Cisco DNCS System Release 2.7 3.7 4.2 设计指南
3-8
Security Recommendations for the DBDS Network in a DOCSIS Environment
4000358 Rev B
Data Paths and Traffic Flows,
Continued
Secure Data Paths
The following table covers all the data paths and identifies which corresponding bi-
directional traffic flows should be allowed or denied according to Cisco’s
recommendations. Because this chapter focuses on the DBDS and DHCT security
risk management, any traffic that does not pertain to the DBDS or the DHCT is
outside the scope of this application guide and will be left to the cable service
provider’s implementation.
Data Path
Flow
Description
Allowed or Denied
1
1.1
Registered integrated cable modem -
DOCSIS Server
Allowed
1.2
DHCT CPE - DHCP Server
Allowed
1.3
Unsubscribed PC CPE – DOCSIS
Server
Allowed
1.4
Subscribed PC CPE– DOCSIS Server
Cable Service
Provider’s
Implementation
1.5
Registered integrated cable modem –
non-DOCSIS Server
Denied
1.6
DHCT CPE – non-DOCSIS Server
Cable Service
Provider’s
Implementation
1.7
Unsubscribed PC CPE – non-DOCSIS
Server
Cable Service
Provider’s
Implementation
1.8
Subscribed PC CPE– non-DOCSIS
Server
Cable Service
Provider’s
Implementation