beautypg.com

5 security in dual ip mode, Security in dual ip mode, Section 3.5 – Alpha Technologies AlphaNet DSM Series DOCSIS User Manual

Page 21: 0 network configuration, continued

background image

21

745-814-B0-001, Rev. A

3.0

Network Configuration, continued

3.5 Security in Dual IP Mode

In Dual IP Mode additional SNMP security is required because data is exposed on the CPE

network, which is more vulnerable to packet sniffing and community string deciphering than

on the secure cable modem network. For an explanation of Dual IP Mode, see

Section 2.2

.

For an explanation of the Alpha MIB, see

Section 6.2

.

There are two methods of providing SNMP Security in Dual-IP Mode: the Secure Access List,

and the Key-Match.
Method 1: Security Using the Secure Access Table
The Secure Access List method limits remote SNMP access to four IP addresses. Only those

IP addresses listed in the SNMP Access Table are able to read or write to the Alpha MIB

parameters from the public (CPE) network. Set the IP addresses through the following Alpha

MIB parameter:

The entries in the SNMP Access Table can be set through the local port (see

Section 4.0

), the

DSM Setup File (see

Section 3.4

), or remotely using SNMP.

SNMP Parameter

Local Port Parameter

Description

Type

Value

atiMgmtSnmpAccessTable

1.3.6.1.4.1.926.1.3.1.2

[Text] SNMP ACCESS LIST

Restricted DSM

SNMP Access”

IP address

0.0.0.0 (Default)

NOTE:

The XP-DSM transponder variables will still be accessible through the private modem

management network using the community strings without requiring additional security.

If the entries in the SNMP Access Table are set remotely using SNMP through the cable modem’s IP address,

then the SNMP community strings will have to be used. However, if they are set remotely through the public

(CPE) IP address the data access key, explained below, must be used to gain access.

Method 2: Security Using the Data Access Key

SNMP Parameter

Local Port Parameter

Description

Type

Value

atiMgmtSnmpAlphaSetAccess

1.3.6.1.4.1.926.1.3.1.3.3.0

[Discretes] ALPHA SNMP SETS

Set to Access Key

Read/Write

Octet String

Set to match the value of

atiMgmtSnmpAlphaSetKey

atiMgmtSnmpAlphaSetKey

1.3.6.1.4.1.926.1.3.1.3.4.0

[Text] ALPHA SNMP SETS

Data Access Key

Read/Write

Octet String

CIBSET (default)

ALPHA SNMP SETS

1.3.6.1.4.1.926.1.2.1.1.1.5

[Discretes] ALPHA SNMP SETS

OID of Dicrete Table

Value

Read/Write

Integer

0 = Disabled

1 = Enabled

If in Dual IP Mode and not using the Secure Access List Method (above),

atiMgmtSnmpAlphaSetAccess is the only SNMP parameter with SNMP-Write access on

the CPE network by default. When this parameter is set to the value of the parameter

atiMgmtSnmpAlphaSetKey, the data access key, SNMP write access is granted to all

parameters in the Alpha MIB tree. When this access is granted, the value of ALPHA SNMP

SETS in the discretes table automatically switches to ‘1’, enabled. After the operator is

finished setting SNMP variables, SNMP-write access can be disabled by either manually

setting this value to ‘0’ or by setting atiMgmtSnmpAlphaSetAccess to any value other than the

data access key.
The data access key can be set by changing the value of atiMgmtSnmpAlphaSetKey through

the local port, through SNMP using the modem’s IP address, or through the CPE IP address

once access has been granted and the value of ALPHA SNMP SETS in the discretes table is

‘1’, enabled.

See also other documents in the category Alpha Technologies Equipment: