1-48
Cisco uBR7200 Series Universal Broadband Router Software Configuration Guide
OL-2239-05
Chapter 1 Overview of Cisco uBR7200 Series Software
Supported Software Features for the Cisco uBR7200 Series
DHCP MAC Address Exclusion List for cable-source verify dhcp Command
Cisco IOS Release 12.3(13a)BC introduces the ability to exclude trusted MAC addresses from standard
DHCP source verification checks, as supported in previous Cisco IOS releases for the Cisco CMTS. This
feature enables packets from trusted MAC addresses to pass when otherwise packets would be rejected
with standard DHCP source verification. This feature overrides the cable source-verify command on the
Cisco CMTS for the specified MAC address, yet maintains overall support for standard and enabled
DHCP source verification processes. This feature is supported on Performance Routing Engine 1 (PRE1)
and PRE2 modules on the Cisco uBR10012 router chassis.
To enable packets from trusted source MAC addresses in DHCP, use the cable trust command in global
configuration mode. To remove a trusted MAC address from the MAC exclusion list, use the no form of
this command. Removing a MAC address from the exclusion list subjects all packets from that source to
standard DHCP source verification.
cable trust mac-address
no cable trust mac-address
Syntax Description
Usage Guidelines This command and capability are only supported in circumstances in which the Cable Source Verify
feature is first enabled on the Cisco CMTS.
When this feature is enabled in addition to cable source verify, a packet’s source must belong to the MAC
Exclude list on the Cisco CMTS. If the packet succeeds this exclusionary check, then the source IP
address is verified against Address Resolution Protocol (ARP) tables as per normal and previously
supported source verification checks. The service ID (SID) and the source IP address of the packet must
match those in the ARP host database on the Cisco CMTS. If the packet check succeeds, the packet is
allowed to pass. Rejected packets are discarded in either of these two checks.
Any trusted source MAC address in the optional exclusion list may be removed at any time. Removal of
a MAC address returns previously trusted packets to non-trusted status, and subjects all packets to
standard source verification checks on the Cisco CMTS.
Note When the cable source-verify dhcp feature is enabled, and a statically-defined IP address has been
added to the CMTS for a CM using the cable trust command to override the cable source-verify dhcp
checks for this device, packets from this CM will continue to be dropped until an entry for this CM is
added to the ARP database of the CMTS. To achieve this, disable the cable source-verify dhcp feature,
ping the CMTS from the CM to add an entry to the ARP database, and re-enable the cable source-verify
dhcp feature.
For additional information about the enhanced Cable Source Verify DHCP feature, and general
guidelines for its use, refer to the following documents on Cisco.com:
• IP Address Verification for the Cisco uBR7200 Series Cable Router
http://www.cisco.com/en/US/docs/ios/12_0t/12_0t7/feature/guide/sourcver.html
• Filtering Cable DHCP Lease Queries
http://www.cisco.com/en/US/docs/cable/cmts/feature/cblsrcvy.html
• Cisco IOS CTMS Cable Command Reference Guide
http://www.cisco.com/en/US/docs/ios/cable/command/reference/cbl_book.html
mac-address The MAC address of a trusted DHCP source, and from which packets will
not be subject to standard DHCP source verification.
To Next Page
Loading...
Need help?
General
