Cisco uBR924 Specifications download pdf (Page 20)

Release Notes for Cisco uBR924 Cable Access Router for Cisco IOS Release 12.1(5)T

OL-0385-04 Rev. B0 (2/2001)

Important Notes

This section contains important information about using Cisco IOS Release 12.1(5)T software.

CPE Device Filtering

In Cisco IOS Release 12.1(2)T and above, the “docsDevCpeIpMax” attribute defaults to -1 instead of

the previous default of 1. This attribute controls the maximum number of CPE devices that can pass

traffic through the router from its Ethernet interface as follows:

• When “docsDevCpeIpMax” is set to -1, the Cisco uBR924 Cable Access Router does not filter any

IP packets on the basis of their IP addresses, and CPE IP addresses are not added to the

“docsDevFilterCpeTable” table.

• When “docsDevCpeIpMax” is set to 0, the Cisco uBR924 Cable Access Router does not filter IP

packets on the basis of the IP addresses. However, the source IP addresses are still entered into the

“docsDevFilterCpeTable” table.

• When “docsDevCpeIpMax” is set to a positive integer, it specifies the maximum number of IP

addresses that can be entered into the “docsDevFilterCpeTable” table. The Cisco uBR924 Cable

Access Router compares the source IP address for packets it receives from CPE devices to the

addresses in this table. If a match is found, the packet is processed; otherwise, the packet is

dropped.

CPE IP address filtering is done as part of the following process:

1. MAC address filtering—Packets are filtered on the basis of the CPE device’s MAC address. This is

controlled by the value of the “MAX CPE” parameter, which is set in the DOCSIS configuration

file.

2. Link Level Control (LLC) filtering—Packets are filtered on the basis of the packet’s protocol. This

is controlled by the “docsDevFilterLLCTable” table.

3. CPE IP address filtering—Packets are filtered on the basis of the CPE device’s IP address, as

controlled by the “docsDevCpeIpMax” attribute and the “docsDevFilterCpeTable” table.

4. Access list filtering—Packets are filtered on the basis of access lists. IP filtering is controlled by

the “docsDevFilterIpTable” table, and SNMP access filters are controlled by the

“docsDevNmAccessTable” table.

See the DOCS-CABLE-DEVICE-MIB.my MIB for more information on the attributes and tables listed

above.

Disabling the Finger Server

By default, the Cisco uBR900 series Cable Access Router enables its onboard TCP/IP “finger” server

to allow remote users to query the number and identities of any users who are logged in to the router.

Unless your network operations center (NOC) requires this service, it should be disabled to prevent

denial-of-service attacks that access the finger server’s well-known port (TCP port 79). To disable the

finger server, include the no service finger command in the Cisco IOS configuration file that the router

downloads at initial power-on.

1 2 ... 15 16 17 18 19 20 21 22 23 24 25 ... 41 42

No comments

Cisco uBR924 Specifications Page 20