2-186
Cisco Broadband Cable Command Reference Guide
OL-1581-08
Chapter 2 Cisco CMTS Configuration Commands
cable privacy hotlist
cable privacy hotlist
To mark a manufacturer’s or CM certificate as untrusted and add them to the CMTS hotlist of invalid
certificates, thereby preventing those CMs from registering, use the
cable privacy
command in global
configuration mode. To remove a particular CM or manufacturer’s certificate from the hotlist, use the
no
form of this command.
cable privacy hotlist
{
cm
mac-address
|
manufacturer
cert-serial-number
}
no cable privacy hotlist
{
cm
mac-address
|
manufacturer
cert-serial-number
}
Syntax Description
Defaults
The CMTS hotlist does not contain any certificates.
Command Modes
Global configuration
Command History
Usage Guidelines
This command is applicable only on images that support BPI or BPI+ encryption.
Note
The
cable privacy hotlist
command is not supported on the Cisco uBR10012 router. To add a
manufacturer’s or CM certificate to the hotlist on the Cisco uBR10012 router, use SNMP commands to
set the appropriate attributes in
DOCS-BPI-PLUS-MIB
. For more information see the
Configuring
DOCSIS 1.1 on the Cisco CMTS
chapter in the
CMTS Feature Guide
.
cm
mac-address
Specifies the MAC address for the CM certificate to be added to the
hotlist. The
mac-address
should be specified as a hexadecimal string,
without periods or other separators. In Cisco IOS Release
12.2(15)BC2 and later releases, you can also specify it as three sets of
hexadecimal digits, separated by periods.
manufacturer
cert-serial-
number
Specifies the serial number for the particular manufacturer CA
certificate. The
cert-serial-number
should be specified as a
hexadecimal string up to 32 bytes in length. Enter multiple lines as
needed, and use a blank line to terminate the string.
Release
Modification
12.1(7)CX,
12.2(1)XF1,
12.2(4)BC1
This command was introduced for the Cisco uBR7100 series and
Cisco uBR7200 series routers.
12.2(11)BC1 The
accept-self-signed-certificate
option was moved to the
cable privacy
cable interface command.
12.2(15)BC2
The mac-address can be specified in the canonical form of three pairs of
hexadecimal digits, separated by periods (for example, 0000.0001.0002).