Home » Cisco Manuals » Bridges & Routers » Cisco ASR1002-10G-VPN/K9 » Manual Viewer

Cisco ASR1002-10G-VPN/K9 Software Guide - Page 282

Examples, Step 8

View all Cisco ASR1002-10G-VPN/K9 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 282 highlights

Configuring Persistent SSH Chapter 8 Console Port, Telnet, and SSH Handling Step 8 Step 9 Step 10 Step 11 Command or Action time-out timeout-interval Example: Router(config-tmap)# time-out 30 transport interface gigabitethernet 0 Example: Router(config-tmap)# transport interface gigabitethernet 0 exit Example: Router(config-tmap)# exit transport type persistent ssh input transport-map-name Example: Router(config)# transport type persistent ssh input sshhandler Purpose (Optional) Specifies the SSH time-out interval in seconds. The default timeout-interval is 120 seconds. Applies the transport map settings to the Management Ethernet interface (interface gigabitethernet 0). Persistent SSH can only be applied to the Management Ethernet interface on the Cisco ASR 1000 Series Routers. Exits transport map configuration mode to re-enter global configuration mode. Applies the settings defined in the transport map to the Management Ethernet interface. The transport-map-name for this command must match the transport-map-name defined in the transport-map type persistent ssh command. Examples In the following example, a transport map that will make all SSH connections wait for the vty line to become active before connecting to the router is configured and applied to the Management Ethernet interface (interface gigabitethernet 0). The RSA keypair is named sshkeys. This example only uses the commands required to configure persistent SSH. Router(config)# transport-map type persistent ssh sshhandler Router(config-tmap)# connection wait allow Router(config-tmap)# rsa keypair-name sshkeys Router(config-tmap)# transport interface gigabitethernet 0 In the following example, a transport map is configured that will apply the following settings to any users attempting to access the Management Ethernet port via SSH: • Users using SSH will wait for the vty line to become active, but will enter diagnostic mode if the attempt to access IOS through the vty line is interrupted. • The RSA keypair name is sshkeys • The connection allows one authentication retry. • The banner "--Welcome to Diagnostic Mode--" will appear if diagnostic mode is entered as a result of SSH handling through this transport map. • The banner "--Waiting for vty line--" will appear if the connection is waiting for the vty line to become active. The transport map is then applied to the interface when the transport type persistent ssh input command is entered to enable persistent SSH: Router(config)# transport-map type persistent ssh sshhandler Router(config-tmap)# connection wait allow interruptible 8-10 Cisco ASR 1000 Series Aggregation Services Routers Software Configuration Guide OL-16506-10

Section	Page
Cisco ASR 1000 Series Aggregation Services Routers Software Configuration Guide	1
Contents	3
Preface	11
Objectives	11
Document Revision History	12
Organization	13
Related Documentation	14
Cisco ASR 1000 Series Routers Documentation	14
Conventions	15
Obtaining Documentation and Submitting a Service Request	16
Software Packaging and Architecture	17
Software Packaging on the Cisco ASR 1000 Series Routers	17
ASR 1000 Series Routers Software Overview	17
Consolidated Packages	18
Important Information About Consolidated Packages	18
Individual Software SubPackages Within a Consolidated Package	19
Important Notes About Individual SubPackages	19
Optional Software SubPackages Outside of Consolidated Packages	20
Important Notes About Optional SubPackages	20
Provisioning Files	20
Important Notes About Provisioning Files	21
ROMmon Image	21
File to Upgrade Field Programmable Hardware Devices	21
Processes Overview	22
IOS as a Process	23
Dual IOS Processes	24
File Systems on the Cisco ASR 1000 Series Router	24
Autogenerated File Directories and Files	25
Important Notes About Autogenerated Directories	25
Using Cisco IOS XE Software	27
Accessing the CLI Using a Router Console	27
Accessing the CLI Using a Directly-Connected Console	28
Connecting to the Console Port	28
Using the Console Interface	28
Accessing the CLI from a Remote Console Using Telnet	29
Preparing to Connect to the Router Console Using Telnet	29
Using Telnet to Access a Console Interface	29
Accessing the CLI from a Remote Console Using a Modem	30
Using the Auxiliary Port	30
Using Keyboard Shortcuts	31
Using the History Buffer to Recall Commands	31
Understanding the Command Mode	32
Understanding the Diagnostic Mode	33
Getting Help	34
Finding Command Options	34
Using the no and default Forms of Commands	37
Saving Configuration Changes	38
Managing Configuration Files	38
Filtering the Output of the show and more Commands	39
Powering Off a Router	40
Finding Support Information for Platforms and Cisco Software Images	40
Using the Cisco Feature Navigator	40
Using the Software Advisor	41
Using the Software Release Notes	41
Consolidated Packages and SubPackages Management	43
Running the Cisco ASR 1000 Series Routers: An Overview	43
Running the Cisco ASR 1000 Series Routers Using Individual and Optional SubPackages: An Overview	44
Running the Cisco ASR 1000 Series Routers Using a Consolidated Package: An Overview	44
Running the Cisco ASR 1000 Series Routers: A Summary	45
Software File Management Using Command Sets	46
The request platform Command Set	46
The copy Command	47
The issu Command Set	47
Managing and Configuring the Router to Run Using Consolidated Packages and Individual SubPackages	48
Quick Start Software Upgrade	48
Managing and Configuring a Router to Run Using a Consolidated Package	49
Managing and Configuring a Consolidated Package Using the copy Command	49
Managing and Configuring a Consolidated Package Using the request platform software package install Command	50
Managing and Configuring a Router to Run Using Individual SubPackages From a Consolidated Package	52
Extracting a Consolidated Package and Booting Using the Provisioning File	52
Copying a Set of Individual SubPackage Files, and Booting Using a Provisioning File	56
Managing and Configuring a Router to Run Using Optional SubPackages	56
Installing an Optional SubPackage	57
Uninstalling an Optional SubPackage	58
Troubleshooting Software Mismatch with ESP Board ASR1000-ESP10-N	60
Upgrading Individual SubPackages	60
Upgrading a SPA SubPackage	61
Software Upgrade Process	63
ISSU Upgrade for Redundant Platforms	64
Overview of ISSU on the Cisco ASR 1000 Series Routers	64
ISSU Rollback Timer Overview	65
Software Upgrade with Dual IOS Processes on a Single RP Overview	66
Cisco IOS XE Software Package Compatibility for ISSU	66
Prerequisites for ISSU	66
Restrictions for ISSU	67
ISSU Upgrade Procedures	67
Using ISSU to Perform a Consolidated Package Upgrade in a Dual Route Processor Configuration	67
Using ISSU to Upgrade the SubPackages in a Dual Route Processor Configuration	74
In Service One-Shot Software Upgrade Procedure	135
ISSU Procedures (Prior to Cisco IOS XE Release 2.1.2)	135
Using ISSU to Perform a Consolidated Package Upgrade in a Dual Route Processor Configuration (Prior to Cisco IOS XE 2.1.2)	136
Using ISSU to Upgrade SubPackages (Prior to Cisco IOS XE Release 2.1.2)	136
Upgrade Process With Service Impact for Nonredundant Platforms	137
Configuring SSO on a Cisco ASR 1001, Cisco ASR 1002, or Cisco ASR 1004 Router	138
Using SubPackages for Software Upgrade on a Cisco ASR 1001 Router	140
Using SubPackages for Software Upgrade on a Cisco ASR 1002 or Cisco ASR 1004 Router (software upgrade Command Set)	156
Using SubPackages for Software Upgrade on a Cisco ASR 1002 or Cisco ASR 1004 Router (request platform Command Set)	181
High Availability Overview	203
Hardware Redundancy Overview on the Cisco ASR 1000 Series Routers	203
Software Redundancy on the Cisco ASR 1000 Series Routers	205
Software Redundancy Overview	205
Second IOS Process on a Cisco ASR 1002 or 1004 Router	206
Route Processor Redundancy	207
Stateful Switchover	207
SSO-Aware Protocol and Applications	208
IPsec Failover	208
Bidirectional Forwarding Detection	208
Broadband Scalability and Performance	209
PPP Sessions and L2TP Tunnel Scaling	209
Restrictions for PPP Sessions and L2TP Tunnel Scaling	210
IP Sessions Scaling	211
Layer 4 Redirect Scaling	211
Configuring the Cisco ASR 1000 Series Router for High Scalability	211
Configuring Call Admission Control	212
Control Plane Policing	212
VPDN Group Session Limiting	213
PPPoE Session Limiting	213
Monitoring PPP Sessions Using the SNMP Management Tools	213
Configuring the Access Interface Input and Output Hold Queue	213
Configuring the keepalive Command	214
Scaling the L2TP Tunnel Configurations	214
Using the cisco-avpair=\	214
Enhancing the Scalability of Per-User Configurations	215
Setting the VRF and IP Unnumbered Interface Configurations in User Profiles	215
Setting the VRF and IP Unnumbered Interface Configurations in Virtual Interface Templates	216
Redefining User Profiles to Use the ip:vrf-id and ip:ip-unnumbered VSAs	216
Configuring Call Home	217
Information About Call Home	217
Benefits of Using Call Home	218
How to Obtain Smart Call Home Service	218
Prerequisites for Call Home	219
How to Configure Call Home	219
Configuring the Management Interface VRF	220
What To Do Next	221
Configuring a Destination Profile	221
Configuring a Destination Profile to Send Email Messages	221
Configuring a Destination Profile to Send HTTP Messages	226
Working With Destination Profiles	228
Subscribing to Alert Groups	231
Periodic Notification	232
Message Severity Threshold	232
Syslog Pattern Matching	232
Configuring Contact Information	235
Example	236
Configuring the Number of Call Home Messages Sent Per Minute	236
Enabling and Disabling Call Home	237
Sending Call Home Communications Manually	238
Sending a Call Home Test Message Manually	238
Sending Call Home Alert Group Messages Manually	238
Submitting Call Home Analysis and Report Requests	239
Sending the Output of a Command to Cisco or an E-Mail Address	240
How To Configure Call Home to Support the Smart Call Home Service	241
Prerequisites	241
Configure and Enable Call Home	242
Declare and Authenticate a CA Trustpoint	244
Examples	245
Start Smart Call Home Registration	246
What To Do Next	246
Displaying Call Home Configuration Information	247
Examples	248
Default Settings	252
Alert Group Trigger Events and Commands	253
Message Contents	255
Sample Syslog Alert Notification in Long Text Format	259
Sample Syslog Alert Notification in XML Format	263
Additional References	269
Related Documents	269
Standards	269
MIBs	270
RFCs	270
Technical Assistance	270
Feature Information for Call Home	270
Console Port, Telnet, and SSH Handling	273
Console Port Overview for the Cisco ASR 1000 Series Routers	273
Console Port Handling Overview	273
Telnet and SSH Overview for the Cisco ASR 1000 Series Routers	274
Persistent Telnet and Persistent SSH Overview	274
Configuring a Console Port Transport Map	275
Examples	276
Configuring Persistent Telnet	277
Prerequisites	277
Examples	279
Configuring Persistent SSH	280
Examples	282
Viewing Console Port, SSH, and Telnet Handling Configurations	283
Important Notes and Restrictions	288
Using the Management Ethernet Interface	289
Gigabit Ethernet Management Interface Overview	289
Gigabit Ethernet Port Numbering	290
IP Address Handling in ROMmon and the Management Ethernet Port	290
Gigabit Ethernet Management Interface VRF	290
Common Ethernet Management Tasks	291
Viewing the VRF Configuration	291
Viewing Detailed VRF Information for the Management Ethernet VRF	292
Setting a Default Route in the Management Ethernet Interface VRF	292
Setting the Management Ethernet IP Address	292
Telnetting over the Management Ethernet Interface	293
Pinging over the Management Ethernet Interface	293
Copy Using TFTP or FTP	293
NTP Server	293
SYSLOG Server	294
SNMP-Related Services	294
Domain Name Assignment	294
DNS service	294
RADIUS or TACACS+ Server	294
VTY lines with ACL	295
Synchronous Ethernet Support	297
Synchronous Ethernet Overview	297
Synchronization Status Message and Ethernet Synchronization Messaging Channel	298
Synchronization Status Message	299
Ethernet Synchronization Messaging Channel	299
Clock Selection Algorithm	299
Restrictions and Usage Guidelines	300
Configuring Synchronous Ethernet	300
Configuring Clock Recovery from SyncE	301
Configuring Clock Recovery from a BITS Port	303
Configuring a SyncE Using the Line-to-External Method	305
Managing Synchronization on the Cisco ASR 1000 Series Router	307
Verifying the SyncE Configuration	309
Troubleshooting the SyncE Configuration	312
Configuring Bridge Domain Interfaces	315
Restrictions for the Bridge Domain Interface	315
Information About a Bridge Domain Interface	315
Ethernet Virtual Circuit Overview	316
Assigning a MAC Address	316
Support for IP Protocols	316
Support for IP Forwarding	317
Packet Forwarding	317
Layer 2 to Layer 3	317
Layer 3 to Layer 2	317
Link States of a Bridge Domain and a Bridge Domain Interface	318
Bridge Domain Interface Statistics	318
Creating or Deleting a Bridge Domain Interface	318
Bridge Domain Interface Scalability	319
Configuring a Bridge Domain Interface	319
Monitoring and Maintaining Multilink Frame Relay	323
Feature Overview	323
Configuring Multilink Frame Relay	323
Monitoring and Maintaining Frame Relay and Multilink Frame Relay	323
Tracing and Trace Management	325
Tracing Overview	325
How Tracing Works	325
Tracing Levels	326
Viewing a Tracing Level	327
Setting a Tracing Level	328
Viewing the Content of the Trace Buffer	329
Configuring and Accessing the Web User Interface	331
Web User Interface Overview	331
Web User Interface General Overview	331
Legacy Web User Interface Overview	332
Graphics-Based Web User Interface Overview	333
Persistent Web User Interface Transport Maps Overview	334
Configuring the Router for Web User Interface Access	335
Authentication and the Web User Interface	337
Domain Name System and the Web User Interface	337
Clocks and the Web User Interface	337
Accessing the Web User Interface	338
Using Auto Refresh	339
Web User Interface Tips and Tricks	340
Unsupported Commands	341
Configuration Examples	345
Configuring the Router to Boot the Consolidated Package on the TFTP Server	345
Copying the Consolidated Package from the TFTP Server to the Router	349
Configuring the Router to Boot Using the Consolidated Package Stored on the Router	350
Extracting the SubPackages from a Consolidated Package into the Same File System	351
Extracting the SubPackages from a Consolidated Package into a Different File System	353
Configuring the Router to Boot Using the SubPackages	354
Backing Up Configuration Files	358
Copying a Startup Configuration File to Bootflash	358
Copying a Startup Configuration File to an USB Flash Disk	358
Copying a Startup Configuration File to a TFTP Server	359
Enabling a Second IOS Process on a Single RP Using SSO	359
ISSU-Consolidated Package Upgrade	363

Match case Limit results 1 per page

8-10

Cisco ASR 1000 Series Aggregation Services Routers Software Configuration Guide

OL-16506-10

Chapter 8

Console Port, Telnet, and SSH Handling

Configuring Persistent SSH

Examples

In the following example, a transport map that will make all SSH connections wait for the vty line to

become active before connecting to the router is configured and applied to the Management Ethernet

interface (interface gigabitethernet 0). The RSA keypair is named sshkeys.

This example only uses the commands required to configure persistent SSH.

Router(config)# transport-map type persistent ssh sshhandler

Router(config-tmap)# connection wait allow

Router(config-tmap)# rsa keypair-name sshkeys

Router(config-tmap)# transport interface gigabitethernet 0

In the following example, a transport map is configured that will apply the following settings to any users

attempting to access the Management Ethernet port via SSH:

•

Users using SSH will wait for the vty line to become active, but will enter diagnostic mode if the

attempt to access IOS through the vty line is interrupted.

•

The RSA keypair name is sshkeys

•

The connection allows one authentication retry.

•

The banner “

--Welcome to Diagnostic Mode--

” will appear if diagnostic mode is entered as a

result of SSH handling through this transport map.

•

The banner “

--Waiting for vty line--

” will appear if the connection is waiting for the vty line

to become active.

The transport map is then applied to the interface when the

transport type persistent ssh input

command is entered to enable persistent SSH:

Router(config)# transport-map type persistent ssh sshhandler

Router(config-tmap)# connection wait allow interruptible

Step 8

time-out

timeout-interval

Example:

Router(config-tmap)#

time-out 30

(Optional) Specifies the SSH time-out interval in seconds.

The default

timeout-interval

is 120 seconds.

Step 9

transport interface gigabitethernet 0

Example:

Router(config-tmap)#

transport interface

gigabitethernet 0

Applies the transport map settings to the Management

Ethernet interface (interface gigabitethernet 0).

Persistent SSH can only be applied to the Management

Ethernet interface on the Cisco ASR 1000 Series Routers.

Step 10

exit

Example:

Router(config-tmap)#

exit

Exits transport map configuration mode to re-enter global

configuration mode.

Step 11

transport type persistent ssh input

transport-map-name

Example:

Router(config)#

transport type persistent ssh

input sshhandler

Applies the settings defined in the transport map to the

Management Ethernet interface.

The

transport-map-name

for this command must match the

transport-map-name

defined in the

transport-map type

persistent ssh

command.

Command or Action

Purpose