6-78
Cisco Broadband Cable Command Reference Guide
OL-1581-07
Chapter 6 Cable CPE Commands
show controllers cable-modem bpkm
Table 6-7
describes the valid values for the kek state and tek state fields:
tek grace time
The number of seconds before the current TEK is set to expire that the TEK
grace timer begins, signaling the TEK state machine to request a replacement
key.
authorization rej wait
time
Number of seconds the router waits before sending another Authorization
Request message to the CMTS after it has received an Authorization Reject
message.
sa map wait time
Number of seconds the router waits for a response after sending a Security
Association (SA) map request before timing out and resending the request.
sa map retries
Number of times the router attempts an SA map request before it rejects the
attempt to create a new downstream service flow.
kek state
The current state of the key encryption key that the CMTS uses to encrypt
the traffic encryption keys it sends to the router. See
Table 6-7
for the
possible values.
tek state
The current state of the traffic encryption key state machine for the specified
SID. See
Table 6-7
for the possible values.
Table 6-6
show controllers cable-modem bpkm Field Descriptions (BPI+) (continued)
Field
Description
Table 6-7
State Values for KEK and TEK State Fields
State Description
Key Encryption Key (KEK) States
STATE_A_START
The router is still completing the DOCSIS provisioning
process. If this state persists, it indicates that BPI/BPI+
encryption was not enabled for the router in its DOCSIS
configuration file.
STATE_B_AUTH_WAIT
DOCSIS provisioning has been completed, and the router has
sent an authorization request to the CMTS and is waiting for a
reply. If this state persists, it indicates that the CMTS has not
enabled BPI/BPI+ operations.
STATE_C_AUTHORIZED
The router has received a valid authorized reply from the
CMTS, completing the KEK exchange, and allowing the TEK
exchange to begin.
STATE_D_REAUTH_WAIT
The router sent a reauthorization request and is waiting for the
reply from the CMTS. A reauthorization request can be sent if
the initial request is rejected, or when existing keys have
expired and must be reacquired.
STATE_E_AUTH_REJ_WAIT
The router has received a nonpermanent authorization reject
response from the CMTS and is waiting for the timeout period
before sending another request.
STATE_F_SILENT
The router has received a permanent authorization reject
response from the CMTS and has been placed in silent mode,
in which it does not pass traffic but does accept SNMP
management requests. (Valid only for BPI+ operations.)