CreatingDOCSISCablemodemconfigurationfiles

1)Basics

FirstonemustobtainaprogramtoconverttextconfigfilestobinaryDOCSISformat. Afree,consoleprogramisfoundhere.Installasusual,problemswithcompilationaretobeexpected.. (docsisprogramlastupdatewasin2006). Anotherprogramcanbedownloadedfromhere(Windowsonly).ItsupportsGUIandtreelikeview.

2)Basicsettings

Ourfirstfilewilljustallownetworkaccesandlimitdownload/uploadspeeds:
Main { NetworkAccess 1; GlobalPrivacyEnable 0; UsServiceFlow { UsServiceFlowRef 1; QosParamSetType 7; TrafficPriority 3; MaxRateSustained 128000; } DsServiceFlow { DsServiceFlowRef 2; QosParamSetType 7; TrafficPriority 3; MaxRateSustained 1000000; } } /* enables packet forwarding */ /* disables BPI(encryption) */ /* creates an upstream service flow */ /* /* /* /* SF number */ activates SF */ sets medium priority */ max upstream transfer rate - 128kb/s */

/* creates an downstream service flow */ /* /* /* /* SF number */ activates SF */ sets medium priority */ max downstream transfer rate - 1Mb/s */

Reader'scomment:PleasenotethatDs/UsServiceRefnumbersmustbeuniqueincablemodemconfig. OnCiscoCMwithsameDsandUsServiceFlowRefwillendupwithreject(c)status.
3)Addingadvancedparameters

This fileincludes DS frequency,USchannelnumber,1classifier,3serviceflowsandlimitsuser devicesconnectedtomodem.

Main { NetworkAccess 1; GlobalPrivacyEnable 0; DownstreamFrequency 410000000; UpstreamChannelId 3; MaxCPE 3; CpeMacAddress 00:00:00:00:00:00; CpeMacAddress 11:11:11:11:11:11; /* /* /* /* /* /* /* enables packet forwarding */ disables BPI(encryption) */ sets DS frequency to 410MHz */ sets 3rd US channel */ allows max 3 user devices */ device #1 MAC is 00:00... */ device #2 MAC is 11:11... */

DsPacketClass { ClassifierRef 2; ServiceFlowRef 4; RulePriority 3; ActivationState 1; IpPacketClassifier { IpTos 0x0808ff; } } UsServiceFlow { UsServiceFlowRef 1; QosParamSetType 7; TrafficPriority 3; MaxRateSustained 128000; } DsServiceFlow { DsServiceFlowRef 2; QosParamSetType 7; TrafficPriority 3; MaxRateSustained 1000000; } DsServiceFlow { DsServiceFlowRef 4; QosParamSetType 7; TrafficPriority 3; MaxRateSustained 2000000; } }

/* /* /* /*

Classifier number */ forwards packets using SF #4 */ Low priority classifier */ enables classifier */

/* matches ToS 0x08 */

/* /* /* /*

SF number */ activates SF */ sets medium priority */ max transfer rate - 128kb/s */

/* /* /* /*

SF number */ activates SF */ sets medium priority */ max transfer rate - 1Mb/s */

/* /* /* /*

SF number */ activates SF */ sets medium priority */ max transfer rate - 2Mb/s */

4)GlobalParametersexplained

Name NetworkAccess GlobalPrivacyEnable

Description

Values

Controllswhethermodemforwardsdatabetween 0forwardingdisabled USB/EthernetandRFinterfaces 1forwardingenabled EnablesBPI(encryptiononRFinterface) 0disablesBPI 1enablesBPI FrequencyinHZ

DownstreamFrequency SpecifiesdownstreamchannelfrequencyinHz UpstreamChannelId

Specifiestheupstreamchannelnumberforthat Desiredupstreamchannel downstream number NumberofMACaddresses(computers,network devices),thatmodemwilllearnandforward Numberofsuchdevices packetsfrom.Thisincludesmanagedswitches, APsetc.

MaxCPE

CpeMacAddress

SpecifiesMACaddressofacomputer/device. NumberofCpeMacAddresscommandsmustbe lessorequalMaxCPE.Usefullwhenyoudon't MACaddressofonedevice wantthemodemtolearnAccesspoint'sIP address Maximumnumberofadmittedandactive upstreamclassifiers,thatmodemisallowedto have EnablesDOCSIS2.0 AllowstoenterTLVsunsupportedbyprogram SpecifiesfirmwarefilenameonTFTPserver. SpecifiesTFTPserverIPaddress SpecifiesOIDtoset 0disabled,1enabled Sytnax:TlvCodeXXX TlvLengthXTlvValue 0xXX "filename" IPaddress Syntax:OIDtypevalue

MaxClassifiers DocsisTwoEnable GenericTLV SwUpgradeFilename SwUpgradeServer SnmpMibObject SnmpWriteControl MfgCVCData

Mustbeusedseveraltimes torepresentwhole Producerscertificateusedforfirmwareupgrade. certificate.Canspecify254 hexcharsmaxatatime.

MtaConfigDelimiter Note:tocreateMfgCVCData,takemfgcertandthen:
hexdump -v -e ' 2/1 "%02X" ' -n 254 cert.cer

ThecompleteMfgCVCDataoptionwouldbeMfgCVCData0xOUTPUT_FROM_ABOVE; Tocreatenextportionjustskipfirst254charswiths:
hexdump -v -e ' 2/1 "%02X" ' -n 254 -s 254 cert.cer

Increasesby254fornextportions.
5)Serviceflowparametersexplained

GeneralSFparameters: Name Description Values QualityofServiceParameterSetType.Describeswhether serviceflowis:Provisioned,AdmittedandActive.Bit0 7Active Provisionedflag,Bit1Admittedflag,Bit2Activeflag.Fora other servceflowtobeworkingall3bitsmustbesetto1.Binary111 disabled equals7deciminal. Setspriorityforpacketsmatchingthatserviceflow.CMTS shouldservefirstSFswithhigherpriority. 0lowest (default) 7highest

QosParamSetType

TrafficPriority

MaxRateSustained MaxTrafficBurst MinReservedRate MinResPacketSize ActQosParamsTimeout AdmQosParamsTimeout ServiceClassName

Maximaltransferspeedinb/s. Specifieshowmuchdatacanbesentinoneburst. Minimalbandwidthreserverdforthatserviceflow

Speedinb/s Valuein bytes Speedinb/s

Usedforcalculatingminreservedrate,whensmallerpacketsare Sizein sent,sizefromthisfieldistakenforcalculationsinsteadof bytes. actualpacketsize. SpecifieshowlongCMTSreservesresourcesforthat(active) serviceflow. Valuein seconds.

SpecifieshowlongCMTSreservesresourcesforthat(admitted) Valuein serviceflow. seconds. Specifiesserviceclasswhichthatservceflowispartof "service_cla ss_name"

Downstreamspecificparameters: Name DsServiceFlow Description Createsdownstreamserviceflow Values none

NumberofdownstreamserviceflowmustmatchServiceFlowRef anynumber DsServiceFlowRef inpacketclasifiers(ifexists).Serviceflowswithlowestnumbersare (165535) takenasdefaultnoclassifiersneededthere. MaxDsLatency Sprecifiesmaximaltimebetweenreceptionofpacketand forwardingittoRFinterfaceontheCMTS Valuein micro seconds.

Upstreamspecificparameters: Name UsServiceFlow Description Createsupstreamservice flow none Values

UsServiceFlowRef

Numberofupstreamservice flowmustmatch ServiceFlowRefinpacket clasifiers(ifexists).Service anynumber(165535) flowswithlowestnumbers aretakenasdefaultno classifiersneededthere.

Maximumdatainbytestobe MaxConcatenatedBurst transmitedinone Sizeinbytes,default1522 concatenationburst SchedulingType Schedulingtypetobeusedin 2Besteffort,3NonRealTimePolling,4 serviceflow RealTimePolling,5UnsolicitedGrant ServicewithActivityDetection,6Unsolicited

GrantService Thereare16bitsnumberedfrom15to0. Bit0disablesallcmopportunities,bit1disables PriorityRequestmulticastopportunities,bit2 disablesRequest/Dataopportunitiesfor Request/TransmissionPolicy Requestsbit3samefordata,bit4disables specifiesbehaviourofa piggybackrequestswithdata,bit5disables sericeflow concatenation,bit6disablesfragmentation,bit7 disablespayloadheadersuppression,bit8 enablesdropingofpacketsthatdonotfitinthe UnsolicitedGrant.Example:0x000001ff;Size

RequestOrTxPolicy

EnablesoverwritingToS NewToS=(OldTosANDAA)OROO,example: valuesformatchinpackets 0xAAOO I'vepurposelyomitedinformationaboutothershedulingtypes:UGS,UGSwithAD,nonrealtime polling,realtimepolling. TestrevealedthattheyareonlyusefulwithVOIPand/orstreamingvideo.Onemayusesourceipor destinationportbasedclassifiertocapturevoiptrafficandlimitUPanddownstreamserviceflowsto nomorethan128k.SinceitsusellesforbrowsingtheinternetnooneshouldexploitthatSF.With streamingvideodestiantionIPofvideoservermustbeknownbecausehighspeed,lowlatency connectionisVERYlikelytobeexploitedifunprotectedproperly.Itmightbegoodideaforvoipto createseparateIPaddressclassforvoipgatewaysandcreatebesteffortserviceflowswithhighest trafficpriority.AddingMinReservedRatemaygiveevenbetterresults. IpTosOverwrite
6)Classifies

IPandportbasedclassifier
UsPacketClass { ServiceFlowRef 3; ClassifierRef 11; RulePriority 68; ActivationState 1; IpPacketClassifier { IpSrcAddr 192.168.0.0; IpSrcMask 255.255.255.0; SrcPortStart 1024; SrcPortEnd 2000; IpDstAddr 113.206.95.144; IpDstMask 255.255.255.248; DstPortStart 80; DstPortEnd 80; IpProto 6; } }

/* /* /* /* /* /* /* /*

Matches: */ source IPs from 192.168.0.0 */ to 192.168.0.255 */ source ports from 1024 */ to 2000 */ destination IPs from 113.206.95.144 */ to 113.206.95.151 */ destination port 80 */

/* TCP protocol */

MACaddressbasedclassifier
UsPacketClass { ServiceFlowRef 3;

ClassifierRef 11; RulePriority 68; ActivationState 1; LLCPacketClassifier { SrcMacAddress 00:11:22:33:44:55 /* Matches that MAC address }

*/

Generalclassifierparameters: Name Description none none anynumber(1255) Values DsPacketClass Createsdownstreamclassifier UsPacketClass Createsupstreamclassifier ClassifierRef ServiceFlowRef RulePriority Numberofclassifier,mustbeuniqueinconfigfile

ServiceFlowRefnumberofserviceflow,whichisused NumberofexistingSF ifpacketsmatchesthatclassifier. Specifiesthepriorityfortheclassifier.Highernumber higherpriority.Classifierswithhigherpriorityare anynumber(0255) checkedfirst. 1enabled,0disabled? 0Addclasifier,1replace classifier,2delete classifier WhattodowithclassifierwhenDynamicService ChangeRequestisrecived

ActivationState Enablesclassfier DscAction

IPclassifierparameters: Name Description none 0xLLHHMM,whereLLlowtos,HHhightos,MM tosmask.Matchespackets,whereLL>=(tosAND MM)<=HH. IPaddress IPaddress IPaddress Values IpPacketClassifier CreatesIPclassifiermatch IpTos IpSrcAddr IpSrcMask IpDstAddr IpDstMask SrcPortStart SrcPortEnd MatchesToSvalues MatchessourceIP Specifiessourcemask. Match=SrcIPAND SrcMask MatchesdestinationIP

Specifiesdestinationmask. Match=DstIPAND IPaddress DstMask Matchessourceportsstaring 0(default)65535 fromthatvalue Matchessourceportsending 065535(default) onthatvalue

DstPortStart DstPortEnd IpProto

Matchesdestinationports staringfromthatvalue Matchesdestinationports endingonthatvalue MatchesIPprotocol

0(default)65535 065535(default) 1ICMP,6TCP,17UDP 256any,257TCP+UDP,0ignorethisfield

LLCclassifierparameters: Name LLCPacketClassifier DstMacAddress SrcMacAddress EtherType Description CreatesLLC(MAC)classifiermatch MatchesdestinationMAC MatchessourceMAC Matchesethertype none MACaddress MACaddress Ethertypeinhex Values

802.1qclassifierparameters: Name IEEE802Classifier UserPriority Matchespriorityfield Description Creates802.1P/Qclassifiermatch Values none 07 04095

VlanID MatchesvlanIDfield IP,LLCandIEEE802matchesmaybeusedtogetherinoneclassifier.

7)SNMPparametersforuseindocsisconfigurationfiles

SNMPv1accesstable: Allowsreadonlyaccessforcommunitystringsome_passwordfrom192.168.0.1/24comingonlyfrom RFinterfaceofaCM. .1meansthatit'sfirstentryremembertochangewhenaddingmore.

SnmpMibObject SnmpMibObject SnmpMibObject SnmpMibObject SnmpMibObject SnmpMibObject docsDevNmAccessStatus.1 Integer 4; /* createAndGo */ docsDevNmAccessIp.1 IPAddress 192.168.0.1 ; docsDevNmAccessIpMask.1 IPAddress 255.255.255.0 ; docsDevNmAccessControl.1 Integer 2; /* read */ docsDevNmAccessInterfaces.1 HexString 0x40; docsDevNmAccessCommunity.1 String "some_password" ;

Nmaccessentriesexplained: Name docsDevNmAccessStatus docsDevNmAccessIp Description Values 1active,2inactive,4createand Configuresrowcreationand activate,5createanddeactivate,6 it'sactivation delete.Stickwtih4. SpecifiessourceIPofa IPaddress

SNMPquerymatchingthis rule. docsDevNmAccessIpMask docsDevNmAccessControl docsDevNmAccessInterfaces docsDevNmAccessCommunity Firewallrule: Thisfirewallrulepreventsusersfromsendingmailusingport25(SMTP). NotethatbysettingdocsDevFilterIpDefaultto2(drop)onecanallowonlyselectedtrafficinstedof dropingit.
SnmpMibObject SnmpMibObject SnmpMibObject SnmpMibObject SnmpMibObject SnmpMibObject SnmpMibObject SnmpMibObject SnmpMibObject SnmpMibObject SnmpMibObject SnmpMibObject SnmpMibObject SnmpMibObject docsDevFilterIpControl.7 Integer 1; /* discard */ docsDevFilterIpIfIndex.7 Integer 0 ; docsDevFilterIpDirection.7 Integer 3; /* both */ docsDevFilterIpBroadcast.7 Integer 2; /* false */ docsDevFilterIpSaddr.7 IPAddress 0.0.0.0 ; docsDevFilterIpSmask.7 IPAddress 0.0.0.0 ; docsDevFilterIpDaddr.7 IPAddress 0.0.0.0 ; docsDevFilterIpDmask.7 IPAddress 0.0.0.0 ; docsDevFilterIpProtocol.7 Integer 6 ; docsDevFilterIpSourcePortLow.7 Integer 0 ; docsDevFilterIpSourcePortHigh.7 Integer 65535 ; docsDevFilterIpDestPortLow.7 Integer 25 ; docsDevFilterIpDestPortHigh.7 Integer 25 ; docsDevFilterIpStatus.7 Integer 4; /* createAndGo */

SpecifiessourceIPmaskofa SNMPquerymatchingthis maskaddress rule. Specifiesaccessprivileges Specifiesmatchinginterface Specifiesthecommunity string 2RO,3RW,4ROwithtraps,5 RWwithtraps,6traps 0x40cable,0x80ethernet, 0xC0,0x00both "desired_community_string"

Notableparameters Name docsDevFilterIpControl docsDevFilterIpDirection Description Discardsoracceptsthetraffic Values 1discard,2accept

Specifiesthedirectionofpacketto 1incoming,2outgoing,3both match. directions 1yes,0no

docsDevFilterIpBroadcast MatchesONLYbroadcasttraffic. Other:

SpecifiesmaximalnumberofsourceIPsthatmodemisforwardingfromEthernetandUSBinterfaces. WARNING:Undesiredoperationonsomemodemsallowsonly1IPperMACaddress.Thismay soundgoodbutPCsgetmodemassigned(192.168.100.X)andwindowsprivateIPsallthetime.Result: nonetworkaccess.

SnmpMibObject docsDevCpeIpMax.0 Integer 3 ;

8)Otherconfiguarionparameters

Currentlyotherparametersareonlylisted.Willwritedescriptionswhenthere'stime. BaselinePrivacy,mustbeturnedonbyGlobalPrivacyEnable. Name SAMapWaitTimeout SAMapMaxRetries BaselinePrivacy AuthTimeout ReAuthTimeout AuthGraceTime ReKeyTimeout TEKGraceTime AuthRejectTimeout SNMPv3specific: Name SnmpV3Kickstart SnmpV3SecurityName SnmpV3MgrPublicNumber Name SnmpV3TrapReceiver SnmpV3TrapRxIP SnmpV3TrapRxPort SnmpV3TrapRxType SnmpV3TrapRxTimeout SnmpV3TrapRxRetries SnmpV3TrapRxFilterOID SnmpV3TrapRxSecurityName PHSPayloadheadersupression: Name PHS PHSClassifierRef PHSClassifierId PHSServiceFlowRef PHSServiceFlowId Description SpecifiesPHSoptions Values nonetree "security_name" Description SpecifiesSNMPv3trapssettings Values nonetree Description SpecifiesSNMPv3engineoptions Values nonetree SpecifiesBPIoptions nonetree Description Values

PHSField PHSIndex PHSMask PHSSize PHSVerify Vendorspecific: Name VendorSpecific VendorIdentifier ModemCapabilities: Everythingshuldbeenabledbydefaultsouseitonlytodisablethings. Name ModemCapabilities ConcatenationSupport ModemDocsisVersion FragmentationSupport PHSSupport IGMPSupport BaselinePrivacySupport DownstreamSAIDSupport UpstreamSIDSupport DCCSupport SubMgmtControl SubMgmtFilters Description Startsthetree Values none Description Specifiesvendorspecificoptions Specifiesvendoridentifier nonetree vendorid0xIIIIII Values

Latestarticles:
BanalnakonfiguracjaTPLinkaTLWR340G[PL] GeneratingSSLCertificates[EN] Configuringtrapsandsnmptrapd[EN] ConfiguringuBR7246[EN]

Contact:
email:johnx@elwico.pl