Cisco Rfgw1d Manual

							 
 
 Steps To Take 
 
78-4025112-01 Rev H0 197 
 
Result: The entry is highlighted as shown in the following screen. 
 
2 Click Apply to accept change or Reset to abort.  
Descriptor Rule Parameters 
The following table describes the Descriptor Rule parameters. 
Parameter Description 
Name Identification of the descriptor rule. 
Type Allows you to select the rule type. 
 Add Private Data -  add data to the standard descriptor. 
 Do Not Insert - prevents updating the CA descriptor in the PMT if 
the PSI/SI information is generated by an external PSIG. 
Notes: 
 If the rule type is set to Do Not Insert, the Insert and Private Data [Hex] 
parameters are unavailable.  
 Private data is CA Vendor proprietary. 
Insert Select the insertion level mode for the private data part. 
 According to EIS -  EIS determines insertion level. 
 At ES Level -  insertion is performed at ES level (even if service level 
scrambling is defined by the EIS). 
ECM ID(s) ECM ID(s) to which the CA descriptor rule must be applied. Multiple 
IDs must be separated by a comma. 
Private Data (Hex)  Private data of the descriptor rule. 
Notes: 
 The RFGW-1 adds a standard CA descriptor to the PMTs of scrambled services, 
or elementary streams. 
 When no IDs are added into the Data ID(s) box, the descriptor rule is applied to 
all ECMs.  Since only one rule with empty Data ID(s) box is allowed, this rule 
overrules the standard CA descriptor. 
 When IDs are added, the rule is only applied to the ECM IDs appearing in the 
ECM ID(s) box.  Only one rule can be effective for a certain ECM ID. 
 ECM IDs added must be unique over all descriptor rules for a certain ECMG.   
						

							 
Chapter 13    Encryption and Scrambling  
 
 
198 78-4025112-01 Rev H0 
Event Information Schedulers 
The EIS provides the SCS with SCGs containing relevant information to scramble 
services.  To establish communication between the EIS and the SCS, a TCP 
connection should be made followed by a channel set up.  Once the connection is 
made, the SCS of the RFGW-1 receives SCGs from the EIS. To set up a TCP 
connection between the EIS and the RFGW-1, the EIS requires the knowledge of the 
IP address and TCP port of the RFGW-1 used to establish the connection. 
  
Adding an EIS 
Follow the instructions below to add an EIS. 
1 Navigate to the System/Scrambler page. 
Result: The following page is displayed. 
 
2 Click the + to expand the window and select EIS Configuration.  
						

							 
 
 Steps To Take 
 
78-4025112-01 Rev H0 199 
 
Result: The following page is displayed. 
 
3 Click Add New EIS. 
Result: The new EIS is added to the table. 
 
4 Click Apply to accept change, or Reset to abort.  
Removing an EIS 
Follow the instructions below to remove an EIS. 
1 Select the check box next to the Rule you want to remove. 
Result: The row is highlighted.  
2 Click Apply to accept change or Reset to abort.  
						

							 
Chapter 13    Encryption and Scrambling  
 
 
200 78-4025112-01 Rev H0 
  
EIS Parameters 
The following table describes the EIS parameters. 
Parameter Description 
EIS Name Identifies the EIS  in the CA System. 
TCP Port Listening port number used by the RFGW-1 to establish TCP 
connection with the EIS. 
Note: The TCP listening port number must be unique and cannot be 
used by an EMM Generator or a PSI Generator. 
EIS Port Selection The Ethernet port to use for communication with the EIS. 
Overrule When the Cryptoperiod parameter is encapsulated into Scrambling. 
CP Duration When control groups are missing or inaccurate, this parameter can 
be overruled. 
EIS Type The following EIS types are available. 
 General - Third party EIS 
 SA Specific EIS of ROSA NMS 
Note: Only one SA EIS can be assigned to a RFGW-1. 
Connection 
Status 
Status of the connection to the EIS. 
Peer IP IP address of the EIS. 
  Changing EIS Parameters 
Follow the instructions below to change EIS parameters. 
1 Click the drop down box to select the parameter to change. 
Result: The Apply and Reset buttons are now active. 
2 Click Apply to accept change and Reset to abort. 
  
						

							 
 
78-4025112-01 Rev H0 201 
 
This chapter describes the Cisco RF Gateway 1 security features 
including GUI authentication, HTTPS and SFTP support.  
 
 
14 Chapter 
14 
Secuirty Features 
In This Chapter 
 Security Features Overview .............................................................. 202 
 Authentication ..................................................................................... 203 
 Enabling HTTPS on the RF Gateway 1 ............................................ 210 
 SFTP Support ....................................................................................... 218 
 Firewall Settings .................................................................................. 223  
						

							 
Chapter 14    Secuirty Features  
 
 
202 78-4025112-01 Rev H0 
Security Features Overview 
The following features are supported in software version 6.1.x. 
 Local and remote authentication for accessing RFGW GUI. 
 HTTPS support 
 SFTP support (SSHv2 with DSA key supported). 
 DSA key download for SFTP. 
 SFTP client support to perform release management, backup/restore 
configuration, license management, and SSL/SSH key download. 
 Firewall settings to enable or disable SFTP, FTP, HTTPS, HTTP, and Telnet ports. 
  
						

							 
 
 Authentication 
 
78-4025112-01 Rev H0 203 
 
Authentication 
Password-based authentication is available for RF Gateway 1 users operating 
software release 06.1.x. This chapter describes how to configure user authentication 
capabilities. The unit can be operated without authentication enabled (default 
factory setting) or enabled in two user-settable (Local and Remote) modes of 
operation.  
Authentication Configuration 
The RF Gateway 1 is shipped to customers with the authentication default factory 
setting set to  disabled as shown in the following screen. A unit in this state allows 
the user full read and write access to all configurable parameters. The RF Gateway 1 
web management page appears with the login tab grey and un-selectable.  Local and 
remote authentication modes are available. To enable Local Authentication, refer to 
To Set up Local Authentication (on page 203).  To enable Remote Authentication, 
refer to To Setup Remote Authentication (on page 207). Once the authentication 
mode is enabled, the user must provide a password to make any new authentication 
mode changes. While operating in either mode, the RF Gateway 1 management 
interface allow users alphanumeric passwords of 4 to 16 characters in length. 
 
 
Local Authentication 
The RF Gateway 1 supports five read only users (rfgw1, rfgw2, rfgw3, rfgw4, rfgw5, 
and one read-write user (admin). All these users have the default password (factory 
setting) 0000. Additional login ids cannot be provisioned in Local mode. Refer to 
To Change Default Password (on page 205).  
To Set up Local Authentication 
1 Navigate to the System/Authentication  page. 
Result: The following page is displayed. 
2 In the Mode drop-down window, select Local as the mode of operation. 
The default timeout value is 30 minutes. The timeout value can be changed, if 
required. 
3 Click Apply.  
						

							 
Chapter 14    Secuirty Features  
 
 
204 78-4025112-01 Rev H0 
Result: The login UI screen is displayed. 
 
Local user names can be entered as one of the following: admin, rfgw1, rfgw2, 
rfgw3, rfgw4 and rfgw5. Note: admin is a read-write user. The other users are 
read-only users. 
4 Enter 0000 as the default password. 
5 Click Login. 
Result: The following screen is displayed. 
 
6 Click OK.  
Read-Only/Read-Writer User 
1 In the Login UI, login as rfgw1 (local user). 
2 Edit the configurations in RF Gateway 1 web pages and click Apply. 
The following screen in displayed. 
 
3 Click OK.  
						

							 
 
 Authentication 
 
78-4025112-01 Rev H0 205 
 
The following screen is displayed. 
 
4 Login as admin. 
5 Edit the configurations in RF Gateway 1 web pages and click Apply. Note: Only 
admin user can make changes to RF Gateway 1 configurations, save the 
configuration or reboot the RF Gateway 1. 
6 The settings are applied. 
To Change Timeout 
1 Navigate to the System/Authentication page. 
2 Click the dropdown box for Timeout and select the appropriate timeout value. 
  
To Change Default Password 
1 Navigate to the System/Authentication page. 
2 Click the + sign and select Change Password.  
						

							 
Chapter 14    Secuirty Features  
 
 
206 78-4025112-01 Rev H0 
Result: The following page is displayed. 
 
3 Change your password. 
4 Click Apply.  
5 Click Save on the main menu bar to save your settings.  
To Edit Local Users 
1 Login as admin. 
2 Navigate to the System/Authentication page. 
3 Click the + sign and select Edit Local Users. 
Result: The following page is displayed. 
 
4 Select the Login-id to edit. 
5 Enter the value for Rename login-id to. 
6 Enter New password and Confirm password. 
7 Click Apply.   
Local User Management 
 When a user is logged in as admin (Local mode), the user can access all 
configurable RF Gateway 1 web pages and has full read and write access.   
 When a user is logged in as "rfgw1", “rfgw2”, “rfgw3”, “rfgw4” or “rfgw5” 
(Local mode), the user can access all configurable RF Gateway 1 web pages and 
has read only access.