
Cisco Broadband Access Center 3.8 Administrator Guide
Chapter 3 Configuration Workflows and Checklists
Technology Workflows
Configuring CWMP Service on the DPE
Table 3-4 identifies the configuration tasks that you must perform to configure the CWMP services on
the DPE.
Table 3-4 DPE Configuration Workflow - CWMP Management
Procedure Refer to ...
Configure the CWMP services that run on the DPE.
Configuring the CWMP technology on the DPE
requires that you enable at least one CWMP service.
To enable a CWMP service, enter:
service cwmp num enable true
where num identifies the CWMP service, which
could be 1 or 2.
By default, the CWMP service is:
Enabled on service 1.
Disabled on service 2.
The CWMP Technology Commands described
in the Cisco Broadband Access Center 3.8 DPE
CLI Reference.
1. Configure the port on which the CWMP service
communicates with the CPE.
By default, the CWMP service is configured to
listen on:
Port 7547 for service 1.
Port 7548 for service 2.
The service cwmp num port port command
described in the Cisco Broadband Access Center
3.8 DPE CLI Reference.
2. Configure client authentication for the CWMP
To limit security risks during client
authentication, we recommend using the Digest
mode (the default configuration).
You should not allow client authentication in the
Basic mode, or altogether disable Basic and
Digest authentication.
The service cwmp num client-auth mode
command described in the Cisco Broadband
Access Center 3.8 DPE CLI Reference.
3. Configure client authentication using
certificates through SSL for the CWMP service.
The service cwmp num ssl client-auth mode
command described in the Cisco Broadband
Access Center 3.8 DPE CLI Reference.
4. Configure the DPE to request configuration
from the RDU for devices unknown to the DPE.
Enabling this feature may allow a Denial of
Service attack on the RDU.
The service cwmp num allow-unknown-cpe
command described in the Cisco Broadband
Access Center 3.8 DPE CLI Reference.