Cisco DNCS System Release 2.7 3.7 4.2 Designanleitung
4000358 Rev B
Security Recommendations for the DBDS Network in a DOCSIS Environment
3-13
DBDS Network Security,
Continued
# 90
Configure the CMTS to allow IP traffic among subscribed PC CPEs.
# 100
Configure Router 2 to deny IP traffic between:
•
Configure the CMTS to allow IP traffic among subscribed PC CPEs.
# 100
Configure Router 2 to deny IP traffic between:
•
Registered integrated cable modems and other remote registered integrated cable
modems
•
Registered integrated cable modems and unregistered/registered stand-alone
cable modems
•
Registered integrated cable modems and unsubscribed/subscribed PC CPE
•
Registered integrated cable modems and DHCT CPE
•
Unregistered/registered stand-alone cable modems and DHCT CPE
•
DHCT CPE and other remote DHCT CPE
•
DHCT CPE and unsubscribed/subscribed PC CPE
# 110
Configure Router 2 to allow IP traffic among subscribed PC CPEs (such as, those
Configure Router 2 to allow IP traffic among subscribed PC CPEs (such as, those
assigned public IP addresses).
# 120
Configure Router 2 to deny any inbound IP traffic from the CMTS with a source IP
# 120
Configure Router 2 to deny any inbound IP traffic from the CMTS with a source IP
address within the DBDS IP address subnet range. This recommendation reduces the
risk of DBDS network element spoofing in the HFC environment (across different
CMTSs).