Filter
Top Products
12-4
Cisco Broadband Access Center 3.8 Administrator Guide
OL-27172-01
Chapter 12 Configuring CWMP Service
Connection Request Service
If you do not specify a Connection Request password, a Connection Request password is automatically
generated for the device using the connection request master secret. If you do not specify the Connection
Request username, the device ID is used.
It is up to the device to issue an authentication challenge during connection request authentication, as
illustrated in Figure 12-1. The DPE expects to be challenged with HTTP Digest authentication. There is
no DPE configuration for connection request handling.
The API properties do not automatically update device parameters. You must preconfigure the
corresponding values on the device or configure the values using a configuration template which can
reference these properties.
Autogenerating Connection Request Passwords
In this release of Cisco BAC, Connection Request passwords can be autogenerated or specified by the
Operational Support System (OSS).
Cisco BAC Generated Passwords:
In this approach, Cisco BAC generates a unique Connection Request password for each CWMP device.
The password is encrypted using the connection request master secret and forwarded to the DPEs. You
specify the connection request master secret in the CWMP Defaults page in the administrator user
interface (see CWMP Defaults, page 17-7).
The DPEs derive the device passwords by using the hash message authentication code. If the DPE fails
to authenticate using the current password, Cisco BAC attempts to authenticate by using the old
password derived from the earlier master secret. Cisco BAC stores the last 15 passwords, by default, and
attempts authentication by using each of these passwords in reverse order, until authentication succeeds.
To use autogenerated passwords, you have to specify the value, __AUTO_GENERATED__ for
Connection Request password in the configuration template.
When the RDU attempts a connection request to a device:
• If /IPDevice/connectionRequestPassword property is not specified in the device record, the RDU
assumes that an autogenerated password is used for that device.
• If /IPDevice/connectionRequestUsername property is not specified in the device record, the RDU
uses the device ID as the user name for that device.
OSS Provided Passwords:
In this approach, you can provide passwords that may or may not be unique to each device. The
Connection Request password is set on the
/IPDevice/connectionRequestPassword property in the
device record. When the password is set on the property, the following changes are triggered in the
system:
• This RDU-provided password is used as the Connection Request password, instead of the
autogenerated password at the DPE. As a rule, the password set on the device takes precedence over
the autogenerated password.
• The hash key for the device reverts to the legacy format (DeviceConfHash).
You can also set the Connection Request username and password in the device configuration templates.
• If the username and password are set on both the device record and the configuration template, the
username and password set in the device record are used.