SB5101E modems stuck in reject(pk) or reject(pt) | docsis.org

You are here

SB5101E modems stuck in reject(pk) or reject(pt)

10 posts / 0 new
Last post
fb445421
SB5101E modems stuck in reject(pk) or reject(pt)

Hi!

A customer experienced problems today with the remaining ~100 modems of model Motorola SB5101E. They all got stuck in reject(pk) or reject(pt) and possibly online(un) for some time. CMTS is a BSR2000. We tried it all but eventually set the date back to 2020 instead of 2021 and all modems came up. The modem logs showed a lot of "Time requested - no response received" or similar, but we verified that the time server did send correctly stamped time responses.

If anyone knows if this is due to the old firmware in the modems (at least some had SB5101-2.7.7.0-GA-00-NOSH-NNDMN) or a bug in the BSR2000 firmware (unknown version, could be BSR2000 1.0.0P59.07) I'd appreciate a heads up on that! Customer is good with backing the date but I'd like to deliver a more robust solution if possible.

Thanks! /Fredrik

derytelecom
did you check the expiration

did you check the expiration of the certificate in the modems ?

fb445421
Cert

Yes, I checked the cert and it expired in 2013 (the one I checked), so if it worked for 7 years, why stop today and not back then :) Also, backdating the time on the time server and the CMTS to 2020 helped, so that puzzles me even more.

I read up on this and it seems other vendors have a config entry that tells the CMTS to ignore the cert expiration, like Cisco's "cable privacy revocation skip-cm-cert" and/or "skip-validity-period" (no experience with that).

cmcaldas
2k

Dam... that's going way back... in interface cable, cable dynamic-service authorization-mode . I believe that may let them work without bpi or simply remove the bpi from the modem file. granted data isn't encrypted between the modem and cmts, but it's not after it leave the cmts anyway unless the customer uses a vpn service. when in interface cable 0/0, cable dynamic-service ? to confirm options.
I think that's it though

fb445421
Old times

Thanks! Yes, it's old times for me too :) I still entertain a couple of customers with DOCSIS gear, but it's getting rare. Quitting BPI all together might be a bad idea as all the TV network will be able to tune in to the traffic (like in the CB radio days), so I'll see if I can set some auth mode as you suggested to get it going with BPI and without checking the cert validity.

fb445421
Solved!!!

I found the command thanks to suggestions here and in other posts:

configure
interface cable 0/0
cable privacy cert valid false
end
write memory

Make sure the time is correct on the CMTS and the time server.
Reboot the modems that are stuck.

/Fredrik

PS Still curious as to why this happened yesterday when the certs are all invalid since years back...

mbowe
Perhaps you are talking about

Perhaps you are talking about the manufacturer CVC certificate expiring years ago? (used the CM config file for firmware upgrades)

The manufacturer CVC is different to the modem's PKI certificate

A variety of modems have PKI certificates expiring in 2021, as discussed here https://www.docsis.org/forums/docsis-chat/pki-certificates

cmcaldas
even though old

Noticed the software is not the last one, two releases before. if you like, post your email for appImage_100P5914TRCU

fb445421
FW

cmcaldas, thanks!

serykh
Me please

serykh (.) mobile@gmail.com

Log in or register to post comments