|
|
This feature enables Dynamic Host Control Protocol (DHCP) servers to verify IP addresses of upstream traffic.
This feature enables the uBR7200 to send LEASEQUERIES to the DHCP server to verify unknown source IP addresses when it receives an IP packet from an unknown host behind a cable modem on any upstream interface of a line card.
If the DHCP server responds with an ACK, the uBR7200 must use the returned information to determine if it is a PC behind a different cable modem that is spoofing a legitimate IP address or not. If the DHCP server responds with a NAK, then the host IP address is not active.
Customers of Multiservice Operators (MSOs) will be prevented from using unauthorized, spoofed, or stolen IP addresses.
You must have a DHCP server that supports the LEASEQUERY message type.
Table 1 lists the IOS cable router features released in the IOS 12.0 timeframe.
| Available With: | Category | Feature |
|---|---|---|
11.3(5)NA & 12.0(3)T | Cable Features | Feature Enhancements |
11.3(6)NA |
| MC16 Modem Card |
11.3(8)NA |
| Access List Support Enhancements |
12.0(4)T |
| Downstream Channel ID Configuration |
12.0(4)T |
| Multiple Service ID Support |
12.0(4)T |
| Cable Modem and Host Subnet Addressing |
12.0(5)T |
| Telephone Return |
12.0(5)T |
| Time Server Functionality |
12.0(7)T |
| Amplitude Averaging Compensation |
12.0(7)XR |
| Cable Interface Bundling |
12.0(7)XR |
| Enhanced Modem Status Display |
12.0(7)XR |
| Show Interface Cable Command Verbose Enhancements |
12.0(7)XR |
| IP Address Verification |
12.0(7)XR |
| Registration Timeout Configuration |
12.0(7)XR |
| Show Cable Modem Command Enhancements |
12.0(7)XR |
| Modem Status Summary Enhancements |
12.0(7)XR |
| Show Controller Command Enhancements |
12.0(7)XR |
| Configuring Concatenation |
12.0(7)XR |
| Virtual Private Network Support |
12.0(7)XR |
| Blind Hopping Support on the MC16S Modem Card |
12.0(7)XR |
| Signal-to-Noise Ratio Data Support |
11.3(9)NA and 12.0(4)T | Cable QoS | QoS Profile Enforcement |
12.0(4)T |
| Quality of Service for Voice |
11.3(9)NA | Network Management | Upstream Traffic Shaping Feature |
12.0(5)T |
| Enhanced-Spectrum Management |
12.0(5)T |
| Downstream Rate Shaping with TOS bits |
12.0(7)XR |
| Spectrum Management Using the MC16S Modem Card |
12.0(7)XR |
| Downstream Test Signals Configuration |
12.0(7)XR | Wireless Features | Point-to-Point Wireless Support |
The uBR7200 series cable router is described in Voice, Video, and Home Applications Configuration Guide for Cisco IOS Release 12.0 and in the following online feature modules:
uBR7200 series
No new or modified standards are supported by this feature.
No new or modified MIBs are supported by this feature.
No new or modified RFCs are supported by this feature.
See the following tasks to verify source IPs.
| Command | Purpose |
|---|---|
Router(config-if)# cable source-verify dhcp | Sends DHCP LEASEQUERRIES packets to verify unknown source IP addresses. |
Step 1 Without enabling the cable source-verify dhcp command on the router, move a PC from behind one CM to behind another.
Step 2 Ping the PC. The ping fails because the new source IP address is not known.
Step 3 Enable cable source-verify dhcp command along with the ip dhcp relay info option command1. Then move the PC from behind one CM to behind another.
Step 4 Ping the PC. If the ping is successful, the PC's IP address is verified and accepted.
None
To turn on cable modem upstream verification, use the cable source-verify cable interface configuration command. To turn off the display of this information, use the no form of this command.
cable source-verify [dhcp]
dhcp | Specifies that queries will be sent to verify unknown source IP addresses in upstream data packets. |
Disabled
Cable interface configuration
| Release | Modification |
|---|---|
11.3 XA | This command was introduced. |
12.0(7)T | The dhcp keyword was added. |
The router sends DHCP LEASEQUERIES to verify unknown source IP addresses in upstream data packets. For maximum protection, turn on the DHCP relay-agent information option (ip dhcp relay info option) on the uBR when using this feature.
router(config-if)# cable source-verify dhcp router(config-if)# no cable source-verify
Posted: Fri Jan 21 21:27:02 PST 2000
Copyright 1989 - 2000©Cisco Systems Inc.