- clear cache
- dpe docsis shared-secret
- no dpe docsis shared-secret
- dpe docsis emic-shared-secret
- no dpe docsis emic-shared-secret
- dpe port
- dpe provisioning-group primary
- no dpe provisioning-group primary
- dpe provisioning-group secondary
- no dpe provisioning-group secondary
- dpe rdu-server
- dpe reload
- dpe shared-secret
- dpe start | stop
- dpe truststore-password
- interface ip provisioning
- no interface ip provisioning
- interface ip provisioning fqdn
- no interface ip provisioning fqdn
- interface ip pg-communication
- no interface ip pg-communication
- service tftp
- service tod
- show device-attribute
- dump device-attributes
- show dump-device-attributes-status
- show device-config
- show dpe
- show dpe config
DPE Configuration Commands
This chapter describes the command-line interface (CLI) commands that you can use to manage and monitor the Prime Cable Provisioning Device Provisioning Engine (DPE).
The commands described in this chapter are:
clear cache
Use the clear cache command to erase the DPE cache and reset the server to a clean state. When the DPE is restarted, it connects to the RDU and rebuilds the cache from the information stored in the RDU database.
Note Before erasing the DPE cache, ensure that you stop the DPE by running the dpe stop command. For more information, see dpe start | stop.
You should clear the cache only when the DPE encounters a major problem. Running this command forces the DPE to rebuild or repopulate its device cache. This process may take an extended period of time to complete.
Once the command is entered, the DPE cache is cleared and a prompt appears to indicate the amount of disk space cleared as a result. If the cache could not be cleared, the reason for the failure appears.
Syntax Description
Defaults
Examples
This result occurs when the cache is successfully cleared.
This result occurs when the cache has already been cleared.
This result occurs when the DPE has not been stopped.
dpe docsis shared-secret
Use the dpe docsis shared-secret command to set a DOCSIS shared secret (DSS) on the DPE. The DSS is used to calculate the message integrity check of cable modems and the cable modem termination system (CMTS).
Note While setting or changing the DSS, we recommend that you use a secure connection.
To disable the DSS, use the no form of this command.
Syntax Description
dpe docsis shared-secret type secret
– 0 for a clear text string. This string is the default setting.
– 7 for a Cisco IOS-encrypted shared-secret text string.
If, after running this command, you use the show running-config command, a new line appears identifying the shared secret and its type.
Defaults
Examples
no dpe docsis shared-secret
Use the no dpe docsis shared-secret command to disable the DOCSIS shared secret (DSS) configured on the DPE.
To enable the DSS, see dpe docsis shared-secret.
Syntax Description
Defaults
Examples
dpe docsis emic-shared-secret
Use the dpe docsis emic-shared-secret command to set a Secondary DOCSIS Shared Secret (SDSS) on the DPE. The SDSS is used to calculate the message integrity check of cable modems and the Cable Modem Termination System (CMTS) with DOCSIS 3.0.
Note We recommend that you use a secure connection while setting or changing the SDSS.
To disable the SDSS, use the no form of this command.
Syntax Description
dpe docsis emic-shared-secret type secret
- type —Identifies whether the secondary shared secret string appears as clear text or as encrypted text.
– 0 for a clear text string. This string is the default setting.
– 7 for a shared secret in PBKDF2_DES3CBC encrypted form.
If, after running this command, you run the show running-config command, a new line appears identifying the shared secret and its type.
Defaults
Examples
no dpe docsis emic-shared-secret
Use the no dpe docsis emic-shared-secret command to disable the SDSS configured on the DPE. A DPE reload is required after executing this command. See dpe reload
For details about enabling the SDSS, see dpe docsis emic-shared-secret.
Syntax Description
Defaults
Examples
dpe port
Use the dpe port command to specify the port number that the DPE uses to communicate with the Network Registrar extension points. You can leave this port number intact unless there is a need to change it for firewall reasons.
Note You must stop the DPE before changing the port number. If you attempt to run this command on an operational DPE, the following error message appears:ERROR: DPE must be stopped before changing the port number.
The changes that you introduce through this command do not take effect until you restart the DPE. For information on stopping and starting the DPE, see dpe start | stop.
Syntax Description
port —Identifies the port number assigned for connecting to the DPE.
Defaults
Examples
dpe provisioning-group primary
Use the dpe provisioning-group primary command to specify the DPE as a member of a specified primary provisioning group. Most DPEs are configured with a primary provisioning group; however, selecting multiple provisioning groups allows multiple DHCP servers to use this DPE.
Note If you enable PacketCable voice technology, ensure that a DPE belongs to only one provisioning group.
When assigning new provisioning groups that have a large number of devices, restarting the DPE can take an extended period of time depending on the number of devices in your network and the size of the device configurations. This delay occurs because the cache for each provisioning group has to be synchronized or, for new provisioning groups, completely rebuilt.
Note Typically, you must change the provisioning groups only when the DPE is first deployed on the network.
After you use this command, run the dpe reload command so that the changes take effect. See
dpe reload.
To remove any configured primary provisioning groups, use the no form of this command. See
no dpe provisioning-group primary.
Syntax Description
Defaults
The default primary provisioning group is the provisioning group that you configure as the default.
You can use any name to identify the primary provisioning group. By default, however, the primary provisioning group is identified as ‘default’.
Examples
This result occurs when you specify a single primary provisioning group.
This result occurs when you specify multiple primary provisioning groups.
no dpe provisioning-group primary
Use the no dpe provisioning-group primary command to clear configured primary provisioning groups. If primary provisioning groups are not available, you can use the DPE as a backup for other provisioning groups or as a TFTP file cache.
Note Every DPE must belong to at least one primary or secondary provisioning group.
After you use this command, run the dpe reload command so that the changes take effect. See
dpe reload.
To specify the DPE as a member of a specified primary provisioning group, see dpe provisioning-group primary.
Syntax Description
Defaults
Examples
dpe provisioning-group secondary
Use the dpe provisioning-group secondary command to set secondary provisioning groups for the DPE server to use. Most DPEs are configured with a primary provisioning group; however, selecting multiple provisioning groups allows multiple DHCP servers to use this DPE.
Note Secondary provisioning groups are used for provisioning only when the primary provisioning groups are not available or are overloaded.
When assigning new provisioning groups that have a large number of devices, restarting the DPE can take an extended period of time depending on the number of devices in your network and the size of the device configurations. This delay occurs because the cache for each provisioning group has to be synchronized or, for new provisioning groups, completely rebuilt.
Note Typically, you must change the provisioning groups only when the DPE is first deployed on the network.
After you use this command, run the dpe reload command so that the changes take effect. See dpe reload.
To remove any configured secondary provisioning groups, use the no form of this command. See no dpe provisioning-group secondary.
Syntax Description
Defaults
Examples
This result occurs when you specify a single secondary provisioning group.
This result occurs when you specify multiple secondary provisioning groups.
no dpe provisioning-group secondary
Use the no dpe provisioning-group secondary command to clear configured secondary provisioning groups. If secondary provisioning groups are not available, the DPE can be used as a primary in other provisioning groups.
After you use this command, run the dpe reload command so that the changes take effect. See dpe reload.
To set secondary provisioning groups for the DPE, see dpe provisioning-group secondary.
Syntax Description
Defaults
Examples
dpe rdu-server
Use the dpe rdu-server command to configure the DPE to connect to the RDU server. Table 3-1 lists the keywords that you can use with this command.
|
|
|
---|---|---|
Identifies the RDU to which the DPE connects. Normally, you configure the RDU on the default port, but for security reasons, you could configure it to run on a nondefault port. After you use this command, run the dpe reload command so that the changes take effect. See dpe reload. |
||
dpe rdu-server { host | x.x.x.x } port secure
|
The default port on which the RDU listens for the DPE is 49187. |
|
This result occurs when you specify the RDU host: |
||
Configures the DPE to use the specified interface as its source when connecting to the RDU. If you do not specify an interface, the DPE allows the operating system to determine the interface to use while communicating with the RDU server. Note While using this command, you can specify IP addresses only in the IPv4 format. After you use this command, run the dpe reload command so that the changes take effect. See dpe reload. To clear the configured interface, use the no form of this command. When clearing the configured interface, you need not specify the IP address of the interface. |
||
|
|
|
This result occurs when you configure the DPE interface. This result occurs when you clear the configured DPE interface. |
||
Configures the DPE to use the specified port as the source port when connecting to the RDU. If you do not specify the port, the DPE allows the operating system to determine the port to use while communicating with After you use this command, run the dpe reload command so that the changes take effect. See dpe reload. To clear the configured port, use the no form of this command. When clearing the configured port, you need not specify the port number. |
||
dpe rdu-server source port port port —Identifies the number of the DPE source port. Note If the port you specify is not available, an error message appears. |
|
|
This result occurs when you configure a port to communicate with the RDU. This result occurs when you clear the configured port through which the DPE communicates with the RDU. |
dpe reload
Use the reload command to restart the DPE. It must be operational before you reload it. If the DPE does not stop within 60 seconds, the Prime Cable Provisioning process watchdog (bprAgent) forces the DPE to stop, and an alert message, indicating that the DPE has been stopped, appears. Once the message appears, the DPE restarts.
Syntax Description
Defaults
Examples
dpe shared-secret
Use the dpe shared-secret command to set the shared secret used for communications with the RDU. Communication fails if the shared secret, which is set on the two servers, is not the same.
After you use this command, run the dpe reload command so that the changes take effect. See dpe reload.
Syntax Description
Defaults
Examples
dpe start | stop
Use the dpe start | stop command to start or stop the DPE.
Syntax Description
- start —Starts the DPE. You can use this command only when the DPE is not running. Having the DPE start successfully does not guarantee that the DPE will run successfully. Check the DPE log to ensure that the DPE has started correctly. Also, check the log periodically to ensure that no additional errors have occurred.
- stop —Stops the DPE. You can use this command only when the DPE is running. If the DPE has not stopped within 60 seconds, the DPE process watchdog (bprAgent) forces the DPE to stop, and an alert message, indicating that the DPE has been stopped, appears.
Defaults
Examples
This result occurs when the DPE is started.
This result occurs if the DPE is started when it is already operational.
This result occurs when the DPE is stopped.
dpe truststore-password
Use the dpe truststore-password command to set the truststore (cacerts) password. By default, the password is set to changeit.
After you use this command, run the dpe reload command so that the changes take effect. See dpe reload.
Syntax Description
dpe truststore-password changeme
changeme — Identifies the truststore password. You must enter a value from 8 to 20 characters.
Defaults
Examples
interface ip provisioning
Use the interface ip provisioning command to configure the specified interface, identified by its IP address, to handle provisioning requests. Only interfaces that have provisioning enabled are used for communication with devices and the DHCP server.
After you use this command, run the dpe reload command so that the changes take effect. See dpe reload.
To disable the configured interface, use the no form of this command. See no interface ip provisioning.
Syntax Description
interface ip ip_address provisioning [ ? ]
- ip_address —Specifies the IP address of the interface in the IPv4 or the IPv6 format.
- ? —Dynamically determines and displays the available interfaces by their IP addresses. This parameter is optional. When you use this option, you need not specify an IP address.
The IP addresses that appear when you use the ? option do not change after you install the CLI. If you want to change the provisioning IP address, manually remove the existing IP address and configure a new IP address in the following manner:
1. Delete the existing IP address, using the no interface ip ip_address provisioning command.
2. Shut down the CLI process, using the /etc/init.d/bprAgent stop cli command.
3. Change the IP address on the network card.
4. Start the CLI process again, using the /etc/init.d/bprAgent start cli command.
5. Add the new IP address from the DPE command line, using the interface ip provisioning command.
Defaults
Examples
This result occurs when you configure an interface by specifying its IPv4 address.
This result occurs when you configure an interface by specifying its IPv6 address.
This result occurs when you use the ? option.
no interface ip provisioning
Use the no interface ip provisioning command to disable provisioning via the specified interface.
After you use this command, run the dpe reload command so that the changes take effect. See dpe reload.
To enable an interface, see interface ip provisioning.
Syntax Description
Defaults
Examples
This result occurs when you disable an interface by specifying its IPv4 address.
This result occurs when you disable an interface by specifying its IPv6 address.
This result occurs when you use the ? option.
interface ip provisioning fqdn
Use the interface ip provisioning fqdn command to set the FQDN for a specific interface. The provisioning FQDN is the domain name that is given to devices to contact the specific DPE interface.
Note Before setting the FQDN for an interface, ensure that provisioning is enabled on that interface. To enable provisioning on an interface, see interface ip provisioning.
After you use this command, run the dpe reload command so that the changes take effect. See
dpe reload.
To clear the configured FQDN, use the no form of this command. See no interface ip provisioning fqdn.
Syntax Description
Defaults
Examples
This result occurs when you set the FQDN of an IPv4 interface.
This result occurs when you set the FQDN of an IPv6 interface.
no interface ip provisioning fqdn
Use the no interface ip provisioning fqdn command to clear the FQDN for a specific interface. The provisioning FQDN is the domain name that is given to devices to contact the specific DPE interface.
If you clear the last existing FQDN of an IPv4 interface when Packet Cable is enabled, the following error appears:
After you run this command, run the dpe reload command so that the changes take effect. See
dpe reload.
For details about setting the FQDN for an interface, see interface ip provisioning fqdn.
Syntax Description
Defaults
Examples
This result occurs when you clear the FQDN of an interface by specifying its IPv4 address.
This result occurs when you clear the FQDN of an interface by specifying its IPv6 address.
interface ip pg-communication
Use the interface ip pg-communication command to configure the DPE to use the specified interface, identified by its IP address, when communicating with Network Registrar extensions. If you do not specify an interface, the DPE allows the operating system to determine the interface to use while communicating with the Network Registrar extensions.
You can configure either IPv4 address only or both IPv4 and IPv6 addresses by using this command. If IPv4 address is only specified the interface for communication with Network Registrar extensions, the extensions communicate with DPE via the specified IPv4 interface for both IPv4 and IPv6 mode. If both IPv4 and IPv6 addresses are specified, the extensions communicate with DPE via the specified IPv4 interface in case of IPv4 mode, and the specified IPv6 interface in case of IPv6 mode. IPv6 global address or link local address can be used in the interface ip pg-communication command.
If you do not specify an interface for communication with Network Registrar extensions, the extensions communicate with the DPE via the interface on which provisioning is enabled. If you configure an interface to communicate with the extensions (using the interface ip pg-communication command), the extensions communicate with the DPE via the interface you specify. Using this configuration, you can enable the use of split-networking techniques to isolate devices facing communication from management communications.
Note You can configure IPv4/IPv6 interfaces for communication with Network Registrar extensions.
After you use this command, run the dpe reload command so that the changes take effect. See dpe reload.
To clear the configured interface, use the no form of this command. See no interface ip pg-communication.
Syntax Description
interface ip ipv4_address pg-communication
ipv4_address —Identifies the IPv4 address of a specific DPE interface.
interface ip ipv6_address pg-communication
ipv6_address —Identifies the IPv6 address of a specific DPE interface.
Defaults
Examples
This result occurs when you configure an interface by specifying its IPv4 address
This result occurs when you configure an interface by specifying its IPv6 address
no interface ip pg-communication
Use the no interface ip pg-communication command to disable the interface configured on the DPE when communicating with Network Registrar extensions.
After you use this command, run the dpe reload command so that the changes take effect. See dpe reload.
To configure a DPE interface, see interface ip pg-communication.
Syntax Description
no interface ip ipv4_address pg-communication
ipv4_address —Identifies the IPv4 address of a specific DPE interface.
no interface ip ipv6_address pg-communication
ipv6_address —Identifies the IPv6 address of a specific DPE interface.
Defaults
Examples
This result occurs when you disable an interface by specifying its IPv4 address
This result occurs when you disable an interface by specifying its IPv6 address
service tftp
Use the service tftp command to configure settings related to TFTP. Table 3-2 lists the keywords that you can use with this command.
The TFTP service on the DPE features one instance of the service, which you can configure to suit
your requirements.
|
|
|
---|---|---|
service tftp allow-read-access |
Enables TFTP read requests from the file system. When you enable this command, the DPE looks for the required file in the local directory, and then in the DPE cache. To disable TFTP read requests from the file system, use the no form of this command. |
|
|
|
|
This result occurs when you enable read requests from the file system. This result occurs when you disable read requests from the file system. |
||
Enables or disables the blocksize option for TFTP transfers using IPv4 or IPv6. The blocksize option specifies the number of data octets and allows the client and server to negotiate a blocksize more applicable to the network medium. When you enable blocksize, the TFTP service uses the requested blocksize for the transfer if it is within the specified lower and upper limits. If you disable blocksize or do not send blocksize option in the TFTP request, the TFTP service uses the 512 blocksize by default. To disable the blocksize option for the TFTP service, use the no form of this command. Note When the devices, non-compliant with MULPI I09 (or later), request IPv6 blocksize of 1448 instead of 1428, the TFTP request might fail. This failure occurs if the device does not accept the lower negotiated blocksize of 1428; whereas, the upper limit can be configured in the field. There may be an error related to TFTP blocksizes introduced in D3.0 MULPI I09 |
||
service tftp 1 ipv4 | ipv6 blocksize lower upper
|
By default, the blocksize option is:
|
|
This result occurs when you enable blocksize for TFTP transfers. This result occurs when you disable blocksize for TFTP transfers. |
||
Enables or disables the TFTP service for IPv4 or IPv6. After you run the service tftp command, restart the DPE using the dpe reload command to show the changes. See dpe reload. Note If the well-known TFTP port (port number 69) is not available, an error message appears. |
||
|
|
|
This result occurs when you enable the TFTP service. This result occurs when you disable the TFTP service. |
||
Enables the verification of requestor IP addresses on dynamic configuration TFTP requests. To disable the verification of requestor IP addresses on dynamic configuration TFTP requests, use the no form of this command. |
||
|
The verification of requestor IP addresses on dynamic configuration TFTP requests is by default enabled. |
|
This result occurs when you enable verification of requestor IP addresses on TFTP requests. This result occurs when you disable verification of requestor IP addresses on TFTP requests. |
service tod
Use the service tod command to enable or disable the Time of Day (ToD) service running on the DPE for IPv4 or IPv6. The ToD service binds to only those interfaces that are configured for provisioning. For information on how to enable an interface for provisioning, see interface ip provisioning.
After you use this command, run the dpe reload command so that the changes take effect. See dpe reload.
Note If the ToD port is not available, an error message appears.
Syntax Description
Defaults
Examples
This result occurs when you enable the ToD service on the DPE.
This result occurs when you disable the ToD service on the DPE.
show device-attribute
Use the show device-attribute command to display the last transaction time.
When DPE receives a device configuration request from CNR, it captures the last transaction time as the last seen time of a device.
Note This feature might utilize about 1 to 1.5 GB disk space on BPR_DATA directory of DPE.
Syntax Description
show device-attribute last-seen-time mac | duid
- mac— Specifies the MAC address of a device. The accepted formats for mac, assuming that the MAC address header is 1,6, are:
– “Type,len,addr”; for example, 1,6,00:01:02:03:04:05 or 9,10,43:43:31:32:33:34:35:36:2d:41.
– Exact-size octets; for example, 000102030405 or 00:01:02:03:04:05.
Defaults
Examples
dump device-attributes
Use this command to dump all the device attributes from a DPE. This information is exported as a.csv file and is stored as device_attributes.csv file in the following path:
BPR_DATA/dpe/cache/device_attributes.csv
Syntax Description
Defaults
Examples
This result occurs when you dump all the device attributes from a DPE:
show dump-device-attributes-status
Use the show dump-device-attributes command to know the status of the dumping process.
Syntax Description
Defaults
Examples
This result occurs when you want to see the status of the device attributes dumping:
show device-config
Use the show device-config command to display a device configuration that is cached at the DPE.
If you run this command on an unlicensed DPE, a message similar to this one appears:
Syntax Description
- mac— Specifies the MAC address of a device. The accepted formats for mac, assuming that the MAC address header is 1,6, are:
– “Type,len,addr”; for example, 1,6,00:01:02:03:04:05 or 9,10,43:43:31:32:33:34:35:36:2d:41.
– Exact-size octets; for example, 000102030405 or 00:01:02:03:04:05.
Defaults
Examples
This result occurs when you look up a configuration based on the MAC address of the device. This example assumes that the MAC address is 1,6,aa:bb:cc:dd:ee:ff.
This result occurs when you look up a configuration based on the DUID of the device. This example assumes that the DUID is 00:00:00:00:00:00:00:52:75:c0.
This result occurs when the configuration for the specified device is not available in the DPE cache.
show dpe
Use the show dpe command to check to see if the DPE is running and to display the state of the process and, if running, its operational statistics. This command does not indicate if the DPE is running successfully, only that the process itself is currently executing. However, when the DPE is running, you can use statistics that this command displays to determine if the DPE is successfully servicing requests.
If you run this command on an unlicensed DPE, a message similar to this one appears:
Syntax Description
Defaults
Examples
This result occurs when the DPE is running.
This result occurs when the DPE is not running.
When this error occurs, start the DPE process. See dpe start | stop.
This result occurs when the DPE is unable to service requests.
This error occurs when there is an issue with the DPE. Look at the DPE log ( dpe.log) to troubleshoot the issue.
show dpe config
Use the show dpe config command to display the current settings on the DPE.