2-220
Cisco Broadband Cable Command Reference Guide
OL-1581-08
Chapter 2 Cisco CMTS Configuration Commands
cable shared-secret
To use the shared-secret feature, you must do the following:
•
Create DOCSIS configuration files that use the shared-secret encryption string to create the MD5
MIC value. This can be done using the Cisco DOCSIS Configurator tool by entering the shared-
secret string in the
CMTS Authentication
field in the
Miscellaneous
parameters.
Note
The shared-secret string itself is not saved in the DOCSIS configuration file, so you must re-
enter the string in the
CMTS Authentication
field whenever you create or edit a DOCSIS
configuration file using the Cisco DOCSIS Configurator tool.
•
Use the
cable shared-secret
command to configure the cable interfaces with a matching shared-
secret string. The string configured on an interface must match the string used to create the DOCSIS
configuration files downloaded to the CMs on that interface, or the CMs will not be able to register.
You can use different shared secrets for each interface, if you are also using a different set of
configuration files for each interface.
•
To encrypt the shared-secret string in the CMTS configuration, you must include the
service
password-encryption
global configuration command in the router’s configuration.
Note
You cannot use the shared secret feature with the files created by the internal DOCSIS configuration file
editor (
cable config-file
command).
Note
In Cisco IOS Release 12.2(8)BC2 and later releases, you can also use the
cable shared-secondary-
secret
command to specify multiple shared-secret strings, so that you can gradually phase in a new
shared secret string.
Upgrading When Using Shared Secret Passwords
Cisco IOS Release 12.2 BC changed the encryption algorithm used for the
cable shared-secret
command. If you are upgrading from a Cisco IOS 12.1 EC or 12.0 SC release, you cannot cut and paste
the
cable shared-secret
configuration lines that include an encrypted password. Instead, you must re-
enter the original shared secret passwords at the CLI prompt, and then resave the configuration.
For example, if the actual shared secret password is “cm-sharedsecret-password”, enter the
cable
shared-secret cm-sharedsecret-password
command at the CLI prompt. If you have enabled password
encryption, the configuration file will then show only the newly encrypted password.
Note
This change affects only the encryption of the passwords that are stored in the configuration file. It does
not affect the actual encryption that is used between the CMTS and CMs, so you do not need to change
the shared secret in the DOCSIS configuration files for the CMs.
Examples
The following example shows how to specify a shared-secret string using an encrypted key:
Router#
config t
Router(config)#
service password-encryption
Router(config)#
int c6/0
Router(config-if)#
cable shared-secret password
Router(config-if)#
exit
Router(config)#
exit
Router#
show running-config | include shared
cable shared-secret 7 1407513181A0F13253920