Cisco Systems UBR924 Manual De Usuario
1-14
Cisco uBR924 Software Configuration Guide
OL-0337-05 (8/2002)
Chapter 1
Overview
Initial Provisioning
If the firewall accepts the peer’s request, it installs a temporary crypto map entry when it installs the new
IPsec security associations. This entry is filled in with the results of the negotiation. At this point, the
firewall performs normal processing, using this temporary crypto map entry as a normal entry, and even
requests new security associations if the current ones are expiring (based on the policy specified in the
temporary crypto map entry). After all of the corresponding security associations expire, the temporary
crypto map entry is removed.
IPsec security associations. This entry is filled in with the results of the negotiation. At this point, the
firewall performs normal processing, using this temporary crypto map entry as a normal entry, and even
requests new security associations if the current ones are expiring (based on the policy specified in the
temporary crypto map entry). After all of the corresponding security associations expire, the temporary
crypto map entry is removed.
The crypto dynamic-map global configuration command supports a number of options, but the only
required option is the transform-set. The other parameters are optional, depending on the needs of your
network.
required option is the transform-set. The other parameters are optional, depending on the needs of your
network.
This feature is introduced in Cisco IOS Release 12.0(7)T.
Note
Dynamic crypto map sets are not used for initiating IPsec security associations. However, they are used
for determining whether or not traffic should be protected.
for determining whether or not traffic should be protected.
Initial Provisioning
The Cisco uBR924 cable access router typically ships from the Cisco factory ready to work in the
data-only mode. However, before router can transmit either data or
voice traffic, the CMTS at the headend must properly provision the router as follows:
•
The appropriate service must be purchased from the service provider. If certain features, such as
voice support or advanced encryption, are desired, a license for the appropriate Cisco IOS software
image must also be purchased.
voice support or advanced encryption, are desired, a license for the appropriate Cisco IOS software
image must also be purchased.
•
The service provider must create a DOCSIS configuration file for the Cisco uBR924 router. This file
must be stored on a TFTP server—each router could have its own unique DOCSIS configuration file,
or the same file could be used for multiple routers, depending on the needs of the subscribers.
must be stored on a TFTP server—each router could have its own unique DOCSIS configuration file,
or the same file could be used for multiple routers, depending on the needs of the subscribers.
•
When the router is first brought online, the CMTS at the headend downloads the DOCSIS
configuration file to the router. This file is a binary file that configures the router for the appropriate
level of services and that sets other parameters as needed.
configuration file to the router. This file is a binary file that configures the router for the appropriate
level of services and that sets other parameters as needed.
•
At this point the router is completely configured for the basic DOCSIS bridging mode, but when
additional features are required, the DOCSIS configuration file specifies that the CMTS should
download a second Cisco IOS image to the router. For example, to enable Triple DES encryption on
the Cisco uBR924 router, a Cisco IOS image with 3DES IPsec support must be downloaded to the
router. (The service provider can also preload the router with this image at the warehouse to speed
up the router’s initialization and boot time.)
additional features are required, the DOCSIS configuration file specifies that the CMTS should
download a second Cisco IOS image to the router. For example, to enable Triple DES encryption on
the Cisco uBR924 router, a Cisco IOS image with 3DES IPsec support must be downloaded to the
router. (The service provider can also preload the router with this image at the warehouse to speed
up the router’s initialization and boot time.)
•
Finally, any additional configuration on the router must be done. This can be done in the following
ways:
ways:
–
When using Cisco IOS Release 12.1(1)T or greater, CLI commands can be embedded in the
DOCSIS configuration file, using the Vendor Specific Information Field (subtype 131).
DOCSIS configuration file, using the Vendor Specific Information Field (subtype 131).
–
The router can download a Cisco IOS configuration file from a host workstation specified by
the DOCSIS configuration file. The Cisco IOS configuration file is an ASCII text file that
contains the Cisco IOS commands needed to configure the router.
the DOCSIS configuration file. The Cisco IOS configuration file is an ASCII text file that
contains the Cisco IOS commands needed to configure the router.
–
A system administrator can manually configure the router by giving Cisco IOS commands at the
router’s CLI interface. This can be done either locally by connecting to the router’s RJ-45
console port or remotely by establishing a Telnet connection with the router.
router’s CLI interface. This can be done either locally by connecting to the router’s RJ-45
console port or remotely by establishing a Telnet connection with the router.