Can someone help me configuring file of Cable Modem, my problem is the cable modem ip address is accessible in all CPE devices i want only specific IP to access the cable modem IP and the CPE can only access the CM with 192.168.100.1 and limit what they can see in CM like only the system information. I dont know how can I do it but I read something that I can set a firewall rule in configuration of the CM but I have no idea how can I do it, hope someone can help me, Thanks in advance.
Here is my current CM configuration:
plan2.cm
******************************************************
Network Access Control:on
SNMP MIB Object(docsDevNmAccessStatus.1):1.3.6.1.2.1.69.1.2.1.7.1, Integer, 4
SNMP MIB Object(docsDevNmAccessIp.1):1.3.6.1.2.1.69.1.2.1.2.1, IP Address, 172.16.0.0
SNMP MIB Object(docsDevNmAccessIpMask.1):1.3.6.1.2.1.69.1.2.1.3.1, IP Address, 255.255.255.224
SNMP MIB Object(docsDevNmAccessControl.1):1.3.6.1.2.1.69.1.2.1.5.1, Integer, 2
SNMP MIB Object(docsDevNmAccessInterfaces.1):1.3.6.1.2.1.69.1.2.1.6.1, Octet String, @
SNMP MIB Object(docsDevNmAccessCommunity.1):1.3.6.1.2.1.69.1.2.1.4.1, Octet String, private
Maximum Number of Classifiers:20
Maximum Number of CPEs:16
Privacy Enable:off
Baseline Privacy Configuration Settings
Authorize Wait Timeout:10
Reauthorize Wait Timeout:10
Authorization Grace Time:600
Operational Wait Timeout:10
Rekey Wait Timeout:10
TEK Grace Time:600
Authorize Reject Wait Timeout:60
SA Map Wait Timeout:1
SA Map Max Retries:4
Upstream Packet Classification Encoding
Classifier Reference:10
Service Flow Reference:2
Rule Priority:11
Classifier Activation State:on
IP Packet Classification Encodings
IP Protocol:17
TCP/UDP Source Port Start:5060
TCP/UDP Source Port End:5060
Upstream Packet Classification Encoding
Classifier Reference:3
Service Flow Reference:2
Rule Priority:12
Classifier Activation State:on
Ethernet LLC Packet Classification Encodings
Ethertype/DSAP/MacType:type 0x01 eprot1 0x08 eprot2 0x06
Downstream Packet Classification Encoding
Classifier Reference:102
Service Flow Reference:102
Rule Priority:1
Classifier Activation State:on
IP Packet Classification Encodings
IP Protocol:17
TCP/UDP Destination Port Start:5060
TCP/UDP Destination Port End:5060
Upstream Service Flow Encodings
Service Flow Reference:1
Quality of Service Parameter Set:provisioned admitted active
Upstream Maximum Sustained Traffic Rate:512000
Maximum Traffic Burst:3044
Minimum Reserved Traffic Rate:0
Assumed Minimum Reserved Rate Packet Size:64
Timeout for Active QoS Parameters:0
Timeout for Admitted QoS Parameters:200
Maximum Concatenated Burst:3044
Service Flow Scheduling Type:Best Effort
Request/Transmission Policy:00000088
IP Type of Service Overwrite:and-mask 0xFC or-mask 0x00
Upstream Service Flow Encodings
Service Flow Reference:2
Quality of Service Parameter Set:provisioned admitted active
Upstream Maximum Sustained Traffic Rate:512000
Maximum Traffic Burst:3044
Minimum Reserved Traffic Rate:0
Assumed Minimum Reserved Rate Packet Size:64
Timeout for Active QoS Parameters:0
Timeout for Admitted QoS Parameters:200
Maximum Concatenated Burst:3044
Service Flow Scheduling Type:Best Effort
Request/Transmission Policy:00000080
IP Type of Service Overwrite:and-mask 0xFC or-mask 0x00
Downstream Service Flow Encodings
Service Flow Reference:101
Quality of Service Parameter Set:provisioned admitted active
Traffic Priority:1
Downstream Maximum Sustained Traffic Rate:2000000
Maximum Traffic Burst:96000
Minimum Reserved Traffic Rate:0
Assumed Minimum Reserved Rate Packet Size:64
Timeout for Active QoS Parameters:0
Timeout for Admitted QoS Parameters:200
Maximum Downstream Latency:20000
Downstream Service Flow Encodings
Service Flow Reference:102
Quality of Service Parameter Set:provisioned admitted active
Traffic Priority:7
Downstream Maximum Sustained Traffic Rate:2000000
Maximum Traffic Burst:96000
Minimum Reserved Traffic Rate:0
Assumed Minimum Reserved Rate Packet Size:64
Timeout for Active QoS Parameters:0
Timeout for Admitted QoS Parameters:200
Maximum Downstream Latency:5000
******************************************************
I really need this to work, if someone here can help me or give me an example of this I will appreciate it. Thank you
filtering is done with docsDevNmAccess.
Try to create binary conf file even if it is not working and post it here, I can help you. But I will not create a config file for you.
Thank you sir I will try to create it and post it here after, hope you can help me I will try to understand first the docsDevNmAccess you are saying, Thank you for replying
Hello sir,
I try to create a configuration file that will block all the CPE IP to access the CM IP
Here is what i do
*************************************
Network Access Control:on
Upstream Service Flow Encodings
Service Flow Reference:1
Quality of Service Parameter Set:provisioned admitted active
Downstream Service Flow Encodings
Service Flow Reference:2
Quality of Service Parameter Set:provisioned admitted active
Privacy Enable:off
Maximum Number of CPEs:16
SNMP MIB Object(docsDevNmAccessStatus.1):1.3.6.1.2.1.69.1.2.1.7.1, Integer, 4
SNMP MIB Object(docsDevNmAccessIp.1):1.3.6.1.2.1.69.1.2.1.2.1, IP Address, 172.16.0.0
SNMP MIB Object(docsDevNmAccessIpMask.1):1.3.6.1.2.1.69.1.2.1.3.1, IP Address, 255.255.255.224
SNMP MIB Object(docsDevNmAccessControl.1):1.3.6.1.2.1.69.1.2.1.5.1, Integer, 2
SNMP MIB Object(docsDevNmAccessInterfaces.1):1.3.6.1.2.1.69.1.2.1.6.1, Octet String, @
SNMP MIB Object(docsDevNmAccessCommunity.1):1.3.6.1.2.1.69.1.2.1.4.1, Octet String, private
/* Here I try to create a blacklist to block all the IP that will try to go to IP address of the CM */
SNMP MIB Object(docsDevFilterIpControl.4):1.3.6.1.2.1.69.1.6.4.1.3.3, Integer, 1
SNMP MIB Object(docsDevFilterIpIfIndex.4):1.3.6.1.2.1.69.1.6.4.1.4.3, Integer, 1
SNMP MIB Object(docsDevFilterIpDirection.4):1.3.6.1.2.1.69.1.6.4.1.5.3, Integer, 3
SNMP MIB Object(docsDevFilterIpBroadcast.4):1.3.6.1.2.1.69.1.6.4.1.6.3, Integer, 2
SNMP MIB Object(docsDevFilterIpSaddr.4):1.3.6.1.2.1.69.1.6.4.1.7.3, IP Address, 0.0.0.0
SNMP MIB Object(docsDevFilterIpSmask.4):1.3.6.1.2.1.69.1.6.4.1.8.3, IP Address, 0.0.0.0
SNMP MIB Object(docsDevFilterIpDaddr.4):1.3.6.1.2.1.69.1.6.4.1.9.3, IP Address, 10.128.0.0
SNMP MIB Object(docsDevFilterIpDmask.4):1.3.6.1.2.1.69.1.6.4.1.10.3, IP Address, 255.255.0.0
SNMP MIB Object(docsDevFilterIpStatus.4):1.3.6.1.2.1.69.1.6.4.1.2.3, Integer, 4
/* Here I make a white list of IP that can go to the IP address of the CM */
SNMP MIB Object(docsDevFilterIpControl.3):1.3.6.1.2.1.69.1.6.4.1.3.4, Integer, 2
SNMP MIB Object(docsDevFilterIpIfIndex.3):1.3.6.1.2.1.69.1.6.4.1.4.4, Integer, 0
SNMP MIB Object(docsDevFilterIpDirection.3):1.3.6.1.2.1.69.1.6.4.1.5.4, Integer, 3
SNMP MIB Object(docsDevFilterIpBroadcast.3):1.3.6.1.2.1.69.1.6.4.1.6.4, Integer, 2
SNMP MIB Object(docsDevFilterIpSaddr.3):1.3.6.1.2.1.69.1.6.4.1.7.4, IP Address, 172.16.0.0
SNMP MIB Object(docsDevFilterIpSmask.3):1.3.6.1.2.1.69.1.6.4.1.8.4, IP Address, 255.255.255.192
SNMP MIB Object(docsDevFilterIpDaddr.3):1.3.6.1.2.1.69.1.6.4.1.9.4, IP Address, 10.128.0.0
SNMP MIB Object(docsDevFilterIpDmask.3):1.3.6.1.2.1.69.1.6.4.1.10.4, IP Address, 255.255.0.0
SNMP MIB Object(docsDevFilterIpStatus.3):1.3.6.1.2.1.69.1.6.4.1.2.4, Integer, 4
**********************************************************
But the CPE can still access the CM of by its IP and can still see all the CM in the network by its IP and when I try to change the (docsDevFilterIpStatus.3) to Integer 1 the CM stuck at init(o) and its Cable Modem Status is 'IP complete'. please help me