cancelar
Mostrando los resultados de 
Buscar en lugar de 
Quiere decir: 
Avisos
¡Bienvenido a la nueva Comunidad de Soporte de Cisco! Nos encantaría conocer su opinión

Problemas con TLS.dot1Q en un CMTS uBR7225

Hola buenas tardes!

Tengo problemas para configurar TLS con dot1Q en un CMTS uBR7225.  Tengo todo funcionando contra un CMTS motorola bsr64k pero necesito hacerlo ahora sobre un Cisco uBR y me encuentro con algunos problemas.

Mi topologia es la siguiente

SWL3 --- uBR --- CM --- CPE (mktk)

En los requisitos para TLS en cable, ademas de la version de sistema, pide tener habilitardo BPI, para eso realice la configuracion basica del CMTS y del archivo DOCSIS.
Defini una interfaz de VLAN (2717)  en el SWL3 y pude comprobar la conectividad hasta el CMTS.

Las lineas para configurar la vlan en el CMTS es la siguiente

cable l2-vpn-service xconnect nsi dot1q
cable dot1q-vc-map H.H.H GigabitEthernet0/3 2717

con respecto al BPI del archivo docsis, modifique el TLV29 a 1 (enabled) ademas de definir los paramtros basicos.

Mis problemas comienzan al ingresar lo siguiente

CMTS-uBR(config)#cable dot1q-vc-map H.H.H GigabitEthernet0/3 2717
BPI not enabled on H.H.H. Please enable BPI for L2VPN functionality

Aparece un error como si no tuviera habilitado el BPI, verifique la configuracion del archivo DOCSIS y aparenta estar OK, por lo que estuve probando algunos parametros de configuracion del BPI y BPI+.

Viendo algunos debugs del CMTS puedo comprobar que tengo conectividad desde el SWL3 hasta el CMTS, lo que esta en negrita es la mac de la interfaz de VLAN2717.  La segunda MAC en negrita es la del CPE que en este caso es un mktk.
Tambien se observa en el debug que la interfaz Cable 1/1 esta down, pero si le hago un sh int cabl 1/1 aparece UP.-
*Oct 26 10:07:53.110: Pkt from GigabitEthernet0/3 VLAN 2717 to CM H.H.H sid 4 src 6400.f1b0.ad3f dst 0100.5e00.0009 dropped since Cable1/1 is down
*Oct 26 10:09:05.978: Pkt from GigabitEthernet0/3 VLAN 2717 to CM H.H.H sid 4 src 0024.5192.0705 dst 0100.0ccc.cccd dropped since Cable1/1 is down
*Oct 26 10:09:07.058: Pkt from CM 54d4.6f2e.4355 with sid 4 src d4ca.6d5e.8902 dst ffff.ffff.ffff dropped since mac2vc sid 4 not mapped to TLS
*Oct 26 10:09:07.062: Pkt from CM 54d4.6f2e.4355 with sid 4 src d4ca.6d5e.8902 dst 0100.0ccc.cccc dropped since mac2vc sid 4 not mapped to TLS

Hay algun parametro que me falte en la configuracion del BPI en la interfaz de cable 1/0 o 1/1??
Realice diferentes configuraciones en las 2 interfaces de cable, modifcando algunas opciones como balance groups y fiber nodes sin que esto afecte de una forma u otra...
Aparentemente levanta ok el BPI+ al ingresar la sentencia cable privacy bpi-plus-policy capable-enforcement , aunque el CM aparece con online y un * (aunque no encuentro que significa el *online )

CMTS-uBR#sh cabl modem
MAC Address IP Address I/F MAC State PrimSid RxPwr(dBmv) TimingOffset NumCPE DIP
H.H.H..................10.107.0.2 ....C1/1/U0......*online ...........4 ........... 3.50......... 2391 ........ 0.......... N

Aqui les dejo otro comando con el que veo que el CM aparece como NOT MAPPED en la interfaz cable 1/0 o  1/1

CMTS-uBR#sh cable l2-vpn xconnect dot1q-vc-map H.H.H verbose

MAC Address : H.H.H
Customer Name :
Prim Sid : 0
Cable Interface : NOT MAPPED
Ethernet Interface : GigabitEthernet0/3
DOT1Q VLAN ID : 2717
Total US pkts : 0
Total US bytes : 0
Total DS pkts : 0
Total DS bytes : 0

Y aqui les dejo el running config.

Building configuration...

Current configuration : 12246 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CMTS-uBR
!
boot-start-marker
boot-end-marker
!
enable secret 5
enable password
!
no aaa new-model
cable admission-control preempt priority-voice
!
!
no cable qos permission create
no cable qos permission update
cable qos permission modems
!
cable logging badipsource
cable logging layer2events
cable logging overlapip
cable load-balance docsis-enable
cable load-balance rule 100 enabled
!
cable load-balance group 1 method utilization
cable load-balance group 1 interval 300
cable load-balance group 1 threshold load 10 enforce 50
cable load-balance group 1 policy us-groups-across-ds
cable load-balance group 2 method utilization
cable load-balance group 2 interval 300
cable load-balance group 2 threshold load 10 enforce 50
cable load-balance group 2 policy us-groups-across-ds
!
cable l2-vpn-service xconnect nsi dot1q
cable dot1q-vc-map H.H.H GigabitEthernet0/3 2717
ip subnet-zero
!
ip domain name
ip name-server DNS1
ip dhcp relay information option
!
ip cef
!
multilink bundle-name authenticated
call rsvp-sync
!
username
!
controller Integrated-Cable 1/0
rf-channel 0 cable downstream channel-id 1
rf-channel 0 frequency 561000000 annex B modulation 64qam interleave 32
rf-channel 0 rf-power 44.0
no rf-channel 0 rf-shutdown
rf-channel 1 cable downstream channel-id 2
rf-channel 1 frequency 567000000 annex B modulation 64qam interleave 32
rf-channel 1 rf-power 44.0
no rf-channel 1 rf-shutdown
rf-channel 2 cable downstream channel-id 3
rf-channel 2 frequency 573000000 annex B modulation 64qam interleave 32
rf-channel 2 rf-power 44.0
no rf-channel 2 rf-shutdown
rf-channel 3 cable downstream channel-id 4
rf-channel 3 frequency 579000000 annex B modulation 64qam interleave 32
rf-channel 3 rf-power 44.0
no rf-channel 3 rf-shutdown
!
controller Integrated-Cable 1/1
rf-channel 0 cable downstream channel-id 5
rf-channel 0 frequency 561000000 annex B modulation 64qam interleave 32
rf-channel 0 rf-power 44.0
no rf-channel 0 rf-shutdown
rf-channel 1 cable downstream channel-id 6
rf-channel 1 frequency 567000000 annex B modulation 64qam interleave 32
rf-channel 1 rf-power 44.0
no rf-channel 1 rf-shutdown
rf-channel 2 cable downstream channel-id 7
rf-channel 2 frequency 573000000 annex B modulation 64qam interleave 32
rf-channel 2 rf-power 44.0
no rf-channel 2 rf-shutdown
rf-channel 3 cable downstream channel-id 8
rf-channel 3 frequency 579000000 annex B modulation 64qam interleave 32
rf-channel 3 rf-power 44.0
no rf-channel 3 rf-shutdown
!
interface GigabitEthernet0/1
description TO-SWL3
ip address X.X.X.X/30
media-type rj45
speed auto
duplex auto
negotiation auto
!
interface FastEthernet0/2
no ip address
shutdown
speed auto
duplex auto
!
interface GigabitEthernet0/2
no ip address
shutdown
media-type rj45
speed auto
duplex auto
negotiation auto
!
interface GigabitEthernet0/3
no ip address
media-type rj45
speed auto
duplex auto
negotiation auto
!
interface Cable1/0
downstream Integrated-Cable 1/0 rf-channel 0-3
no cable packet-cache
cable bundle 1
cable upstream max-ports 4
cable upstream bonding-group 200
upstream 0
upstream 1
upstream 2
upstream 3
attributes 80000000
cable upstream 0 connector 0
cable upstream 0 frequency 30000000
cable upstream 0 channel-width 3200000 3200000
cable upstream 0 ingress-noise-cancellation 200
cable upstream 0 power-level 4
cable upstream 0 load-balance group 1
cable upstream 0 docsis-mode tdma-atdma
cable upstream 0 minislot-size 2
cable upstream 0 range-backoff 3 6
cable upstream 0 modulation-profile 121
no cable upstream 0 shutdown
cable upstream 1 connector 1
cable upstream 1 frequency 33200000
cable upstream 1 channel-width 3200000 3200000
cable upstream 1 ingress-noise-cancellation 200
cable upstream 1 power-level 4
cable upstream 1 load-balance group 1
cable upstream 1 docsis-mode tdma-atdma
cable upstream 1 minislot-size 2
cable upstream 1 range-backoff 3 6
cable upstream 1 modulation-profile 121
no cable upstream 1 shutdown
cable upstream 2 connector 2
cable upstream 2 frequency 36400000
cable upstream 2 channel-width 3200000 3200000
cable upstream 2 ingress-noise-cancellation 200
cable upstream 2 power-level 4
cable upstream 2 load-balance group 1
cable upstream 2 docsis-mode tdma-atdma
cable upstream 2 minislot-size 2
cable upstream 2 range-backoff 3 6
cable upstream 2 modulation-profile 121
no cable upstream 2 shutdown
cable upstream 3 connector 3
cable upstream 3 frequency 39600000
cable upstream 3 channel-width 3200000 3200000
cable upstream 3 ingress-noise-cancellation 200
cable upstream 3 power-level 4
cable upstream 3 load-balance group 1
cable upstream 3 docsis-mode tdma-atdma
cable upstream 3 minislot-size 2
cable upstream 3 range-backoff 3 6
cable upstream 3 modulation-profile 121
no cable upstream 3 shutdown
cable privacy mandatory
cable privacy authenticate-modem
cable privacy kek life-time 6048000
cable privacy tek life-time 604800
cable privacy bpi-plus-policy total-enforcement
cable load-balance group 1
!
interface Wideband-Cable1/0:0
cable bundle 1
cable privacy tek life-time 604800
!
interface Integrated-Cable1/0:0
cable bundle 1
cable rf-bandwidth-percent 96
!
interface Integrated-Cable1/0:1
cable bundle 1
cable rf-bandwidth-percent 96
!
interface Integrated-Cable1/0:2
cable bundle 1
cable rf-bandwidth-percent 96
!
interface Integrated-Cable1/0:3
cable bundle 1
cable rf-bandwidth-percent 96
!
interface Cable1/1
downstream Integrated-Cable 1/1 rf-channel 0-3
no cable packet-cache
cable bundle 1
cable upstream max-ports 4
cable upstream bonding-group 201
upstream 0
upstream 1
upstream 2
upstream 3
attributes 80000000
cable upstream 0 connector 4
cable upstream 0 frequency 30000000
cable upstream 0 channel-width 3200000 3200000
cable upstream 0 ingress-noise-cancellation 200
cable upstream 0 power-level 4
cable upstream 0 docsis-mode tdma-atdma
cable upstream 0 minislot-size 2
cable upstream 0 range-backoff 3 6
cable upstream 0 modulation-profile 121
no cable upstream 0 shutdown
cable upstream 1 connector 5
cable upstream 1 frequency 33200000
cable upstream 1 channel-width 3200000 3200000
cable upstream 1 ingress-noise-cancellation 200
cable upstream 1 power-level 4
cable upstream 1 docsis-mode tdma-atdma
cable upstream 1 minislot-size 2
cable upstream 1 range-backoff 3 6
cable upstream 1 modulation-profile 121
cable upstream 1 shutdown
cable upstream 2 connector 6
cable upstream 2 frequency 36400000
cable upstream 2 channel-width 3200000 3200000
cable upstream 2 ingress-noise-cancellation 200
cable upstream 2 power-level 4
cable upstream 2 docsis-mode tdma-atdma
cable upstream 2 minislot-size 2
cable upstream 2 range-backoff 3 6
cable upstream 2 modulation-profile 121
cable upstream 2 shutdown
cable upstream 3 connector 7
cable upstream 3 frequency 39600000
cable upstream 3 channel-width 3200000 3200000
cable upstream 3 ingress-noise-cancellation 200
cable upstream 3 power-level 4
cable upstream 3 docsis-mode tdma-atdma
cable upstream 3 minislot-size 2
cable upstream 3 range-backoff 3 6
cable upstream 3 modulation-profile 121
cable upstream 3 shutdown
cable privacy bpi-plus-policy capable-enforcement
arp authorized
!
interface Wideband-Cable1/1:0
cable bundle 1
!
interface Integrated-Cable1/1:0
cable bundle 1
cable rf-bandwidth-percent 96
!
interface Integrated-Cable1/1:1
cable bundle 1
cable rf-bandwidth-percent 96
!
interface Integrated-Cable1/1:2
cable bundle 1
cable rf-bandwidth-percent 96
!
interface Integrated-Cable1/1:3
cable bundle 1
cable rf-bandwidth-percent 96
!
interface Bundle1
ip address 10.107.0.1 255.255.0.0
load-interval 30
no cable arp filter request-send
no cable arp filter reply-accept
cable dhcp-giaddr policy
cable helper-address 172.16.2.2 cable-modem
cable helper-address 172.16.2.2 host
arp authorized
!
router ospf 1
log-adjacency-changes
redistribute connected subnets
network 10.107.0.0 0.0.255.255 area 0
network X.X.X.X area 0
!
ip classless
ip route 0.0.0.0 0.0.0.0 X.X.X.X 120
!
no ip http server
no ip http secure-server
!
!
!
ip access-list standard SNMP
deny any
ip access-list standard TELNET
deny any
!
logging cmts ipc-cable log-level errors
cpd cr-id 1
nls resp-timeout 1
!
control-plane
!
dial-peer cor custom
!
gatekeeper
shutdown
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
access-class TELNET in
login local
line vty 5 15
login local
!
exception crashinfo buffersize 64
!
cable fiber-node 1
downstream Integrated-Cable 1/0 rf-channel 0-3
upstream Cable 1 connector 0-3
!
end

Les agradezco desde ya alguna ayuda para ver si puedo poner esto a caminar!!!!!

gracias, saludos!!

1 RESPUESTA

Despues de mucho buscar,

Despues de mucho buscar, probe una nueva configuracion del archivo docsis... esta vez el CM paso a reject (pk), entre las posibles causas aparecen problemas en root CA certificate.

Baje el certificado de CableLabs y lo incorpore de acuerdo a las especificaciones de cisco... pero sigo en reject (pk)

http://www.cisco.com/c/en/us/td/docs/cable/cmts/config_guide/b_cmts_Quality_Service_Features/b_cmts_Quality_Service_Features_chapter_01.html#task_1217174

alguna sugerencia?

 

139
Visitas
0
ÚTIL
1
Respuestas