Filter
Top Products
B-3
Cisco uBR924 Software Configuration Guide
OL-0337-05 (8/2002)
Appendix B Using the Cable Monitor Tool
Disabling the Cable Monitor
enable password is set, users who can supply the enable password can also view detailed debugging and
troubleshooting configuration information; if an enable password is not set, all users can view this
information.
Caution To ensure a secure system, the advanced mode should not be used unless a secure encrypted enabled
password is configured on the Cisco uBR924 router.
By default, the Cable Monitor is configured with the IP address 192.168.100.1, which is a Class C
address in the private IP address space reserved for private networks. If a device on the subscriber’s
private network is already using this IP address, use the URL-IP-address and URL-mask optional
parameters to specify another IP address.
For example, to enable the Cable Monitor for advanced mode with the private IP address of 10.0.1.2 and
the default HTTP port of 80, use the following command:
ip http cable-monitor advance 10.0.1.2 255.0.0.0
Note This command can be included in the Cisco IOS configuration file that is downloaded to the router at
power-on during the DOCSIS provisioning.
Security Considerations
The Cable Monitor is a read-only tool that cannot be used to change the configuration of the
Cisco uBR924 router. The debug page in advanced mode, however, does display information that could
be used to defeat the router's security. This page is password-protected, requiring users to enter the
enable password before displaying it; however, if an enable password has not been set, any user can
display the debug page, which could reveal SNMP community strings and other configuration
information.
For this reason, the following guidelines should be used when developing a security policy for the router:
• If the Cable Monitor is being used in advanced mode, an encrypted enable password must be set.
Otherwise, all users can view the debug page, which displays the router's complete configuration,
including SNMP community strings.
• If no enable password is set, so as to prevent remote configuration of the router via Telnet, then the
Cable Monitor must be used only in basic mode.
Note Since downloading a Cisco IOS configuration file during the provisioning process automatically disables
the console port, all remote configuration of the Cisco uBR924 router using the CLI is disabled when an
enable password is not set. In this situation, the only way to change the router's configuration is through
SNMP or by resetting the router and uploading a new configuration file. The Cable Monitor, however,
must not be run in advanced mode when no enable password has been set because this would allow
unauthorized users to view SNMP community strings and use SNMP to change the router’s
configuration.
Disabling the Cable Monitor
To disable the Cable Monitor, use the ip http global configuration command as follows: