You are on page 1of 2

C4 CMTS

Release 4.2, Standard ARRIS PROPRIETARY — All Rights Reserved 15-25
Routing to a null interface can be used to discard certain IP prefixes in
order to remove the potential for routing loops. By default the packets
routed to the null interface are discarded silently, but the C4 CMTS can be
configured to return an ICMP “destination unreachable” error to the source
IP. The cost of the route is zero by default, but it can be increased by user
command.
CLI Commands To enter the config-null-interface mode:
configure interface null 0
The system displays the config-null prompt.
To enable or disable ICMP destination unreachable error messages (user
must be in the config-null-interface mode):
ip [no] unreachables
The result is global.
To add a route to the null interface:
configure ip route [destination ip] [destination mask]
null 0
To display IP routes:
show ip route
Source Verification of Cable-side IP Addresses
The C4 CMTS Cable Source Verify feature is intended to eliminate host-
initiated corruption of the layer 2 and layer 3 address spaces on the cable
network. The feature adds a source IP address verification phase to the IP
address learning process of the C4 CMTS. Each unknown source address
received in an IP or ARP packet on a cable-side interface is subjected to a
configurable series of address validation checks prior to learning. If any
check fails, the address remains unlearned and all IP and ARP packets
sourced from that address are dropped.
The C4 CMTS examines source addresses of directly connected hosts to
verify that their IP addresses do not belong to other hosts. Currently
source verification of indirectly connected hosts is not supported. If source
verification is turned on for an interface, traffic from indirectly connected
hosts on that interface will be inhibited. In a future software release this
feature will inhibit the traffic of an indirectly connected host if the return
route to that address is not via the cable modem that originated the
packet.
15-26 ARRIS PROPRIETARY — All Rights Reserved 07/05/05
15 Authentication, Authorization, and Accounting (AAA)
Source Verify via Internal Database — The C4 CMTS maintains an
internal database (MAC DB) of CPE source IPs (SIPs), MAC addresses, and
associated CMs. The database is populated through DHCP snooping for
dynamically assigned CPE IP addresses or through either MAC learning or
DOCSIS
®
pre-provisioning for statically assigned CPE IP addresses. This
database along with the routing tables serves as the default authority for
SIP verification.
Source Verify via DHCP Server — This facility allows the C4 CMTS to
query a DHCP server for the CM MAC address associated with a given SIP
when that SIP is not present in the MAC DB of the C4 CMTS. It does this
using a DHCP LEASEQUERY message.
Source Verify via Authoritative DHCP Server — With authoritative
DHCP lease query, any indication returned by the DHCP server that indi-
cates that the server has no knowledge of the address results in denial of
packet forwarding. This implies that all CPE IP addresses (whether directly
attached or not) must be either dynamically assigned by the DHCP server
or statically reserved at the DHCP server.
CLI Commands The following command enables source verification for all packets for the
specified slot and downstream port:
configure interface cable < slot / port [vrf]> [no]
cable source-verify [dhcp [authoritative]]
Where: slot = Slot number of the module on which cable source
verification is to be enabled
port = Downstream port number
vrf = VRF name (Optional)
dhcp = Enables source verification via DHCP lease query
authoritative = Enables authoritative DHCP lease query