EasyManua.ls Logo

Arris C4C - Cable Modem MAC Deny List; CLI Commands for Dual Shared Secret

Arris C4C
3180 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Chapter 29: Security
STANDARD Revision 1.0 C4® CMTS Release 8.3 User Guide
© 2016 ARRIS Enterprises LLC. All Rights Reserved. 873
Table 110. CLI Commands for Dual Shared Secret
Purpose
CLI Command
To configure the primary shared secret:
configure cable shared-secret <authentication-key> [hidden]
To configure the secondary (dual) shared
secret:
configure cable shared-secondary-secret <authentication-key>
[hidden]
Note: If the hidden parameter is used, then the authentication-key parameter is copied directly into the MIB variable.
If not, it must first be encrypted and then copied into the MIB variable.
To see which modems have failed
authentication:
show cable modem
Cable Modem MAC Deny List
This feature enables MSOs to prevent specific cable modems from obtaining IP addresses from the C4/c CMTS. The
purpose of this feature is to prevent malicious subscribers from cloning MAC addresses, sending virus attacks, or initiating
ping storms. The CM MAC Deny list supports a total of 1000 CM MAC addresses.
When MSOs detect the same MACs on multiple systems, they can add them to the deny list on the C4/c CMTSs where
those MACs do not belong. If a malicious user is detected by the C4/c CMTS, their modem can be added to the MAC Deny
list. Whenever a CM MAC address is added to this list, that modem is prevented from acquiring an IP address. When a
modem on the MAC Deny list attempts to range and register, the C4/c CMTS generates a debug logging message showing
the time of the attempt, the interface, and number of attempts so far.
MAC-Deny Modems are not included on the modem flap list. Their attempts to register are not included in the flap count.
The list of MAC-Deny modems is not provided by the show cable modem command. Place a modem on the MAC deny list
using the following command:
configure cable modem deny <mac>
Note: The command to assign a modem to the MAC deny list does not take effect immediately. The modem must be reset
using either one of the following commands:
clear cable modem <addr> delete
configure reset cable-modem <addr> delete

Table of Contents

Related product manuals