Support User Manuals

Cisco Systems OL-27172-01 Mobility Aid User Manual

Open as PDF

of 322

13-21

Cisco Broadband Access Center 3.8 Administrator Guide

OL-27172-01

Chapter 13 Configuring CWMP Service Security

Signed Configuration for Devices

These properties can be configured using the CWMP Defaults page in the administrator user interface

or by using the IPDevice.changeDefaults API.

You must also create a configuration template for the device. To generate the Signed Configuration, at

least one parameter in the template must be flagged to be signed. You can flag any TR069 parameter to

be signed.

For example:

<Parameter>

<Name>MyParameter</Name>

<Value>Sample Value</Value>

<ToBeSigned>true</ToBeSigned>

</Parameter>

Depending on the target Gateway, there can be a minimum set of required parameters that must be

specified as signed. Here is a sample CWMP configuration template:

<tc:Template

...

<configuration>

<ParameterDictionaries>

<ParameterDictionary>femto-cwmp-dictionary.xml</ParameterDictionary>

</ParameterDictionaries>

<ObjectInstance name=”Device”>

<ObjectInstance name=”Services”>

<ObjectInstance name=”X_00000C_FAPService”>

<ObjectInstance name=”AccessControl”>

<Parameter>

<Name>ACL</Name>

<Value>VAR(name=FC-ACL, defaultValue=””)</Value>

<ToBeSigned>true</ToBeSigned>

</Parameter>

</ObjectInstance>

<ObjectInstance name=”FGW”>

<Parameter>

<Name>Fqdn</Name>

<Value>VAR(name=FC-FGW-FQDN, defaultValue=””)</Value>

<ToBeSigned>true</ToBeSigned>

</Parameter>

</ObjectInstance>

</ObjectInstance>

</ObjectInstance>

Monitoring the Signed Configuration Feature

You can monitor the Signed Configuration feature in Cisco BAC from the administrator user interface

or DPE CLI. You have the following options:

• Choose Configuration > Files. Click the View icon ( ) corresponding to the Configuration

Template to view the configuration parameters that are designated to be signed.

• From the Devices > Manage Devices page, click the View Details icon ( ) corresponding to the

device. The following device faults are reported in the Device Details page:

–

Signature rejected by the gateway because the validity period has expired.

–

Signature rejected by the gateway because of an unknown secret key name

–

Signed data rejected by the gateway because it is missing required parameters

previous next