Initial Config

OOB Management & SSH Config

 hostname router-1
 
 domain vrf management name davehome.net
 domain vrf management name-server 10.4.4.4
 domain vrf management name-server 10.8.8.8
 
 vrf management
  description OOB Management
  address-family ipv4 unicast
  !
 !
 
 control-plane
  management-plane
   out-of-band
    vrf management
    interface MgmtEth0/RP0/CPU0/0
    root
   !
  !
 !
 
 interface MgmtEth0/RP0/CPU0/0
  vrf management
  ipv4 address 10.16.0.2 255.255.255.0
  no shutdown
 !
 
 router static
  vrf management
   address-family ipv4 unicast
    0.0.0.0/0 10.16.0.1
   !
  !
 !
 
 ssh server v2
 ssh server vrf management

TACACS Config

 tacacs source-interface MgmtEth0/RP0/CPU0/0 vrf management
 
 aaa group server tacacs+ authservers
  vrf management
  server-private 10.9.1.1 port 49
   key 0 insert key here
  !
  server-private 10.9.2.2 port 49
   key 0 insert key here
  !
 !
 
 aaa accounting exec default start-stop group authservers
 aaa accounting system default start-stop group authservers
 aaa accounting commands default start-stop group authservers
 aaa authorization exec default group authservers local
 aaa authorization commands default group authservers local
 aaa authentication login default group authservers local

Smart Licensing

In config mode:

 call-home
  vrf management
  service active
  contact smart-licensing
  source-interface MgmtEth0/RP0/CPU0/0
  profile CiscoTAC-1
   active
   destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
   destination transport-method http
  !
 !
 crypto ca trustpoint Trustpool
  vrf management

In exec mode:

Our NCS' didn't ship with all the CA's, so we downloaded them:

 crypto ca trustpool import url http://www.cisco.com/security/pki/trs/ios.p7b

Check to make sure CA's were installed (should be more than five certs now):

 show crypto ca trustpool

Now license the router:

 license smart register idtoken insert_token_here

 show license status