable modem

certificates( at KEK exchange times), using its time-of-day clock
as the time reference for the verification.
Use the validity-period-check command to force verification of
the modem certificate validity period.

Configuring cable privacy

Key Encryption Key/Traffic Encryption Key lifetime

When BPI is enabled (in the cable modem configuration file),the

CMTS and the cable modem use authorization and encryption /
decryption for packet across the HFC interface.The BPI is configured
with KEKs and TEKs.
A KEK is assigned to a cable modem based on the cable modems
service identifier(SID) and permits the connection when baseline
privacy is activated.
The TEK is assigned to a cable modem when its KEK has been
established.It is used to encrypt data traffic between cable modems.
KEK and TEK can be set to expire based on a lifetime value.New keys
are requested before the current ones expire.
Use the no form of the command to return to the default condition .

Configuring cable privacy

Setting the Registration Timeout

Use the registration-timeout command to set the value of the

DOCSIS registration timeout timer(T9 timeout) on a particular
interface.
The registration timeout is the time allowed between the CMTS
sending a RNG-RSP (ring-response success) to a CM and
receiving a REG-REQ(registration request) from that same CM.

Configuring the Shared Secret String(MIC)

Use the default cable shared-secret command to set the default

shared secret string.

Configuring cable privacy

Setting

UP Basic Access Control Lists

This allows defining a list of host names or IP address

to be permitted or denied access.

Display

and diagnose security parameters

Displaying Privacy certificates

show cable privacy certificate {root | manufacturer cert-ref-no}

show cable privacy certificate modem H.H.H

Displaying Interface Privacy Information

show cable privacy interface

The modem configuration file

The modem configuration file is stored as a binary

file.It can be edited using a special tool.
Use a designated TFTP server to make your modem
configuration file available for remote configuration.
Example setting for DOCSIS2.0 modem:
o Privacy Enable(29) =0
o Service Flow Reference(24.1) = 1
o Quality of Service Parameter Set Type (24.6) = 7
o Network Access Control Object(3) = 1
o Maximum Number of CPEs (18) = 2
o Upstream Service Flow encoding(24)
o Downstream Service Flow Encoding(25)
o Service Flow Reference (25.1) = 5
o Quality of Service Parameter Set Type (25.6) = 7

The DHCP Relay Agent

Each modem and host can get an IP

address and IP information from a
DHCP server connected to the
CMTS.The CMTS servers as a relay
agent between the DHCP server and the
modems and implements the
DHCP/BootP relay agent.

The DHCP Relay Agent

Address Resolution Protocol Function

The CMTS supports the ARP protocol, a protocol

used to obtain a device physical (layer 2 MAC) address
based on its logical (layer 3 IP) address.In short,ARP
binds high level IP address to low level physical
address.However , the CMTS handles ARP differently
for the backbone , management, and cable interface.
Entries both for CM and CPE. Each ARP table entry
associates a single IP address with a singe host.
Supporting Dynamic and Static ARP entries
Extended ARP type
ARP learning

ARP Function

ARP configuration
Aging

timeout

This allows you to set the threshold when you

want dynamic ARPs to age out

Terayon CMTS(config)# arp timeout <30-86401>.
Where <30-86401> is the timeout value in
seconds. The value 86401 indicates that there is no
timeout and the dynamic ARPs do not age out.

ARP configuration

Proxy ARP

The Proxy ARP feature works on only the cable network side of
the CMTS.
This reduces network ARP traffic overhead ,thus improving
network performance, and at the same time increases network
security
When a cable network host send an ARP request to the CMTS,
instead of broadcasting that request to the cable modem network
,the CMTS responds to the ARP request and then relays the
request to the appropriate host on the cable network.In the host
ARP tables, the destination MAC address is always the CMTS
MAC address
The default condition of the Proxy ARP feature is enabled

ARP configuration
ARP Learning

feature

This enables you to stop clients that obtain IP addresses via dynamic
ARP from passing traffic,thus forcing the client (CPE) to obtain an IP
address via a DHCP transaction.
If you disable ARP Learning on the access side, the CMTS ARP table
entries only from Static ARP and DHCP ARP assignments.Dynamic
ARPs and host MAC addresses for Static-host ARPs are not learned.
The ability to enable and disable ARP Learning gives you strict
control over ARP table entries,resulting in a higher degree of
protection against IP address spoofing.(unauthorized devices
attempting to steal or mimic a valid IP address).
The default condition for ARP learning on the access side is enabled

ARP configuration
Clear ARPs

on Modem Reset

You may configure the CMTS to clear (remove) CPE

ARPs whenever a cable modem resets.

This may be useful when the IP limit for a modem is 2
or greater
If the Lease Query (source IP address verification)
feature is disabled ,then enabling the ARP clear-onreset feature has no effect.
Terayon CMTS(config)# arp clear-on-reset

Server Configuration

Operating System (OS)

Win2000 professional

Service Path 4
Internet Information Services.

Win2000 Server
Win2000 Advance Server

Software
Cisco Network Register 3.0 (DHCP Server)
tardis2000nt (TOD Server)
TFTP 2000 (TFTP Server)

Server Configuration

Internet Information Services

HTTP support
Web service
FTP support

FTP service
Scripts support
POP3 / SMTP support

Setup
1. Start 2. Setting 3.Control Panel 4.
Add/Remove Programs 5.Add/Remove Windows
Component 6.Windows Component Wizard
7.Select IIS 8. Press Next Finish

IIS setup

IIS setup

IIS setup

After finished software install.The following

folders will be created in disk C.
Inetpub

FTProot
WWWroot

The file which named default.htm in WWWroot

will used as the web servers default web.
The files in FTProot will displayed in FTP
servers folder.

Default.htm

IIS setup

FTP Configuration

Enabling FTP service

1.Start 2. Setting 3.Control Panel 4.

Administrative tools 5.Service 6. Select

FTP Publishing Service 7.Start the service
8. Set the start-up type automatic Finish

Copy files you want to shell to FTProot.

Enabling FTP
service

FTP Publishing Service

Enabling FTP
service

DHCP Configuration

Software setup
Login in the system
Add scope
Policy configuration

Time offset
Router
DHCP lease time
Time Server
Packet file name
Log server

Use interface configuration

TOD setup
Log

into your Windows NT system as a user with

administrative privileges. Tardis 2000 NT must be
installed and configured by someone with
administrative privileges.
Run the tardis2000NT.exe program and Tardis
2000 will automatically be installed.
Choose start service / stop service as show in the
following figure

Run Tardis 2000 NT

TFTP setup
If you use TFTPD32.exe , Start the
program at the same path of the CM
configuration file
If you use TFTP server pro 2000
,configured the input path as the CM
configuration files location

Troubleshooting

Understand show command Responses

show cable modem

show interface cable
show cable privacy
show arp
show run

Understand CM online procedure

Understand CM online message
Troubleshooting Cable Modem State

Troubleshooting

Cisco CM State
Offline State
Ranging Process

init(r1),init(r2),init(rc)state

DHCP

init(d) , init ( i ) state

TOD exchange: init(t) state

Option file transfer started : init (o) state
Online

Online , Online(d) ,Online(pt) state

Reject

reject(pk) , reject(pt) , reject(m) ,reject(c) state

Troubleshooting

Terayon CM State
Offline
Offline , Offline(lr) , offline (ad) state
Ranging Process

init(r ) ,init(rc) ,init(ds) ,init(os) ,init(ip) state

Online
Online(pd),Online(tek) ,Online(kek) ,Online(t)

Troubleshooting

Offline state most common reasons

Weak carrier signal ( too much noise ).

Incorrect Downstream Center Frequency
Incorrect Frequency Specified in the DOCSIS file
Absence of downstream digital QAM modulated signal
Incorrect frequency specified in cable modem change-frequency on
the CMTS router

Offline (lr) & Offline (ad)

Offline (lr) :The line-card on which the modem came up on last time
was deleted.
Offline (ad): The modem is denied access. Check the configuration
file of the modem.

Troubleshooting

Ranging process

Cisco

At this stage , the CM begins a ranging process to calculate

the necessary transmit power level to reach the CMTS at its
desired input power level
init(r1) : Cable modem sent initial ranging
init(r2) : Cable modem is ranging
init(rc) : Cable modem ranging complete

Terayon

init(r ) : The modem is in ranging modem

Troubleshooting

DHCP state

After successful ranging ,it needs to acquire network

configuration via DHCP. The CM sends a DHCP request and
the CMTS relays those DHCP packets in both direction.

DHCP request received

Cisco : init (d)
Terayon

init (rc) : the modem is unable to get a DHCP address.

init (ds) : DHCP discover is sent and waiting for offer.

Troubleshooting

DHCP request received state most common

reason.

Missing cable helpler-address <IP-address> command on the

CMTS or incorrect < IP-address>
DHCP server down
IP connectivity issue from the CMTS to the DHCP server
Wrong default gateway configured at the DHCP server
Low transmit power at the CM or low upstream SNR,see RF
Specifications
DHCP server overload
DHCP server is out of IP addresses
Reserved IP address for modem is inside wrong scope.

Troubleshooting
DHCP reply

received ; IP address assigned

Cisco: init( i )
Terayon : init( os )

Most common reason

Incorrect or invalid DOCSIS file specified in the DHCP server

TFTP server issues , for example incorrect ip address,TFTP
server unreachable
Problems getting TOD or Timing Offset
Incorrect Router setting in the DHCP configuration

Troubleshooting

TOD exchange init( t ) state

You can only see this at Ciscos CMTS

Almost always point to a DHCP mis-configuration
Wrong TOD server address
TOD server is unavailable.

Troubleshooting

Option file transfer started state

Cisco : init ( o )
Terayon : init (ip)

Most common reason

Incorrect,corrupt (for example: ASCII instead of binary), or

missing DOCSIS configuration file.
Unable to reach the TFTP server ,either is unavailable , too
busy or no IP connectivity
Invalid or missing Configuration Parameter in DOCSIS file
Wrong file permissions on the TFTP server

Troubleshooting

Online state
Cisco
online : Cable modem registered , enabled for data
online(d) : Cable modem registered ,but network access for the cable
modem is disabled
online(pk): Cable modem registered , BPI enabled and KEK assigned
online(pt) : Cable modem registered,BPI enabled and TEK assigned

Terayon

online(pd)
online(tek)
online(kek)
online(t)

Troubleshooting

Reject state
Cisco
Reject(pk) and Reject(pt) state
Reject(m)

Most common reason

Reject(pk) and Reject(pt) state
Some problem with the BPI configuration
Reject(m)
Some problem with the MIC

Troubleshooting

Full of log
application program log
Clear log at the server
CM record log
Clear log at CMTS

Example:
Terayon CMTS # clear cable modem offline delete

Thank you !
Devil