Filter
Top Products
1-48
Cisco uBR7200 Series Universal Broadband Router Software Configuration Guide
OL-2239-05
Chapter1 Overview of Cisco uBR7200 Series Software
Supported Software Features for the Cisco uBR7200 Series
DHCP MAC Address Exclusion List for cable-source verify dhcp Command
Cisco IOS Release 12.3(13a)BC introduces the ability to exclude trusted MAC addresses from standard
DHCP source verification checks, as supported in previous Cisco IOS releases for the Cisco CMTS. This
feature enables packets from trusted MAC addresses to pass when otherwise packets would be rejected
with standard DHCP source verification. This feature overrides the cable source-verify command on
the Cisco CMTS for the specified MAC address, yet maintains overall support for standard and enabled
DHCP source verification processes. This feature is supported on Performance Routing Engine 1 (PRE1)
and PRE2 modules on the Cisco uBR10012 router chassis.
To enable packets from trusted source MAC addresses in DHCP, use the cable trust command in global
configuration mode. To remove a trusted MAC address from the MAC exclusion list, use the no form of
this command. Removing a MAC address from the exclusion list subjects all packets from that source
to standard DHCP source verification.
cable trust mac-address
no cable trust mac-address
Syntax Description
Usage Guidelines This command and capability are only supported in circumstances in which the Cable Source Verify
feature is first enabled on the Cisco CMTS.
When this feature is enabled in addition to cable source verify, a packet’s source must belong to the
MAC Exclude list on the Cisco CMTS. If the packet succeeds this exclusionary check, then the source
IP address is verified against Address Resolution Protocol (ARP) tables as per normal and previously
supported source verification checks. The service ID (SID) and the source IP address of the packet must
match those in the ARP host database on the Cisco CMTS. If the packet check succeeds, the packet is
allowed to pass. Rejected packets are discarded in either of these two checks.
Any trusted source MAC address in the optional exclusion list may be removed at any time. Removal of
a MAC address returns previously trusted packets to non-trusted status, and subjects all packets to
standard source verification checks on the Cisco CMTS.
For additional information about the enhanced Cable Source Verify DHCP feature, and general
guidelines for its use, refer to the following documents on Cisco.com:
• IP Address Verification for the Cisco uBR7200 Series Cable Router
http://www.cisco.com/en/US/products/sw/iosswrel/ps1830/products_feature_guide09186a0080087b55.html
• Filtering Cable DHCP Lease Queries
http://www.cisco.com/en/US/products/hw/cable/ps2217/products_feature_guide09186a008021b8fb.html
• Cisco Broadband Cable Command Reference Guide
http://www.cisco.com/en/US/products/hw/cable/ps2217/products_command_reference_book0918
6a0080108e88.html
• CABLE SECURITY, Cable Source-Verify and IP Address Security, White Paper
http://www.cisco.com/en/US/tech/tk86/tk803/technologies_tech_note09186a00800a7828.shtml
mac-address The MAC address of a trusted DHCP source, and from which packets will
not be subject to standard DHCP source verification.