Index

index

A

access control undefined packets and 3-115

access control lists

: See ACL

access lists

: WFQ and 3-108
: See also extended access lists

access-list (encryption) command 3-99

access-list command 3-114

access-list permit ip host command 3-99

ACL

: CBWFQ 3-109

address keyword, using (note) 3-96, 3-98

addresses, MAC 2-8

: ESP and (note) 3-101
: IP numbers 3-99

attaching service policies 3-112

authentication

Cisco uBR7200 series

: using RADIUS 3-10

authentication command 3-94

authentication header

: See AH

AutoInstall configuration, basic 2-23

B

backbone routers, QoS functions 3-105

bandwidth command 3-107, 3-111

Baseline Privacy

: configuring 3-40

broadband

cable modem subnet addressing 3-13

Cisco uBR7200 series

: authentication 3-10
: Baseline Privacy 3-9
: Baseline Privacy, configuring 3-40
: basic wiretap support 3-13
: burst profile 3-13
: cable flap list 3-70
: cable modem authentication 4-3
: cable modem subnet addressing 3-13
: cable modulation profiles, configuring 3-61
: cable profiles 3-61
: cable relay agent 3-57
: configuration prerequisites 3-4
: configuration tasks 3-4
: CPE limitation 3-12
: DHCP giaddr 3-58
: downstream cable interface, configuring 3-14
: downstream channel ID 3-12
: downstream frequency override 3-12
: downstream interleave depth 3-20
: downstream modulation 3-19
: downstream rate limiting
: downstream rate limiting
: configuring 3-22
: downstream rate shaping 3-12
: dynamic ranging 3-12
: frequency agility, configuring 3-42
: integrated DHCP server 3-14
: integrated TOD server 3-14
: managing cable modems 3-66
: multiple SIDs 3-5
: per-modem/per-host access lists 3-13
: QoS permission 3-64
: QoS profile assignment 3-65
: QoS profile enforcement 3-6
: QoS profiles, configuring 3-63
: QoS, summary 3-1
: reset cable modem counters 4-9
: reset cable modems 4-8
: security features 3-9
: service class profiles 3-4
: spectrum group characteristics 3-50
: spectrum management 3-14
: sync message interval, configuring 4-2
: traffic shaping 3-11
: troubleshooting 3-70
: upstream address verification 3-10
: upstream admission control 3-29
: upstream back-off values 3-38
: upstream cable interface, configuring 3-23
: upstream channel width 3-25
: upstream differential encoding 3-32
: upstream forward error correction 3-29
: upstream frequency adjustment 3-35
: upstream input power level 3-28
: upstream minislot size 3-30
: upstream power adjustment 3-36
: upstream rate limiting 3-33
: upstream rate shaping 3-12
: upstream scrambler 3-31
: upstream timing adjustment
: upstream timing adjustment
: configuring 3-37

frequency hopping

: configuring 3-42

QoS features 3-1

spectrum management 3-14

C

cable dhcp-giaddr command 3-58

cable downstream annex command 3-18

cable downstream channel-id command 3-17

cable downstream frequency command 3-16

cable downstream if-output command 3-15

cable downstream interleave-depth command 3-20

cable downstream modulation command 3-19

cable downstream rate-limit token-bucket command 3-22

cable flap list

: clearing 4-36
: description 4-27
: flap list aging, configuring 4-33
: flap list insertion time, configuring 4-34
: flap list miss threshold, configuring 4-35
: flap list size, configuring 4-35
: power adjustment threshold, configuring 4-34

cable flap-list aging command 4-33

cable flap-list insertion-time command 4-34

cable flap-list miss-threshold command 4-35

cable flap-list power-adjustment threshold command 4-34

cable flap-list size command 4-36

cable helper-address command 3-21

cable insertion-interval command 4-5

cable modem cards

: logical interface numbering 2-6
: slot numbering 2-6

cable modems

: authentication 4-3
: insertion interval 4-5
: managing 3-66
: max hosts 4-6
: registration timeout 4-7
: subnet addressing 3-13
: upstream address verification 4-4

cable modulation-profile command 3-62

cable privacy kek command 3-41

cable privacy tek command 3-41

cable qos-permission command 3-64

cable qos-profile command 3-63

cable registration-timeout command 4-7

cable relay-agent-option command 3-58

cable routers

configuration

: activate DHCP giaddr 3-58
: activate downstream carrier 3-15
: activate IP ARP 3-55
: activate IP broadcast echo 3-60
: activate IP multicast echo 3-59
: activate proxy ARP 3-56
: activate upstream admission control 3-29
: baseline privacy 3-40
: cable modem authentication 4-3
: cable modem insertion interval 4-5
: cable modem registration timeout 4-7
: cable modem upstream address verification 4-4
: cable modulation profiles 3-61
: cable profiles 3-61
: cable relay agent 3-57
: downstream cable interface 3-14
: downstream center frequency 3-16
: downstream channel ID 3-17
: downstream helper address 3-20
: downstream interleave depth 3-20
: downstream modulation 3-19
: downstream MPEG framing format 3-18
: downstream rate limiting 3-22
: frequency agility 3-42
: max hosts 4-6
: prerequisites 3-4
: QoS permission 3-64
: QoS profile assignment 3-65
: QoS profiles 3-63
: set upstream channel width 3-25
: set upstream frequency 3-24
: set upstream input power level 3-28
: spectrum group characteristics 3-50
: spectrum groups 3-46
: sync message interval 4-2
: tasks 3-4
: telco return 3-72
: upstream back-off values 3-38
: upstream cable interface 3-23
: upstream differential encoding 3-32
: upstream forward error correction 3-29
: upstream frequency adjustment 3-35
: upstream minislot size 3-30
: upstream power adjustment 3-36
: upstream rate limiting 3-33
: upstream scrambler 3-31
: upstream timing adjustment 3-37

flap lists 3-70

cable segment

: dense 2-13
: sparse 2-13

cable shared-secret command 4-3

cable source-verify command 4-4

cable spectrum-group command 3-46

cable spectrum-group hop command 3-51

cable spectrum-group shared command 3-51

cable sync-interval command 4-2

cable upstream admission-control command 3-29

cable upstream channel-width command 3-26

cable upstream data-backoff command 3-39

cable upstream differential-encoding command 3-32

cable upstream fec command 3-30

cable upstream frequency command 3-24

cable upstream frequency-adjust averaging command 3-35

cable upstream minislot-size command 3-30

cable upstream power-adjust command 3-36

cable upstream power-level command 3-28

cable upstream range command 3-39

cable upstream rate-limit token-bucket command 3-33

cable upstream scrambler command 3-31

cable upstream time-adjust command 3-37

carrier protocols (tunneling) 3-85

cautions

Cisco uBR7200 series

: upstream scrambler 3-31

CBWFQ

: configuring 3-109
: enabling 3-112
: verifying 3-112

changes, reviewing configuration 2-34

Cisco 7100 series routers

: ISM features 3-92

Cisco Connection Online xiv

Cisco Documentation CD-ROM, ordering 2-60

Cisco IOS firewalls

: See firewalls

Cisco IOS software features

: overview 1-27

Cisco IOS software images, overview 1-27

Cisco Network Registrar, see CNR

Cisco uBR7200 series

upstream scrambler

: caution 3-31

class class-default command 3-111

class command 3-107, 3-111

class map

: configuring 3-106
: verifying 3-106

class policy

: configuring 3-111

Class-Based Weighted Fair Queuing

: See CBWFQ

class-map command 3-106, 3-111

class-map match-all 3-106

clear cable flap-list command 4-36

clear cable modem counters command 4-9

clear cable modem reset command 4-8

clear crypto sa command 3-104

CNR

class of service (CoS) policies 2-40

default policy 2-38

network scopes 2-39

overview 2-34

scripts

: activation 2-37
: overview 2-36

tag scopes 2-38

commands

: config terminal 2-33
: configure 2-32
: copy running-config startup-config 2-24, 2-34
: enable 2-32
: enable password 2-2
: enable secret 2-2
: setup 2-24
: show cable spectrum-group 2-17
: show interfaces 2-12
: show interfaces cable 2-10
: show running-config 2-34
: show startup-config 2-34

configuration

files

: samples 2-41
: saving 2-32, 2-34

interface 2-30

reviewing modifications 2-34

configuration modes, basic 2-32

configuration procedures

: AutoInstall 2-23
: basic router configuration 2-6
: Ethernet interface configuration 2-30
: setup command facility 2-24
: synchronous serial interface configuration 2-30

configure command 2-32

configuring

authentication methods with IKE policies 3-94

CBWFQ 3-109

class maps 3-106

class policy 3-111

crypto maps 3-101

encryption 3-92, 3-99

fair queuing 3-108

firewalls 3-112

global parameters

: description 2-24
: procedure 2-26

GRE tunnels 3-82, 3-86 to 3-87

IKE policies 3-93

interface parameters

: examples of 2-30
: sample configuration 2-31 to 2-32

interfaces 2-30

IPSec tunnel mode 3-100

NAT 3-88

NBAR 3-105

policy maps 3-107

preshared keys 3-95, 3-97

QoS 3-104

the router

: using AutoInstall 2-23
: using configuration mode 2-32
: using the setup command facility 2-24

copy command

: running-config startup-config 2-24
: running-config startup-config command 2-34

crypto access lists

: commands (table) 3-99
: compatibility 3-101
: creating 3-99
: extended access lists versus 3-113
: verifying 3-100

crypto ipsec transform-set command 3-100

crypto isakmp enable command 3-93

crypto isakmp identity address command 3-95, 3-96

crypto isakmp key address command 3-96

crypto isakmp key command 3-95, 3-98

crypto map command 3-102

crypto map entries

: configuring 3-101
: creating 3-102
: defining IPSec processing 3-99
: verifying 3-103

crypto map s4second command 3-103

crypto maps

: applying to interfaces 3-103
: verifying interface associations 3-104

customer service and support xiv

D

defining class maps 3-110

demilitarized zone

: See DMZ network description

DHCP

giaddr 3-58

LEASEQUERY message 3-10

server

: integrated 3-14

Diffie-Hellman group identifier, specifying 3-94

DMZ network description 3-114

DOCSIS

Baseline Privacy

: Cisco uBR7200 series 3-9

MPEG framing format 3-18

QoS 3-1

spectrum group characteristics 3-50

documentation

: CD-ROM xiv
: feedback xiv

downstream cable interface

: configuring 3-14

downstream center frequency

: configuring 3-16

downstream channel ID

: configurable 3-12
: configuring 3-17

downstream helper address

: configuring 3-20

downstream interleave depth

: configuring 3-20

downstream modulation

: configuring 3-19

downstream MPEG framing format

: configuring 3-18

dynamic ranging

: configuration 3-39
: description 3-12

E

edge routers, QoS functions 3-105

EEPROM, MAC address bank 2-8

enable command 2-32

enable password 2-2

enable secret password 2-2

encapsulating security payload

: See ESP

encryption

: configuring 3-92
: description 3-92
: tunnels and 3-85

encryption command 3-93

error messages

: ICMP Host Unreachable 3-115

ESP

: AH and (note) 3-101
: IP numbers 3-99

Ethernet, interface configuration parameters 2-30

examples

: configuring global parameters 2-26
: Ethernet and serial interface configuration 2-31, 2-32
: Internet access 2-41, 2-44
: IP telephony (VoIP) 2-53
: sample configuration files 2-41
: show interfaces cable command output 2-11
: show interfaces command output 2-12
: telco return 2-56
: virtual private network (VPN) 2-51

EXEC mode 2-2

extended access lists

: creating 3-114
: description 3-112
: verifying 3-114, 3-115

extranet VPN scenario

: figure 3-83
: physical elements 3-83
: physical elements (figure) 3-84
: physical elements (table) 3-84

F

fair queuing

: configuring 3-108
: flow-based WFQ 3-108

fair-queue command 3-109

firewalls

: basic traffic filtering configurations 3-113
: benefits 3-113
: configuring 3-112

flap list

: See cable flap list 4-27

flow classification of packets 3-108

frequency agility

: configuring 3-42

frequency hopping 2-15

G

generic routing encapsulation

: See GRE tunnels

global parameters, configuring 2-24

GRE tunnels

: Cisco routers or access servers (note) 3-87
: configuring 3-82, 3-86 to 3-87
: protocol 3-85
: troubleshooting configurations 3-87
: verifying 3-87
: See also intranet VPN scenario

group command 3-94

H

hardware address 2-8

hash command 3-94

headquarters network scenario

: See intranet VPN scenario

help

: technical support xiv

hostname keyword, using (note) 3-96, 3-98

I

ICMP Host Unreachable message 3-115

IGRP, setting 2-26

IKE

description 3-92

keys

: See preshared keys

policies

: configuration, required 3-94
: configuring 3-93
: default values (note) 3-93
: defaults, viewing 3-87
: enabling by default 3-93
: identifying 3-93
: troubleshooting 3-97
: verifying 3-96
: viewing 3-96

SAs and 3-101

UDP port 3-99

inside global address 3-89

inside local address 3-89

inside network 3-88

installation

: configuring the Cisco uBR7200 series 2-6
: interface parameters 2-30

interface

: configuration 2-30
: parameters 2-30

interface fastethernet command 3-91

interface serial command 3-109

interface tunnel command 3-86

interfaces

: applying crypto maps 3-103
: applying IP access lists 3-114
: verifying crypto map associations 3-104

Interior Gateway Routing Protocol

: See IGRP

Internet Key Exchange

: See IKE

Internet Security Association & Key Management Protocol

: See ISAKMP identities

intranet VPN scenario

: configuring 3-86
: description 3-81
: figure 3-81
: physical elements 3-82
: physical elements (figure) 3-82
: physical elements (table) 3-82

IP access lists

: applying to interface 3-114
: inbound or outbound 3-114
: software checking of 3-115
: undefined 3-115
: See also extended access lists 3-114

ip access-group command 3-114

ip access-list extended command 3-99

IP addresses

: NAT definitions 3-89
: nonregistered 3-88
: renumbering 3-88
: static translation 3-89

IP datagrams

: in IPSec tunnel mode 3-87

ip nat inside command 3-91

ip nat inside source command 3-91

ip nat outside command 3-91

ip route command 3-86

IP Security Protocol

: See IPSec

IP telephony, overview 1-23

IP tunneling concepts and terminology (figure) 3-85

IP unicast frames, IPSec and 3-85

IP, setting routing protocols for 2-26

IPSec

: clearing SAs 3-104
: configuring 3-99
: configuring tunnels 3-92
: description 3-92
: IP unicast frames 3-85
: proxies 3-87

IPSec access lists

: explicitly permitting traffic (note) 3-99
: requirements 3-99

IPSec tunnel mode

: configuring 3-100

ISAKMP identities, setting 3-96, 3-97

ISM

: in Cisco 7100 series routers 3-92

K

keys

: See preshared keys

L

lifetime command 3-94

loopback interfaces

: using 3-102

M

match access-group command 3-111

match address command 3-102

match class-map command 3-106

match input-interface command 3-111

match not command 3-106

match protocol command 3-106, 3-111

match-all command 3-106

match-any command 3-106

mode tunnel command 3-100

modifications to configuration, reviewing 2-34

Modular QoS Command Line Interface

: See MQC

MQC 3-106

N

NAT

: address definitions 3-89
: configuring 3-88
: inside source translation (figure) 3-90
: source address translation process 3-90
: static translation process 3-90
: tunnels and 3-85
: verifying static inside source address translation 3-91

NBAR

: attaching policy maps to interfaces 3-107
: configuring 3-105
: configuring class maps 3-106
: configuring policy maps 3-107
: verifying class map configuration 3-106
: verifying policy map configuration 3-108

Network Address Translation

: See NAT

network-based application recognition

: See NBAR

no bandwidth command 3-107

no class-map command 3-106

no match-all command 3-106

no match-any command 3-106

no police command 3-107

no policy-map command 3-107

no random-detect command 3-107

no service-policy command 3-107

no set command 3-107

no shutdown command 3-86

nonvolatile random-access memory

: See NVRAM

numbering

: cable modem card slot 2-6
: logical interface 2-6
: port adapter slot 2-6

NVRAM

: saving and viewing contents in 2-34

O

: outside global address 3-89
: outside local address 3-89
: outside network 3-88

P

packets, flow classification 3-108

passenger protocols (tunneling) 3-85

password

: enable and enable secret 2-2
: recovering 2-3

ping command 3-87

ping docsis command 4-41

police bps conform transmit exceed drop command 3-107

policies

: See IKE policies

policy maps

: configuring 3-107
: verifying 3-108

policy-map command 3-107, 3-111

port adapters

: logical interface numbering 2-6
: slot numbering 2-6

preshared keys

: configuring 3-95, 3-97
: specifying 3-95, 3-97

priority traffic

: See WFQ

privileged command level 2-2

procedures

: configuring the Cisco uBR7200 series 2-6
: replacing or recovering a lost password 2-3

protocols, tunneling 3-85

Q

QoS

characteristics 3-104

: DOCSIS 3-1

Cisco uBR7200 series

: profile configuration 3-63
: profile permission 3-64

configuring 3-104

multiple SIDs 3-5

profile enforcement 3-1, 3-6, 3-65

service class profiles 3-4

quality of service

: See QoS 3-1

queue-limit command 3-107, 3-111

R

random-detect command 3-107

rate shaping 1-12

replacing or recovering a lost password 2-3

reviewing changes to configuration 2-34

RFC 1631, IP Network Address Translator (NAT) 3-89

RIP 2-26

Rivest, Shamir, and Adelman

: See RSA encrypted nonces method

Routing Information Protocol

: See RIP

RSA encrypted nonces method 3-94

S

sample configuration files 2-41

SAs

IKE established

: crypto map entries, creating 3-101

saving the configuration file 2-32, 2-34

security associations

: See SAs

service and support xiv

service policies

: attaching 3-112

service-policy command 3-112

service-policy input command 3-107

service-policy output command 3-107

set ip precedence command 3-107

set peer command 3-102

set qos-group command 3-107

set transform-set command 3-102

setup command 2-24

setup command facility

script

: banner information (example) 2-25
: interface summary (example) 2-26
: System Configuration Dialog (example) 2-25

setup command facility configuration, basic 2-24

show access-lists command 3-100, 3-114

show class-map command 3-106

show commands

: show interfaces 2-12
: show interfaces cable 2-10

show crypto ipsec transform-set command 3-101

show crypto isakmp policy command 3-93, 3-96

show crypto map command 3-103

show crypto map interface command 3-104

show interfaces fair-queue command 3-109

show interfaces ip command 3-115

show interfaces serial command 3-109

show interfaces tunnel command 3-87

show ip nat translations verbose command 3-91

show policy policy-map command 3-112

show policy-map command 3-108

show version command 3-97

Simple Network Management Protocol

: See SNMP

slot/port numbers for interfaces 2-8

SNMP

: configuring 2-26

software

: See Cisco IOS software

spectrum groups

: configuring 3-50

Spectrum Management

description 3-14

spectrum groups

: characteristics 3-50
: configuring 3-46

spectrum management

: basic spectrum management 4-12
: combiner groups 2-14
: configuration 2-14 to 2-23
: enhanced spectrum management 4-12
: frequency allocation 2-14
: frequency management policy 2-15
: frequency migration 2-19
: overview 2-13
: physical layer configuration 2-20
: spectrum group commands 4-12 to 4-16
: system maintenance 4-2 to 4-16

spectrup groups

: creating 3-46

static translation, IP addresses 3-89

status

cable interfaces

: downstream 2-11
: upstream 2-11

interfaces 2-12

stub domain, NAT configured on 3-88

synchronous serial interfaces, configuring 2-30

T

TAG/NetFlow Switching

: NetFlow Switching 3-7
: Tag Switching 3-7

tail drop 3-111

technical support xiv

telco return, overview 1-26

ToS, considerations 3-4

traffic priority management

: See WFQ

traffic shaping

broadband

: description 3-11
: downstream rate shaping 3-12
: upstream rate shaping 3-12

transform sets

: crypto map entries and 3-101
: defining 3-100
: verifying 3-101

transport mode

: description 3-88
: IPSec (figure) 3-88

transport protocols (tunneling) 3-85

troubleshooting

: Cisco uBR 7200 3-70
: extended access lists 3-115
: GRE tunnels 3-87
: IKE policy verification 3-97

tunnel destination command 3-86

tunnel mode

: configuring 3-99
: description 3-87
: IPSec (figure) 3-88

tunnel mode gre ip command 3-86

tunnel source command 3-86

tunneling

: components 3-85
: description 3-85
: encryption in 3-85

type of service, see ToS

U

upstream admission control

: activating 3-29

upstream back-off values

: configuring 3-38

upstream cable interface

: configuring 3-23

upstream channel width

: configuring 3-25

upstream differential encoding

: activating 3-32

upstream forward error correction

: activating 3-29

upstream frequency

: configuring 3-24

upstream frequency adjustment

: configuring 3-35

upstream input power level

: configuring 3-28

upstream minislot size

: configuring 3-30

upstream poser adjustment

: configuring 3-36

upstream rate limiting

: configuring 3-33

upstream scrambler

: activating 3-31

V

verifying

: CBWFQ 3-112
: class maps 3-106
: crypto access lists 3-100
: crypto map entries 3-103
: crypto map interface associations 3-104
: extended access lists 3-114, 3-115
: GRE tunnel configuration 3-87
: IKE policies 3-96
: IPSec tunnel mode 3-101
: static inside source address translation 3-91
: transform sets 3-101
: WFQ configuration 3-109

Virtual Private Networks

: See VPNs

VoIP

: overview 1-23

W

weighted fair queuing

: See WFQ

Weighted Random Early Detection

: See WRED

WFQ

: configuring 3-108
: traffic priority management 3-108
: verifying configuration 3-109

WRED

: CBWFQ 3-110

Table of Contents

index