Table of Contents
Advertisement
cable shared-secret
To use the shared-secret feature, you must do the following:
•
•
•
You cannot use the shared secret feature with the files created by the internal DOCSIS configuration file
Note
editor
In Cisco IOS Release 12.2(8)BC2 and later releases, you can also use the
Note
secret
shared secret string.
Upgrading When Using Shared Secret Passwords
Cisco IOS Release 12.2 BC changed the encryption algorithm used for the cable shared-secret
command. If you are upgrading from a Cisco IOS 12.1 EC or 12.0 SC release, you cannot cut and paste
the cable shared-secret configuration lines that include an encrypted password. Instead, you must re-
enter the original shared secret passwords at the CLI prompt, and then resave the configuration.
For example, if the actual shared secret password is "cm-sharedsecret-password", enter the cable
shared-secret cm-sharedsecret-password command at the CLI prompt. If you have enabled password
encryption, the configuration file will then show only the newly encrypted password.
This change affects only the encryption of the passwords that are stored in the configuration file. It does
Note
not affect the actual encryption that is used between the CMTS and CMs, so you do not need to change
the shared secret in the DOCSIS configuration files for the CMs.
Examples
The following example shows how to specify a shared-secret string using an encrypted key:
Router# config t
Router(config)# service password-encryption
Router(config)# int c6/0
Router(config-if)# cable shared-secret password
Router(config-if)# exit
Router(config)# exit
Router# show running-config | include shared
cable shared-secret 7 1407513181A0F13253920
Cisco Broadband Cable Command Reference Guide
2-220
Create DOCSIS configuration files that use the shared-secret encryption string to create the MD5
MIC value. This can be done using the Cisco DOCSIS Configurator tool by entering the shared-
secret string in the CMTS Authentication field in the Miscellaneous parameters.
The shared-secret string itself is not saved in the DOCSIS configuration file, so you must re-
Note
enter the string in the CMTS Authentication field whenever you create or edit a DOCSIS
configuration file using the Cisco DOCSIS Configurator tool.
Use the cable shared-secret command to configure the cable interfaces with a matching shared-
secret string. The string configured on an interface must match the string used to create the DOCSIS
configuration files downloaded to the CMs on that interface, or the CMs will not be able to register.
You can use different shared secrets for each interface, if you are also using a different set of
configuration files for each interface.
To encrypt the shared-secret string in the CMTS configuration, you must include the service
password-encryption global configuration command in the router's configuration.
(cable config-file
command).
command to specify multiple shared-secret strings, so that you can gradually phase in a new
Chapter 2
Cisco CMTS Configuration Commands
cable shared-secondary-
OL-1581-08
Advertisement
Table of Contents
