Problems in TLS.dot1Q uBR7225 | docsis.org

You are here

HomeForumsDocsis chat

Problems in TLS.dot1Q uBR7225

3 posts / 0 new
Log in or register to post comments
Last post
Wed, 08/27/2014 - 10:32
#1
Gabriel Torrecilla
Problems in TLS.dot1Q uBR7225

Hi!!!

i'm in trouble with some TLS dot1Q over a Cisco uBR 7225

my topology is the following
SWL3 --- uBR --- CM --- CPE

i'm using VLAN int 2717 in SWL3 and i need to reach the CPE.
these are the lines in the uBR

cable l2-vpn-service xconnect nsi dot1q
cable dot1q-vc-map H.H.H GigabitEthernet0/3 2717

and just enable the BPI in the DOCSIS file TLV29 and with some commands on cable interfaces

when i put this line i have the following error...
CMTS-uBR(config)#cable dot1q-vc-map H.H.H GigabitEthernet0/3 2717
BPI not enabled on H.H.H. Please enable BPI for L2VPN functionality

but i just enable that in the docsis file and in the int cable 1/1....

even that i see this message in the debug
*Oct 26 10:07:53.110: Pkt from GigabitEthernet0/3 VLAN 2717 to CM H.H.H sid 4 src 6400.f1b0.ad3f dst 0100.5e00.0009 dropped since Cable1/1 is down
*Oct 26 10:09:05.978: Pkt from GigabitEthernet0/3 VLAN 2717 to CM H.H.H sid 4 src 0024.5192.0705 dst 0100.0ccc.cccd dropped since Cable1/1 is down
*Oct 26 10:09:07.058: Pkt from CM 54d4.6f2e.4355 with sid 4 src d4ca.6d5e.8902 dst ffff.ffff.ffff dropped since mac2vc sid 4 not mapped to TLS
*Oct 26 10:09:07.062: Pkt from CM 54d4.6f2e.4355 with sid 4 src d4ca.6d5e.8902 dst 0100.0ccc.cccc dropped since mac2vc sid 4 not mapped to TLS

the bold MAC is the one from the Int Vlan 2717 in SWL3... so there's connectivity between SWL3 and CMTS

is there any parameter missing in bpi configuration on cable 1/1??
i've tried try placing the CM on both cable interfaces, cable 1/0 and 1/1 are with different configs just for trying

the CM appears online with an * after i've typed the cable privacy bpi-plus-policy capable-enforcement

CMTS-uBR#sh cabl modem
MAC Address IP Address I/F MAC State PrimSid RxPwr(dBmv) TimingOffset NumCPE DIP
H.H.H..................10.107.0.2 ....C1/1/U0......*online ...........4 ........... 3.50......... 2391 ........ 0.......... N

The CM appears not mapped int cable interface

CMTS-uBR#sh cable l2-vpn xconnect dot1q-vc-map H.H.H verbose

MAC Address : H.H.H
Customer Name :
Prim Sid : 0
Cable Interface : NOT MAPPED
Ethernet Interface : GigabitEthernet0/3
DOT1Q VLAN ID : 2717
Total US pkts : 0
Total US bytes : 0
Total DS pkts : 0
Total DS bytes : 0

here's the running conf

Building configuration...

Current configuration : 12246 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CMTS-uBR
!
boot-start-marker
boot-end-marker
!
enable secret 5
enable password
!
no aaa new-model
cable admission-control preempt priority-voice
!
!
no cable qos permission create
no cable qos permission update
cable qos permission modems
!
cable logging badipsource
cable logging layer2events
cable logging overlapip
cable load-balance docsis-enable
cable load-balance rule 100 enabled
!
cable load-balance group 1 method utilization
cable load-balance group 1 interval 300
cable load-balance group 1 threshold load 10 enforce 50
cable load-balance group 1 policy us-groups-across-ds
cable load-balance group 2 method utilization
cable load-balance group 2 interval 300
cable load-balance group 2 threshold load 10 enforce 50
cable load-balance group 2 policy us-groups-across-ds
!
cable l2-vpn-service xconnect nsi dot1q
cable dot1q-vc-map H.H.H GigabitEthernet0/3 2717
ip subnet-zero
!
ip domain name
ip name-server DNS1
ip dhcp relay information option
!
ip cef
!
multilink bundle-name authenticated
call rsvp-sync
!
username
!
controller Integrated-Cable 1/0
rf-channel 0 cable downstream channel-id 1
rf-channel 0 frequency 561000000 annex B modulation 64qam interleave 32
rf-channel 0 rf-power 44.0
no rf-channel 0 rf-shutdown
rf-channel 1 cable downstream channel-id 2
rf-channel 1 frequency 567000000 annex B modulation 64qam interleave 32
rf-channel 1 rf-power 44.0
no rf-channel 1 rf-shutdown
rf-channel 2 cable downstream channel-id 3
rf-channel 2 frequency 573000000 annex B modulation 64qam interleave 32
rf-channel 2 rf-power 44.0
no rf-channel 2 rf-shutdown
rf-channel 3 cable downstream channel-id 4
rf-channel 3 frequency 579000000 annex B modulation 64qam interleave 32
rf-channel 3 rf-power 44.0
no rf-channel 3 rf-shutdown
!
controller Integrated-Cable 1/1
rf-channel 0 cable downstream channel-id 5
rf-channel 0 frequency 561000000 annex B modulation 64qam interleave 32
rf-channel 0 rf-power 44.0
no rf-channel 0 rf-shutdown
rf-channel 1 cable downstream channel-id 6
rf-channel 1 frequency 567000000 annex B modulation 64qam interleave 32
rf-channel 1 rf-power 44.0
no rf-channel 1 rf-shutdown
rf-channel 2 cable downstream channel-id 7
rf-channel 2 frequency 573000000 annex B modulation 64qam interleave 32
rf-channel 2 rf-power 44.0
no rf-channel 2 rf-shutdown
rf-channel 3 cable downstream channel-id 8
rf-channel 3 frequency 579000000 annex B modulation 64qam interleave 32
rf-channel 3 rf-power 44.0
no rf-channel 3 rf-shutdown
!
interface GigabitEthernet0/1
description TO-SWL3
ip address X.X.X.X/30
media-type rj45
speed auto
duplex auto
negotiation auto
!
interface FastEthernet0/2
no ip address
shutdown
speed auto
duplex auto
!
interface GigabitEthernet0/2
no ip address
shutdown
media-type rj45
speed auto
duplex auto
negotiation auto
!
interface GigabitEthernet0/3
no ip address
media-type rj45
speed auto
duplex auto
negotiation auto
!
interface Cable1/0
downstream Integrated-Cable 1/0 rf-channel 0-3
no cable packet-cache
cable bundle 1
cable upstream max-ports 4
cable upstream bonding-group 200
upstream 0
upstream 1
upstream 2
upstream 3
attributes 80000000
cable upstream 0 connector 0
cable upstream 0 frequency 30000000
cable upstream 0 channel-width 3200000 3200000
cable upstream 0 ingress-noise-cancellation 200
cable upstream 0 power-level 4
cable upstream 0 load-balance group 1
cable upstream 0 docsis-mode tdma-atdma
cable upstream 0 minislot-size 2
cable upstream 0 range-backoff 3 6
cable upstream 0 modulation-profile 121
no cable upstream 0 shutdown
cable upstream 1 connector 1
cable upstream 1 frequency 33200000
cable upstream 1 channel-width 3200000 3200000
cable upstream 1 ingress-noise-cancellation 200
cable upstream 1 power-level 4
cable upstream 1 load-balance group 1
cable upstream 1 docsis-mode tdma-atdma
cable upstream 1 minislot-size 2
cable upstream 1 range-backoff 3 6
cable upstream 1 modulation-profile 121
no cable upstream 1 shutdown
cable upstream 2 connector 2
cable upstream 2 frequency 36400000
cable upstream 2 channel-width 3200000 3200000
cable upstream 2 ingress-noise-cancellation 200
cable upstream 2 power-level 4
cable upstream 2 load-balance group 1
cable upstream 2 docsis-mode tdma-atdma
cable upstream 2 minislot-size 2
cable upstream 2 range-backoff 3 6
cable upstream 2 modulation-profile 121
no cable upstream 2 shutdown
cable upstream 3 connector 3
cable upstream 3 frequency 39600000
cable upstream 3 channel-width 3200000 3200000
cable upstream 3 ingress-noise-cancellation 200
cable upstream 3 power-level 4
cable upstream 3 load-balance group 1
cable upstream 3 docsis-mode tdma-atdma
cable upstream 3 minislot-size 2
cable upstream 3 range-backoff 3 6
cable upstream 3 modulation-profile 121
no cable upstream 3 shutdown
cable privacy mandatory
cable privacy authenticate-modem
cable privacy kek life-time 6048000
cable privacy tek life-time 604800
cable privacy bpi-plus-policy total-enforcement
cable load-balance group 1
!
interface Wideband-Cable1/0:0
cable bundle 1
cable privacy tek life-time 604800
!
interface Integrated-Cable1/0:0
cable bundle 1
cable rf-bandwidth-percent 96
!
interface Integrated-Cable1/0:1
cable bundle 1
cable rf-bandwidth-percent 96
!
interface Integrated-Cable1/0:2
cable bundle 1
cable rf-bandwidth-percent 96
!
interface Integrated-Cable1/0:3
cable bundle 1
cable rf-bandwidth-percent 96
!
interface Cable1/1
downstream Integrated-Cable 1/1 rf-channel 0-3
no cable packet-cache
cable bundle 1
cable upstream max-ports 4
cable upstream bonding-group 201
upstream 0
upstream 1
upstream 2
upstream 3
attributes 80000000
cable upstream 0 connector 4
cable upstream 0 frequency 30000000
cable upstream 0 channel-width 3200000 3200000
cable upstream 0 ingress-noise-cancellation 200
cable upstream 0 power-level 4
cable upstream 0 docsis-mode tdma-atdma
cable upstream 0 minislot-size 2
cable upstream 0 range-backoff 3 6
cable upstream 0 modulation-profile 121
no cable upstream 0 shutdown
cable upstream 1 connector 5
cable upstream 1 frequency 33200000
cable upstream 1 channel-width 3200000 3200000
cable upstream 1 ingress-noise-cancellation 200
cable upstream 1 power-level 4
cable upstream 1 docsis-mode tdma-atdma
cable upstream 1 minislot-size 2
cable upstream 1 range-backoff 3 6
cable upstream 1 modulation-profile 121
cable upstream 1 shutdown
cable upstream 2 connector 6
cable upstream 2 frequency 36400000
cable upstream 2 channel-width 3200000 3200000
cable upstream 2 ingress-noise-cancellation 200
cable upstream 2 power-level 4
cable upstream 2 docsis-mode tdma-atdma
cable upstream 2 minislot-size 2
cable upstream 2 range-backoff 3 6
cable upstream 2 modulation-profile 121
cable upstream 2 shutdown
cable upstream 3 connector 7
cable upstream 3 frequency 39600000
cable upstream 3 channel-width 3200000 3200000
cable upstream 3 ingress-noise-cancellation 200
cable upstream 3 power-level 4
cable upstream 3 docsis-mode tdma-atdma
cable upstream 3 minislot-size 2
cable upstream 3 range-backoff 3 6
cable upstream 3 modulation-profile 121
cable upstream 3 shutdown
cable privacy bpi-plus-policy capable-enforcement
arp authorized
!
interface Wideband-Cable1/1:0
cable bundle 1
!
interface Integrated-Cable1/1:0
cable bundle 1
cable rf-bandwidth-percent 96
!
interface Integrated-Cable1/1:1
cable bundle 1
cable rf-bandwidth-percent 96
!
interface Integrated-Cable1/1:2
cable bundle 1
cable rf-bandwidth-percent 96
!
interface Integrated-Cable1/1:3
cable bundle 1
cable rf-bandwidth-percent 96
!
interface Bundle1
ip address 10.107.0.1 255.255.0.0
load-interval 30
no cable arp filter request-send
no cable arp filter reply-accept
cable dhcp-giaddr policy
cable helper-address 172.16.2.2 cable-modem
cable helper-address 172.16.2.2 host
arp authorized
!
router ospf 1
log-adjacency-changes
redistribute connected subnets
network 10.107.0.0 0.0.255.255 area 0
network X.X.X.X area 0
!
ip classless
ip route 0.0.0.0 0.0.0.0 X.X.X.X 120
!
no ip http server
no ip http secure-server
!
!
!
ip access-list standard SNMP
deny any
ip access-list standard TELNET
deny any
!
logging cmts ipc-cable log-level errors
cpd cr-id 1
nls resp-timeout 1
!
control-plane
!
dial-peer cor custom
!
gatekeeper
shutdown
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
access-class TELNET in
login local
line vty 5 15
login local
!
exception crashinfo buffersize 64
!
cable fiber-node 1
downstream Integrated-Cable 1/0 rf-channel 0-3
upstream Cable 1 connector 0-3
!
end

Any help will be aprecciated!!
Thanks!

Top
Tue, 09/02/2014 - 14:04
Gabriel Torrecilla
updates - Enabling BPI +

I've verified there was a problem in docsis file.
after that i have my CM in reject (pk)
i've downloaded the certificate at CableLabs (DOCSIS_Cable_Modem_Root_CA.cer ) and added as root-cert.... but it's still at reject (pk)

how can i verify the certificate is being loaded correctly?
if y just type test cable generate-certificate root , nothing happens

Top
Mon, 09/08/2014 - 01:30
(Reply to #2)
mbowe
I reckon you need to remove :

I reckon you need to remove :
cable privacy authenticate-modem

And I would also remove these :
cable privacy kek life-time 6048000
cable privacy tek life-time 604800

Top
Log in or register to post comments