Support User Manuals

Cisco Systems OL-27172-01 Mobility Aid User Manual

Open as PDF

of 322

13-11

Cisco Broadband Access Center 3.8 Administrator Guide

OL-27172-01

Chapter 13 Configuring CWMP Service Security

Configuring Security for DPE Services

Configuring Security for DPE Services

This section describes how to configure authentication options and configure SSL on the DPE services.

You can configure DPE security options from the DPE CLI. For more information, see the Cisco

Broadband Access Center 3.8 DPE CLI Reference.

The DPE supports running two CWMP and two HTTP file services concurrently. Each service can have

a different configuration of security options and runs on a different port. By default, only one CWMP

and one HTTP service are enabled, and they are configured without SSL. Two additional services are

configured for SSL, but are disabled by default.

Table 13-2 specifies the defaults settings for each instance of the CWMP service and the HTTP file

service:

Configuring SSL on a DPE

To enable SSL on any given service:

Step 1 Configure HTTP client authentication. You can enable authentication in the Basic or Digest mode, or

disable HTTP authentication.

Step 2 Enable the SSL protocol for the service.

Step 3 Configure the port through which the device contacts the service on the DPE.

Step 4 Set the keystore filename, keystore password, and key password.

Step 5 Configure client certificate authentication by using SSL. You can configure client authentication to use

generic or unique client certificates.

Step 6 Optionally, disable other instances of the CWMP service or HTTP file service.

Step 7 Enable an instance of a service, which could be the CWMP service or the HTTP file service.

Step 8 Restart the DPE by using the dpe reload command to ensure that the changes take effect.

Enabling SSL for the CWMP Service

The following example describes the commands that you use to enable SSL for an instance of the CWMP

service. In this example, double authentication is enabled for the SSL clients by using client certificates

and HTTP authentication in Basic mode.

dpe# service cwmp 2 client-auth basic

Table 13-2 Default Settings for CWMP Technology

CWMP Service HTTP File Service

Service 1 Service 2 File Service 1 File Service 2

Default Mode Enabled Disabled Enabled Disabled

Authentication Digest Digest Digest Digest

Port Number 7547 7548 7549 7550

SSL Protocol Disabled Enabled Disabled Enabled

previous next