Home » Cisco Manuals » Bridges & Routers » Cisco ASR1004-20G-SEC/K9 » Manual Viewer

Cisco ASR1004-20G-SEC/K9 Software Guide - Page 337

Authentication and the Web User Interface, Domain Name System and the Web User Interface, Clocks

View all Cisco ASR1004-20G-SEC/K9 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 337 highlights

Chapter 14 Configuring and Accessing the Web User Interface Authentication and the Web User Interface Router(config)# transport-map type persistent webui http-https-webui Router(config-tmap)# server Router(config-tmap)# secure-server Router(config-tmap)# exit Router(config)# transport type persistent webui input http-https-webui *Apr 22 02:47:22.981: %UICFGEXP-6-SERVER_NOTIFIED_START: R0/0: psd: Server wui has been notified to start Authentication and the Web User Interface Users attempting to access the web user interface for a router are subject to the same authentication requirements configured for that router. The web browser prompts all users for a name and password combination, and the web browser then looks to the router configuration to see if a user should or should not be granted access to the web user interface. Only users with a privilege level of 15 can access the web user interface. Otherwise, authentication of web user interface traffic is governed by the authentication configuration for all other traffic. To configure authentication on your router, see Configuring Authentication. http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfathen.html Domain Name System and the Web User Interface The Domain Name System (DNS) is a distributed database in which you can map hostnames to IP addresses through the DNS protocol from a DNS server. If the router is configured to participate in the Domain Name System, users can access the web user interface by entering http:// as the web browser address. For information on configuring DNS, see Configuring DNS. http://www.cisco.com/en/US/docs/ios/ipaddr/configuration/guide/iad_config_dns_ps6922_TSD_Produ cts_Configuration_Guide_Chapter.html Clocks and the Web User Interface Requests to view the web user interface can be rejected by certain web browsers if the time as seen by the web browser differs from the time as seen by the router by an hour or more. For this reason, we recommend checking the router time using the show clock command before configuring the router and, if the router time is not properly set, use the clock set and clock timezone commands for setting the router clock. Similarly, the web browser's clock source, which is usually the personal computer, must also have an accurate time to properly access the web user interface. The following message appears when the web browser and the router clocks are more than an hour apart: Your access is being denied for one of the following reasons: . Your previous session has timed-out, or . You have been logged out from elsewhere, or . You have not yet logged in, or . The resource requires a higher privilege level login. OL-16506-10 Cisco ASR 1000 Series Aggregation Services Routers Software Configuration Guide 14-7

Section	Page
Cisco ASR 1000 Series Aggregation Services Routers Software Configuration Guide	1
Contents	3
Preface	11
Objectives	11
Document Revision History	12
Organization	13
Related Documentation	14
Cisco ASR 1000 Series Routers Documentation	14
Conventions	15
Obtaining Documentation and Submitting a Service Request	16
Software Packaging and Architecture	17
Software Packaging on the Cisco ASR 1000 Series Routers	17
ASR 1000 Series Routers Software Overview	17
Consolidated Packages	18
Important Information About Consolidated Packages	18
Individual Software SubPackages Within a Consolidated Package	19
Important Notes About Individual SubPackages	19
Optional Software SubPackages Outside of Consolidated Packages	20
Important Notes About Optional SubPackages	20
Provisioning Files	20
Important Notes About Provisioning Files	21
ROMmon Image	21
File to Upgrade Field Programmable Hardware Devices	21
Processes Overview	22
IOS as a Process	23
Dual IOS Processes	24
File Systems on the Cisco ASR 1000 Series Router	24
Autogenerated File Directories and Files	25
Important Notes About Autogenerated Directories	25
Using Cisco IOS XE Software	27
Accessing the CLI Using a Router Console	27
Accessing the CLI Using a Directly-Connected Console	28
Connecting to the Console Port	28
Using the Console Interface	28
Accessing the CLI from a Remote Console Using Telnet	29
Preparing to Connect to the Router Console Using Telnet	29
Using Telnet to Access a Console Interface	29
Accessing the CLI from a Remote Console Using a Modem	30
Using the Auxiliary Port	30
Using Keyboard Shortcuts	31
Using the History Buffer to Recall Commands	31
Understanding the Command Mode	32
Understanding the Diagnostic Mode	33
Getting Help	34
Finding Command Options	34
Using the no and default Forms of Commands	37
Saving Configuration Changes	38
Managing Configuration Files	38
Filtering the Output of the show and more Commands	39
Powering Off a Router	40
Finding Support Information for Platforms and Cisco Software Images	40
Using the Cisco Feature Navigator	40
Using the Software Advisor	41
Using the Software Release Notes	41
Consolidated Packages and SubPackages Management	43
Running the Cisco ASR 1000 Series Routers: An Overview	43
Running the Cisco ASR 1000 Series Routers Using Individual and Optional SubPackages: An Overview	44
Running the Cisco ASR 1000 Series Routers Using a Consolidated Package: An Overview	44
Running the Cisco ASR 1000 Series Routers: A Summary	45
Software File Management Using Command Sets	46
The request platform Command Set	46
The copy Command	47
The issu Command Set	47
Managing and Configuring the Router to Run Using Consolidated Packages and Individual SubPackages	48
Quick Start Software Upgrade	48
Managing and Configuring a Router to Run Using a Consolidated Package	49
Managing and Configuring a Consolidated Package Using the copy Command	49
Managing and Configuring a Consolidated Package Using the request platform software package install Command	50
Managing and Configuring a Router to Run Using Individual SubPackages From a Consolidated Package	52
Extracting a Consolidated Package and Booting Using the Provisioning File	52
Copying a Set of Individual SubPackage Files, and Booting Using a Provisioning File	56
Managing and Configuring a Router to Run Using Optional SubPackages	56
Installing an Optional SubPackage	57
Uninstalling an Optional SubPackage	58
Troubleshooting Software Mismatch with ESP Board ASR1000-ESP10-N	60
Upgrading Individual SubPackages	60
Upgrading a SPA SubPackage	61
Software Upgrade Process	63
ISSU Upgrade for Redundant Platforms	64
Overview of ISSU on the Cisco ASR 1000 Series Routers	64
ISSU Rollback Timer Overview	65
Software Upgrade with Dual IOS Processes on a Single RP Overview	66
Cisco IOS XE Software Package Compatibility for ISSU	66
Prerequisites for ISSU	66
Restrictions for ISSU	67
ISSU Upgrade Procedures	67
Using ISSU to Perform a Consolidated Package Upgrade in a Dual Route Processor Configuration	67
Using ISSU to Upgrade the SubPackages in a Dual Route Processor Configuration	74
In Service One-Shot Software Upgrade Procedure	135
ISSU Procedures (Prior to Cisco IOS XE Release 2.1.2)	135
Using ISSU to Perform a Consolidated Package Upgrade in a Dual Route Processor Configuration (Prior to Cisco IOS XE 2.1.2)	136
Using ISSU to Upgrade SubPackages (Prior to Cisco IOS XE Release 2.1.2)	136
Upgrade Process With Service Impact for Nonredundant Platforms	137
Configuring SSO on a Cisco ASR 1001, Cisco ASR 1002, or Cisco ASR 1004 Router	138
Using SubPackages for Software Upgrade on a Cisco ASR 1001 Router	140
Using SubPackages for Software Upgrade on a Cisco ASR 1002 or Cisco ASR 1004 Router (software upgrade Command Set)	156
Using SubPackages for Software Upgrade on a Cisco ASR 1002 or Cisco ASR 1004 Router (request platform Command Set)	181
High Availability Overview	203
Hardware Redundancy Overview on the Cisco ASR 1000 Series Routers	203
Software Redundancy on the Cisco ASR 1000 Series Routers	205
Software Redundancy Overview	205
Second IOS Process on a Cisco ASR 1002 or 1004 Router	206
Route Processor Redundancy	207
Stateful Switchover	207
SSO-Aware Protocol and Applications	208
IPsec Failover	208
Bidirectional Forwarding Detection	208
Broadband Scalability and Performance	209
PPP Sessions and L2TP Tunnel Scaling	209
Restrictions for PPP Sessions and L2TP Tunnel Scaling	210
IP Sessions Scaling	211
Layer 4 Redirect Scaling	211
Configuring the Cisco ASR 1000 Series Router for High Scalability	211
Configuring Call Admission Control	212
Control Plane Policing	212
VPDN Group Session Limiting	213
PPPoE Session Limiting	213
Monitoring PPP Sessions Using the SNMP Management Tools	213
Configuring the Access Interface Input and Output Hold Queue	213
Configuring the keepalive Command	214
Scaling the L2TP Tunnel Configurations	214
Using the cisco-avpair=\	214
Enhancing the Scalability of Per-User Configurations	215
Setting the VRF and IP Unnumbered Interface Configurations in User Profiles	215
Setting the VRF and IP Unnumbered Interface Configurations in Virtual Interface Templates	216
Redefining User Profiles to Use the ip:vrf-id and ip:ip-unnumbered VSAs	216
Configuring Call Home	217
Information About Call Home	217
Benefits of Using Call Home	218
How to Obtain Smart Call Home Service	218
Prerequisites for Call Home	219
How to Configure Call Home	219
Configuring the Management Interface VRF	220
What To Do Next	221
Configuring a Destination Profile	221
Configuring a Destination Profile to Send Email Messages	221
Configuring a Destination Profile to Send HTTP Messages	226
Working With Destination Profiles	228
Subscribing to Alert Groups	231
Periodic Notification	232
Message Severity Threshold	232
Syslog Pattern Matching	232
Configuring Contact Information	235
Example	236
Configuring the Number of Call Home Messages Sent Per Minute	236
Enabling and Disabling Call Home	237
Sending Call Home Communications Manually	238
Sending a Call Home Test Message Manually	238
Sending Call Home Alert Group Messages Manually	238
Submitting Call Home Analysis and Report Requests	239
Sending the Output of a Command to Cisco or an E-Mail Address	240
How To Configure Call Home to Support the Smart Call Home Service	241
Prerequisites	241
Configure and Enable Call Home	242
Declare and Authenticate a CA Trustpoint	244
Examples	245
Start Smart Call Home Registration	246
What To Do Next	246
Displaying Call Home Configuration Information	247
Examples	248
Default Settings	252
Alert Group Trigger Events and Commands	253
Message Contents	255
Sample Syslog Alert Notification in Long Text Format	259
Sample Syslog Alert Notification in XML Format	263
Additional References	269
Related Documents	269
Standards	269
MIBs	270
RFCs	270
Technical Assistance	270
Feature Information for Call Home	270
Console Port, Telnet, and SSH Handling	273
Console Port Overview for the Cisco ASR 1000 Series Routers	273
Console Port Handling Overview	273
Telnet and SSH Overview for the Cisco ASR 1000 Series Routers	274
Persistent Telnet and Persistent SSH Overview	274
Configuring a Console Port Transport Map	275
Examples	276
Configuring Persistent Telnet	277
Prerequisites	277
Examples	279
Configuring Persistent SSH	280
Examples	282
Viewing Console Port, SSH, and Telnet Handling Configurations	283
Important Notes and Restrictions	288
Using the Management Ethernet Interface	289
Gigabit Ethernet Management Interface Overview	289
Gigabit Ethernet Port Numbering	290
IP Address Handling in ROMmon and the Management Ethernet Port	290
Gigabit Ethernet Management Interface VRF	290
Common Ethernet Management Tasks	291
Viewing the VRF Configuration	291
Viewing Detailed VRF Information for the Management Ethernet VRF	292
Setting a Default Route in the Management Ethernet Interface VRF	292
Setting the Management Ethernet IP Address	292
Telnetting over the Management Ethernet Interface	293
Pinging over the Management Ethernet Interface	293
Copy Using TFTP or FTP	293
NTP Server	293
SYSLOG Server	294
SNMP-Related Services	294
Domain Name Assignment	294
DNS service	294
RADIUS or TACACS+ Server	294
VTY lines with ACL	295
Synchronous Ethernet Support	297
Synchronous Ethernet Overview	297
Synchronization Status Message and Ethernet Synchronization Messaging Channel	298
Synchronization Status Message	299
Ethernet Synchronization Messaging Channel	299
Clock Selection Algorithm	299
Restrictions and Usage Guidelines	300
Configuring Synchronous Ethernet	300
Configuring Clock Recovery from SyncE	301
Configuring Clock Recovery from a BITS Port	303
Configuring a SyncE Using the Line-to-External Method	305
Managing Synchronization on the Cisco ASR 1000 Series Router	307
Verifying the SyncE Configuration	309
Troubleshooting the SyncE Configuration	312
Configuring Bridge Domain Interfaces	315
Restrictions for the Bridge Domain Interface	315
Information About a Bridge Domain Interface	315
Ethernet Virtual Circuit Overview	316
Assigning a MAC Address	316
Support for IP Protocols	316
Support for IP Forwarding	317
Packet Forwarding	317
Layer 2 to Layer 3	317
Layer 3 to Layer 2	317
Link States of a Bridge Domain and a Bridge Domain Interface	318
Bridge Domain Interface Statistics	318
Creating or Deleting a Bridge Domain Interface	318
Bridge Domain Interface Scalability	319
Configuring a Bridge Domain Interface	319
Monitoring and Maintaining Multilink Frame Relay	323
Feature Overview	323
Configuring Multilink Frame Relay	323
Monitoring and Maintaining Frame Relay and Multilink Frame Relay	323
Tracing and Trace Management	325
Tracing Overview	325
How Tracing Works	325
Tracing Levels	326
Viewing a Tracing Level	327
Setting a Tracing Level	328
Viewing the Content of the Trace Buffer	329
Configuring and Accessing the Web User Interface	331
Web User Interface Overview	331
Web User Interface General Overview	331
Legacy Web User Interface Overview	332
Graphics-Based Web User Interface Overview	333
Persistent Web User Interface Transport Maps Overview	334
Configuring the Router for Web User Interface Access	335
Authentication and the Web User Interface	337
Domain Name System and the Web User Interface	337
Clocks and the Web User Interface	337
Accessing the Web User Interface	338
Using Auto Refresh	339
Web User Interface Tips and Tricks	340
Unsupported Commands	341
Configuration Examples	345
Configuring the Router to Boot the Consolidated Package on the TFTP Server	345
Copying the Consolidated Package from the TFTP Server to the Router	349
Configuring the Router to Boot Using the Consolidated Package Stored on the Router	350
Extracting the SubPackages from a Consolidated Package into the Same File System	351
Extracting the SubPackages from a Consolidated Package into a Different File System	353
Configuring the Router to Boot Using the SubPackages	354
Backing Up Configuration Files	358
Copying a Startup Configuration File to Bootflash	358
Copying a Startup Configuration File to an USB Flash Disk	358
Copying a Startup Configuration File to a TFTP Server	359
Enabling a Second IOS Process on a Single RP Using SSO	359
ISSU-Consolidated Package Upgrade	363

Match case Limit results 1 per page

14-7

Cisco ASR 1000 Series Aggregation Services Routers Software Configuration Guide

OL-16506-10

Chapter 14

Configuring and Accessing the Web User Interface

Authentication and the Web User Interface

Router(config)#

transport-map type persistent webui http-https-webui

Router(config-tmap)#

server

Router(config-tmap)#

secure-server

Router(config-tmap)#

exit

Router(config)#

transport type persistent webui input http-https-webui

*Apr 22 02:47:22.981: %UICFGEXP-6-SERVER_NOTIFIED_START: R0/0: psd:

Server wui has been

notified to start

Authentication and the Web User Interface

Users attempting to access the web user interface for a router are subject to the same authentication

requirements configured for that router. The web browser prompts all users for a name and password

combination, and the web browser then looks to the router configuration to see if a user should or should

not be granted access to the web user interface.

Only users with a privilege level of 15 can access the web user interface. Otherwise, authentication of

web user interface traffic is governed by the authentication configuration for all other traffic.

To configure authentication on your router, see

Configuring Authentication

http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfathen.html

Domain Name System and the Web User Interface

The Domain Name System (DNS) is a distributed database in which you can map hostnames to IP

addresses through the DNS protocol from a DNS server.

If the router is configured to participate in the Domain Name System, users can access the web user

interface by entering

http://

dns-hostname

> as the web browser address.

For information on configuring DNS, see

Configuring DNS

http://www.cisco.com/en/US/docs/ios/ipaddr/configuration/guide/iad_config_dns_ps6922_TSD_Produ

cts_Configuration_Guide_Chapter.html

Clocks and the Web User Interface

Requests to view the web user interface can be rejected by certain web browsers if the time as seen by

the web browser differs from the time as seen by the router by an hour or more.

For this reason, we recommend checking the router time using the

show clock

command before

configuring the router and, if the router time is not properly set, use the

clock set

and

clock timezone

commands for setting the router clock.

Similarly, the web browser’s clock source, which is usually the personal computer, must also have an

accurate time to properly access the web user interface.

The following message appears when the web browser and the router clocks are more than an hour apart:

Your access is being denied for one of the following reasons:

. Your previous session has timed-out, or

. You have been logged out from elsewhere, or

. You have not yet logged in, or

. The resource requires a higher privilege level login.