DPE Configuration Commands

This chapter describes the command-line interface (CLI) commands that you can use to manage and monitor the Prime Cable Provisioning Device Provisioning Engine (DPE).

The commands described in this chapter are:

 

Command
Description
CLI Mode
Required Privileges
Login
Enable
PRIV_DPE_
READ
PRIV_DPE_UPDATE
PRIV_
DPE_
SECURITY
PRIV_
DEVICE_READ

clear cache

Erases the DPE cache and resets the server to a clean state.

 

P

P

P

 

 

dpe docsis shared-secret

Sets a DOCSIS shared secret on the DPE.

 

P

P

P

P

 

dpe docsis emic-shared-secret

Sets a DOCSIS EMIC shared secret on the DPE.

 

P

P

P

P

 

dpe port

Sets the port number that the DPE
uses to communicate with Cisco Network Registrar extensions.

 

P

P

P

 

 

dpe provisioning-group primary

Sets the DPE in a specific primary provisioning group.

 

P

P

P

 

 

dpe provisioning-group secondary

Sets secondary provisioning groups
for the DPE.

 

P

P

P

 

 

dpe rdu-server port

Specifies the port to connect to the RDU.

 

P

P

P

 

 

dpe rdu-server source ip

Configures the DPE source interface to connect to the RDU.

 

P

P

P

 

 

dpe rdu-server source port

Configures the DPE source port to connect to the RDU.

 

P

P

P

 

 

dpe reload

Restarts the DPE.

 

P

P

P

 

 

dpe shared-secret

Sets the shared secret used in communications with the RDU.

 

P

P

P

P

 

dpe start | stop

Starts or stops the DPE.

 

P

P

P

 

 

dpe truststore-password

Sets the truststore password.

 

P

P

P

P

 

interface ip pg-communication

Configures an interface to communicate with Cisco Network Registrar extensions.

 

P

P

P

 

 

interface ip provisioning

Configures an interface to handle provisioning requests.

 

P

P

P

 

 

interface ip provisioning fqdn

Sets the fully qualified domain name for a specific interface.

 

P

P

P

 

 

service tftp allow-read-access

Enables TFTP read requests from the file system.

 

P

P

P

 

 

service tftp ipv4 | ipv6 blocksize

Enables or disables the blocksize option for the TFTP service for IPv4 or IPv6.

 

P

P

P

 

 

service tftp ipv4 | ipv6 enabled

Enables or disables the TFTP service for IPv4 or IPv6.

 

P

P

P

 

 

service tftp ipv4 | ipv6 verify-ip

Enables the verification of requestor IP addresses on dynamic configuration TFTP requests.

 

P

P

P

 

 

service tod

Enables or disables the ToD service for IPv4 or IPv6.

 

P

P

P

 

 

show device-attribute

Displays the last transaction time.

 

P

P

 

 

 

dump device-attributes

Dumps all the device attributes from a DPE.

 

P

 

P

 

 

show dump-device-attributes-status

Displays the status of the dumping process.

 

P

P

 

 

 

show device-config

Displays a device configuration that is cached at the DPE.

 

P

P

 

 

P

show dpe

Displays the state of the DPE process and, if running, its operational statistics.

P

P

P

 

 

 

show dpe config

Displays the current settings on the DPE.

P

P

P

 

 

 

clear cache

Use the clear cache command to erase the DPE cache and reset the server to a clean state. When the DPE is restarted, it connects to the RDU and rebuilds the cache from the information stored in the RDU database.


Note Before erasing the DPE cache, ensure that you stop the DPE by running the dpe stop command. For more information, see dpe start | stop.

You should clear the cache only when the DPE encounters a major problem. Running this command forces the DPE to rebuild or repopulate its device cache. This process may take an extended period of time to complete.


Once the command is entered, the DPE cache is cleared and a prompt appears to indicate the amount of disk space cleared as a result. If the cache could not be cleared, the reason for the failure appears.

 
Syntax Description

No keywords or arguments.

 
Defaults

No default behavior or values.

Examples

This result occurs when the cache is successfully cleared.

bac_dpe# clear cache
Clearing DPE cache...
+ 820224 bytes cleared.

 

This result occurs when the cache has already been cleared.

bac_dpe# clear cache
Clearing DPE cache...
+ Cache already cleared.

 

This result occurs when the DPE has not been stopped.

bac_dpe# clear cache
DPE must be stopped before clearing cache.

dpe docsis shared-secret

Use the dpe docsis shared-secret command to set a DOCSIS shared secret (DSS) on the DPE. The DSS is used to calculate the message integrity check of cable modems and the cable modem termination system (CMTS).


Note While setting or changing the DSS, we recommend that you use a secure connection.


To disable the DSS, use the no form of this command.

 
Syntax Description

dpe docsis shared-secret type secret

  • type —Identifies whether the shared secret string appears as clear text or as encrypted text.

To specify the format, enter:

0 for a clear text string. This string is the default setting.

7 for a Cisco IOS-encrypted shared-secret text string.

  • secret —Identifies the secret string. You must enter a value from 2 to 132 characters.

If, after running this command, you use the show running-config command, a new line appears identifying the shared secret and its type.

 
Defaults

The DSS is by default not configured on the DPE.

Examples

bac_dpe# dpe docsis shared-secret 0 changeme
% OK (Warning: Current input accepted. Note a secure connection is recommended to set or change the DOCSIS Shared Secret.)

no dpe docsis shared-secret

Use the no dpe docsis shared-secret command to disable the DOCSIS shared secret (DSS) configured on the DPE.

To enable the DSS, see dpe docsis shared-secret.

 
Syntax Description

No keywords or arguments.

 
Defaults

The DSS is by default not configured on the DPE.

Examples

bac_dpe# no dpe docsis shared-secret
% OK

dpe docsis emic-shared-secret

Use the dpe docsis emic-shared-secret command to set a Secondary DOCSIS Shared Secret (SDSS) on the DPE. The SDSS is used to calculate the message integrity check of cable modems and the Cable Modem Termination System (CMTS) with DOCSIS 3.0.


Note We recommend that you use a secure connection while setting or changing the SDSS.


To disable the SDSS, use the no form of this command.

 
Syntax Description

dpe docsis emic-shared-secret type secret

  • type —Identifies whether the secondary shared secret string appears as clear text or as encrypted text.

To specify the format, enter:

0 for a clear text string. This string is the default setting.

7 for a shared secret in PBKDF2_DES3CBC encrypted form.

  • secret —Identifies the secret string. You must enter a value that has 2 to 200 characters.

If, after running this command, you run the show running-config command, a new line appears identifying the shared secret and its type.

 
Defaults

By default, the SDSS is not configured on the DPE.

Examples

bac_dpe# dpe docsis emic-shared-secret 0 changeme
% OK (Warning: Current input accepted. Note a secure connection is recommended to set or change the secondary DOCSIS Shared Secret.)

no dpe docsis emic-shared-secret

Use the no dpe docsis emic-shared-secret command to disable the SDSS configured on the DPE. A DPE reload is required after executing this command. See dpe reload

For details about enabling the SDSS, see dpe docsis emic-shared-secret.

 
Syntax Description

No keywords or arguments.

 
Defaults

By default, the SDSS is not configured on the DPE.

Examples

bac_dpe# no dpe docsis emic-shared-secret
% OK (Requires DPE restart "> dpe reload")

dpe port

Use the dpe port command to specify the port number that the DPE uses to communicate with the Network Registrar extension points. You can leave this port number intact unless there is a need to change it for firewall reasons.


Note You must stop the DPE before changing the port number. If you attempt to run this command on an operational DPE, the following error message appears:
ERROR: DPE must be stopped before changing the port number.


The changes that you introduce through this command do not take effect until you restart the DPE. For information on stopping and starting the DPE, see dpe start | stop.

 
Syntax Description

dpe port port

port —Identifies the port number assigned for connecting to the DPE.

 
Defaults

The default port that the DPE uses is 49186.

Examples

bac_dpe# dpe port 49186
% OK

dpe provisioning-group primary

Use the dpe provisioning-group primary command to specify the DPE as a member of a specified primary provisioning group. Most DPEs are configured with a primary provisioning group; however, selecting multiple provisioning groups allows multiple DHCP servers to use this DPE.


Note If you enable PacketCable voice technology, ensure that a DPE belongs to only one provisioning group.


When assigning new provisioning groups that have a large number of devices, restarting the DPE can take an extended period of time depending on the number of devices in your network and the size of the device configurations. This delay occurs because the cache for each provisioning group has to be synchronized or, for new provisioning groups, completely rebuilt.


Note Typically, you must change the provisioning groups only when the DPE is first deployed on the network.


After you use this command, run the dpe reload command so that the changes take effect. See
dpe reload.

To remove any configured primary provisioning groups, use the no form of this command. See
no dpe provisioning-group primary.

 
Syntax Description

dpe provisioning-group primary name [ name* ]

  • name —Identifies the assigned primary provisioning group.
  • name* —Allows the entry of multiple provisioning groups. When specifying multiple provisioning groups, you must insert a space between their names.

 
Defaults

The default primary provisioning group is the provisioning group that you configure as the default.

You can use any name to identify the primary provisioning group. By default, however, the primary provisioning group is identified as ‘default’.

Examples

This result occurs when you specify a single primary provisioning group.

bac_dpe# dpe provisioning-group primary PrimaryProvGroup
% OK (Requires DPE restart "> dpe reload")

 

This result occurs when you specify multiple primary provisioning groups.

bac_dpe# dpe provisioning-group primary provisioning-grp-1 provisioning-grp-2
% OK (Requires DPE restart "> dpe reload")

no dpe provisioning-group primary

Use the no dpe provisioning-group primary command to clear configured primary provisioning groups. If primary provisioning groups are not available, you can use the DPE as a backup for other provisioning groups or as a TFTP file cache.


Note Every DPE must belong to at least one primary or secondary provisioning group.


After you use this command, run the dpe reload command so that the changes take effect. See
dpe reload.

To specify the DPE as a member of a specified primary provisioning group, see dpe provisioning-group primary.

 
Syntax Description

No keywords or arguments.

 
Defaults

No default behavior or values.

Examples

bac_dpe# no dpe provisioning-group primary
% OK (Requires DPE restart "> dpe reload")

dpe provisioning-group secondary

Use the dpe provisioning-group secondary command to set secondary provisioning groups for the DPE server to use. Most DPEs are configured with a primary provisioning group; however, selecting multiple provisioning groups allows multiple DHCP servers to use this DPE.


Note Secondary provisioning groups are used for provisioning only when the primary provisioning groups are not available or are overloaded.


When assigning new provisioning groups that have a large number of devices, restarting the DPE can take an extended period of time depending on the number of devices in your network and the size of the device configurations. This delay occurs because the cache for each provisioning group has to be synchronized or, for new provisioning groups, completely rebuilt.


Note Typically, you must change the provisioning groups only when the DPE is first deployed on the network.


After you use this command, run the dpe reload command so that the changes take effect. See dpe reload.

To remove any configured secondary provisioning groups, use the no form of this command. See no dpe provisioning-group secondary.

 
Syntax Description

dpe provisioning-group secondary name [ name* ]

  • name —Identifies the assigned secondary provisioning group.
  • name* —Allows the entry of multiple provisioning groups. When specifying multiple provisioning groups, you must insert a space between their names.

 
Defaults

No default behavior or values.

Examples

This result occurs when you specify a single secondary provisioning group.

bac_dpe# dpe provisioning-group secondary SecondaryProvGroup
% OK (Requires DPE restart "> dpe reload")

 

This result occurs when you specify multiple secondary provisioning groups.

bac_dpe# dpe provisioning-group primary provisioning-second-1 provisioning-second-2
% OK (Requires DPE restart "> dpe reload")

no dpe provisioning-group secondary

Use the no dpe provisioning-group secondary command to clear configured secondary provisioning groups. If secondary provisioning groups are not available, the DPE can be used as a primary in other provisioning groups.

After you use this command, run the dpe reload command so that the changes take effect. See dpe reload.

To set secondary provisioning groups for the DPE, see dpe provisioning-group secondary.

 
Syntax Description

No keywords or arguments.

 
Defaults

No default behavior or values.

Examples

bac_dpe# no dpe provisioning-group secondary
% OK (Requires DPE restart "> dpe reload")

dpe rdu-server

Use the dpe rdu-server command to configure the DPE to connect to the RDU server. Table 3-1 lists the keywords that you can use with this command.

 

Table 3-1 List of dpe rdu-server Commands

Command
Description

dpe rdu-server port

Identifies the RDU to which the DPE connects. Normally, you configure the RDU on the default port, but for security reasons, you could configure it to run on a nondefault port.

After you use this command, run the dpe reload command so that the changes take effect. See dpe reload.

Syntax Description

dpe rdu-server { host | x.x.x.x } port secure

  • host —Identifies the fully qualified domain name (FQDN) of the RDU host.
  • x.x.x.x —Identifies the IP address of the RDU host.
  • port —Identifies the port number on which the RDU is listening for DPE connections.
  • secure —Identifies whether to enable secure mode of communication with the RDU. The value can either be true or false where true indicates secure mode.
Defaults

The default port on which the RDU listens for the DPE is 49187.

Examples

This result occurs when you specify the RDU host:

  • Using its FQDN.
bac_dpe# dpe rdu-server rdu.example.com 49187 false
% OK (Requires DPE and DPE CLI restart)
 
  • Using its IP address.
bac_dpe# dpe rdu-server 10.10.20.1 49187 false
% OK (Requires DPE and DPE CLI restart)
 
  • Enabling secure mode.
bac_dpe# dpe rdu-server 10.10.20.1 49188 true
% OK (Requires DPE and DPE CLI restart)

dpe rdu-server source ip

no dpe rdu-server
source ip

Configures the DPE to use the specified interface as its source when connecting to the RDU. If you do not specify an interface, the DPE allows the operating system to determine the interface to use while communicating with the RDU server.

Note While using this command, you can specify IP addresses only in the IPv4 format.

After you use this command, run the dpe reload command so that the changes take effect. See dpe reload.

To clear the configured interface, use the no form of this command. When clearing the configured interface, you need not specify the IP address of the interface.

Syntax Description

dpe rdu-server source ip ip_address [ ? ]

  • ip_address —Identifies the IP address of a specific DPE interface, in the IPv4 addressing format.
  • ? —Dynamically determines and displays the
    available IP addresses. This parameter is optional. When you use this option, you need not specify an IP address.
Defaults

No default behavior or values.

Examples

This result occurs when you configure the DPE interface.

  • Using its IP address
bac_dpe# dpe rdu-server source ip 10.10.1.2
% OK (Requires DPE restart "> dpe reload")
 
  • Without specifying its IP address
bac_dpe# dpe rdu-server source ip
% OK (Requires DPE restart "> dpe reload")
 
  • Using the ? option
bac_dpe# dpe rdu-server source ip ?
<ip address> [10.10.1.2]
<cr>
 

This result occurs when you clear the configured DPE interface.

bac_dpe# no dpe rdu-server source ip
% OK (Requires DPE restart "> dpe reload")

dpe rdu-server
source port

no dpe rdu-server
source port

Configures the DPE to use the specified port as the source port when connecting to the RDU. If you do not specify the port, the DPE allows the operating system to determine the port to use while communicating with
the RDU.

After you use this command, run the dpe reload command so that the changes take effect. See dpe reload.

To clear the configured port, use the no form of this command. When clearing the configured port, you need not specify the port number.

Syntax Description

dpe rdu-server source port port

port —Identifies the number of the DPE source port.

Note If the port you specify is not available, an error message appears.

Defaults

No default behavior or values.

Examples

This result occurs when you configure a port to communicate with the RDU.

bac_dpe# dpe rdu-server source port 49186
% OK (Requires DPE restart "> dpe reload")

This result occurs when you clear the configured port through which the DPE communicates with the RDU.

bac_dpe# no dpe rdu-server source port
% OK (Requires DPE restart "> dpe reload")

dpe reload

Use the reload command to restart the DPE. It must be operational before you reload it. If the DPE does not stop within 60 seconds, the Prime Cable Provisioning process watchdog (bprAgent) forces the DPE to stop, and an alert message, indicating that the DPE has been stopped, appears. Once the message appears, the DPE restarts.

 
Syntax Description

No keywords or arguments.

 
Defaults

No default behavior or values.

Examples

bac_dpe# dpe reload
Process [dpe] has been restarted.

dpe shared-secret

Use the dpe shared-secret command to set the shared secret used for communications with the RDU. Communication fails if the shared secret, which is set on the two servers, is not the same.

After you use this command, run the dpe reload command so that the changes take effect. See dpe reload.

 
Syntax Description

dpe shared-secret secret

secret Identifies the RDU shared secret.

 
Defaults

No default behavior or values.

Examples

bac_dpe# dpe shared-secret private
% OK (Requires DPE and DPE CLI restart)

dpe start | stop

Use the dpe start | stop command to start or stop the DPE.

 
Syntax Description

dpe start | stop

  • start —Starts the DPE. You can use this command only when the DPE is not running. Having the DPE start successfully does not guarantee that the DPE will run successfully. Check the DPE log to ensure that the DPE has started correctly. Also, check the log periodically to ensure that no additional errors have occurred.
  • stop —Stops the DPE. You can use this command only when the DPE is running. If the DPE has not stopped within 60 seconds, the DPE process watchdog (bprAgent) forces the DPE to stop, and an alert message, indicating that the DPE has been stopped, appears.

 
Defaults

No default behavior or values.

Examples

This result occurs when the DPE is started.

bac_dpe# dpe start
Process [dpe] has been started

 

This result occurs if the DPE is started when it is already operational.

bac_dpe# dpe start
Process [dpe] is already running

 

This result occurs when the DPE is stopped.

bac_dpe# dpe stop
Process [dpe] has been stopped.

dpe truststore-password

Use the dpe truststore-password command to set the truststore (cacerts) password. By default, the password is set to changeit.

After you use this command, run the dpe reload command so that the changes take effect. See dpe reload.

 
Syntax Description

dpe truststore-password changeme

changeme Identifies the truststore password. You must enter a value from 8 to 20 characters.

 
Defaults

No default behavior or values.

Examples

bac_dpe# dpe truststore-password changeme
% OK (Requires DPE and DPE CLI restart)

interface ip provisioning

Use the interface ip provisioning command to configure the specified interface, identified by its IP address, to handle provisioning requests. Only interfaces that have provisioning enabled are used for communication with devices and the DHCP server.

After you use this command, run the dpe reload command so that the changes take effect. See dpe reload.

To disable the configured interface, use the no form of this command. See no interface ip provisioning.

 
Syntax Description

interface ip ip_address provisioning [ ? ]

  • ip_address —Specifies the IP address of the interface in the IPv4 or the IPv6 format.
  • ? —Dynamically determines and displays the available interfaces by their IP addresses. This parameter is optional. When you use this option, you need not specify an IP address.

The IP addresses that appear when you use the ? option do not change after you install the CLI. If you want to change the provisioning IP address, manually remove the existing IP address and configure a new IP address in the following manner:

1. Delete the existing IP address, using the no interface ip ip_address provisioning command.

2. Shut down the CLI process, using the /etc/init.d/bprAgent stop cli command.

3. Change the IP address on the network card.

4. Start the CLI process again, using the /etc/init.d/bprAgent start cli command.

5. Add the new IP address from the DPE command line, using the interface ip provisioning command.

6. Reload the DPE, using the dpe reload command.

 
Defaults

No default behavior or values.

Examples

This result occurs when you configure an interface by specifying its IPv4 address.

bac_dpe# interface ip 10.10.10.133 provisioning
% OK (Requires DPE restart "> dpe reload")

 

This result occurs when you configure an interface by specifying its IPv6 address.

bac_dpe# interface ip 2001:0DB8:0:0:203:baff:fe12:d5ea provisioning
% OK (Requires DPE restart "> dpe reload")

 

This result occurs when you use the ? option.

bac_dpe# interface ip ?
10.10.10.133 eri0 [3]
2001:0DB8:0:0:203:baff:fe12:d5ea eri0 [1]
2001:0DB8:0:1:203:baff:fe12:d5ea eri0
fe80:0:0:0:203:baff:fe12:d5ea eri0 [2]

no interface ip provisioning

Use the no interface ip provisioning command to disable provisioning via the specified interface.

After you use this command, run the dpe reload command so that the changes take effect. See dpe reload.

To enable an interface, see interface ip provisioning.

 
Syntax Description

no interface ip ip_address provisioning [ ? ]

  • ip_address —Specifies the IPv4 or IPv6 address of the interface.
  • ? —Dynamically determines and displays the available interfaces by their IP addresses. This parameter is optional. When you use this option, you need not specify an IP address.

 
Defaults

No default behavior or values.

Examples

This result occurs when you disable an interface by specifying its IPv4 address.

bac_dpe# no interface ip 10.10.10.133 provisioning
% OK (Requires DPE restart "> dpe reload")

 

This result occurs when you disable an interface by specifying its IPv6 address.

bac_dpe# no interface ip 2001:0DB8:0:0:203:baff:fe12:d5ea provisioning
% OK (Requires DPE restart "> dpe reload")

 

This result occurs when you use the ? option.

bac_dpe# no interface ip ?
10.10.10.133 eri0 [3]
2001:0DB8:0:0:203:baff:fe12:d5ea eri0 [1]
2001:0DB8:0:1:203:baff:fe12:d5ea eri0
fe80:0:0:0:203:baff:fe12:d5ea eri0 [2]

interface ip provisioning fqdn

Use the interface ip provisioning fqdn command to set the FQDN for a specific interface. The provisioning FQDN is the domain name that is given to devices to contact the specific DPE interface.


Note Before setting the FQDN for an interface, ensure that provisioning is enabled on that interface. To enable provisioning on an interface, see interface ip provisioning.


After you use this command, run the dpe reload command so that the changes take effect. See
dpe reload.

To clear the configured FQDN, use the no form of this command. See no interface ip provisioning fqdn.

 
Syntax Description

interface ip ip_address provisioning fqdn fqdn

  • ip_address —Identifies the interface on the DPE.
  • fqdn —Identifies the FQDN that is set on the specified interface. This FQDN is sent as the SNMPEntity in DHCP option 177, suboption 3.

 
Defaults

No default behavior or values.

Examples

This result occurs when you set the FQDN of an IPv4 interface.

bac_dpe# interface ip 10.10.1.2 provisioning fqdn dpe.example.com
% OK (Requires DPE restart "> dpe reload")

 

This result occurs when you set the FQDN of an IPv6 interface.

bac_dpe# interface ip 2001:0DB8:0:0:203:baff:fe12:d5ea provisioning fqdn dpe.example.com
% OK (Requires DPE restart "> dpe reload")

no interface ip provisioning fqdn

Use the no interface ip provisioning fqdn command to clear the FQDN for a specific interface. The provisioning FQDN is the domain name that is given to devices to contact the specific DPE interface.

If you clear the last existing FQDN of an IPv4 interface when Packet Cable is enabled, the following error appears:

% Cannot remove this interface when PacketCable Service is enabled.
% Error processing command
 

After you run this command, run the dpe reload command so that the changes take effect. See
dpe reload.

For details about setting the FQDN for an interface, see interface ip provisioning fqdn.

 
Syntax Description

no interface ip ip_address provisioning fqdn fqdn

  • ip_address —Identifies the interface on the DPE.
  • fqdn —Identifies the FQDN that is set on the specified interface. This FQDN is sent as the SNMPEntity in DHCP option 177, suboption 3.

 
Defaults

No default behavior or values.

Examples

This result occurs when you clear the FQDN of an interface by specifying its IPv4 address.

bac_dpe# no interface ip 10.10.1.2 provisioning fqdn dpe.example.com
% OK (Requires DPE restart "> dpe reload")

 

This result occurs when you clear the FQDN of an interface by specifying its IPv6 address.

bac_dpe# no interface ip 2001:0DB8:0:0:203:baff:fe12:d5ea provisioning fqdn dpe.example.com
% OK (Requires DPE restart "> dpe reload")

interface ip pg-communication

Use the interface ip pg-communication command to configure the DPE to use the specified interface, identified by its IP address, when communicating with Network Registrar extensions. If you do not specify an interface, the DPE allows the operating system to determine the interface to use while communicating with the Network Registrar extensions.

You can configure either IPv4 address only or both IPv4 and IPv6 addresses by using this command. If IPv4 address is only specified the interface for communication with Network Registrar extensions, the extensions communicate with DPE via the specified IPv4 interface for both IPv4 and IPv6 mode. If both IPv4 and IPv6 addresses are specified, the extensions communicate with DPE via the specified IPv4 interface in case of IPv4 mode, and the specified IPv6 interface in case of IPv6 mode. IPv6 global address or link local address can be used in the interface ip pg-communication command.

If you do not specify an interface for communication with Network Registrar extensions, the extensions communicate with the DPE via the interface on which provisioning is enabled. If you configure an interface to communicate with the extensions (using the interface ip pg-communication command), the extensions communicate with the DPE via the interface you specify. Using this configuration, you can enable the use of split-networking techniques to isolate devices facing communication from management communications.


Note You can configure IPv4/IPv6 interfaces for communication with Network Registrar extensions.


After you use this command, run the dpe reload command so that the changes take effect. See dpe reload.

To clear the configured interface, use the no form of this command. See no interface ip pg-communication.

 
Syntax Description

interface ip ipv4_address pg-communication

ipv4_address —Identifies the IPv4 address of a specific DPE interface.

interface ip ipv6_address pg-communication

ipv6_address —Identifies the IPv6 address of a specific DPE interface.

 
Defaults

No default behavior or values.

Examples

This result occurs when you configure an interface by specifying its IPv4 address

bac_dpe# interface ip 10.10.1.20 pg-communication
% OK (Requires DPE restart "> dpe reload")

 

This result occurs when you configure an interface by specifying its IPv6 address

bac_dpe# interface ip 2001:0DB8:0:0:203:baff:fe12:d5ea pg-communication
% OK (Requires DPE restart "> dpe reload")
 

no interface ip pg-communication

Use the no interface ip pg-communication command to disable the interface configured on the DPE when communicating with Network Registrar extensions.

After you use this command, run the dpe reload command so that the changes take effect. See dpe reload.

To configure a DPE interface, see interface ip pg-communication.

 
Syntax Description

no interface ip ipv4_address pg-communication

ipv4_address —Identifies the IPv4 address of a specific DPE interface.

no interface ip ipv6_address pg-communication

ipv6_address —Identifies the IPv6 address of a specific DPE interface.

 
Defaults

No default behavior or values.

Examples

This result occurs when you disable an interface by specifying its IPv4 address

bac_dpe# no interface ip 10.10.1.20 pg-communication
% OK (Requires DPE restart "> dpe reload")

 

This result occurs when you disable an interface by specifying its IPv6 address

bac_dpe# no interface ip 2001:0DB8:0:0:203:baff:fe12:d5ea pg-communication
% OK (Requires DPE restart "> dpe reload")
 

service tftp

Use the service tftp command to configure settings related to TFTP. Table 3-2 lists the keywords that you can use with this command.

The TFTP service on the DPE features one instance of the service, which you can configure to suit
your requirements.

 

Table 3-2 List of service tftp Commands

Command
Description

service tftp allow-read-access

no service tftp allow-read-access

 

Enables TFTP read requests from the file system. When you enable this command, the DPE looks for the required file in the local directory, and then in the DPE cache.

To disable TFTP read requests from the file system, use the no form of this command.

Syntax Description

service tftp 1 allow-read-access

1 —Identifies the instance of the TFTP service.

Defaults

By default, TFTP read requests are disabled.

Examples

This result occurs when you enable read requests from the file system.

bac_dpe# service tftp 1 allow-read-access
% OK

This result occurs when you disable read requests from the file system.

bac_dpe# no service tftp 1 allow-read-access
% OK

service tftp ipv4 | ipv6 blocksize

no service tftp ipv4 | ipv6 blocksize

Enables or disables the blocksize option for TFTP transfers using IPv4 or IPv6. The blocksize option specifies the number of data octets and allows the client and server to negotiate a blocksize more applicable to the network medium.

When you enable blocksize, the TFTP service uses the requested blocksize for the transfer if it is within the specified lower and upper limits. If you disable blocksize or do not send blocksize option in the TFTP request, the TFTP service uses the 512 blocksize by default.

To disable the blocksize option for the TFTP service, use the no form of this command.

Note When the devices, non-compliant with MULPI I09 (or later), request IPv6 blocksize of 1448 instead of 1428, the TFTP request might fail. This failure occurs if the device does not accept the lower negotiated blocksize of 1428; whereas, the upper limit can be configured in the field. There may be an error related to TFTP blocksizes introduced in D3.0 MULPI I09

Syntax Description

service tftp 1 ipv4 | ipv6 blocksize lower upper

  • 1 —Identifies the instance of the TFTP service.
  • ipv4 —Enables blocksize for IPv4.
  • ipv6 —Enables blocksize for IPv6.
  • lower —Specifies, in octets, the lower limit of blocksize for the file transfer. If the transfer blocksize is lower than the limit specified, the option is ignored.
  • upper —Specifies, in octets, the upper limit of blocksize for the file transfer. If the transfer blocksize is higher than the limit specified, the option is ignored.
Defaults

By default, the blocksize option is:

  • Disabled for IPv4. If enabled, the default lower and upper limits are 512 and 1448, respectively.
  • Enabled for IPv6. The default lower and upper limits are 1428.
  • If blocksize option is enabled and the requested blocksize is above the maximum, the default upper limit will be used for optimal performance.
  • If blocksize option is enabled and the requested blocksize is below the minimum, the default lower limit blocksize will be used for optimal performance.
  • If server is enabled with blocksize option negotiation, the client sends a blocksize option with value within the range of minimum and maximum. The blocksize value can be used for file transfer.

service tftp ipv4 | ipv6 blocksize

no service tftp ipv4 | ipv6 blocksize

Examples

This result occurs when you enable blocksize for TFTP transfers.

  • Using IPv4
bac_dpe# service tftp 1 ipv4 blocksize 512 1448
% OK
 
  • Using IPv6
bac_dpe# service tftp 1 ipv6 blocksize 1428 1448
% OK
 

This result occurs when you disable blocksize for TFTP transfers.

  • Using IPv4
bac_dpe# no service tftp 1 ipv4 blocksize
% OK
 
  • Using IPv6
bac_dpe# no service tftp 1 ipv6 blocksize
% OK

service tftp ipv4 | ipv6 enabled

Enables or disables the TFTP service for IPv4 or IPv6.

After you run the service tftp command, restart the DPE using the dpe reload command to show the changes. See dpe reload.

Note If the well-known TFTP port (port number 69) is not available, an error message appears.

Syntax Description

service tftp 1 ipv4 | ipv6 enabled true | false

  • 1 —Identifies the instance of the TFTP service.
  • ipv4 —Enables the TFTP service for IPv4.
  • ipv6 —Enables the TFTP service for IPv6.
  • true —Enables the TFTP service for IPv4 or IPv6.
  • false —Disables the TFTP service for IPv4 or IPv6.
Defaults

The TFTP service is by default disabled.

Examples

This result occurs when you enable the TFTP service.

  • For IPv4
bac_dpe# service tftp 1 ipv4 enabled true
% OK (Requires DPE restart "> dpe reload")
 
  • For IPv6
bac_dpe# service tftp 1 ipv6 enabled true
% OK (Requires DPE restart "> dpe reload")
 

This result occurs when you disable the TFTP service.

  • For IPv4
bac_dpe# service tftp 1 ipv4 enabled false
% OK (Requires DPE restart "> dpe reload")
 
  • For IPv6
bac_dpe# service tftp 1 ipv6 enabled false
% OK (Requires DPE restart "> dpe reload")

service tftp ipv4 | ipv6 verify-ip

no service tftp ipv4 | ipv6 verify-ip

Enables the verification of requestor IP addresses on dynamic configuration TFTP requests.

To disable the verification of requestor IP addresses on dynamic configuration TFTP requests, use the no form of this command.

Syntax Description

service tftp 1 ipv4 | ipv6 verify-ip

  • 1 —Identifies the instance of the TFTP service.
  • ipv4 —Enables verification of requestor IP addresses in IPv4.
  • ipv6 —Enables verification of requestor IP addresses in IPv6.
Defaults

The verification of requestor IP addresses on dynamic configuration TFTP requests is by default enabled.

Examples

This result occurs when you enable verification of requestor IP addresses on TFTP requests.

  • For IPv4
bac_dpe# service tftp 1 ipv4 verify-ip
% OK
 
  • For IPv6
bac_dpe# service tftp 1 ipv6 verify-ip
% OK
 

This result occurs when you disable verification of requestor IP addresses on TFTP requests.

  • For IPv4
bac_dpe# no service tftp 1 ipv4 verify-ip
% OK
 
  • For IPv6
bac_dpe# no service tftp 1 ipv6 verify-ip
% OK

service tod

Use the service tod command to enable or disable the Time of Day (ToD) service running on the DPE for IPv4 or IPv6. The ToD service binds to only those interfaces that are configured for provisioning. For information on how to enable an interface for provisioning, see interface ip provisioning.

After you use this command, run the dpe reload command so that the changes take effect. See dpe reload.


Note If the ToD port is not available, an error message appears.


 
Syntax Description

service tod 1..1 ipv4 | ipv6 enabled true | false

  • 1..1 —Identifies the instance of the ToD service.
  • ipv4 —Enables the ToD service for IPv4.
  • ipv6 —Enables the ToD service for IPv6.
  • true —Enables the ToD service.
  • false —Disables the ToD service.

 
Defaults

The ToD service is by default disabled on the DPE.

Examples

This result occurs when you enable the ToD service on the DPE.

  • For IPv4
bac_dpe# service tod 1 ipv4 enabled true
% OK (Requires DPE restart "> dpe reload")
 
  • For IPv6
bac_dpe# service tod 1 ipv6 enabled true
% OK (Requires DPE restart "> dpe reload")
 

This result occurs when you disable the ToD service on the DPE.

  • For IPv4
bac_dpe# service tod 1 ipv4 enabled false
% OK (Requires DPE restart "> dpe reload")
 
  • For IPv6
bac_dpe# service tod 1 ipv6 enabled false
% OK (Requires DPE restart "> dpe reload")

show device-attribute

Use the show device-attribute command to display the last transaction time.

When DPE receives a device configuration request from CNR, it captures the last transaction time as the last seen time of a device.


Note This feature might utilize about 1 to 1.5 GB disk space on BPR_DATA directory of DPE.


 
Syntax Description

show device-attribute last-seen-time mac | duid

  • mac— Specifies the MAC address of a device. The accepted formats for mac, assuming that the MAC address header is 1,6, are:

“Type,len,addr”; for example, 1,6,00:01:02:03:04:05 or 9,10,43:43:31:32:33:34:35:36:2d:41.

Exact-size octets; for example, 000102030405 or 00:01:02:03:04:05.

  • duid —Specifies the DHCP Unique Identifier (DUID) of a device in an IPv6 environment; for example, 00:03:00:01:00:18:68:52:75:c0. A DUID cannot be more than 128 octets long.

 
Defaults

No default behavior or values.

Examples

  • For IPV4 device using MAC address
bac_dpe# show device-attributes mac 1,6,00:00:00:00:08:09
Fetching attributes for device [1,6,00:00:00:00:08:09]
last-seen-time : 1478077900666

 

  • For IPV6 device using duid
bac_dpe# show device-attribute last-seen-time duid 00:03:00:01:00:00:00:00:05:07
Fetching attribute [last-seen-time] for device [00:03:00:01:00:00:00:00:05:07]
Attribute(s) does not available for device [00:03:00:01:00:00:00:00:05:07]

dump device-attributes

Use this command to dump all the device attributes from a DPE. This information is exported as a.csv file and is stored as device_attributes.csv file in the following path:

BPR_DATA/dpe/cache/device_attributes.csv

 
Syntax Description

dump device-attributes

 
Defaults

No default behavior or values.

Examples

This result occurs when you dump all the device attributes from a DPE:

bac_dpe# dump device-attributes
Sending request to dump device attributes...
Initiated the request for dumping device attributes. Device attributes will be exported to a CSV file [/var/CSCObac/dpe/cache/device_attributes.csv]

show dump-device-attributes-status

Use the show dump-device-attributes command to know the status of the dumping process.

 
Syntax Description

show dump-device-attributes-status

 
Defaults

No default behavior or values.

Examples

This result occurs when you want to see the status of the device attributes dumping:

bac_dpe# show dump-device-attributes-status
There is no dumping process currently running.

 

show device-config

Use the show device-config command to display a device configuration that is cached at the DPE.

If you run this command on an unlicensed DPE, a message similar to this one appears:

This DPE is not licensed. Your request cannot be serviced. Please check with your system administrator for DPE licenses.

 
Syntax Description

show device-config mac | duid

  • mac— Specifies the MAC address of a device. The accepted formats for mac, assuming that the MAC address header is 1,6, are:

“Type,len,addr”; for example, 1,6,00:01:02:03:04:05 or 9,10,43:43:31:32:33:34:35:36:2d:41.

Exact-size octets; for example, 000102030405 or 00:01:02:03:04:05.

  • duid —Specifies the DHCP Unique Identifier (DUID) of a device in an IPv6 environment; for example, 00:03:00:01:00:18:68:52:75:c0. A DUID cannot be more than 128 octets long.

 
Defaults

No default behavior or values.

Examples

This result occurs when you look up a configuration based on the MAC address of the device. This example assumes that the MAC address is 1,6,aa:bb:cc:dd:ee:ff.

bac_dpe# show device-config mac 1,6,aa:bb:cc:dd:ee:ff
DHCP configuration for device 1,6,aa:bb:cc:dd:ee:ff in default provisioning-group:
Extension PRE_CLIENT_LOOKUP
Dictionary REQUEST
VALIDATE relay-agent-remote-id = 00:00:00:00:aa:bb:cc:dd
VALIDATE_CONTINUE dhcp-parameter-request-list-blob = 42:43:01:03:02:04:07:06:0c:0f:7a:b1
VALIDATE_CONTINUE dhcp-class-identifier = "docsis1.1:052401010102010103010104010105010106010107010f0801100901000a01010b01080c0101"
Dictionary ENVIRONMENT
PUT_REPLACE client-class-name = "unprovisioned-docsis"
Extension PRE_PACKET_ENCODE
Dictionary RESPONSE
PUT_REPLACE ccc-primary-dhcp-server = BYTES_BPR_PROPERTY_OPTIONAL_IP_ADDRESS_BIN "/ccc/dhcp/primary"
PUT_REPLACE ccc-secondary-dhcp-server = BYTES_BPR_PROPERTY_OPTIONAL_IP_ADDRESS_BIN "/ccc/dhcp/secondary"
PUT_REPLACE boot-file = "unprov.cm"
PUT_REPLACE file = "unprov.cm"
PUT_REPLACE siaddr = BYTES_DPE_IP_ADDRESS_BIN
PUT_REPLACE tftp-server = BYTES_DPE_IP_ADDRESS_DOTTED_DECIMAL
PUT_REPLACE time-servers = BYTES_DPE_IP_ADDRESS_BIN
 

This result occurs when you look up a configuration based on the DUID of the device. This example assumes that the DUID is 00:00:00:00:00:00:00:52:75:c0.

bac_dpe# show device-config duid 00:00:00:00:00:00:00:52:75:c0
DHCP configuration for device 00:00:00:00:00:00:00:52:75:c0 in default provisioning-group:
DHCP Configuration for device 00:00:00:00:00:00:00:52:75:c0
Commands:
PRE_CLIENT_LOOKUP: ENVIRONMENT, PUT_REPLACE, client-class-name, unprovisioned-docsis
PRE_CLIENT_LOOKUP: RELAY_REQUEST, VALIDATE_CONTINUE, link-address, 20:01:04:20:38:00:05:00:00:00:00:00:00:00:00:01
PRE_CLIENT_LOOKUP: REQUEST, VALIDATE_OPTION_CONTINUE, {OPTION_NUMBER=16, ENTERPRISE_ID=4491, INDEX=0, END}, 64:6f:63:73:69:73:33:2e:30
PRE_PACKET_ENCODE: RESPONSE, PUT_OPTION, {OPTION_NUMBER=17, ENTERPRISE_ID=4491, SUBOPTION_NUMBER=33, END}, unprov.cm
PRE_PACKET_ENCODE: RESPONSE, PUT_OPTION, {OPTION_NUMBER=17, ENTERPRISE_ID=4491, SUBOPTION_NUMBER=37, END}, BYTES_DPE_IPV6_ADDRESS_BIN
PRE_PACKET_ENCODE: RESPONSE, PUT_OPTION, {OPTION_NUMBER=17, ENTERPRISE_ID=4491, SUBOPTION_NUMBER=32, END}, BYTES_DPE_IPV6_ADDRESS_BIN

 

This result occurs when the configuration for the specified device is not available in the DPE cache.

bac_dpe# show device-config mac 1,6,aa:bb:cc:dd:ee:aa
No configuration found on DPE.

show dpe

Use the show dpe command to check to see if the DPE is running and to display the state of the process and, if running, its operational statistics. This command does not indicate if the DPE is running successfully, only that the process itself is currently executing. However, when the DPE is running, you can use statistics that this command displays to determine if the DPE is successfully servicing requests.

If you run this command on an unlicensed DPE, a message similar to this one appears:

This DPE is not licensed. Your request cannot be serviced. Please check with your system administrator for DPE licenses.

 
Syntax Description

No keywords or arguments.

 
Defaults

No default behavior or values.

Examples

This result occurs when the DPE is running.

bac_dpe# show dpe
Process [dpe] is running
 
Version BAC 4.0 (SOL_BAC5_0_0_20000000_0000).
Caching 0 device configs and 6 external files.
Received 0 cache hits and 3 misses.
Received 0 lease updates.
Connection status is Ready.
Sent 0 SNMP informs and 0 SNMP sets.
Received 0 MTA provisioning successful SNMP informs.
Received 0 MTA provisioning failed SNMP informs.
Running for 10 hours 51 mins 23 secs.

 

This result occurs when the DPE is not running.

bac_dpe# show dpe
BAC Process Watchdog is running
Process [dpe] is not running
 

When this error occurs, start the DPE process. See dpe start | stop.

This result occurs when the DPE is unable to service requests.

bac_dpe# show dpe
BAC Process Watchdog is running
Process [dpe] is not running; it is in back off mode
 

This error occurs when there is an issue with the DPE. Look at the DPE log ( dpe.log) to troubleshoot the issue.

show dpe config

Use the show dpe config command to display the current settings on the DPE.

 
Syntax Description

No keywords or arguments.

 
Defaults

No default behavior or values.

Examples

bac_dpe# show dpe config
dpe port = 49186
rdu host = source
rdu port = ip
primary groups = provisioning-second-1,provisioning-second-2
secondary groups = [no value]