EasyManua.ls Logo

Arris C4C - TFTP Enforcement; Dynamic Shared Secret Verification

Arris C4C
3180 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Chapter 29: Security
STANDARD Revision 1.0 C4® CMTS Release 8.3 User Guide
© 2016 ARRIS Enterprises LLC. All Rights Reserved. 867
This feature can be applied to all modems or selectively to all IPv4 or to all IPv6 modems. Modems found to be in violation
are called rogues. Operators can take action against rogues in the following ways:
Reject the modem by preventing it from registering
Lock the modem by limiting the CM’s bandwidth to 10 kbps
Block Internet access by preventing the CM from learning any CPEs
Mark the modem by indicating in the show cable modem commands that the CM registered incorrectly, but allow it to
register with full function.
The Block and Lock settings also serve to deny CM requests for dynamic service flows.
TFTP Enforcement
TFTP Enforcement is configurable on a per-MAC domain basis. If enabled, it is applied equally to all modems in the MAC
domain.
The C4/c CMTS implements this feature by relaying Trivial File Transfer Protocol (TFTP) requests and responses between
the cable modems and TFTP servers, while monitoring the contents of the configuration files. After a modem receives an IP
address from the DHCP server, it requests its TFTP configuration file. The C4/c CMTS verifies that the file name in the TFTP
request is correct and relays the request to the correct server. By default TFTP Enforcement is disabled.
Dynamic Shared Secret Verification
Dynamic Shared Secret Verification is configurable on a per-MAC domain basis. If enabled, it is applied equally to all
modems in the MAC domain. Before sending the correct configuration file to the CM, the C4/c CMTS extracts information
from the file, stores it for later verification, and modifies the C4/c CMTS MIC using a dynamically created secret key. When
the modem sends up its registration request, the C4/c CMTS confirms that the information in the registration request
matches the information gathered during the TFTP transfer. If the registration information is valid, the registration is
allowed to proceed normally.
If the C4/c CMTS detects a MIC mismatch it assumes that the cable modem’s configuration file has been altered. The C4/c
CMTS verifies the MIC by dynamically creating a secret key when the cable modem is registering, and using this key to
create a new MIC which only the C4/c CMTS can verify. This secret key is valid only for that particular session with that
particular cable modem. A new dynamically generated secret key is used each time the cable modem registers. By default
this function is disabled.

Table of Contents

Related product manuals