Cisco DNCS System Release 2.7 3.7 4.2 Guida Alla Progettazione
3-4
Security Recommendations for the DBDS Network in a DOCSIS Environment
4000358 Rev B
Recommendations on IP Address Assignment,
Continued
Security Recommendations
Cisco recommends that you follow these security recommendations when assigning
IP addresses to the end-user devices in a DOCSIS network.
Because several of the security recommendations relate to each other, we assigned
Because several of the security recommendations relate to each other, we assigned
numbers to each recommendation for ease of reference. The recommendations are
numbered in increments of 10 to allow for growth as new recommendations are
added.
This section describes security recommendations 10 through 30 for assigning IP
This section describes security recommendations 10 through 30 for assigning IP
addresses. Recommendations 40 through 410 for securing the data paths in the
DBDS are provided later in this chapter.
# 10
Assign a distinct private IP address range to each end-user device type: unregistered
# 10
Assign a distinct private IP address range to each end-user device type: unregistered
stand-alone cable modem, registered stand-alone cable modem, registered integrated
cable modem, DHCT CPE, and unsubscribed PC CPE.
# 20
Assign DHCT CPE IP addresses from a subnet of the private 10.0 network. This
# 20
Assign DHCT CPE IP addresses from a subnet of the private 10.0 network. This
subnet should be separate from the subnets from which you assign IP addresses for
all other end-user devices.
# 30
# 30
Plan an IP address scheme to avoid IP address conflicts between the newly deployed
DOCSIS-capable DHCTs (integrated cable modem and DHCT CPE) and any
network element or devices on the cable service provider’s network.