DPE Configuration Commands
This chapter describes the command-line interface (CLI) commands that you can use to manage and monitor the Broadband Access Center (BAC) Device Provisioning Engine (DPE).
Note Sample output provided for the commands in this chapter may differ depending on whether you invoke the commands on a hardware DPE or a Solaris DPE.
The commands described in this chapter are:
•clear cache
•docsis shared-secret
•no docsis shared-secret
•dpe port
•dpe provisioning-group primary
•no dpe provisioning-group primary
•dpe provisioning-group secondary
•no dpe provisioning-group secondary
•dpe rdu-server
•dpe reload
•dpe shared-secret
•dpe start | stop
•interface ethernet provisioning enabled
•interface ethernet provisioning fqdn
•show device-config
•show dpe
•show dpe config
•tftp allow-create-dirs
•no tftp allow-create-dirs
•tftp allow-override
•no tftp allow-override
•tftp allow-read-access
•no tftp allow-read-access
•tftp allow-write-access
•no tftp allow-write-access
•tftp verify-ip
•no tftp verify-ip
clear cache
Use this command to erase the DPE cache and reset the server to a clean state. When the DPE is restarted, it connects to the RDU and rebuilds the cache from the information stored in the RDU database.
Note Ensure that you stop the DPE before erasing the DPE cache by running the dpe stop command. For more information, see dpe start | stop.
You should clear the cache only when the DPE encounters a major problem. Running this command forces the DPE to rebuild or repopulate its device cache. This process may take an extended period of time to complete.
Once the command is entered, the DPE cache is cleared and a prompt appears to indicate the amount of disk space cleared as a result. If the cache could not be cleared, the reason for the failure appears.
Usage Guidelines
Use this command on both hardware and Solaris DPEs.
Syntax Description
No keywords or arguments.
Examples
Example 1
This result occurs when the cache is successfully cleared.
Example 2
DPE must be stopped before clearing cache.
This result occurs when the DPE has not been stopped.
Example 3
This result occurs when the cache has already been cleared.
docsis shared-secret
Use this command to set a DOCSIS shared secret (DSS) on the DPE. The DSS is used to calculate the CMTS message integrity check.
To disable the DSS, use the no form of this command. See no docsis shared-secret.
Usage Guidelines
Although this command is used for both hardware and Solaris DPEs, on the hardware DPE, it is used only in the console mode.
Syntax Description
docsis shared-secret format secret
•format—Identifies if the shared secret string appears as clear text or as encrypted text. To specify the format, enter:
–0 for a clear text string.
–7 for a Cisco IOS-encrypted shared-secret text string.
•secret—Identifies the actual secret string.
If, after running this command, you use the show running-config command, a new line appears, identifying the shared secret and its format.
Defaults
The default format for the shared secret string is clear text.
Examples
dpe# docsis shared-secret 0 changeme
% OK (Warning: Current input accepted. Note a secure connection is recommended to set or
change the docsis shared secret
no docsis shared-secret
Use this command to disable the DSS functionality on the DPE. By using this command at the DPE, you do not completely disable the DSS; rather, it results in the RDU global DSS being used instead of the local functionality.
To set a DSS, see docsis shared-secret.
Usage Guidelines
Although this command is used for both hardware and Solaris DPEs, on the hardware DPE, it is used only in the console mode.
Syntax Description
No keywords or arguments.
Examples
dpe# no docsis shared-secret
dpe port
Use this command to specify the port number that the DPE uses to communicate with the Network Registrar extension points. Normally, you can leave this port number intact unless there is a need to change it for firewall reasons.
Note You must stop the DPE before changing the port number. If you attempt to run this command on an operational DPE, the following error message appears:
ERROR: DPE must be stopped before changing the port number.
The changes that you introduce through this command do not take effect until you restart the DPE. For information on stopping and starting the DPE, see dpe start | stop.
Usage Guidelines
Use this command on both hardware and Solaris DPEs.
Syntax Description
dpe port port
port—Identifies the port number assigned for connecting to the DPE.
Defaults
The default port that the DPE uses is 49186.
Examples
dpe provisioning-group primary
Use this command to specify the DPE as a member of a specified primary provisioning group. Most DPEs are configured with one primary provisioning group; however, selecting multiple provisioning groups allows multiple DHCP servers to use this DPE.
Note If you enable voice technology, ensure that a DPE belongs to only one provisioning group.
When assigning new provisioning groups that have a large number of devices, restarting the DPE can take an extended period of time depending on the number of devices in your network and the size of the device configurations. This delay occurs because the cache for each provisioning group has to be synchronized or, for new provisioning groups, completely rebuilt.
Note Typically, you must change the provisioning groups only when the DPE is first deployed on the network.
After you use this command, run the dpe reload command so that the changes take effect. See
dpe reload.
To remove any configured primary provisioning groups, use the no form of this command. See
no dpe provisioning-group primary.
Usage Guidelines
Use this command on both hardware and Solaris DPEs.
Syntax Description
dpe provisioning-group primary name [name*]
•name—Identifies the assigned primary provisioning group.
•name*—Allows the entry of multiple provisioning groups. When specifying multiple provisioning groups, you must insert a space between their names.
Examples
Example 1
dpe# dpe provisioning-group primary PrimaryProvGroup
% OK (Requires DPE restart "# dpe reload")
Example 2
dpe# dpe provisioning-group primary provisioning-grp-1 provisioning-grp-2
% OK (Requires DPE restart "# dpe reload")
no dpe provisioning-group primary
Use this command to clear configured primary provisioning groups. If primary provisioning groups are not available, you can use the DPE as a backup for other provisioning groups or as a TFTP file cache.
After you use this command, run the dpe reload command so that the changes take effect. See
dpe reload.
To specify the DPE as a member of a specified primary provisioning group, see dpe provisioning-group primary.
Usage Guidelines
Use this command on both hardware and Solaris DPEs.
Syntax Description
No keywords or arguments.
Examples
dpe# no dpe provisioning-group primary
% OK (Requires DPE restart "> dpe reload")
dpe provisioning-group secondary
Use this command to set secondary provisioning groups for the DPE server to use. Most DPEs are configured with a primary provisioning group; however, selecting multiple provisioning groups allows multiple DHCP servers to use this DPE.
Note Secondary provisioning groups are used for provisioning only when the primary provisioning groups are not available or are overloaded.
When assigning new provisioning groups that have a large number of devices, restarting the DPE can take an extended period of time depending on the number of devices in your network and the size of the device configurations. This delay occurs because the cache for each provisioning group has to be synchronized or, for new provisioning groups, completely rebuilt.
Note Typically, you must change the provisioning groups only when the DPE is first deployed on the network.
After you use this command, run the dpe reload command so that the changes take effect. See dpe reload.
To remove configured secondary provisioning groups, use the no form of this command. See no dpe provisioning-group secondary.
Usage Guidelines
Use this command on both hardware and Solaris DPEs.
Syntax Description
dpe provisioning-group secondary name [name*]
•name—Identifies the assigned secondary provisioning group.
•name*—Allows the entry of multiple provisioning groups. When specifying multiple provisioning groups, you must insert a space between their names.
Examples
dpe# dpe provisioning-group secondary SecondaryProvGroup
% OK (Requires DPE restart "> dpe reload")
no dpe provisioning-group secondary
Use this command to clear configured secondary provisioning groups. If secondary provisioning groups are not available, the DPE can be used as a primary in other provisioning groups.
After you use this command, run the dpe reload command so that the changes take effect. See dpe reload.
To set secondary provisioning groups for the DPE, see dpe provisioning-group secondary.
Usage Guidelines
Use this command on both hardware and Solaris DPEs.
Syntax Description
No keywords or arguments.
Examples
dpe# no dpe provisioning-group secondary
% OK (Requires DPE restart "> dpe reload")
dpe rdu-server
Use this command to identify the RDU to which the DPE connects. Normally, you configure the RDU on the default port, but for security reasons, you could configure it to run on a nondefault port.
After you use this command, run the dpe reload command so that the changes take effect. See dpe reload.
Usage Guidelines
Use this command on both hardware and Solaris DPEs.
Syntax Description
dpe rdu-server {host | x.x.x.x} port
•host—Identifies the fully qualified domain name (FQDN) of the host on which the RDU is running.
•x.x.x.x—Identifies the IP address of the RDU.
•port—Identifies the port number on which the RDU is listening for DPE connections.
Defaults
The default port on which the RDU listens for the DPE is 49187.
Examples
Example 1
dpe# dpe rdu-server rdu.cisco.com 49187
% OK (Requires DPE restart "> dpe reload")
This result occurs when you specify the FQDN of the RDU host.
Example 2
dpe# dpe rdu-server 10.10.20.1 49187
% OK (Requires DPE restart "> dpe reload")
This result occurs when you specify the IP address of the RDU host.
dpe reload
Use this command to restart the DPE, which must be operational before you reload it. If the DPE has not stopped within 60 seconds, the BAC agent (bprAgent) forces the DPE to stop, and an alert message, indicating that the DPE has been stopped, appears. After the message appears, the DPE restarts.
Usage Guidelines
Use this command on both hardware and Solaris DPEs.
Syntax Description
No keywords or arguments.
Examples
dpe shared-secret
Use this command to set the shared secret used for communications with the RDU. Communication fails if the shared secret, which is set on the two servers, is not the same. For security reasons, this command is available only through a console connection. It cannot be accessed through a Telnet connection.
After you use this command, run the dpe reload command so that the changes take effect. See dpe reload.
Usage Guidelines
Although this command is used for both hardware and Solaris DPEs, on the hardware DPE, it is used only in the console mode.
Syntax Description
dpe shared-secret secret
secret—Identifies the RDU shared secret. The shared secret may appear as encrypted text when the command is run through the console mode. If you run this command through a Telnet session, it may only indicate that the shared secret has been set.
Defaults
The default shared secret used for communications with the RDU is secret.
Examples
dpe# dpe shared-secret private
% OK (Requires DPE restart "> dpe reload")
dpe start | stop
Use this command to start or stop the DPE.
Usage Guidelines
Use this command on both hardware and Solaris DPEs.
Syntax Description
dpe start | stop
•start—Starts the DPE. You can use this command only when the DPE is not running. Having the DPE start successfully does not guarantee that the DPE will run successfully. Check the DPE log to ensure that the DPE has started correctly. Also, check the log periodically to ensure that no additional errors have occurred.
•stop—Stops the DPE. You can use this command only when the DPE is running. If the DPE has not stopped within 60 seconds, the DPE agent (bprAgent) forces the DPE to stop, and an alert message, indicating that the DPE has been stopped, appears.
Examples
Example 1
Process dpe has been started
Example 2
interface ethernet provisioning enabled
Use this command to control whether the Ethernet interfaces are used to handle provisioning requests. This command allows the use of split-networking techniques to isolate devices facing communication from provisioning system-side communications. Only ports that have provisioning enabled are used for communication with the DHCP server.
After you use this command, run the dpe reload command so that the changes take effect. See dpe reload.
Usage Guidelines
Use this command on both hardware and Solaris DPEs.
Syntax Description
interface ethernet {0...1 | intf0} provisioning enabled {true | false}
•0...1—Identifies the Ethernet interface on a hardware DPE.
•intf0—Identifies the Ethernet interface on a Solaris DPE.
•true—Indicates that provisioning has been enabled for this interface.
•false—Indicates that provisioning has been disabled for this interface.
Examples
Example 1
dpe# interface ethernet 0 provisioning enabled true
% OK (Requires DPE restart "> dpe reload")
This result occurs on a hardware DPE.
Example 2
dpe# interface ethernet hme0 provisioning enabled true
% OK (Requires DPE restart "> dpe reload")
This result occurs on a Solaris DPE.
interface ethernet provisioning fqdn
Use this command to set the fully qualified domain name (FQDN) for a specific interface. The provisioning FQDN is the domain name that is given to devices to contact the specific DPE interface.
Note Before setting the FQDN for an interface, ensure that provisioning is enabled on that interface. To enable provisioning on an interface, see interface ethernet provisioning enabled.
After you use this command, run the dpe reload command so that the changes take effect. See dpe reload.
Usage Guidelines
Use this command on both hardware and Solaris DPEs.
Syntax Description
interface ethernet {0...1 | intf0} provisioning fqdn fqdn
•0...1—Identifies the Ethernet interface on a hardware DPE.
Note Enabling both DPE appliance interface IPs and setting the provisioning FQDNs to identical names has no effect on PacketCable because this voice technology always uses the IP address of the first interface.
•intf0—Identifies the Ethernet interface on a Solaris DPE.
•fqdn—Identifies the FQDN that is set on the specified interface. In the case of a Solaris DPE, this FQDN is sent as the SNMPEntity in DHCP Option 177, suboption 3.
Examples
Example 1
dpe# interface ethernet 0 provisioning fqdn dpe.cisco.com
% OK (Requires DPE restart "> dpe reload")
This results occur on a hardware DPE.
Example 2
dpe# interface ethernet hme0 provisioning fqdn cisco.com
% OK (Requires DPE restart "> dpe reload")
This result occurs on a Solaris DPE.
show device-config
Use this command to show a device configuration that is cached at the DPE.
If you run this command on an unlicensed DPE, a message similar to this one appears:
This DPE is not licensed. Your request cannot be serviced.
Please check with your system administrator for DPE licenses.
Usage Guidelines
Use this command on hardware and Solaris DPEs.
Syntax Description
show device-config mac
mac—Specifies the MAC address of a device. The accepted formats for mac are "type,len,addr" (for example, 1,6,00:01:02:03:04:05 or 9,10,43:43:31:32:33:34:35:36:2d:41) or exact-size octets (for example, 000102030405 or 00:01:02:03:04:05), assuming that the MAC address header is (1,6).
Examples
This example assumes that the DPE MAC address is 1,6,00:00:00:00:00:03.
dpe# dpe show device-config 00:00:00:00:00:03
Retrieved the following configuration from DPE.
DHCP Configuration for device 1,6,00:00:00:00:00:03 in default provisioning-group
Note The output of this command has been trimmed for demonstration purposes.
show dpe
Use this command to check to see if the DPE is running and displays the state of the process and, if running, its operational statistics. This command does not indicate if the DPE is running successfully, only that the process itself is currently executing. However, when the DPE is running, you can use statistics that this command displays to determine if the DPE is successfully servicing requests.
If you run this command on an unlicensed DPE, a message similar to this one appears:
This DPE is not licensed. Your request cannot be serviced.
Please check with your system administrator for DPE licenses.
Usage Guidelines
Use this command on both hardware and Solaris DPEs.
Syntax Description
No keywords or arguments.
Examples
Example 1
This result occurs when the DPE is not running.
Example 2
Version BAC 2.7.1 (cbpr_271_L_000000000000).
Caching 0 device configs and 0 external files.
Received 0 cache hits and 0 misses.
Received 0 lease updates.
Connection status is Disconnected.
Sent 0 SNMP informs and 0 SNMP sets.
Received 0 MTA provisioning successful SNMP informs.
Received 0 MTA provisioning failed SNMP informs.
Running for 6 days 41 mins 35 secs.
This result occurs when the DPE is running.
show dpe config
Use this command to display the current settings on the DPE.
Usage Guidelines
Use this command on both hardware and Solaris DPEs.
Syntax Description
No keywords or arguments.
Syntax Description
rdu host = host.cisco.com
secondary groups = [no value]
tftp allow-create-dirs
Use this command to allow a TFTP write request to create directories.
Note During a TFTP read operation, the TFTP server looks only in its cache, although, if the
tftp allow-read-access command is run, the TFTP server looks at the local file system before looking in the cache. If the required file exists in the local file system, it is read from there. Otherwise, the TFTP server looks in the cache. If the file is not found in the cache, the TFTP server sends a request for the file to the RDU.
TFTP writes are not made to the DPE cache, only to the local file system. Using the
tftp allow-write-access command, you can write to the TFTP home directory. By default, you are not allowed to create directories or override files, but you can change these defaults using the
tftp allow-create-dirs or the tftp allow-override commands.
To disable the creation of directories by TFTP write requests, see no tftp allow-create-dirs.
Usage Guidelines
Use this command on both hardware and Solaris DPEs.
Syntax Description
No keywords or arguments.
Examples
dpe# tftp allow-create-dirs
no tftp allow-create-dirs
Use this command to disable the creation of directories by TFTP write requests.
To allow a TFTP write request to create directories, see tftp allow-create-dirs.
Usage Guidelines
Use this command on both hardware and Solaris DPEs.
Syntax Description
No keywords or arguments.
Examples
dpe# no tftp allow-create-dirs
tftp allow-override
Use this command to allow the override of existing files using a TFTP write request.
To disable the overriding of existing files by TFTP write requests, see no tftp allow-override.
Usage Guidelines
Use this command on both hardware and Solaris DPEs.
Syntax Description
No keywords or arguments.
Examples
no tftp allow-override
Use this command to disable the overriding of existing files by TFTP write requests.
To allow the override of existing files using a TFTP write request, see tftp allow-override.
Usage Guidelines
Use this command on both hardware and Solaris DPEs.
Syntax Description
No keywords or arguments.
Examples
dpe# no tftp allow-override
tftp allow-read-access
Use this command to enable TFTP read requests from the file system. When this command is enabled, and a DPE does not find the required file in the local directory, the DPE cache is searched.
To disable TFTP read requests from the file system, see no tftp allow-read-access.
Usage Guidelines
Use this command on both hardware and Solaris DPEs.
Syntax Description
No keywords or arguments.
Examples
dpe# tftp allow-read-access
no tftp allow-read-access
Use this command to disable TFTP read requests from the file system.
To enable TFTP read requests from the file system, see tftp allow-read-access.
Usage Guidelines
Use this command on both hardware and Solaris DPEs.
Syntax Description
No keywords or arguments.
Examples
dpe# no tftp allow-read-access
tftp allow-write-access
Use this command to support TFTP write requests to the local file system.
To disable TFTP write requests to the file system, see no tftp allow-write-access.
Usage Guidelines
Use this command on both hardware and Solaris DPEs.
Syntax Description
No keywords or arguments.
Examples
dpe# tftp allow-write-access
no tftp allow-write-access
Use this command to disable TFTP write requests to the file system.
To enable support TFTP write requests on the local file system, see tftp allow-write-access.
Usage Guidelines
Use this command on both hardware and Solaris DPEs.
Syntax Description
No keywords or arguments.
Examples
dpe# no tftp allow-write-access
tftp verify-ip
Use this command to enable the verification of requestor IP addresses on dynamic configuration TFTP requests.
To disable the verification of requestor IP addresses on dynamic configuration TFTP requests, see no tftp verify-ip.
Usage Guidelines
Use this command on both hardware and Solaris DPEs.
Syntax Description
No keywords or arguments.
Examples
no tftp verify-ip
Use this command to disable the verification of requestor IP addresses on dynamic configuration TFTP requests.
To enable the verification of requestor IP addresses on dynamic configuration TFTP requests, see tftp verify-ip.
Usage Guidelines
Use this command on both hardware and Solaris DPEs.
Syntax Description
No keywords or arguments.
Examples