Cisco Support Community

Cable Monitor Feature

Cable Technology

Cable Monitor Feature

TAC Carrier Services March 16th 2008


Cable Monitor Feature configuration and lab setup.


UBR10K2  Free Ethernet Port on UBR10K (Optional) Catalyst Switch


For a detailed overview of this feature refer to the Cisco CMTS feature guide on Cable Monitor[1]. This guide is intended for lab use specific to SJC-TAC Lab.

Cable monitor is similar to the SPAN feature found on Catalyst switches. It allows the user to capture traffic both going to and from a particular device off of the RF Plant. The Cable Monitor feature allows the granularity to peek at the DOCSIS layer packets such as UCD, SYNC, and MAPS. Depending on your configuration, you can have the CMTS duplicate all traffic to and from a particular SID, MAC, or Host and span it out a FastEthernet Port.


Preparing the Cabling:

Often in our lab the topology is a limitation. Often we will have a free fiber GigE Port off of the ESR-1GE on the UBR10K but no RJ-45 Copper FastE or GigE ports as required by our PCs. Often we utilize a Catalyst switch to do the conversation between fiber and copper. Should you have the matching media from the UBR10K to your Sniffer, then you can skip this section:

1.     Hook up your Fiber to the fiber GigE port on the catalyst switch

2.     Verify that the GigE port and the Ethernet port you decide to use are on the same VLAN

3.     Issue the following commands to SPAN the port off the Catalyst switch.

Switch(conf)# monitor session 1 source interface Gi0/1
Switch(conf)# monitor session 1 destination interface Fa0/17

In the above example your UBR10K is using Fiber to the Gig0/1 Port and your PC is off the of Fast0/17. Anything to and from Gig0/1 will be duplicated to Fa0/17.

CMTS Configuration:

To enable cable monitor, you will need to locate the cable modem you wish to monitor. Cable monitor can identify the trace by the cable modem SID, MAC address, or against an ACL.

For SID of a particular Cable Modem, you can use the “show cable modem” command to locate the SID and then issue this under the interface:

MAC Address    IP Address      I/F       MAC State        Prim RxPwr  Timing Num BPI
                                                          Sid  (dBmV) Offset CPE Enb

0020.4094.52bc        C7/0/0/U0 reject(c)        205   0.50  1870    0   N
0018.19b6.2baa        C7/0/0/U0 online(pt)       206   0.75  1020    1   Y

Then configure the CMTS to track by this SID under the interface configuration with the cable monitor command. For example, you want to monitor all traffic to and from the CM with SID 205 and you want to send that duplicated traffic our your free Gig3/0/0 port. You also want DOCSIS level of granularity (as opposed to regular 802.3 frames):

router(config-if)#cable monitor interface gig3/0/0 sid 205 packet-type data docsis

If you want the CMTS to decapsulate the DOCSIS framing and use the regular 802.3 Ethernet II frame:

router(config-if)#cable monitor interface gig3/0/0 sid 205 packet-type data Ethernet

Alternatively, you can choose to target the CM by its MAC-Address:

router(config-if)#cable monitor interface gig3/0/0 mac-address 0020.4094.52bc packet-type data Ethernet

Lastly, you can choose to target the CM by an ACL:

router(config-if)#cable monitor interface gig3/0/0 access-list 1 packet-type data ethernet

Preparing Wireshark for DOCSIS Frames:

If you choose “packet-type data docsis” under the interface configuration command, then the result will be DOCSIS encapsulated frames. Wireshark and ethereal will not, by default, understand these frames and you will see many TCP Segmentation and Bad TCP packets.

To tell Wireshark to interpret the frames as DOCSIS frames:

Edit -> Preference -> Frame -> "Treat DOCSIS Frames as..."


[1] Cable Monitor Feature Guide:  [[1]]


interface Cable7/0/0
no ip address
cable tftp-enforce
no cable packet-cache
cable bundle 1
cable downstream channel-id 160
cable downstream annex B
cable downstream modulation 256qam
cable downstream interleave-depth 32
cable downstream frequency 609000000
no cable downstream rf-shutdown
cable downstream rf-power 45
cable upstream max-ports 4
cable upstream 0 connector 0
cable upstream 0 frequency 31200000
cable upstream 0 docsis-mode tdma-atdma
cable upstream 0 channel-width 1600000 1600000
cable upstream 0 minislot-size 4
cable upstream 0 range-backoff 3 6
cable upstream 0 modulation-profile 121
no cable upstream 0 shutdown
cable upstream 1 connector 1
cable upstream 1 docsis-mode tdma
cable upstream 1 channel-width 1600000 1600000
cable upstream 1 minislot-size 4
cable upstream 1 range-backoff 3 6
cable upstream 1 modulation-profile 21
cable upstream 1 shutdown
cable upstream 2 connector 2
cable upstream 2 docsis-mode tdma
cable upstream 2 channel-width 1600000 1600000
cable upstream 2 minislot-size 4
cable upstream 2 range-backoff 3 6
cable upstream 2 modulation-profile 21
cable upstream 2 shutdown
cable upstream 3 connector 3
cable upstream 3 docsis-mode tdma
cable upstream 3 channel-width 1600000 1600000
cable upstream 3 minislot-size 4
cable upstream 3 range-backoff 3 6
cable upstream 3 modulation-profile 21
cable upstream 3 shutdown
cable monitor interface GigabitEthernet3/0/0 access-list 1 packet-type data ethernet
cable privacy mandatory
cable privacy authenticate-modem
cable privacy bpi-plus-enforce