Cisco IOS-XR
Initial Config
OOB Management & SSH Config
hostname router-1
domain vrf management name davehome.net
domain vrf management name-server 10.4.4.4
domain vrf management name-server 10.8.8.8
vrf management
description OOB Management
address-family ipv4 unicast
!
!
control-plane
management-plane
out-of-band
vrf management
interface MgmtEth0/RP0/CPU0/0
root
!
!
!
interface MgmtEth0/RP0/CPU0/0
vrf management
ipv4 address 10.16.0.2 255.255.255.0
no shutdown
!
router static
vrf management
address-family ipv4 unicast
0.0.0.0/0 10.16.0.1
!
!
!
ssh server v2
ssh server vrf management
TACACS Config
tacacs source-interface MgmtEth0/RP0/CPU0/0 vrf management aaa group server tacacs+ authservers vrf management server-private 10.9.1.1 port 49 key 0 insert key here ! server-private 10.9.2.2 port 49 key 0 insert key here ! ! aaa accounting exec default start-stop group authservers aaa accounting system default start-stop group authservers aaa accounting commands default start-stop group authservers aaa authorization exec default group authservers local aaa authorization commands default group authservers local aaa authentication login default group authservers local
Smart Licensing
In config mode:
call-home vrf management service active contact smart-licensing source-interface MgmtEth0/RP0/CPU0/0 profile CiscoTAC-1 active destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService destination transport-method http ! ! crypto ca trustpoint Trustpool vrf management
In exec mode:
Our NCS' didn't ship with all the CA's, so we downloaded them:
crypto ca trustpool import url http://www.cisco.com/security/pki/trs/ios.p7b
Check to make sure CA's were installed (should be more than five certs now):
show crypto ca trustpool
Now license the router:
license smart register idtoken insert_token_here
show license status