2-72
Cisco Broadband Cable Command Reference Guide
OL-1581-08
Chapter 2 Cisco CMTS Configuration Commands
cable dynamic-secret
cable dynamic-secret
To enable the Dynamic Shared Secret feature, so that Data-over-Cable Service Interface Specifications
(DOCSIS) configuration files are verified with a Message Integrity Check (MIC) that has been created
with a dynamically generated shared secret, use the
cable dynamic-secret
command in cable interface
configuration mode. To disable this feature, use the
no
form of this command.
cable dynamic-secret
{
lock
[
lock-qos
] |
mark
|
reject
} [
nocrypt
]
no cable dynamic-secret
Syntax Description
Defaults
The Dynamic Shared Secret feature is disabled. When enabled, the filenames for DOCSIS configuration
files are encrypted.
Command Modes
Interface configuration (cable interface only)
lock
Allows CMs that do not pass MIC verification to come online, but with
a restrictive quality of service (QoS) configuration that limits access to
the network. The CMTS also locks those CMs so that they must be
offline for 24 hours before being allowed to reregister with a valid
DOCSIS configuration file. (You can also manually unlock a cable
modem using the
clear cable modem lock
command.)
lock-qos
(Optional) Specifies the QoS profile to be assigned to the CM while it
is locked. The valid range is 1 to 256. If not specified, the CM is locked
into a CMTS-created profile that limits both the upstream and
downstream to 10 Kbps.
Note
The QoS profile must have already been created before it can
assigned using the
lock
lock-qos
option.
mark
Allows CMs to come online even if they do not present a DOCSIS
configuration file with a valid CMTS MIC, but the CMTS prints a
warning message and marks those CMs with an exclamation point (!)
in the
show cable modem
command.
reject
Rejects registration for CMs with DOCSIS configuration files that
contain an invalid CMTS MIC.
nocrypt
(Optional) Specifies that the filename for DOCSIS configuration files
should not be encrypted when the Cisco CMTS sends the files to CMs.
The CMTS instead transmits the files using their original filenames.
The
nocrypt
option slightly decreases the security provided by the
dynamic shared secret feature, but it allows the operator to poll the
DOCSIS config file name listed by the cable modem for more
convenient network management.
Note
A cable modem that is running unauthorized or hacked
software can return whatever SNMP values the user desires.
This information should therefore not be trusted by the billing
and provisioning systems.