Cisco IOS-XR
Initial Config
OOB Management & SSH Config
hostname router-1 domain vrf management name davehome.net domain vrf management name-server 10.4.4.4 domain vrf management name-server 10.8.8.8 vrf management description OOB Management address-family ipv4 unicast ! ! control-plane management-plane out-of-band vrf management interface MgmtEth0/RP0/CPU0/0 root ! ! ! interface MgmtEth0/RP0/CPU0/0 vrf management ipv4 address 10.16.0.2 255.255.255.0 no shutdown ! router static vrf management address-family ipv4 unicast 0.0.0.0/0 10.16.0.1 ! ! ! ssh server v2 ssh server vrf management
TACACS Config
tacacs source-interface MgmtEth0/RP0/CPU0/0 vrf management aaa group server tacacs+ authservers vrf management server-private 10.9.1.1 port 49 key 0 <insert key here> ! server-private 10.9.2.2 port 49 key 0 <insert key here> ! ! aaa accounting exec default start-stop group authservers aaa accounting system default start-stop group authservers aaa accounting commands default start-stop group authservers aaa authorization exec default group authservers local aaa authorization commands default group authservers local aaa authentication login default group authservers local
Smart Licensing
1. In config mode:
call-home vrf management service active contact smart-licensing source-interface MgmtEth0/RP0/CPU0/0 profile CiscoTAC-1 active destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService destination transport-method http ! ! crypto ca trustpoint Trustpool vrf management
2. In exec mode:
Our NCS' didn't ship with all the CA's, so we downloaded them:
crypto ca trustpool import url http://www.cisco.com/security/pki/trs/ios.p7b
3. Check to make sure CA's were installed (should be more than five certs now):
show crypto ca trustpool
4. Now license the router:
license smart register idtoken insert_token_here
show license status