Hi, Everyone
I test my Cisco 10K and Broadcom cable modem security feature.
The Broadcome modem have a fearture that can enforce to use the "tftp" and "config file name" in NonVol setting,
due to this feature, it can ignore the config file name that DHCP provision server is providing.
so I can change the ConfigFileName in the console to request the highest QoS and use your area's TFTP server.
How can I do setting in CMTS to reject user to change ConfigFileName ??
Thanks !!! ^^"
as below:
-----------------------------------------------------------------------------
cd /non/docsis
enable force_cfgfile true
dhcp_settings
My IP Address: [10.10.10.10]
Subnet Mask: [255.255.255.0]
Router IP Address: [10.10.10.254]
Those are the only 3 that really need to be changed. Do you want to change the
other settings? [no] Y
TFTP Server IP Address: [10.10.10.254]
Config file name: [cm.bin] CM60M6M.bin
Time Server IP Address: [10.10.10.254]
SysLog Server IP Address: [10.10.10.254]
Yes, this is realy tricky because the features like tftp-enforce and shared-secret shouldn't help to prevent this. In this case your strategy to improve your network security will not end by the CMTS. There should be another points to make this actually accomplish like a secure Provisioning-System with dynamic generated configuration files for every cable modem... And in the end there should be a periodic check of the QoS or CoS settings of the cable modem to compare whether these settings are matching with the service who the customer has paid.