cc/td/doc/product/software/ios113ed/113na
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table of Contents

uBR7200 Series Access List Support Enhancements

Feature Overview

Supported Platforms

Prerequisites

Supported MIBs and RFCs

Configuration Tasks

Monitoring and Maintaining Access Lists

Configuration Examples

Command Reference

uBR7200 Series Access List Support Enhancements

Feature Overview

This feature adds support for access lists on a per-modem and per-host basis. This allows devices receiving packets from cable modems or individual hosts based to filter these packets based on the sending modem or host.

You can pre-configure the filters by using the Command Line Interface (CLI) following standard IOS access list and access group configuration. You can assign these filters to a user or modem by using the CLI or Simple Network Management Protocol (SNMP).

This feature also supports traps to inform the user management system about the status of modems (that is, going offline or coming online).

Benefits

The filtering capability of this feature allows users to control the type of traffic, on a device-by-device or user-by-user basis, that each user can send up stream.

Restrictions

Supported Platforms

The uBR7200 series routers are the only platforms supported by this feature.

Prerequisites

You must configure the uBR7200 series router with either an MC11 or MC16 line card.

Supported MIBs and RFCs

This feature supports the Cisco DOCSIS Extensions MIB. For descriptions of supported MIBs and how to use MIBs, see Cisco's MIB web site on CCO at the following URL: http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml.

No RFCs are supported by this feature.

Configuration Tasks

Perform the following tasks to configure access lists:

Configuring Access Lists

:
Step Command Purpose

1 . 

Router# access-list acl deny macaddr | ipaddr log

Sets up the access list 1 for a specific address.

2 . 

Router # access-list acl permit any log

Sets up the access list 2.

Assigning Access Lists

:
Step Command Purpose

1 . 

Router# cable {modem | host | device} access-group acl

Assigns the specified access group number to the specified device.

2 . 

Router# cable {modem | host | device} access-group acl

Repeat access group assignment for all other devices.

Verifying Access Group Assignments

:
Step Command Purpose

1 . 

Router# show cable {modem | host | device} access-group 

Displays the address, device type and access-group number for the specified device.

2 . 

Router# show cable {modem | host | device} access-group

Repeat show cable command for all other devices.

Monitoring and Maintaining Access Lists

Command Purpose
Router# show cable command

Displays information on access group assignments for the selected cable modem or host.

Configuration Examples

The following example configures a standard IP access list.

Configuring Access Lists

router# access-list 1 deny   171.69.30.22 log
router# access-list 2 permit any log
! End of config terminal

Assigning Access Lists

! In exec mode assign access-list 1 to the MAC of the cable modem.
router# cable modem 0000.0000.0001 access-group 1 
! In exec mode assign access-list 2 to MAC address of PC.
router# cable modem 0080.c76b.9ac2 access-group 2

Verifying Access List Assignments

router# show cable modem access-group
MAC address      Type    Access-group
0000.0000.0001   modem   1
 
router# show cable device access-group
MAC address      Type    Access-group
0000.0000.0001   modem   1
0080.c76b.9ac2   host    2
! Ping from PC to host 171.69.30.22 passes.

Creating Extended Access Lists

! Setup extended access-list to allow pings to a specific host and deny others.
router# access-list 101 permit icmp host 171.69.225.108 host 171.69.30.22 log

Setting Up Filters

! Setup host filter based on the IP address of the PC.
router# cab host 171.69.225.108 acc 101
router# sh cab host acc                
 MAC address      Type    Access-group
 0000.2427.33ba   host    
 0080.c76b.9ac2   host 	101
 0080.c7bb.eb3d   host    
router# ping 171.69.30.22
 Reply from 171.69.30.22: bytes=32 time=10ms TTL=247
 Reply from 171.69.30.22: bytes=32 time=10ms TTL=247
 Reply from 171.69.30.22: bytes=32 time=10ms TTL=247
 Reply from 171.69.30.22: bytes=32 time=10ms TTL=247
 Nov 19 18:41:15.091: %SEC-6-IPACCESSLOGDP: list 101 permitted icmp 171.69.225.108 ->  171.69.30.22 (8/0), 4 packets
! Setup modem filter based on the IP address of the modem.
router# cable modem 10.128.100.101 acc 1

Command Reference

This section documents new or modified commands. All other commands used with this feature are documented in the Cisco IOS Release 11.3 command references.

cable access-group

To attach an access list to a host or modem, use the cable EXEC command. Use the no form of this command to remove the access group.

cable {modem | host | device} {macaddr | ip-addr} access-group acl

Syntax Description

modem

Specifies that the type of device is a cable modem.

host

Specifies that the type of device is a customer premises equipment (CPE) system that is connected to the cable modem.

device

Specifies that the filter is to be attached to the device at the specified address---regardless of its type (modem or CPE).

macaddr

Specifies the unique MAC address of the device.

ipaddr

Specifies the current IP address of the device.

acl

Specifies the name or number of the access list assigned to the specified modem or CPE. The access list defines the per-cable or per-CPE filter requirements implemented in the cable modem termination system (CMTS) rather than at the cable modem.

Defaults

No default behavior or values.

Command Modes

EXEC

Command History

Release Modification

11.3(8)NA

This command was first introduced.

Usage Guidelines

Example

The following example assigns access-list 1 to the MAC of the cable modem:

router# cable modem 000.000.0001 access-group 1

Related Commands

Command Description

show cable access-group

Displays the access group assigned to a cable modem or host.

show cable access-group

To display the access group assigned to a cable modem or host, use the show cable EXEC command.

show cable {modem | host | device} {macaddr | ip-addr} access-group

Syntax Description

modem

Specifies that the type of device is a cable modem.

host

Specifies that the type of device is a customer premises equipment (CPE) system that is connected to the cable modem.

device

Specifies that the filter is to be attached to the device at the specified address---regardless of its type (modem or CPE). If you do not specify an address, output is for all modems and CPEs.

macaddr

(Optional) Specifies the unique MAC address of the device.

ipaddr

(Optional) Specifies the current IP address of the device.

Defaults

No default behavior or values.

Command Modes

EXEC

Command History

Release Modification

11.3 XA

This command was first introduced.

11.3(8)NA

The host, device, and access-group keywords were added.

Usage Guidelines

This command displays information for the specified modem or CPE system or all systems (modem or CPE) if you do not specify an address.

Examples

The following example is output from the show cable access-group command for the cable modem at MAC address 0000.0000.0001 assigned to access group 1:

router# show cable modem 000.000.0001 access-group 1
MAC address     Type    Access-group
0000.0000.0001  modem   1
 
 

Table1: show cable access-group Field Descriptions
Field Description

MAC address

The MAC address of the device.

Type

Identifies the device as a cable modem or host (CPE system) that is connected to the cable modem.

Access-group

Identifies the access-group number or name.

Related Commands

Command Description

cable access-group

Attaches an access list to a host or modem.


hometocprevnextglossaryfeedbacksearchhelp
Posted: Fri Feb 26 18:13:17 PST 1999
Copyright 1989-1999©Cisco Systems Inc.