USRobotics
       

Contents:

Introduction

How a Cable Modem Works

Web Diagnostic Interface Reference

Troubleshooting

SNMP Management

Glossary

USRobotics Regulatory Information

SNMP Management

There are many tools available that provide a means for a cable operator system administrator to manage cable modems and/or CMTSs. A brief list of these tools includes:

  • SNMPc from CastleRock
  • HP OpenView from HP
  • CableWorks from Toshiba
  • SNMP MIB Browser from SolarWinds

While each of these tools operates in a different fashion, they all function on the basic principles of SNMP (Simple Network Management Protocol). In summary, SNMP is a protocol, used in-band, that provides system administrators the ability to query, monitor, or configure any SNMP compatible device on the network.

Any one of these tools requires what is called an SNMP Management Information Base (MIB). A MIB is essentially a source code file that defines an organization of SNMP objects (OID) in a tree structure. There are many published MIB files for various types of SNMP devices. The minimum required MIBs that are defined for cable modems are referenced as RFC2669 and RFC2670.

Any SNMP management tool will require additional MIB source files for proper functionality. These are typically included when the SNMP management tool is installed and is available via the Web site at http://www.usr.com/MSO as "cable modem SNMP mibs.zip." Beyond what is considered the "standard" set of MIBs to support SNMP v1 and v2 devices, the following should be included for full support of SNMP management of cable modems:

Protocol
Description
RFC1650 EtherLike-MIB
RFC1493 Bridge-MIB
RFC1573 IANAifType-MIB
RFC2669 DOCS-CABLE-DEVICE-MIB
RFC2670 DOCS-IF-MIB
INET-ADDRESS MIB
USB-MIB Experimental
Figure 4 - 1 MIBs

There are four basic functions of SNMP:

SNMP
Function
GetRequest Retrieve the value of an SNMP object from an SNMP agent (device).
GetNextRequest Retrieve the value of the "next" object in the SNMP tree from an SNMP agent.
SetRequest Set the value of an SNMP object for an SNMP agent.
Trap An alarm sent by the SNMP agent to the SNMP management tool.
Figure 4 - 2 SNMP Functions

SNMP Access

To access any device via SNMP requires what is called a community string. A community string is analogous to a password. There are two default community strings. The first is public which allows read-only access to all SNMP information. The second is private and permits read/write access to all SNMP information. These can be changed via the DOCSIS configuration file or SNMP by specifying what is called a network management entry. Under DOCSIS 1.0, SNMPv1 is supported and under DOCSIS 1.1, full support of SNMPv3 is enabled. For even more added security, the USR6000 cable modem supports community strings of up to 32 characters and supports all standard ASCII character sets.

Any cable modem in a default state is configured to allow SNMP access from any network-accessible (CPE and RF) computer. This can create an undesirable situation for an MSO4. To alleviate this problem, one or more docsDevNMAccessTable entries should be created to restrict and define how the cable modem responds to SNMP queries. The USR6000 Cable Modem can support up to 16 NMAccess filter entries.

4Revisions of the USR6000 firmware after 2.13.6003 permit SNMP read-only access from the CPE interface as a default state.

While this serves as a functional example, it is imperative to understand that the subject of network management access is complex and requires a complete understanding of how SNMP works. The definition of any network management access entry will be unique to the network topology of the MSO. It is for these reasons that USRobotics will require all MSOs to establish and maintain their own network management definitions. For reference, a minimal DOCSIS configuration file containing this example set of network management entries filters is available from http://www.usr.com/MSO as "basic nmaccess.cfg." It is saved with HMAC - No key specified.

To demonstrate, consider the following example:

  • The MSO wishes to allow read-only access to the cable modem from the CPE network of 10.1.1.0/255.255.255.0 with a community string of "cablereadonly."
  • The MSO wishes to allow read/write access to the cable modem from only one network management workstation with the IP address of 192.168.5.253/255.255.255.0 and a community string of "cablemanagement."
  • The MSO wishes all SNMP traps (event notification) to be sent to a network management workstation of 192.168.5.253/255.255.255.0 and a community string of "cablemanagement." This station will also require read/write access.

Given these statements, a table can be constructed to represent what the MSO wants. For reference, the SNMP OID for network management access is 1.3.6.1.2.1.69.1.2.1.x.y, where x equals the specific field for the IP filter entry, and y equals the arbitrary index reference for the IP filter entry. The USRobotics Cable Modem accepts the creation of network management entries in any order. It will always process the filters using the index reference in numeric ascending order.

The SNMP OID docsDevNMAccessControl can be set as follows:

SNMP OID docs DevNMAAcces Control
Equals
No access
1
Read-only
2
Read/write
3
Read-only with traps
4
Read/write with traps
5
Traps only
6
Figure 4 - 3 SNMP OID docsDEVNMAccess Control

The SNMP OID docsDevNMAccessInterfaces is a hex representation of a bitmask. The bits correspond with the interfaces listed in the ifIndex table with the left most bit (MSB) associated with the lowest numbered index in the table.

Interfaces
Equals Bitmask
Ethernet, RF, USB enabled C8 (bitmask 1 1 0 0 1 0 0 0 0)
Ethernet, RF enabled C0 (bitmask 1 1 0 0 0 0 0 0)
Ethernet enabled 80 (bitmask 1 0 0 0 0 0 0 0)
Ethernet, USB enabled 88 (bitmask 1 0 0 0 1 0 0 0)
RF, USB enabled 48 (bitmask 0 1 0 0 1 0 0 0)
RF enabled 40 (bitmask 0 1 0 0 0 0 0 0)

Figure 4 - 4 bitMask Settings

docsDevNMAccess Example
 
Y=10
Y=20
Y=30
DocsDevNMAccessIP1.3.6.1.2.1.69.1.2.1.2.y
10.1.1.0
 192.168.5.253 192.168.5.253
docsDevNMAccessIPMask1.3.6.1.2.1.69.1.2.1.3.y
255.255.255.0
 255.255.255.255 255.255.255.255
docsDevNmAccessCommunity1.3.6.1.2.1.69.1.2.1.4.y
cablereadonly
 cablemanagement cablemanagement
docsDevNmAccessControl1.3.6.1.2.1.69.1.2.1.5.y
2
3
5
docsDevNmAccessInterfaces1.3.6.1.2.1.69.1.2.1.6.y
80
40
40
Figure 4 - 5 DocsDevNMAccess Example

IP Filters

It is common to use the cable modem as a basic firewall for all attached CPEs. This is done as a means to protect both the MSO cable network and the end user computing environment. IP filters can be both very simple and very complex. The USRobotics Cable Modem supports the creation of IP filters through both the DOCSIS configuration file and through SNMP management. The DOCSIS configuration file method will be described here.

While this serves as a functional example, it is imperative to understand that the subject of IP filtering is complex and requires a complete understanding of TCP/IP networking. The definition of any filter will be unique to the network topology of the MSO. It is for these reasons that USRobotics will require all MSOs to establish and maintain their own IP filter definitions. For reference, a minimal DOCSIS configuration file containing this set of filters is available from http://www.usr.com/MSO as "basic ip filter.cfg." It is saved with HMAC - No key specified.

In this example, the MSO would like to create a set of three filters.

  • The MSO wants to eliminate the possibility of any cable modem transferring any NETBIOS traffic from the RF network to the CPE network.
  • The MSO wishes to explicitly allow all traffic to and from the entire CPE network 10.1.1.0/255.255.255.0 to a specific machine that has an IP address of 192.168.5.253/255.255.255.0.
  • The MSO wishes to explicitly disallow all traffic to and from any CPE to another CPE on the CPE network of 10.1.1.0/255.255.255.0.

Given these statements, a table can be constructed that represents what the MSO wants. For reference, the SNMP OID for IP filters is 1.3.6.1.2.1.69.1.6.4.1.x.y, where x equals the specific field for the IP filter entry, and y equals the arbitrary index reference for the IP filter entry. The USRobotics Cable Modem accepts the creation of IP filters in any order. It will always process the filters using the index reference in ascending order.

The SNMP OID docsDevFilterIpStatus can be set as follows:

  • 4 (createAndGo) is supplied by a management station that wants to create a new instance of a conceptual row in a table, making it available for use by the managed device.
  • 5 (createAndWait) is supplied by a management station that wants to create a new instance of a conceptual row, but not making it available for use by the managed device.

The SNMP OID docsDevFilterIPControl can be set as follows:

  • 1 (discard) is specified when the goal of the filter is to disallow an IP packet based on the rules established in the filter.
  • 2 (accept) is specified when the goal of the filter is to allow an IP packet based on the rules established in the filter.

The SNMP OID docsDevFilterIPIfIndex should contain the reference of the ifIndex table that specifies the interface that the filter is applied to. Only physical interfaces can be specified. The USRobotics physical interface reference is as follows:

Setting
Interface
1
 USRobotics Ethernet Interfaces
2
 USRobotics Cable Mac Interface
5
 USRobotics USB Interface

The SNMP OID docsDevFilterIpDirection determines if the filter should be applied to (1) inbound traffic, (2) outbound traffic, or (3) both.

The SNMP OID docsDevFilterIpBroadcast determines if the filter should be applied to just (1) broadcast and multicast traffic or (2) all traffic.

docsDevFilterIP Example
 
Y=1
Y=2
Y=3
Y=4
docsDevFilterIpStatus1.3.6.1.2.1.69.1.6.4.1.2.y 4 (createAndGo) 1 1 1
docsDevFilterIpControl1.3.6.1.2.1.69.1.6.4.1.3.y 1 (discard) 2 (accept) 2 1
docsDevFilterIpIfIndex1.3.6.1.2.1.69.1.6.4.1.4.y 2 (RF) 0 (any) 0 0
docsDevFilterIpDirection1.3.6.1.2.1.69.1.6.4.1.5.y 1 (inbound) 3 (both) 3 3
docsDevFilterIpBroadcast1.3.6.1.2.1.69.1.6.4.1.6.y 2 (false = all traffic) 2 2 2
docsDevFilterIpSaddr1.3.6.1.2.1.69.1.6.4.1.7.y 0.0.0.0 (any) 192.168.5.253 10.1.1.0 10.1.1.0
docsDevFilterIpSmask1.3.6.1.2.1.69.1.6.4.1.8.y 0.0.0.0 (any) 255.255.255.0 255.255.255.0 255.255.255.0
docsDevFilterIpDaddr1.3.6.1.2.1.69.1.6.4.1.9.y 0.0.0.0 (any) 10.1.1.0 192.168.5.253 10.1.1.0
docsDevFilterIpDmask1.3.6.1.2.1.69.1.6.4.1.10.y 0.0.0.0 (any) 255.255.255.0 255.255.255.0 255.255.255.0
docsDevFilterIpProtocol1.3.6.1.2.1.69.1.6.4.1.11.y 17 (udp) 256 (all) 256 256
docsDevFilterIpSourcePortLow1.3.6.1.2.1.69.1.6.4.1.12.y 137 0 0 0
docsDevFilterIpSourcePortHigh1.3.6.1.2.1.69.1.6.4.1.13.y 139 65535 65535 65535
docsDevFilterIpDestPortLow1.3.6.1.2.1.69.1.6.4.1.14.y 0 0 0 0
docsDevFilterIpDestPortHigh1.3.6.1.2.1.69.1.6.4.1.15.y 65535 65535 65535 65535

Figure 4 - 6 docsDevFilterIP Example

Note that the second example actually creates two IP filters in the table. This demonstrates that there are multiple ways to communicate a single filter expression. The USRobotics Cable Modem, model USR6000, can support up to 10 LLC filters and up to 32 IP filters.

Firmware Upgrade

There are two standard methods to upgrade a cable modem's firmware. Firmware is the operational software the cable modem uses. Both require knowledge of SNMP, and both require access to the TFTP server providing the code to the cable modem.

In either method, ensure that the firmware image file for the cable modem exists in the directory on the TFTP server used by the cable modem.

SNMP Management Console Method

  1. Select the cable modem(s) to be upgraded via your SNMP management software.
  2. Locate the following MIB OID in the SNMP management tool, and set its value to the filename of the firmware image to be downloaded to the cable modem. The USRobotics Cable Modem firmware image can be named in any fashion. If a firmware image not designed for the USRobotics Cable Modem is specified, the cable modem will determine that the file is invalid, after it has downloaded the file, and will ignore the upgrade request.

    docsDevSwFilename : 1.3.6.1.2.1.69.1.3.2

  3. Locate the following MIB OID in the SNMP management tool and set its value to the IP address of the TFTP server providing the firmware image to the cable modem.

    docsDevSwServer : 1.3.6.1.2.1.69.1.3.1

  4. Locate the following MIB OID in the SNMP management tool and set its value to upgradeFromMgt (1).

    docsDevSwAdminStatus : 1.3.6.1.2.1.69.1.3.3

Once Step 4 is accomplished, the cable modem(s) selected will immediately initiate a TFTP file transfer to the specified IP address and request the specified file name. Once the file is downloaded, the cable modem(s) will reboot and reestablish connectivity to the CMTS system.

DOCSIS Configuration File Method

  1. Using the DOCSIS configuration file editor provided by the CMTS vendor, create a configuration file with the following details:
    • Network access enabled
    • A single Class of Service defined
    • TFTP IP Address
    • Firmware file name

  2. Locate the following MIB OID using the SNMP management tool and set its value to allowProvisioningUpgrade (2) for the cable modem(s) you want to upgrade.

docsDevSwAdminStatus : 1.3.6.1.2.1.69.1.3.3

This method of upgrading will not occur immediately. It will only happen the next time the cable modem is rebooted. This means that an upgrade might not happen for days or even months.

  • To force this type of upgrade, locate the following MIB OID using the SNMP management tool and set its value to (1) true for the cable modem(s) you want to upgrade.

docsDevResetNow : 1.3.6.1.2.1.69.1.1.3

 

Verification of Upgrade

To check the progress of the upgrade, you can monitor your TFTP server while the upgrade is actually transferred or monitor the following MIB OID of the selected cable modem(s) from your SNMP management tool.

docsDevSwOperStatus : 1.3.6.1.2.1.69.1.3.4

A value of 1 indicates that the TFTP is in progress. A value of 2 indicates that the upgrade was initiated as a result of a DOCSIS configuration file process. A value of 3 indicates that the upgrade occurred as a result of an SNMP initiated process. A value of 4 indicates that the last upgrade attempt failed.