Page 1
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
First Published: 2017-03-01
Last Modified: 2017-07-01
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Page 2
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH
THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,
CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version
of the UNIX operating system. All rights reserved. Copyright©1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWAREOF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS.
CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT
LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS
HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network
topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional
and coincidental.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http://
www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1110R)
©
2017 Cisco Systems, Inc. All rights reserved.
Page 3
CONTENTS
Preface
CHAPTER 1
CHAPTER 2
CHAPTER 3
Preface ix
Changes to this Document ix
Obtaining Documentation and Submitting a Service Request ix
New and Changed System Management Features 1
System Management Features Added or Modified in IOS XR Release 6.2.x 1
Configuring Manageability 3
Information about XML Manageability 3
How to Configure Manageability 3
Configuring the XML Agent 3
Configuration Examples for Manageability 5
Enabling VRF on an XML Agent: Examples 5
Implementing Physical and Virtual Terminals 7
Prerequisites for Implementing Physical and Virtual Terminals 7
Information About Implementing Physical and Virtual Terminals 7
Line Templates 7
Line Template Configuration Mode 8
Line Template Guidelines 8
Terminal Identification 9
vty Pools 9
How to Implement Physical and Virtual Terminals on Cisco IOS XR Software 10
Modifying Templates 10
Creating and Modifying vty Pools 11
Monitoring Terminals and Terminal Sessions 13
Craft Panel Interface 14
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
iii
Page 4
Contents
Configuration Examples for Implementing Physical and Virtual Terminals 14
Additional References 16
CHAPTER 4
Implementing SNMP 19
Prerequisites for Implementing SNMP 19
Restrictions for SNMP use on Cisco IOS XR Software 19
Information about Implementing SNMP 20
SNMP Functional Overview 20
SNMP Manager 20
SNMP Agent 20
MIB 20
SNMP Versions 21
Comparison of SNMPv1, v2c, and v3 21
Security Models and Levels for SNMPv1, v2, v3 22
SNMPv3 Benefits 24
SNMPv3 Costs 24
User-Based Security Model 24
View-Based Access Control Model 25
MIB Views 25
Access Policy 25
IP Precedence and DSCP Support for SNMP 25
Session MIB support on subscriber sessions 26
SNMP Notifications 26
Session Types 27
How to Implement SNMP on Cisco IOS XR Software 27
Configuring SNMPv3 27
Configuring SNMPv3: Examples 29
Configuring SNMP Trap Notifications 33
Configuring Trap Notifications: Example 34
Setting the Contact, Location, and Serial Number of the SNMP Agent 35
Defining the Maximum SNMP Agent Packet Size 36
Changing Notification Operation Values 37
Setting IP Precedence and DSCP Values 38
Setting an IP Precedence Value for SNMP Traffic: Example 39
Setting an IP DSCP Value for SNMP Traffic: Example 39
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
iv
Page 5
Contents
Displaying SNMP Context Mapping 39
Monitoring Packet Loss 40
Configuring MIB Data to be Persistent 41
Configuring LinkUp and LinkDown Traps for a Subset of Interfaces 42
CHAPTER 5
CHAPTER 6
Implementing Object Tracking 45
Prerequisites for Implementing Object Tracking 45
Information about Object Tracking 45
How to Implement Object Tracking 46
Tracking the Line Protocol State of an Interface 46
Tracking IP Route Reachability 48
Building a Track Based on a List of Objects 49
Building a Track Based on a List of Objects - Threshold Percentage 51
Building a Track Based on a List of Objects - Threshold Weight 53
Configuration Examples for Configuring Object Tracking 55
Implementing CDP 57
Prerequisites for Implementing CDP 57
Information About Implementing CDP 57
How to Implement CDP on Cisco IOS XR Software 59
Enabling CDP 59
CHAPTER 7
Modifying CDP Default Settings 59
Monitoring CDP 61
Examples 62
Configuration Examples for Implementing CDP 63
Additional References 64
Configuring Periodic MIB Data Collection and Transfer 67
Prerequisites for Periodic MIB Data Collection and Transfer 67
Information About Periodic MIB Data Collection and Transfer 67
SNMP Objects and Instances 67
Bulk Statistics Object Lists 68
Bulk Statistics Schemas 68
Bulk Statistics Transfer Options 68
Benefits of Periodic MIB Data Collection and Transfer 68
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
v
Page 6
Contents
How to Configure Periodic MIB Data Collection and Transfer 69
Configuring a Bulk Statistics Object List 69
Configuring a Bulk Statistics Schema 70
Configuring Bulk Statistics Transfer Options 71
Periodic MIB Data Collection and Transfer: Example 74
CHAPTER 8
Configuring Flexible Command Line Interface 77
Flexible CLI Configuration Groups 77
Flexible Configuration Restrictions 77
Configuring a Configuration Group 79
Simple Configuration Group: Example 80
Configuration Group Applied to Different Places: Example 81
Verifying the Configuration of Configuration Groups 81
Regular Expressions in Configuration Groups 83
Configuration Examples Using Regular Expressions 89
Configuration Group with Regular Expression: Example 89
Configuration Group Inheritance with Regular Expressions: Example 90
Layer 2 Transport Configuration Group: Example 91
Configuration Group Precedence: Example 92
Changes to Configuration Group are Automatically Inherited: Example 92
Configuration Examples for Flexible CLI Configuration 93
Basic Flexible CLI Configuration: Example 93
CHAPTER 9
vi
Interface MTU Settings for Different Interface Types: Example 94
ACL Referencing: Example 96
Local Configuration Takes Precedence: Example 97
ISIS Hierarchical Configuration: Example 98
OSPF Hierarchy: Example 101
Link Bundling Usage: Example 104
Upgrading FPD 107
Prerequisites for FPD Image Upgrades 107
Overview of FPD Image Upgrade Support 107
Automatic FPD Upgrade 108
How to Upgrade FPD Images 109
Configuration Examples for FPD Image Upgrade 112
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
Page 7
Contents
show hw-module fpd Command Output: Example 112
show fpd package Command Output: Example 114
upgrade hw-module fpd Command Output: Example 144
show platform Command Output: Example 144
CHAPTER 10
Implementing NTP 145
Prerequisites for Implementing NTP on Cisco IOS XR Software 145
Information About Implementing NTP 145
NTP-PTP Interworking 146
Configuring Poll-Based Associations 147
Configuring Broadcast-Based NTP Associates 149
Configuring NTP Access Groups 151
Configuring NTP Authentication 153
Disabling NTP Services on a Specific Interface 155
Configuring the Source IP Address for NTP Packets 157
Configuring the System as an Authoritative NTP Server 158
Configuring NTP-PTP Interworking 159
Updating the Hardware Clock 161
Verifying the Status of the External Reference Clock 162
Examples 163
Configuration Examples for Implementing NTP 164
CHAPTER 11
Configuring NTP server inside VRF interface 166
Additional References 168
Frequency Synchronization 171
Using Synchronous Ethernet for Frequency Synchronization 171
Restrictions 172
Configuring Frequency Synchronization 172
Configuring Frequency Synchronization on an Interface 174
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
vii
Page 8
Contents
viii
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
Page 9
Preface
This guide describes the System Management configuration details for Cisco IOS XR software. This chapter
contains details on the changes made to this document.
Changes to this Document, page ix
•
Obtaining Documentation and Submitting a Service Request, page ix
•
Changes to this Document
Table 1: Changes to this Document
SummaryDate
Initial release of this document.March 2017
Republished for Release 6.2.2.July 2017
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service
request, and gathering additional information, see What's New in Cisco Product Documentation.
To receive new and revised Cisco technical content directly to your desktop, you can subscribe to the What's
New in Cisco Product Documentation RSS feed. RSS feeds are a free service.
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
ix
Page 10
Obtaining Documentation and Submitting a Service Request
Preface
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
x
Page 11
CHAPTER 1
New and Changed System Management Features
This chapter lists all the features that have been added or modified in this guide. The table also contains
references to these feature documentation sections.
System Management Features Added or Modified in IOS XR Release 6.2.x, page 1
•
System Management Features Added or Modified in IOS XR Release 6.2.x
Where DocumentedChanged in ReleaseDescriptionFeature
Configuring Frequency
Synchronization using
SyncE
using SyncE in devices connected by
Ethernet in a network. This chapter
describes the tasks required to
configure frequency synchronization.
Release 6.2.1Frequency is synchronized accurately
Using Synchronous
Ethernet for Frequency
Synchronization, on
page 171
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
1
Page 12
System Management Features Added or Modified in IOS XR Release 6.2.x
New and Changed System Management Features
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
2
Page 13
CHAPTER 2
Configuring Manageability
This module describes the configuration required to enable the Extensible Markup Language (XML) agent
services. The XML Parser Infrastructure provides parsing and generation of XML documents with Document
Object Model (DOM), Simple Application Programming Interface (API) for XML (SAX), and Document
Type Definition (DTD) validation capabilities:
DOM allows customers to programmatically create, manipulate, and generate XML documents.
•
SAX supports user-defined functions for XML tags.
•
DTD allows for validation of defined document types.
•
Information about XML Manageability, page 3
•
How to Configure Manageability, page 3
•
Configuration Examples for Manageability, page 5
•
Information about XML Manageability
The Cisco IOS XR Extensible Markup Language (XML) API provides a programmable interface to the router
for use by external management applications. This interface provides a mechanism for router configuration
and monitoring utilizing XML formatted request and response streams. The XML interface is built on top of
the Management Data API (MDA), which provides a mechanism for Cisco IOS XR components to publish
their data models through MDA schema definition files.
Cisco IOS XR software provides the ability to access the router via XML using a dedicated TCP connection,
Secure Socket Layer (SSL), or a specific VPN routing and forwarding (VRF) instance.
How to Configure Manageability
Configuring the XML Agent
This explains how to configure the XML agent.
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
3
Page 14
Configuring the XML Agent
SUMMARY STEPS
DETAILED STEPS
xml agent [ssl]
1.
iteration on size iteration-size
2.
session timeout timeout
3.
throttle {memory size | process-rate tags}
4.
vrf { vrfname | ipv4} [access-list access-list-name]
5.
PurposeCommand or Action
Configuring Manageability
Step 1
Step 2
Step 3
Step 4
Step 5
xml agent [ssl]
Example:
RP/0/RP0/CPU0:router(config)# xml agent
iteration on size iteration-size
Example:
RP/0/RP0/CPU0:router(config-xml-agent)#
iteration on size 500
session timeout timeout
Example:
RP/0/RP0/CPU0:router(config-xml-agent)#
session timeout 5
throttle {memory size | process-rate tags}
Example:
RP/0/RP0/CPU0:router(config-xml-agent)#
throttle memory 300
vrf { vrfname | ipv4} [access-list
access-list-name]
Example:
RP/0/RP0/CPU0:router(config-xml-agent)#
vrf mgmt-vrf
Enables Extensible Markup Language (XML) requests over a
dedicated TCP connection and enters XML agent configuration
mode. Use the ssl keyword to enable XML requests over Secure
Socket Layer (SSL).
Configures the iteration size for large XML agent responses in
KBytes. The default is 48.
Configures an idle timeout for the XML agent in minutes. By default,
there is no timeout.
Configures the XML agent processing capabilities.
Specify the memory size in Mbytes. Values can range from
•
100 to 600. The default is 300.
Specify the process-rate as the number of tags that the XML
•
agent can process per second. Values can range from 1000 to
30000. By default the process rate is not throttled.
Configures the dedicated agent or SSL agent to receive and send
messages via the specified VPN routing and forwarding (VRF)
instance.
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
4
Page 15
Configuring Manageability
Configuration Examples for Manageability
Enabling VRF on an XML Agent: Examples
The following example illustrates how to configure the dedicated XML agent to receive and send messages
via VRF1, VRF2 and the default VRF:
RP/0/RP0/CPU0:router(config)# xml agent
RP/0/RP0/CPU0:router(config-xml-agent)# vrf VRF1
RP/0/RP0/CPU0:router(config-xml-agent)# vrf VRF2
The following example illustrates how to remove access to VRF2 from the dedicated agent:
RP/0/RP0/CPU0:router(config)# xml agent ssl
RP/0/RP0/CPU0:router(config-xml-ssl)# vrf VRF1
RP/0/RP0/CPU0:router(config-xml-ssl-vrf)# vrf VRF2
RP/0/RP0/CPU0:router(config)# xml agent
RP/0/RP0/CPU0:router(config-xml-agent)# no vrf VRF1
The following example shows how to configure the XML SSL agent to receive and send messages through
VRF1, VRF2 and the default VRF:
RP/0/RP0/CPU0:router(config)# xml agent ssl
RP/0/RP0/CPU0:router(config-xml-agent)# vrf VRF1
RP/0/RP0/CPU0:router(config-xml-agent)# vrf VRF2
The following example removes access for VRF2 from the dedicated XML agent:
RP/0/RP0/CPU0:router(config)# xml agent ssl
RP/0/RP0/CPU0:router(config-xml-agent)# no vrf VRF2
Configuration Examples for Manageability
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
5
Page 16
Enabling VRF on an XML Agent: Examples
Configuring Manageability
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
6
Page 17
CHAPTER 3
Implementing Physical and Virtual Terminals
Line templates define standard attribute settings for incoming and outgoing transport over physical and
virtual terminal lines (vtys). Vty pools are used to apply template settings to ranges of vtys.
This module describes the tasks you need to implement physical and virtual terminals on your Cisco IOS
XR network.
Prerequisites for Implementing Physical and Virtual Terminals, page 7
•
Information About Implementing Physical and Virtual Terminals, page 7
•
How to Implement Physical and Virtual Terminals on Cisco IOS XR Software, page 10
•
Craft Panel Interface, page 14
•
Configuration Examples for Implementing Physical and Virtual Terminals, page 14
•
Additional References, page 16
•
Prerequisites for Implementing Physical and Virtual Terminals
You must be in a user group associated with a task group that includes the proper task IDs. The command
reference guides include the task IDs required for each command. If you suspect user group assignment is
preventing you from using a command, contact your AAA administrator for assistance.
Information About Implementing Physical and Virtual Terminals
To implement physical and virtual terminals, you need to understand the concepts in this section.
Line Templates
The following line templates are available in the Cisco IOS XR software.
• Default line template—The default line template that applies to a physical and virtual terminal lines.
• Console line template—The line template that applies to the console line.
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
7
Page 18
Line Template Configuration Mode
• User-defined line templates—User-defined line templates that can be applied to a range of virtual terminal
lines.
Line Template Configuration Mode
Changes to line template attributes are made in line template configuration mode. To enter line template
configuration mode, issue the line command from XR Config mode, specifying the template to be modified.
These line templates can be configured with the line command:
• console—console template
• default—default template
• template—user-defined template
After you specify a template with the line command, the router enters line template configuration mode
where you can set the terminal attributes for the specified line. This example shows how to specify the attributes
for the console:
Implementing Physical and Virtual Terminals
RP/0/RP0/CPU0:router(config)# line console
RP/0/RP0/CPU0:router(config-line)#
From line template configuration mode, use the online help feature ( ? ) to view all available options. Some
useful options include:
• absolute-timeout—Specifies a timeout value for line disconnection.
• escape-character—Changes the line escape character.
• exec-timeout—Specifies the EXEC timeout.
• length—Sets the number of lines displayed on the screen.
• session-limit—Specifies the allowable number of outgoing connections.
• session-timeout—Specifies an interval for closing the connection if there is no input traffic.
• timestamp—Displays the timestamp before each command.
• width—Specifies the width of the display terminal.
Line Template Guidelines
The following guidelines apply to modifying the console template and to configuring a user-defined template:
Modify the templates for the physical terminal lines on the router (the console port) from line template
•
configuration mode. Use the line console command from XR Config mode to enter line template
configuration mode for the console template.
Modify the template for virtual lines by configuring a user-defined template with the line template-name
•
command, configuring the terminal attributes for the user-defined template from line template
configuration, and applying the template to a range of virtual terminal lines using the vty pool command.
Attributes not defined in the console template, or any virtual template, are taken from the default template.
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
8
Page 19
Implementing Physical and Virtual Terminals
The default settings for the default template are described for all commands in line template configuration
mode in the Terminal Services Commands on module in System Management Command Reference for
Cisco NCS 5000 Series Routers.
Terminal Identification
Note
Before creating or modifying the vty pools, enable the telnet server using the telnet server command in
XR Config mode. See IP Addresses and Services Configuration Guide for Cisco NCS 5000 Series Routers
and IP Addresses and Services Command Reference for Cisco NCS 5000 Series Routers for more
information.
Terminal Identification
The physical terminal lines for the console port is identified by its location, expressed in the format of
rack/slot/module , on the active or standby route processor (RP) where the respective console port resides.
For virtual terminals, physical location is not applicable; the Cisco IOS XR software assigns a vty identifier
to vtys according to the order in which the vty connection has been established.
vty Pools
Each virtual line is a member of a pool of connections using a common line template configuration. Multiple
vty pools may exist, each containing a defined number of vtys as configured in the vty pool. The Cisco IOS XR
software supports the following vty pools by default:
• Default vty pool—The default vty pool consists of five vtys (vtys 0 through 4) that each reference the
default line template.
• Default fault manager pool—The default fault manager pool consists of six vtys (vtys 100 through 105)
that each reference the default line template.
In addition to the default vty pool and default fault manager pool, you can also configure a user-defined vty
pool that can reference the default template or a user-defined template.
When configuring vty pools, follow these guidelines:
The vty range for the default vty pool must start at vty 0 and must contain a minimum of five vtys.
•
The vty range from 0 through 99 can reference the default vty pool.
•
The vty range from 5 through 99 can reference a user-defined vty pool.
•
The vty range from 100 is reserved for the fault manager vty pool.
•
The vty range for fault manager vty pools must start at vty 100 and must contain a minimum of six vtys.
•
A vty can be a member of only one vty pool. A vty pool configuration will fail if the vty pool includes
•
a vty that is already in another pool.
If you attempt to remove an active vty from the active vty pool when configuring a vty pool, the
•
configuration for that vty pool will fail.
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
9
Page 20
Implementing Physical and Virtual Terminals
How to Implement Physical and Virtual Terminals on Cisco IOS XR Software
How to Implement Physical and Virtual Terminals on Cisco IOS
XR Software
Modifying Templates
This task explains how to modify the terminal attributes for the console and default line templates. The terminal
attributes that you set will modify the template settings for the specified template.
SUMMARY STEPS
configure
1.
line {console | default}
2.
Configure the terminal attribute settings for the specified template using the commands in line template
3.
configuration mode.
Use one of the following commands:
4.
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4
configure
Example:
RP/0/RP0/CPU0:router(config)# line
console
or
RP/0/RP0/CPU0:router(config)# line
default
Configure the terminal attribute settings for
the specified template using the commands in
line template configuration mode.
end
•
commit
•
PurposeCommand or Action
Enters line template configuration mode for the specified line template.line {console | default}
• console —Enters line template configuration mode for the console
template.
• default —Enters line template configuration mode for the default
line template.
—
Saves configuration changes.Use one of the following commands:
end
•
commit
•
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
10
When you issue the end command, the system prompts you to
•
commit changes:
Uncommitted changes found, commit them
Page 21
Implementing Physical and Virtual Terminals
Example:
RP/0/RP0/CPU0:router(config-line)# end
or
RP/0/RP0/CPU0:router(config-line)#
commit
Creating and Modifying vty Pools
PurposeCommand or Action
before exiting(yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to the running
◦
configuration file, exits the configuration session, and returns
the router to EXEC mode.
Entering no exits the configuration session and returns the
◦
router to EXEC mode without committing the configuration
changes.
Entering cancel leaves the router in the current configuration
◦
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to
•
the running configuration file and remain within the configuration
session.
Creating and Modifying vty Pools
This task explains how to create and modify vty pools.
You can omit Step 3, on page 12 to Step 5, on page 12 if you are configuring the default line template to
reference a vty pool.
SUMMARY STEPS
configure
1.
telnet {ipv4 | ipv6} server max-servers limit
2.
line template template-name
3.
Configure the terminal attribute settings for the specified line template using the commands in line template
4.
configuration mode.
exit
5.
vty-pool {default | pool-name | eem} first-vty last-vty [line-template {default | template-name}]
6.
commit
7.
DETAILED STEPS
Step 1
configure
PurposeCommand or Action
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
11
Page 22
Creating and Modifying vty Pools
Implementing Physical and Virtual Terminals
PurposeCommand or Action
Step 2
Step 3
Step 4
Step 5
Step 6
telnet {ipv4 | ipv6} server max-servers limit
Example:
RP/0/RP0/CPU0:router(config)# telnet
ipv4 server max-servers 10
line template template-name
Example:
RP/0/RP0/CPU0:router(config)# line
template 1
Configure the terminal attribute settings for the
specified line template using the commands in
line template configuration mode.
exit
Example:
RP/0/RP0/CPU0:router(config-line)# exit
vty-pool {default | pool-name | eem} first-vty
last-vty [line-template {default |
template-name}]
Specifies the number of allowable Telnet servers. Up to 100 Telnet
servers are allowed.
Note
By default no Telnet servers are allowed. You must configure
this command in order to enable the use of Telnet servers.
Enters line template configuration mode for a user-defined template.
—
Exits line template configuration mode and returns the router to global
configuration mode.
Creates or modifies vty pools.
If you do not specify a line template with the line-template
•
keyword, a vty pool defaults to the default line template.
Example:
RP/0/RP0/CPU0:router(config)# vty-pool
default 0 5 line-template default
or
RP/0/RP0/CPU0:router(config)# vty-pool
pool1 5 50 line-template template1
or
RP/0/RP0/CPU0:router(config)# vty-pool
eem 100 105 line-template template1
• default —Configures the default vty pool.
The default vty pool must start at vty 0 and must contain a
◦
minimum of five vtys (vtys 0 through 4).
You can resize the default vty pool by increasing the range
◦
of vtys that compose the default vty pool.
• pool-name —Creates a user-defined vty pool.
A user-defined pool must start at least at vty 5, depending
◦
on whether the default vty pool has been resized.
If the range of vtys for the default vty pool has been resized,
◦
use the first range value free from the default line template.
For example, if the range of vtys for the default vty pool has
been configured to include 10 vtys (vty 0 through 9), the
range value for the user-defined vty pool must start with vty
10.
• eem —Configures the embedded event manager pool.
The default embedded event manager vty pool must start at
◦
vty 100 and must contain a minimum of six vtys (vtys 100
through 105).
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
12
Page 23
Implementing Physical and Virtual Terminals
Monitoring Terminals and Terminal Sessions
PurposeCommand or Action
• line-template template-name —Configures the vty pool to
reference a user-defined template.
Step 7
commit
Monitoring Terminals and Terminal Sessions
This task explains how to monitor terminals and terminal sessions using the show EXEC commands available
for physical and terminal lines.
The commands can be entered in any order.Note
SUMMARY STEPS
(Optional) show line [aux location node-id | console location node-id | vty number]
1.
(Optional) show terminal
2.
(Optional) show users
3.
DETAILED STEPS
PurposeCommand or Action
Step 1
show line [aux location node-id | console
location node-id | vty number]
Example:
RP/0/RP0/CPU0:router# show line
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
(Optional)
Displays the terminal parameters of terminal lines.
Specifying the show line aux location node-id EXEC command
•
displays the terminal parameters of the auxiliary line.
Specifying the show line console location node-id EXEC command
•
displays the terminal parameters of the console.
For the location node-id keyword and argument, enter the location
◦
of the Route Processor (RP) on which the respective auxiliary or
console port resides.
The node-id argument is expressed in the format of
◦
rack/slot/module .
Specifying the show line vty number EXEC command displays the
•
terminal parameters for the specified vty.
13
Page 24
Craft Panel Interface
Implementing Physical and Virtual Terminals
PurposeCommand or Action
Step 2
Step 3
show terminal
Example:
RP/0/RP0/CPU0:router# show terminal
show users
Example:
RP/0/RP0/CPU0:router# show users
(Optional)
Displays the terminal attribute settings for the current terminal line.
(Optional)
Displays information about the active lines on the router.
Craft Panel Interface
The Craft Panel is an easily-accessible and user-friendly interface which assists the field operator in
troubleshooting the router. It consists of a LCD display and three LEDs. The LEDs indicate minor, major and
critical alarms.
For more details of the Craft Panel Interface, refer the Hardware and System set-up guides.
Configuration Examples for Implementing Physical and Virtual Terminals
Modifying the Console Template: Example
This configuration example shows how to modify the terminal attribute settings for the console line template:
line console
exec-timeout 0 0
escape-character 0x5a
session-limit 10
disconnect-character 0x59
session-timeout 100
transport input telnet
transport output telnet
In this configuration example, the following terminal attributes are applied to the console line template:
The EXEC time out for terminal sessions is set to 0 minutes, 0 seconds. Setting the EXEC timeout to 0
•
minutes and 0 seconds disables the EXEC timeout function; thus, the EXEC session for the terminal
session will never time out.
The escape character is set to the 0x5a hexadecimal value (the 0x5a hexadecimal value translates into
•
the “Z” character).
The session limit for outgoing terminal sessions is set to 10 connections.
•
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
14
Page 25
Implementing Physical and Virtual Terminals
The disconnect character is set to 0x59 hexadecimal value (the 0x59 hexadecimal character translates
•
into the “Y” character).
The session time out for outgoing terminal sessions is set to 100 minutes (1 hour and 40 minutes).
•
The allowed transport protocol for incoming terminal sessions is Telnet.
•
The allowed transport protocol for outgoing terminal sessions is Telnet.
•
To verify that the terminal attributes for the console line template have been applied to the console, use the
show line command:
RP/0/RP0/CPU0:router# show line console location 0/0/CPU0
Tty Speed Modem Uses Noise Overruns Acc I/O
* con0/0/CPU0 9600 - - - 0/0 -/-
Line con0_0_CPU0, Location "Unknown", Type "Unknown"
Length: 24 lines, Width: 80 columns
Baud rate (TX/RX) is 9600, 1 parity, 2 stopbits, 8 databits
Template: console
Config:
Allowed transports are telnet.
Configuration Examples for Implementing Physical and Virtual Terminals
Modifying the Default Template: Example
This configuration example shows how to override the terminal settings for the default line template:
line default
exec-timeout 0 0
width 512
length 512
In this example, the following terminal attributes override the default line template default terminal attribute
settings:
The EXEC timeout for terminal sessions is set to 0 minutes and 0 seconds. Setting the EXEC timeout
•
to 0 minutes and 0 seconds disables the EXEC timeout function; thus, the EXEC session for the terminal
session will never time out (the default EXEC timeout for the default line template is 10 minutes).
The width of the terminal screen for the terminals referencing the default template is set to 512 characters
•
(the default width for the default line template is 80 characters).
The length, the number of lines that will display at one time on the terminal referencing the default
•
template, is set to 512 lines (the default length for the default line template is 24 lines).
Configuring a User-Defined Template to Reference the Default vty Pool: Example
This configuration example shows how to configure a user-defined line template (named test in this example)
for vtys and to configure the line template test to reference the default vty pool:
line template test
exec-timeout 100 0
width 100
length 100
exit
vty-pool default 0 4 line-template test
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
15
Page 26
Additional References
Implementing Physical and Virtual Terminals
Configuring a User-Defined Template to Reference a User-Defined vty Pool: Example
This configuration example shows how to configure a user-defined line template (named test2 in this example)
for vtys and to configure the line template test to reference a user-defined vty pool (named pool1 in this
example):
line template test2
exec-timeout 0 0
session-limit 10
session-timeout 100
transport input all
transport output all
exit
vty-pool pool1 5 50 line-template test2
Configuring a User-Defined Template to Reference the Fault Manager vty Pool: Example
This configuration example shows how to configure a user-defined line template (named test3 in this example)
for vtys and to configure the line template test to reference the fault manager vty pool:
line template test3
width 110
length 100
session-timeout 100
exit
vty-pool eem 100 106 line-template test3
Additional References
The following sections provide references related to implementing physical and virtual terminals on
Cisco IOS XR software.
Related Documents
Cisco IOS XR terminal services commands
Cisco IOS XR command master index
Information about getting started with Cisco IOS XR
software
Information about user groups and task IDs
Document TitleRelated Topic
Terminal Services Commands on module of System
Management Command Reference for Cisco NCS
5000 Series Routers
Configuring AAA Services on module of System
Security Configuration Guide for Cisco NCS 5000
Series Routers
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
16
Page 27
Implementing Physical and Virtual Terminals
Standards
Additional References
TitleStandards
No new or modified standards are supported by this
feature, and support for existing standards has not
been modified by this feature.
MIBs
—
RFCs
No new or modified RFCs are supported by this
feature, and support for existing RFCs has not been
modified by this feature.
—
MIBs LinkMIBs
To locate and download MIBs using Cisco IOS XR
software, use the Cisco MIB Locator found at the
following URL and choose a platform under the
Cisco Access Products menu: http://cisco.com/public/
sw-center/netmgmt/cmtk/mibs.shtml
TitleRFCs
—
Technical Assistance
The Cisco Technical Support website contains
thousands of pages of searchable technical content,
including links to products, technologies, solutions,
technical tips, and tools. Registered Cisco.com users
can log in from this page to access even more content.
LinkDescription
http://www.cisco.com/cisco/web/support/index.html
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
17
Page 28
Additional References
Implementing Physical and Virtual Terminals
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
18
Page 29
CHAPTER 4
Implementing SNMP
Simple Network Management Protocol (SNMP) is an application-layer protocol that provides a message
format for communication between SNMP managers and agents. SNMP provides a standardized framework
and a common language used for the monitoring and management of devices in a network.
This module describes the tasks you need to implement SNMP on your Cisco IOS XR network.
Prerequisites for Implementing SNMP, page 19
•
Restrictions for SNMP use on Cisco IOS XR Software, page 19
•
Information about Implementing SNMP, page 20
•
Session MIB support on subscriber sessions , page 26
•
How to Implement SNMP on Cisco IOS XR Software, page 27
•
Prerequisites for Implementing SNMP
You must be in a user group associated with a task group that includes the proper task IDs. The command
reference guides include the task IDs required for each command. If you suspect user group assignment is
preventing you from using a command, contact your AAA administrator for assistance.
Restrictions for SNMP use on Cisco IOS XR Software
SNMP outputs are only 32-bits wide and therefore cannot display any information greater than 232. 232is
equal to 4.29 Gigabits.
Note
A10 Gigabit interface is greater than 232, so if you are trying to display speed information regarding the
interface, you might see concatenated results.
To display correct speed of an interface greater than 10 Gigabit, ifHighSpeed can be used.
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
19
Page 30
Information about Implementing SNMP
Information about Implementing SNMP
To implement SNMP, you need to understand the concepts described in this section.
SNMP Functional Overview
The SNMP framework consists of three parts:
SNMP manager
•
SNMP agent
•
Management Information Base (MIB)
•
SNMP Manager
Implementing SNMP
SNMP Agent
MIB
The SNMP manager is the system used to control and monitor the activities of network hosts using SNMP.
The most common managing system is called a network management system (NMS). The term NMS can be
applied to either a dedicated device used for network management, or the applications used on such a device.
A variety of network management applications are available for use with SNMP. These features range from
simple command-line applications to feature-rich graphical user interfaces (such as the CiscoWorks 2000 line
of products).
The SNMP agent is the software component within the managed device that maintains the data for the device
and reports these data, as needed, to managing systems. The agent and MIB reside on the router. To enable
the SNMP agent, you must define the relationship between the manager and the agent.
The Management Information Base (MIB) is a virtual information storage area for network management
information, which consists of collections of managed objects. Within the MIB there are collections of related
objects, defined in MIB modules. MIB modules are written in the SNMP MIB module language, as defined
in STD 58, RFC 2578, RFC 2579, and RFC 2580. Note that individual MIB modules are also referred to as
MIBs; for example, the Interfaces Group MIB (IF-MIB) is a MIB module within the MIB on your system.
The SNMP agent contains MIB variables whose values the SNMP manager can request or change through
Get or Set operations. A manager can get a value from an agent or store a value into that agent. The agent
gathers data from the MIB, the repository for information about device parameters and network data. The
agent can also respond to manager requests to get or set data.
Figure 1 illustrates the communications relationship between the SNMP manager and agent. A manager can
send the agent requests to get and set MIB values. The agent can respond to these requests. Independent of
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
20
Page 31
Implementing SNMP
this interaction, the agent can send unsolicited notifications (traps) to the manager to notify the manager of
network conditions.
Figure 1: Communication Between an SNMP Agent and Manager
SNMP Versions
Cisco IOS XR software supports the following versions of SNMP:
Simple Network Management Protocol Version 1 (SNMPv1)
•
Simple Network Management Protocol Version 2c (SNMPv2c)
•
SNMP Versions
Simple Network Management Protocol Version 3 (SNMPv3)
•
Both SNMPv1 and SNMPv2c use a community-based form of security. The community of managers able to
access the agent MIB is defined by an IP address access control list and password.
SNMPv2c support includes a bulk retrieval mechanism and more detailed error message reporting to
management stations. The bulk retrieval mechanism supports the retrieval of tables and large quantities of
information, minimizing the number of round-trips required. The SNMPv2c improved error handling support
includes expanded error codes that distinguish different kinds of error conditions; these conditions are reported
through a single error code in SNMPv1. Error return codes now report the error type. Three kinds of exceptions
are also reported: no such object exceptions, no such instance exceptions, and end of MIB view exceptions.
SNMPv3 is a security model. A security model is an authentication strategy that is set up for a user and the
group in which the user resides. A security level is the permitted level of security within a security model. A
combination of a security model and a security level will determine which security mechanism is employed
when an SNMP packet is handled. See Table 1 for a list of security levels available in SNMPv3. The SNMPv3
feature supports RFCs 3411 to 3418.
You must configure the SNMP agent to use the version of SNMP supported by the management station. An
agent can communicate with multiple managers; for this reason, you can configure the Cisco IOS-XR software
to support communications with one management station using the SNMPv1 protocol, one using the SNMPv2c
protocol, and another using SMNPv3.
Comparison of SNMPv1, v2c, and v3
SNMP v1, v2c, and v3 all support the following operations:
• get-request—Retrieves a value from a specific variable.
• get-next-request—Retrieves the value following the named variable; this operation is often used to
retrieve variables from within a table. With this operation, an SNMP manager does not need to know
the exact variable name. The SNMP manager searches sequentially to find the needed variable from
within the MIB.
• get-response—Operation that replies to a get-request, get-next-request, and set-request sent by an NMS.
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
21
Page 32
SNMP Versions
Implementing SNMP
• set-request—Operation that stores a value in a specific variable.
• trap—Unsolicited message sent by an SNMP agent to an SNMP manager when some event has occurred.
Table 1 identifies other key SNMP features supported by the SNMP v1, v2c, and v3.
Table 2: SNMPv1, v2c, and v3 Feature Support
SNMP v3SNMP v2cSNMP v1Feature
YesYesNoGet-Bulk Operation
NoInform Operation
Controls (Views)
Security Models and Levels for SNMPv1, v2, v3
The security level determines if an SNMP message needs to be protected from disclosure and if the message
needs to be authenticated. The various security levels that exist within a security model are as follows:
• noAuthNoPriv—Security level that does not provide authentication or encryption.
• authNoPriv—Security level that provides authentication but does not provide encryption.
Yes (No on the
Cisco IOS XR software)
Yes (No on the
Cisco IOS XR software)
YesYesNo64 Bit Counter
YesYesNoTextual Conventions
YesNoNoAuthentication
YesNoNoPrivacy (Encryption)
YesNoNoAuthorization and Access
• authPriv—Security level that provides both authentication and encryption.
Three security models are available: SNMPv1, SNMPv2c, and SNMPv3. The security model combined with
the security level determine the security mechanism applied when the SNMP message is processed.
Table 1 identifies what the combinations of security models and levels mean.
Table 3: SNMP Security Models and Levels
What HappensEncryptionAuthenticationLevelModel
NoCommunity stringnoAuthNoPrivv1
Uses a community
string match for
authentication.
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
22
Page 33
Implementing SNMP
SNMP Versions
What HappensEncryptionAuthenticationLevelModel
NoCommunity stringnoAuthNoPrivv2c
Uses a community
string match for
authentication.
NoUsernamenoAuthNoPrivv3
Uses a username
match for
authentication.
authNoPrivv3
NoHMAC-MD5 or
HMAC-SHA
Provides
authentication based
on the
HMAC1-MD5
2
algorithm or the
HMAC-SHA3.
authPrivv3
DESHMAC-MD5 or
HMAC-SHA
Provides
authentication based
on the HMAC-MD5
or HMAC-SHA
algorithms. Provides
DES456-bit
encryption in
addition to
authentication based
on the CBC5DES
(DES-56) standard.
1
Hash-Based Message Authentication Code
2
Message Digest 5
3
Secure Hash Algorithm
4
Data Encryption Standard
5
Cipher Block Chaining
authPrivv3
3DESHMAC-MD5 or
HMAC-SHA
Provides
authentication based
on the HMAC-MD5
or HMAC-SHA
algorithms. Provides
168-bit 3DES6level
of encryption.
authPrivv3
AESHMAC-MD5 or
HMAC-SHA
Provides
authentication based
on the HMAC-MD5
or HMAC-SHA
algorithms. Provides
128-bit AES7level
of encryption.
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
23
Page 34
SNMPv3 Benefits
6
Triple Data Encryption Standard
7
Advanced Encryption Standard
Use of 3DES and AES encryption standards requires that the security package (k9sec) be installed. For
information on installing software packages, see Upgrading and Managing Cisco IOS XR Software.
SNMPv3 Benefits
SNMPv3 provides secure access to devices by providing authentication, encryption and access control. These
added security benefits secure SNMP against the following security threats:
• Masquerade—The threat that an SNMP user may assume the identity of another SNMP user to perform
• Message stream modification—The threat that messages may be maliciously reordered, delayed, or
• Disclosure—The threat that exchanges between SNMP engines could be eavesdropped. Protecting
Implementing SNMP
management operations for which that SNMP user does not have authorization.
replayed (to an extent that is greater than can occur through the natural operation of a subnetwork service)
to cause SNMP to perform unauthorized management operations.
against this threat may be required as a matter of local policy.
SNMPv3 Costs
In addition, SNMPv3 provides access control over protocol operations on SNMP managed objects.
SNMPv3 authentication and encryption contribute to a slight increase in the response time when SNMP
operations on MIB objects are performed. This cost is far outweighed by the security advantages provided
by SNMPv3.
Table 1 shows the order of response time (from least to greatest) for the various security model and security
level combinations.
Table 4: Order of Response Times from Least to Greatest
Security LevelSecurity Model
noAuthNoPrivSNMPv2c
noAuthNoPrivSNMPv3
authNoPrivSNMPv3
authPrivSNMPv3
User-Based Security Model
SNMPv3 User-Based Security Model (USM) refers to SNMP message-level security and offers the following
services:
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
24
Page 35
Implementing SNMP
• Message integrity—Ensures that messages have not been altered or destroyed in an unauthorized manner
and that data sequences have not been altered to an extent greater than can occur nonmaliciously.
• Message origin authentication—Ensures that the claimed identity of the user on whose behalf received
data was originated is confirmed.
• Message confidentiality—Ensures that information is not made available or disclosed to unauthorized
individuals, entities, or processes.
SNMPv3 authorizes management operations only by configured users and encrypts SNMP messages.
USM uses two authentication protocols:
HMAC-MD5-96 authentication protocol
•
HMAC-SHA-96 authentication protocol
•
USM uses Cipher Block Chaining (CBC)-DES (DES-56) as the privacy protocol for message encryption.
View-Based Access Control Model
IP Precedence and DSCP Support for SNMP
The View-Based Access Control Model (VACM) enables SNMP users to control access to SNMP managed
objects by supplying read, write, or notify access to SNMP objects. It prevents access to objects restricted by
views. These access policies can be set when user groups are configured with the snmp-server group
command.
MIB Views
For security reasons, it is often valuable to be able to restrict the access rights of some groups to only a subset
of the management information within the management domain. To provide this capability, access to a
management object is controlled through MIB views, which contain the set of managed object types (and,
optionally, the specific instances of object types) that can be viewed.
Access Policy
Access policy determines the access rights of a group. The three types of access rights are as follows:
• read-view access—The set of object instances authorized for the group when objects are read.
• write-view access—The set of object instances authorized for the group when objects are written.
• notify-view access—The set of object instances authorized for the group when objects are sent in a
notification.
IP Precedence and DSCP Support for SNMP
SNMP IP Precedence and differentiated services code point (DSCP) support delivers QoS specifically for
SNMP traffic. You can change the priority setting so that SNMP traffic generated in a router is assigned a
specific QoS class. The IP Precedence or IP DSCP code point value is used to determine how packets are
handled in weighted random early detection (WRED).
After the IP Precedence or DSCP is set for the SNMP traffic generated in a router, different QoS classes
cannot be assigned to different types of SNMP traffic in that router.
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
25
Page 36
Session MIB support on subscriber sessions
The IP Precedence value is the first three bits in the type of service (ToS) byte of an IP header. The IP DSCP
code point value is the first six bits of the differentiate services (DiffServ Field) byte. You can configure up
to eight different IP Precedence markings or 64 different IP DSCP markings.
Session MIB support on subscriber sessions
SNMP monitoring requires information about subscribers of all types. The
CISCO-SUBSCRIBER-SESSION-MIB is defined to model per-subscriber data as well as aggregate subscriber
(PPPoE) data. It is required to support notifications (traps) for aggregate session counts crossing configured
thresholds. Generic MIB Data Collector Manager (DCM) support for CISCO-SUBSCRIBER-SESSION-MIB,
helps faster data collection and also better handling of parallel data.
SNMP Notifications
A key feature of SNMP is the ability to generate notifications from an SNMP agent. These notifications do
not require that requests be sent from the SNMP manager. On Cisco IOS XR software, unsolicited
(asynchronous) notifications can be generated only as traps. Traps are messages alerting the SNMP manager
to a condition on the network. Notifications can indicate improper user authentication, restarts, the closing of
a connection, loss of connection to a neighbor router, or other significant events.
Implementing SNMP
Inform requests (inform operations) are supported in Cisco IOS XR software.Note
Traps are less reliable than informs because the receiver does not send any acknowledgment when it receives
a trap. The sender cannot determine if the trap was received. An SNMP manager that receives an inform
request acknowledges the message with an SNMP response protocol data unit (PDU). If the manager does
not receive an inform request, it does not send a response. If the sender never receives a response, the inform
request can be sent again. Thus, informs are more likely to reach their intended destination.
However, traps are often preferred because informs consume more resources in the router and in the network.
Unlike a trap, which is discarded as soon as it is sent, an inform request must be held in memory until a
response is received or the request times out. Also, traps are sent only once, and an inform may be retried
several times. The retries increase traffic and contribute to a higher overhead on the network. Thus, traps and
inform requests provide a trade-off between reliability and resources.
In this illustration, the agent router sends a trap to the SNMP manager. Although the manager receives the
trap, it does not send any acknowledgment to the agent. The agent has no way of knowing that the trap reached
its destination.
Figure 2: Trap Received by the SNMP Manager
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
26
Page 37
Implementing SNMP
Session Types
Session Types
In this illustration, the agent sends a trap to the manager, but the trap does not reach the manager. Because
the agent has no way of knowing that the trap did not reach its destination, the trap is not sent again. The
manager never receives the trap.
Figure 3: Trap Not Received by the SNMP Manager
The supported session types are:
PPPoE
•
IP SUB PKT
•
IP SUB DHCP
•
How to Implement SNMP on Cisco IOS XR Software
This section describes how to implement SNMP.
The snmp-server commands enable SNMP on Management Ethernet interfaces by default. For information
on how to enable SNMP server support on other inband interfaces, see the Implementing Management Plane
Protection on Cisco IOS XR Software module in System Security Configuration Guide for Cisco NCS 5000
Series Routers.
Configuring SNMPv3
This task explains how to configure SNMPv3 for network management and monitoring.
Note
No specific command enables SNMPv3; the first snmp-server global configuration command (config),
that you issue enables SNMPv3. Therefore, the sequence in which you issue the snmp-server commands
for this task does not matter.
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
27
Page 38
Configuring SNMPv3
SUMMARY STEPS
Implementing SNMP
configure
1.
(Optional) snmp-server engineid local engine-id
2.
snmp-server view view-name oid-tree {included | excluded}
3.
snmp-server group name {v1 | v2c | v3 {auth | noauth | priv}} [read view] [write view] [notify view]
4.
[access-list-name]
snmp-server user username groupname {v1 | v2c | v3 [auth {md5 | sha} {clear | encrypted}
5.
auth-password [priv des56 {clear | encrypted} priv-password]]} [access-list-name]
commit
6.
(Optional) show snmp
7.
(Optional) show snmp engineid
8.
(Optional) show snmp group
9.
(Optional) show snmp users
10.
(Optional) show snmp view
11.
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4
Step 5
configure
snmp-server engineid local engine-id
Example:
RP/0/RP0/CPU0:router# snmp-server engineID
local 00:00:00:09:00:00:00:a1:61:6c:20:61
snmp-server view view-name oid-tree {included | excluded}
Example:
RP/0/RP0/CPU0:router# snmp-server view
view_name 1.3.6.1.2.1.1.5 included
snmp-server group name {v1 | v2c | v3 {auth | noauth | priv}}
[read view] [write view] [notify view] [access-list-name]
Example:
RP/0/RP0/CPU0:router# snmp-server group
group_name v3 noauth read view_name1 write view_name2
snmp-server user username groupname
{v1 | v2c | v3 [auth {md5 | sha} {clear | encrypted}
auth-password [priv des56 {clear | encrypted}
priv-password]]} [access-list-name]
PurposeCommand or Action
(Optional)
Specifies the identification number of the local
SNMP engine.
Creates or modifies a view record.
Configures a new SNMP group or a table that maps
SNMP users to SNMP views.
Configures a new user to an SNMP group.
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
28
Page 39
Implementing SNMP
Step 6
Configuring SNMPv3: Examples
PurposeCommand or Action
Example:
RP/0/RP0/CPU0:router# snmp-server user
noauthuser group_name v3
commit
Step 7
Step 8
Step 9
Step 10
Step 11
show snmp
Example:
RP/0/RP0/CPU0:router# show snmp
show snmp engineid
Example:
RP/0/RP0/CPU0:router# show snmp engineid
show snmp group
Example:
RP/0/RP0/CPU0:router# show snmp group
show snmp users
Example:
RP/0/RP0/CPU0:router# show snmp users
show snmp view
Example:
RP/0/RP0/CPU0:router# show snmp view
(Optional)
Displays information about the status of SNMP.
(Optional)
Displays information about the local SNMP engine.
(Optional)
Displays information about each SNMP group on
the network.
(Optional)
Displays information about each SNMP username
in the SNMP users table.
(Optional)
Displays information about the configured views,
including the associated MIB view family name,
storage type, and status.
Configuring SNMPv3: Examples
Setting an Engine ID
This example shows how to set the identification of the local SNMP engine:
snmp-server engineID local 00:00:00:09:00:00:00:a1:61:6c:20:61
After the engine ID has been configured, the SNMP agent restarts.Note
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
29
Page 40
Configuring SNMPv3: Examples
Verifying the Identification of the Local SNMP Engines
This example shows how to verify the identification of the local SNMP engine:
config
show snmp engineid
SNMP engineID 00000009000000a1ffffffff
Creating a View
There are two ways to create a view:
You can include the object identifier (OID) of an ASN.1 subtree of a MIB family from a view by using
•
the included keyword of the snmp-server view command.
You can exclude the OID subtree of the ASN.1 subtree of a MIB family from a view by using the
•
excluded keyword of the snmp-server view command.
This example shows how to create a view that includes the sysName (1.3.6.1.2.1.1.5) object:
Implementing SNMP
config
snmp-server view SNMP_VIEW1 1.3.6.1.2.1.1.5 included
This example shows how to create a view that includes all the OIDs of a system group:
config
snmp-server view SNMP_VIEW1 1.3.6.1.2.1.1 included
This example shows how to create a view that includes all the OIDs under the system group except the sysName
object (1.3.6.1.2.1.1.5), which has been excluded:
config
snmp-server view SNMP_VIEW1 1.3.6.1.2.1.1 included
snmp-server view SNMP_VIEW1 1.3.6.1.2.1.1.5 excluded
Verifying Configured Views
This example shows how to display information about the configured views:
RP/0/RP0/CPU0:router# show snmp view
v1default 1.3.6.1 - included nonVolatile active
SNMP_VIEW1 1.3.6.1.2.1.1 - included nonVolatile active
SNMP_VIEW1 1.3.6.1.2.1.1.5 - excluded nonVolatile active
Creating Groups
If you do not explicitly specify a notify, read, or write view, the Cisco IOS XR software uses the v1 default
(1.3.6.1). This example shows how to create a group that utilizes the default view:
RP/0/RP0/CPU0:router# snmp-server group group-name v3 auth
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
30
Page 41
Implementing SNMP
Configuring SNMPv3: Examples
The following configuration example shows how to create a group that has read access to all the OIDs in the
system except the sysUpTime object (1.3.6.1.2.1.1.3), which has been excluded from the view applied to the
group, but write access only to the sysName object (1.3.6.1.2.1.1.5):
!
snmp-server view view_name1 1.3.6.1.2.1.1 included
snmp-server view view_name1 1.3.6.1.2.1.1.3 excluded
snmp-server view view_name2 1.3.6.1.2.1.1.5 included
snmp-server group group_name1 v3 auth read view_name1 write view_name2
!
Verifying Groups
This example shows how to verify the attributes of configured groups:
RP/0/RP0/CPU0:router# show snmp group
groupname: group_name1 security model:usm
readview : view_name1 writeview: view_name2
notifyview: v1default
row status: nonVolatile
Creating and Verifying Users
Given the following SNMPv3 view and SNMPv3 group configuration:
!
snmp-server view view_name 1.3.6.1.2.1.1 included
snmp-server group group_name v3 noauth read view_name write view-name
!
This example shows how to create a noAuthNoPriv user with read and write view access to a system group:
config
snmp-server user noauthuser group_name v3
The user must belong to a noauth group before a noAuthNoPriv user can be created.Note
This example shows how to verify the attributes that apply to the SNMP user:
RP/0/RP0/CPU0:router# show snmp user
User name: noauthuser
Engine ID: localSnmpID
storage-type: nonvolatile active
Given the following SNMPv3 view and SNMPv3 group configuration:
!
snmp-server view SNMP_VIEW1 1.3.6.1.2.1.1 included
snmp-server group SNMP_GROUP1 v3 auth notify SNMP_VIEW1 read SNMP_VIEW1 write SNMP_VIEW1
!
This example shows how to create a user with authentication (including encryption), read, and write view
access to a system group:
config
snmp-server user userv3authpriv SNMP_GROUP1 v3 auth md5 password123 priv aes 128 password123
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
31
Page 42
Configuring SNMPv3: Examples
Given the following SNMPv3 view and SNMPv3 group configuration:
!
snmp-server view view_name 1.3.6.1.2.1.1 included
snmp group group_name v3 priv read view_name write view_name
!
This example shows how to create authNoPriv user with read and write view access to a system group:
RP/0/RP0/CPU0:router# snmp-server user authuser group_name v3 auth md5 clear auth_passwd
Implementing SNMP
Note
Because the group is configured at a security level of Auth, the user must be configured as “auth” at a
minimum to access this group (“priv” users could also access this group). The authNoPriv user configured
in this group, authuser, must supply an authentication password to access the view. In the example,
auth_passwd is set as the authentication password string. Note that clear keyword is specified before the
auth_passwd password string. The clear keyword indicates that the password string being supplied is
unencrypted.
This example shows how to verify the attributes that apply to SNMP user:
RP/0/RP0/CPU0:router# show snmp user
User name: authuser
Engine ID: localSnmpID
storage-type: nonvolatile active
Given the following SNMPv3 view and SNMPv3 group configuration:
!
snmp view view_name 1.3.6.1.2.1.1 included
snmp group group_name v3 priv read view_name write view_name
!
This example shows how to create an authPriv user with read and write view access to a system group:
config
snmp-server user privuser group_name v3 auth md5 clear auth_passwd priv des56 clear
priv_passwd
Note
Because the group has a security level of Priv, the user must be configured as a “priv” user to access this
group. In this example, the user, privuser, must supply both an authentication password and privacy
password to access the OIDs in the view.
This example shows how to verify the attributes that apply to the SNMP user:
RP/0/RP0/CPU0:router# show snmp user
User name: privuser
Engine ID: localSnmpID
storage-type: nonvolatile active
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
32
Page 43
Implementing SNMP
Configuring SNMP Trap Notifications
This task explains how to configure the router to send SNMP trap notifications.
Configuring SNMP Trap Notifications
Note
SUMMARY STEPS
DETAILED STEPS
You can omit Configuring SNMPv3, on page 27 if you have already completed the steps documented
under the Configuring SNMPv3, on page 27 task.
configure
1.
snmp-servergroupname{v1v2v3{auth | noauth | priv}}[readview]writeview] [notifyview]
2.
[access-list-name]
snmp-serverusergroupname{v1v2cv3{auth | md5 | sha}{clear | encrypted}auth-password] [priv des56
3.
{clear | access-list-name]
snmp-serveruserusernamegroupname{v1v2cv3{auth | md5 | sha}{clear | encrypted}auth-password]
4.
[priv des56 {clear | access-list-name]
[ snmp-server host address [traps] [version {1 | 2c | 3 [auth | noauth | priv]}] community-string
5.
[udp-port port] [notification-type]
snmp-server traps [notification-type]
6.
commit
7.
(Optional) show snmp host
8.
PurposeCommand or Action
Step 1
Step 2
Step 3
Step 4
configure
snmp-servergroupname{v1v2v3{auth | noauth |
priv}}[readview]writeview] [notifyview] [access-list-name]
Example:
RP/0/RP0/CPU0:router# snmp-server group group_name
v3 noauth read view_name1 writer view_name2
snmp-serverusergroupname{v1v2cv3{auth | md5 |
sha}{clear | encrypted}auth-password] [priv des56 {clear
| access-list-name]
Example:
RP/0/RP0/CPU0:router# snmp-server group group_name
v3 noauth read view_name1 writer view_name2
snmp-serveruserusernamegroupname{v1v2cv3{auth | md5
| sha}{clear | encrypted}auth-password] [priv des56 {clear
| access-list-name]
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
Configures a new SNMP group or a table that maps
SNMP users to SNMP views.
Configures a new SNMP group or a table that maps
SNMP users to SNMP views.
Configures a new SNMP group or a table that maps
SNMP users to SNMP views.
33
Page 44
Configuring Trap Notifications: Example
Example:
RP/0/RP0/CPU0:routerconfig# snmp-server user
noauthuser group_name v3
Step 5
[ snmp-server host address [traps] [version {1 | 2c | 3 [auth
| noauth | priv]}] community-string [udp-port port]
[notification-type]
Example:
RP/0/RP0/CPU0:router(config)# snmp-server host
12.26.25.61 traps version 3
noauth userV3noauth
Step 6
snmp-server traps [notification-type]
Example:
RP/0/RP0/CPU0:router(config)# snmp-server traps bgp
Implementing SNMP
PurposeCommand or Action
Specifies SNMP trap notifications, the version of SNMP
to use, the security level of the notifications, and the
recipient (host) of the notifications.
Enables the sending of trap notifications and specifies
the type of trap notifications to be sent.
If a trap is not specified with the notification-type
•
argument, all supported trap notifications are
enabled on the router. To display which trap
notifications are available on your router, enter the
snmp-server traps ? command.
Step 7
Step 8
commit
show snmp host
Example:
RP/0/RP0/CPU0:router# show snmp host
Configuring Trap Notifications: Example
The following example configures an SNMP agent to send out different types of traps. The configuration
includes a v2c user, a noAuthNoPriv user, anauthNoPriv user, and an AuthPriv user.
Note
The default User Datagram Protocol (UDP) port is 161. If you do not a specify a UDP port with the
udp-port keyword and port argument, then the configured SNMP trap notifications are sent to port 161.
!
snmp-server host 10.50.32.170 version 2c userv2c udp-port 2345
snmp-server host 10.50.32.170 version 3 auth userV3auth udp-port 2345
snmp-server host 10.50.32.170 version 3 priv userV3priv udp-port 2345
snmp-server host 10.50.32.170 version 3 noauth userV3noauth udp-port 2345
snmp-server user userv2c groupv2c v2c
snmp-server user userV3auth groupV3auth v3 auth md5 encrypted 140F0A13
snmp-server user userV3priv groupV3priv v3 auth md5 encrypted 021E1C43 priv des56 encrypted
1110001C
snmp-server user userV3noauth groupV3noauth v3 LROwner
(Optional)
Displays information about the configured SNMP
notification recipient (host), port number, and security
model.
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
34
Page 45
Implementing SNMP
Setting the Contact, Location, and Serial Number of the SNMP Agent
snmp-server view view_name 1.3 included
snmp-server community public RW
snmp-server group groupv2c v2c read view_name
snmp-server group groupV3auth v3 auth read view_name
snmp-server group groupV3priv v3 priv read view_name
snmp-server group groupV3noauth v3 noauth read view_name
!
This example shows how to verify the configuration SNMP trap notification recipients host, the recipients of
SNMP trap notifications. The output displays the following information:
IP address of the configured notification host
•
UDP port where SNMP notification messages are sent
•
Type of trap configured
•
Security level of the configured user
•
Security model configured
•
config
show snmp host
Notification host: 10.50.32.170 udp-port: 2345 type: trap
user: userV3auth security model: v3 auth
Notification host: 10.50.32.170 udp-port: 2345 type: trap
user: userV3noauth security model: v3 noauth
Notification host: 10.50.32.170 udp-port: 2345 type: trap
user: userV3priv security model: v3 priv
Notification host: 10.50.32.170 udp-port: 2345 type: trap
user: userv2c security model: v2c
Setting the Contact, Location, and Serial Number of the SNMP Agent
This task explains how to set the system contact string, system location string, and system serial number of
the SNMP agent.
The sequence in which you issue the snmp-server commands for this task does not matter.Note
SUMMARY STEPS
configure
1.
(Optional) snmp-server contact system-contact-string
2.
(Optional) snmp-server location system-location
3.
(Optional) snmp-server chassis-id serial-number
4.
commit
5.
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
35
Page 46
Defining the Maximum SNMP Agent Packet Size
DETAILED STEPS
Implementing SNMP
PurposeCommand or Action
Step 1
Step 2
Step 3
Step 4
Step 5
configure
snmp-server contact system-contact-string
Example:
RP/0/RP0/CPU0:router(config)# snmp-server contact
Dial System Operator at beeper # 27345
snmp-server location system-location
Example:
RP/0/RP0/CPU0:router(config)# snmp-server location
Building 3/Room 214
snmp-server chassis-id serial-number
Example:
RP/0/RP0/CPU0:router(config)# snmp-server chassis-id
1234456
commit
(Optional)
Sets the system contact string.
(Optional)
Sets the system location string.
(Optional)
Sets the system serial number.
Defining the Maximum SNMP Agent Packet Size
This task shows how to configure the largest SNMP packet size permitted when the SNMP server is receiving
a request or generating a reply.
The sequence in which you issue the snmp-server commands for this task does not matter.Note
SUMMARY STEPS
configure
1.
(Optional) snmp-server packetsize byte-count
2.
commit
3.
DETAILED STEPS
Step 1
configure
PurposeCommand or Action
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
36
Page 47
Implementing SNMP
Changing Notification Operation Values
PurposeCommand or Action
Step 2
Step 3
snmp-server packetsize byte-count
Example:
RP/0/RP0/CPU0:router(config)# snmp-server packetsize
1024
commit
Changing Notification Operation Values
After SNMP notifications have been enabled, you can specify a value other than the default for the source
interface, message queue length, or retransmission interval.
This task explains how to specify a source interface for trap notifications, the message queue length for each
host, and the retransmission interval.
The sequence in which you issue the snmp-server commands for this task does not matter.Note
SUMMARY STEPS
(Optional)
Sets the maximum packet size.
DETAILED STEPS
Step 1
Step 2
configure
1.
(Optional) snmp-server trap-source type interface-path-id
2.
(Optional) snmp-server queue-length length
3.
(Optional) snmp-server trap-timeout seconds
4.
commit
5.
configure
snmp-server trap-source type interface-path-id
Example:
RP/0/RP0/CPU0:router(config)# snmp-server trap-source
POS 0/0/1/0
PurposeCommand or Action
(Optional)
Specifies a source interface for trap notifications.
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
37
Page 48
Setting IP Precedence and DSCP Values
Implementing SNMP
PurposeCommand or Action
Step 3
Step 4
Step 5
snmp-server queue-length length
Example:
RP/0/RP0/CPU0:router(config)# snmp-server
queue-length 20
snmp-server trap-timeout seconds
Example:
RP/0/RP0/CPU0:router(config)# snmp-server
trap-timeout 20
commit
Setting IP Precedence and DSCP Values
This task describes how to configure IP Precedence or IP DSCP for SNMP traffic.
Before You Begin
SNMP must be configured.
(Optional)
Establishes the message queue length for each
notification.
(Optional)
Defines how often to resend notifications on the
retransmission queue.
SUMMARY STEPS
DETAILED STEPS
Step 1
Step 2
configure
1.
Use one of the following commands:
2.
snmp-server ipv4 precedence value
•
snmp-server ipv4 dscp value
•
commit
3.
configure
Use one of the following commands:
snmp-server ipv4 precedence value
•
snmp-server ipv4 dscp value
•
PurposeCommand or Action
Configures an IP precedence or IP DSCP
value for SNMP traffic.
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
38
Page 49
Implementing SNMP
Setting an IP Precedence Value for SNMP Traffic: Example
PurposeCommand or Action
Example:
RP/0/RP0/CPU0:router(config)# snmp-server dscp 24
Step 3
commit
Setting an IP Precedence Value for SNMP Traffic: Example
The following example shows how to set the SNMP IP Precedence value to 7:
configure
snmp-server ipv4 precedence 7
exit
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: y
Setting an IP DSCP Value for SNMP Traffic: Example
The following example shows how to set the IP DSCP value of SNMP traffic to 45:
configure
snmp-server ipv4 dscp 45
exit
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: y
Displaying SNMP Context Mapping
The SNMP agent serves queries based on SNMP contexts created by the client features. There is a context
mapping table. Each entry in the context mapping table includes a context name, the name of the feature that
created the context, and the name of the specific instance of the feature.
SUMMARY STEPS
show snmp context-mapping
1.
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
39
Page 50
Monitoring Packet Loss
DETAILED STEPS
Implementing SNMP
PurposeCommand or Action
Step 1
Example:
RP/0/RP0/CPU0:router# show snmp context-mapping
Monitoring Packet Loss
It is possible to monitor packet loss by configuring the generation of SNMP traps when packet loss exceeds
a specified threshold. The configuration described in this task enables the creation of entries in the MIB tables
of the EVENT-MIB. This can then be monitored for packet loss using SNMP GET operations.
Before You Begin
Note
Entries created in the EVENT-MIB MIB tables using the configuration described in this task cannot be
altered using an SNMP SET.
Entries to the EVENT-MIB MIB tables created using an SNMP SET cannot be altered using the
configuration described in this task.
Displays the SNMP context mapping table.show snmp context-mapping
SUMMARY STEPS
snmp-server mibs eventmib packet-loss type interface-path-id falling lower-threshold interval
1.
sampling-interval rising upper-threshold
DETAILED STEPS
snmp-server mibs eventmib packet-loss
Step 1
type interface-path-id falling
lower-threshold interval
sampling-interval rising upper-threshold
Example:
RP/0/RP0/CPU0:router(config)#
snmp-server mibs eventmib
packet-loss falling 1 interval 5
rising 2
PurposeCommand or Action
Generates SNMP EVENT-MIB traps for the interface when the packet loss exceeds
the specified thresholds. Up to 100 interfaces can be monitored.
falling lower-threshold —Specifies the lower threshold. When packet loss between
two intervals falls below this threshold and an mteTriggerRising trap was generated
previously, a SNMP mteTriggerFalling trap is generated. This trap is not generated
until the packet loss exceeds the upper threshold and then falls back below the
lower threshold.
interval sampling-interval —Specifies how often packet loss statistics are polled.
This is a value between 5 and 1440 minutes, in multiples of 5.
rising upper-threshold —Specifies the upper threshold. When packet loss between
two intervals increases above this threshold, an SNMP mteTriggreRising trap is
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
40
Page 51
Implementing SNMP
PurposeCommand or Action
generated. This trap is not generated until the packet loss drops below the lower
threshold and then rises above the upper threshold.
Configuring MIB Data to be Persistent
Many SNMP MIB definitions define arbitrary 32-bit indices for their object tables. MIB implementations
often do a mapping from the MIB indices to some internal data structure that is keyed by some other set of
data. In these MIB tables the data contained in the table are often other identifiers of the element being
modelled. For example, in the ENTITY-MIB, entries in the entPhysicalTable are indexed by the 31-bit value,
entPhysicalIndex, but the entities could also be identified by the entPhysicalName or a combination of the
other objects in the table.
Because of the size of some MIB tables, significant processing is required to discover all the mappings from
the 32-bit MIB indices to the other data which the network management station identifies the entry. For this
reason, it may be necessary for some MIB indices to be persistent across process restarts, switchovers, or
device reloads. The ENTITY-MIB entPhysicalTable and CISCO-CLASS-BASED-QOS-MIB are two such
MIBs that often require index values to be persistent.
Also, because of query response times and CPU utilization during CISCO-CLASS-BASED-QOS-MIB statistics
queries, it is desirable to cache service policy statistics.
Configuring MIB Data to be Persistent
SUMMARY STEPS
DETAILED STEPS
Step 1
Step 2
snmp-server entityindex persist
Example:
RP/0/RP0/CPU0:router(config)# snmp-server entityindex
persist
snmp-server mibs cbqosmib persist
Example:
RP/0/RP0/CPU0:router(config)# snmp-server mibs
cbqosmib persist
(Optional) snmp-server entityindex persist
1.
(Optional) snmp-server mibs cbqosmib persist
2.
(Optional) snmp-server cbqosmib cache refresh time time
3.
(Optional) snmp-server cbqosmib cache service-policy count count
4.
snmp-server ifindex persist
5.
PurposeCommand or Action
(Optional)
Enables the persistent storage of ENTITY-MIB data.
(Optional)
Enables persistent storage of the
CISCO-CLASS-BASED-QOS-MIB data.
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
41
Page 52
Configuring LinkUp and LinkDown Traps for a Subset of Interfaces
Implementing SNMP
PurposeCommand or Action
Step 3
snmp-server cbqosmib cache refresh time time
(Optional)
Enables QoS MIB caching with a specified cache
refresh time.
(Optional)
Step 4
Example:
RP/0/RP0/CPU0:router(config)# snmp-server mibs
cbqosmib cache
refresh time 45
snmp-server cbqosmib cache service-policy count count
Enables QoS MIB caching with a limited number of
service policies to cache.
Enables ifIndex persistence globally on all Simple
Step 5
Example:
RP/0/RP0/CPU0:router(config)# snmp-server mibs
cbqosmib cache
service-policy count 50
snmp-server ifindex persist
Network Management Protocol (SNMP) interfaces.
Example:
RP/0/RP0/CPU0:router(config)# snmp-server ifindex
persist
Configuring LinkUp and LinkDown Traps for a Subset of Interfaces
SUMMARY STEPS
DETAILED STEPS
Step 1
configure
By specifying a regular expression to represent the interfaces for which you are interested in setting traps,
you can enable or disable linkUp and linkDown traps for a large number of interfaces simultaneously.
Before You Begin
SNMP must be configured.
configure
1.
snmp-server interface subset subset-number regular-expression expression
2.
notification linkupdown disable
3.
commit
4.
(Optional) show snmp interface notification subset subset-number
5.
(Optional) show snmp interface notification regular-expression expression
6.
(Optional) show snmp interface notification type interface-path-id
7.
PurposeCommand or Action
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
42
Page 53
Implementing SNMP
Configuring LinkUp and LinkDown Traps for a Subset of Interfaces
PurposeCommand or Action
Step 2
Step 3
Step 4
Step 5
snmp-server interface subset subset-number
regular-expression expression
Example:
RP/0/RP0/CPU0:router(config)# snmp-server
interface subset 10
regular-expression
"^Gig[a-zA-Z]+[0-9/]+\."
RP/0/RP0/CPU0:router(config-snmp-if-subset)#
notification linkupdown disable
Example:
RP/0/RP0/CPU0:router(config-snmp-if-subset)#
notification linkupdown disable
commit
show snmp interface notification subset
subset-number
Example:
Enters snmp-server interface mode for the interfaces identified
by the regular expression.
The subset-number argument identifies the set of interfaces, and
also assigns a priority to the subset in the event that an interface
is included in more than one subset. Lower numbers have higher
priority and their configuration takes precedent over interface
subsets with higher numbers.
The expression argument must be entered surrounded by double
quotes.
Refer to the Understanding Regular Expressions, Special
Characters, and Patterns module in for more information
regarding regular expressions.
Disables linkUp and linkDown traps for all interfaces being
configured. To enable previously disabled interfaces, use the
no form of this command.
(Optional)
Displays the linkUp and linkDown notification status for all
interfaces identified by the subset priority.
Step 6
Step 7
RP/0/RP0/CPU0:router# show snmp interface
notification subset 10
show snmp interface notification regular-expression
expression
Example:
RP/0/RP0/CPU0:router# show snmp interface
notification
regular-expression
"^Gig[a-zA-Z]+[0-9/]+\."
show snmp interface notification type
interface-path-id
Example:
RP/0/RP0/CPU0:router# show snmp interface
notification
tengige 0/4/0/3.10
(Optional)
Displays the linkUp and linkDown notification status for all
interfaces identified by the regular expression.
(Optional)
Displays the linkUp and linkDown notification status for the
specified interface.
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
43
Page 54
Configuring LinkUp and LinkDown Traps for a Subset of Interfaces
Implementing SNMP
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
44
Page 55
CHAPTER 5
Implementing Object Tracking
This module describes the configuration of object tracking on your Cisco IOS XR network. For complete
descriptions of the commands listed in this module, see Additional References section. To locate
documentation for other commands that might appear in the course of performing a configuration task, see
Technical Documentation section in the Additional References topic.
Prerequisites for Implementing Object Tracking, page 45
•
Information about Object Tracking, page 45
•
How to Implement Object Tracking, page 46
•
Configuration Examples for Configuring Object Tracking, page 55
•
Prerequisites for Implementing Object Tracking
You must be in a user group associated with a task group that includes the proper task IDs. The command
reference guides include the task IDs required for each command. If you suspect user group assignment is
preventing you from using a command, contact your AAA administrator for assistance.
Information about Object Tracking
Object tracking is a mechanism to track an object and to take an action on another object with no relationship
to the tracked objects, based on changes to the properties of the object being tracked.
Each tracked object is identified by a unique name specified on the tracking command-line interface (CLI).
Cisco IOS XR processes then use this name to track a specific object.
The tracking process periodically polls the tracked object and reports any changes to its state in terms of its
being up or down, either immediately or after a delay, as configured by the user.
Multiple objects can also be tracked by means of a list, using a flexible method for combining objects with
Boolean logic. This functionality includes:
•
Boolean AND function—When a tracked list has been assigned a Boolean AND function, each object
defined within a subset must be in an up state, so that the tracked object can also be in the up state.
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
45
Page 56
How to Implement Object Tracking
•
Boolean OR function—When the tracked list has been assigned a Boolean OR function, it means that
at least one object defined within a subset must also be in an up state, so that the tracked object can also
be in the up state.
How to Implement Object Tracking
This section describes the various object tracking procedures.
Tracking the Line Protocol State of an Interface
Perform this task in global configuration mode to track the line protocol state of an interface.
A tracked object is considered up when a line protocol of the interface is up.
After configuring the tracked object, you may associate the interface whose state should be tracked and specify
the number of seconds to wait before the tracking object polls the interface for its state.
Implementing Object Tracking
SUMMARY STEPS
DETAILED STEPS
Step 1
Step 2
configure
track track-name
Example:
configure
1.
track track-name
2.
type line-protocol state
3.
interface type interface-path-id
4.
exit
5.
(Optional) delay {up seconds|down seconds}
6.
Use one of the following commands:
7.
end
•
commit
•
PurposeCommand or Action
Enters track configuration mode.
• track-name—Specifies a name for the object to be tracked.
Step 3
46
RP/0/RP0/CPU0:router(config)# track track1
Creates a track based on the line protocol of an interface.type line-protocol state
Example:
RP/0/RP0/CPU0:router(config-track)# type
line-protocol state
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
Page 57
Implementing Object Tracking
Tracking the Line Protocol State of an Interface
PurposeCommand or Action
Step 4
Step 5
Step 6
Step 7
interface type interface-path-id
Example:
RP/0/RP0/CPU0:router(config-track-line-prot)#
interface atm 0/2/0/0.1
Example:
RP/0/RP0/CPU0:router(config-track-line-prot)#
exit
delay {up seconds|down seconds}
Example:
RP/0/RP0/CPU0:router(config-track)# delay up
10
end
•
commit
•
Specifies the interface to track the protocol state.
• type—Specifies the interface type. For more information,
use the question mark (?) online help function.
• interface-path-id—Identifies a physical interface or a virtual
interface.
Note
Use the show interfaces command to see a list of all
possible interfaces currently configured on the router.
Note
The loopback and null interfaces are always in the up
state and, therefore, cannot be tracked.
Exits the track line protocol configuration mode.exit
(Optional)
Schedules the delay that can occur between tracking whether the
object is up or down.
Saves configuration changes.Use one of the following commands:
When you issue the end command, the system prompts you
•
to commit changes:
Example:
RP/0/RP0/CPU0:router(config-track)# end
or
RP/0/RP0/CPU0:router(config-track)# commit
Uncommitted changes found, commit them
before exiting(yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to the running
◦
configuration file, exits the configuration session, and
returns the router to EXEC mode.
Entering no exits the configuration session and returns
◦
the router to EXEC mode without committing the
configuration changes.
Entering cancel leaves the router in the current
◦
configuration session without exiting or committing
the configuration changes.
Use the commit command to save the configuration changes
•
to the running configuration file and remain within the
configuration session.
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
47
Page 58
Tracking IP Route Reachability
Tracking IP Route Reachability
When a host or a network goes down on a remote site, routing protocols notify the router and the routing table
is updated accordingly. The routing process is configured to notify the tracking process when the route state
changes due to a routing update.
A tracked object is considered up when a routing table entry exists for the route and the route is accessible.
SUMMARY STEPS
configure
1.
track track-name
2.
type route reachability
3.
Use one of the following commands:
4.
vrf vrf-table-name
•
route ipv4 IP-prefix/mask
•
Implementing Object Tracking
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4
exit
5.
(Optional) delay {up seconds|down seconds}
6.
commit
7.
configure
track track-name
Example:
RP/0/RP0/CPU0:router(config)# track track1
type route reachability
Example:
RP/0/RP0/CPU0:router(config-track)# type route
reachability vrf internet
Use one of the following commands:
vrf vrf-table-name
•
route ipv4 IP-prefix/mask
•
PurposeCommand or Action
Enters track configuration mode.
• track-name—Specifies a name for the object to be
tracked.
Configures the routing process to notify the tracking process
when the state of the route changes due to a routing update.
Configures the type of IP route to be tracked, which can
consist of either of the following, depending on your router
type:
• vrf-table-name—A VRF table name.
• IP-prefix/mask—An IP prefix consisting of the network
Example:
RP/0/RP0/CPU0:router(config-track-route)# vrf
vrf-table-4
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
48
and subnet mask (for example, 10.56.8.10/16).
Page 59
Implementing Object Tracking
or
RP/0/RP0/CPU0:router(config-track-route)# route
ipv4 10.56.8.10/16
Step 5
Example:
RP/0/RP0/CPU0:router(config-track-line-prot)#
exit
Step 6
Step 7
delay {up seconds|down seconds}
Example:
RP/0/RP0/CPU0:router(config-track)# delay up
10
commit
Building a Track Based on a List of Objects
PurposeCommand or Action
Exits the track line protocol configuration mode.exit
(Optional)
Schedules the delay that can occur between tracking whether
the object is up or down.
Building a Track Based on a List of Objects
Perform this task in the global configuration mode to create a tracked list of objects (which, in this case, are
lists of interfaces or prefixes) using a Boolean expression to determine the state of the list.
A tracked list contains one or more objects. The Boolean expression enables two types of calculations by
using either AND or OR operators. For example, when tracking two interfaces, using the AND operator, up
means that both interfaces are up, and down means that either interface is down.
Note
An object must exist before it can be added to a tracked list.
The NOT operator is specified for one or more objects and negates the state of the object.
After configuring the tracked object, you must associate the interface whose state should be tracked and you
may optionally specify the number of seconds to wait before the tracking object polls the interface for its
state.
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
49
Page 60
Building a Track Based on a List of Objects
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
DETAILED STEPS
configure
track track-name
type list boolean { and | or }
object object-name [ not ]
exit
(Optional) delay {up seconds|down seconds}
Use one of the following commands:
end
•
commit
•
Implementing Object Tracking
Step 1
Step 2
Step 3
Step 4
configure
track track-name
Example:
RP/0/RP0/CPU0:router(config)# track track1
type list boolean { and | or }
Example:
RP/0/RP0/CPU0:router(config-track-list)# type
list boolean and
object object-name [ not ]
PurposeCommand or Action
Enters track configuration mode.
• track-name—Specifies a name for the object to be tracked.
Configures a Boolean list object and enters track list configuration
mode.
• boolean—Specifies that the state of the tracked list is based
on a Boolean calculation.
• and—Specifies that the list is up if all objects are up, or down
if one or more objects are down. For example when tracking
two interfaces, up means that both interfaces are up, and down
means that either interface is down.
• or—Specifies that the list is up if at least one object is up.
For example, when tracking two interfaces, up means that
either interface is up, and down means that both interfaces
are down.
Specifies the object to be tracked by the list
Example:
RP/0/RP0/CPU0:router(config-track-list)#
object 3 not
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
50
• obect-name—Name of the object to track.
• not—Negates the state of the object.
Page 61
Implementing Object Tracking
Building a Track Based on a List of Objects - Threshold Percentage
PurposeCommand or Action
Step 5
Step 6
Step 7
Example:
RP/0/RP0/CPU0:router(config-track-line-prot)#
exit
delay {up seconds|down seconds}
Example:
RP/0/RP0/CPU0:router(config-track)# delay up
10
end
•
commit
•
Example:
RP/0/RP0/CPU0:router(config-track)# end
or
RP/0/RP0/CPU0:router(config-track)# commit
Exits the track line protocol configuration mode.exit
(Optional)
Schedules the delay that can occur between tracking whether the
object is up or down.
Saves configuration changes.Use one of the following commands:
When you issue the end command, the system prompts you
•
to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to the running
◦
configuration file, exits the configuration session, and
returns the router to EXEC mode.
Entering no exits the configuration session and returns
◦
the router to EXEC mode without committing the
configuration changes.
Entering cancel leaves the router in the current
◦
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration changes
•
to the running configuration file and remain within the
configuration session.
Building a Track Based on a List of Objects - Threshold Percentage
Perform this task in the global configuration mode to create a tracked list of objects (which, in this case, are
lists of interfaces or prefixes) using a threshold percentage to determine the state of the list.
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
51
Page 62
Building a Track Based on a List of Objects - Threshold Percentage
SUMMARY STEPS
configure
1.
track track-name
2.
type list threshold percentage
3.
object object-name
4.
threshold percentage up percentage down percentage
5.
Use one of the following commands:
6.
end
•
commit
•
DETAILED STEPS
Implementing Object Tracking
PurposeCommand or Action
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
configure
track track-name
Example:
RP/0/RP0/CPU0:router(config)# track track1
Example:
RP/0/RP0/CPU0:router(config-track-list)# type list
threshold percentage
object object-name
Example:
RP/0/RP0/CPU0:router(config-track-list-threshold)#
object 1
RP/0/RP0/CPU0:router(config-track-list-threshold)#
object 2
RP/0/RP0/CPU0:router(config-track-list-threshold)#
object 3
RP/0/RP0/CPU0:router(config-track-list-threshold)#
object 4
threshold percentage up percentage down percentage
Example:
RP/0/RP0/CPU0:router(config-track-list-threshold)#
threshold
percentage up 50 down 33
Enters track configuration mode.
• track-name—Specifies a name for the object to be
tracked.
Configures a track of type threshold percentage list.type list threshold percentage
Configures object 1, object 2, object 3 and object 4 as
members of track type track1.
Configures the percentage of objects that need to be UP or
DOWN for the list to be considered UP or Down respectively.
For example, if object 1, object 2, and object 3 are in the UP
state and object 4 is in the DOWN state, the list is considered
to be in the UP state.
Saves configuration changes.Use one of the following commands:
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
52
Page 63
Implementing Object Tracking
end
•
commit
•
Example:
RP/0/RP0/CPU0:router(config-track)# end
or
RP/0/RP0/CPU0:router(config-track)# commit
Building a Track Based on a List of Objects - Threshold Weight
PurposeCommand or Action
When you issue the end command, the system prompts
•
you to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to the
◦
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
Entering no exits the configuration session and
◦
returns the router to EXEC mode without
committing the configuration changes.
Entering cancel leaves the router in the current
◦
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
•
changes to the running configuration file and remain
within the configuration session.
Building a Track Based on a List of Objects - Threshold Weight
Perform this task in the global configuration mode to create a tracked list of objects (which, in this case, are
lists of interfaces or prefixes) using a threshold weight to determine the state of the list.
SUMMARY STEPS
configure
1.
track track-name
2.
type list threshold weight
3.
object object-name weight weight
4.
threshold weight up weight down weight
5.
Use one of the following commands:
6.
end
•
commit
•
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
53
Page 64
Building a Track Based on a List of Objects - Threshold Weight
DETAILED STEPS
Implementing Object Tracking
PurposeCommand or Action
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
configure
track track-name
Example:
RP/0/RP0/CPU0:router(config)# track track1
Example:
RP/0/RP0/CPU0:router(config-track-list)# type list
threshold weight
object object-name weight weight
Example:
RP/0/RP0/CPU0:router(config-track-list-threshold)#
object 1 weight 10
RP/0/RP0/CPU0:router(config-track-list-threshold)#
object 2 weight 5
RP/0/RP0/CPU0:router(config-track-list-threshold)#
object 3 weight 3
threshold weight up weight down weight
Example:
RP/0/RP0/CPU0:router(config-track-list-threshold)#
threshold weight
up 10 down 5
Enters track configuration mode.
• track-name—Specifies a name for the object to be
tracked.
Configures a a track of type, threshold weighted list.type list threshold weight
Configures object 1, object 2 and object 3 as members of
track t1 and with weights 10, 5 and 3 respectively.
Configures the range of weights for the objects that need to
be UP or DOWN for the list to be considered UP or DOWN
respectively. In this example, the list is considered to be in
the DOWN state because objects 1 and 2 are in the UP state
and the cumulative weight is 15 (not in the 10-5 range).
Saves configuration changes.Use one of the following commands:
end
•
commit
•
Example:
RP/0/RP0/CPU0:router(config-track)# end
or
RP/0/RP0/CPU0:router(config-track)# commit
When you issue the end command, the system prompts
•
you to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to the
◦
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
Entering no exits the configuration session and
◦
returns the router to EXEC mode without
committing the configuration changes.
Entering cancel leaves the router in the current
◦
configuration session without exiting or
committing the configuration changes.
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
54
Page 65
Implementing Object Tracking
Configuration Examples for Configuring Object Tracking
PurposeCommand or Action
Use the commit command to save the configuration
•
changes to the running configuration file and remain
within the configuration session.
Configuration Examples for Configuring Object Tracking
Tracking Whether the Interface Is Up or Down: Example
track connection100
type list boolean and
object object3 not
delay up 10
!
interface service-ipsec 23
line-protocol track connection100
!
Tracking the Line Protocol State of an Interface: Example
In this example, traffic arrives from interface service-ipsec1 and exits through interface GigabitEthernet
0/0/0/3:
track IPSec1
type line-protocol state
interface gigabitethernet0/0/0/3
!
interface service-ipsec 1
ipv4 address 70.0.0.1 255.255.255.0
profile vrf1_profile_ipsec
line-protocol track IPSec1
tunnel source 80.0.0.1
tunnel destination 80.0.0.2
service-location preferred-active 0/0/1
!
Displaying the Line Protocol State of an Interface: Example
This example displays the output from the show track command after performing the previous example:
RP/0/RP0/CPU0:router# show run track
Track IPSec1
Interface GigabitEthernet0_0_0_3 line-protocol
!
Line protocol is UP
1 change, last change 10:37:32 UTC Thu Sep 20 2007
Tracked by:
service-ipsec1
!
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
55
Page 66
Configuration Examples for Configuring Object Tracking
Tracking IP Route Reachability: Example
In this example, traffic arriving from interface service-ipsec1 has its destination in network 7.0.0.0/24. This
tracking procedure follows the state of the routing protocol prefix to signal when there are changes in the
routing table.
track PREFIX1
type route reachability
route ipv4 7.0.0.0/24
!
interface service-ipsec 1
vrf 1
ipv4 address 70.0.0.2 255.255.255.0
profile vrf_1_ipsec
line-protocol track PREFIX1
tunnel source 80.0.0.2
tunnel destination 80.0.0.1
service-location preferred-active 0/2/0
Building a Track Based on a List of Objects: Example
In this example, traffic arriving from interface service-ipsec1 exits through interface GigabitEthernet 0/0/0/3
and interface ATM 0/2/0/0.1. The destination of the traffic is at network 7.0.0.0/24.
If either one of the interfaces or the remote network goes down, the flow of traffic must stop. To do this, we
use a Boolean AND expression.
Implementing Object Tracking
track C1
type route reachability
route ipv4 3.3.3.3/32
!
!
track C2
type route reachability
route ipv4 1.2.3.4/32
!
!
track C3
type route reachability
route ipv4 10.0.20.2/32
!
!
track C4
type route reachability
route ipv4 10.0.20.0/24
!
!
track OBJ
type list boolean and
object C1
object C2
!
!
track OBJ2
type list boolean or
object C1
object C2
!
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
56
Page 67
Implementing CDP
Cisco Discovery Protocol (CDP) is a media- and protocol-independent protocol that runs on all
Cisco-manufactured equipment including routers, bridges, access and communication servers, and switches.
Using CDP, you can view information about all the Cisco devices that are directly attached to the device.
Prerequisites for Implementing CDP, page 57
•
Information About Implementing CDP, page 57
•
How to Implement CDP on Cisco IOS XR Software, page 59
•
Configuration Examples for Implementing CDP, page 63
•
Additional References, page 64
•
Prerequisites for Implementing CDP
You must be in a user group associated with a task group that includes the proper task IDs. The command
reference guides include the task IDs required for each command. If you suspect user group assignment is
preventing you from using a command, contact your AAA administrator for assistance.
CHAPTER 6
Information About Implementing CDP
CDP is primarily used to obtain protocol addresses of neighboring devices and discover the platform of those
devices. CDP can also be used to display information about the interfaces your router uses. CDP is mediaand protocol-independent, and runs on all equipment manufactured by Cisco, including routers, bridges, access
servers, and switches.
Use of SNMP with the CDP MIB allows network management applications to learn the device type and the
SNMP agent address of neighboring devices and to send SNMP queries to those devices. CDP uses the
CISCO-CDP-MIB.
CDP runs on all media that support Subnetwork Access Protocol (SNAP), including LAN, Frame Relay, and
ATM physical media. CDP runs over the data link layer only. Therefore, two systems that support different
network-layer protocols can learn about each other.
Each device configured for CDP sends periodic messages, known as advertisements, to a multicast address.
Each device advertises at least one address at which it can receive SNMP messages. The advertisements also
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
57
Page 68
Information About Implementing CDP
contain time-to-live, or hold-time, information, which indicates the length of time a receiving device holds
CDP information before discarding it. Each device also listens to the periodic CDP messages sent by others
to learn about neighboring devices and determine when their interfaces to the media go up or down.
CDP Version-2 (CDPv2) is the most recent release of the protocol and provides more intelligent device
tracking features. These features include a reporting mechanism that allows for more rapid error tracking,
thereby reducing costly downtime. Reported error messages can be sent to the console or to a logging server,
and can cover instances of unmatching native VLAN IDs (IEEE 802.1Q) on connecting ports, and unmatching
port duplex states between connecting devices.
CDPv2 show commands can provide detailed output on VLAN Trunking Protocol (VTP) management
domain and duplex modes of neighbor devices, CDP-related counters, and VLAN IDs of connecting ports.
Type-length-value fields (TLVs) are blocks of information embedded in CDP advertisements. Table 5:
Type-Length-Value Definitions for CDPv2, on page 58 summarizes the TLV definitions for CDP
advertisements.
Table 5: Type-Length-Value Definitions for CDPv2
Implementing CDP
DefinitionTLV
Address TLV
Capabilities TLV
Version TLV
Platform TLV
VTP Management Domain TLV
Native VLAN TLV
Identifies the device name in the form of a character string.Device-ID TLV
Contains a list of network addresses of both receiving and sending
devices.
Identifies the port on which the CDP packet is sent.Port-ID TLV
Describes the functional capability for the device in the form of a
device type; for example, a switch.
Contains information about the software release version on which the
device is running.
Describes the hardware platform name of the device, for example,
Cisco 4500.
Advertises the system’s configured VTP management domain
name-string. Used by network operators to verify VTP domain
configuration in adjacent network nodes.
Indicates, per interface, the assumed VLAN for untagged packets on
the interface. CDP learns the native VLAN for an interface. This
feature is implemented only for interfaces that support the
IEEE 802.1Q protocol.
Full/Half Duplex TLV
Indicates status (duplex configuration) of CDP broadcast interface.
Used by network operators to diagnose connectivity problems between
adjacent network elements.
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
58
Page 69
Implementing CDP
How to Implement CDP on Cisco IOS XR Software
How to Implement CDP on Cisco IOS XR Software
Enabling CDP
To enable CDP, you must first enable CDP globally on the router and then enable CDP on a per-interface
basis. This task explains how to enable CDP globally on the router and then enable CDP on an interface.
SUMMARY STEPS
configure
1.
cdp
2.
interface type interface-path-id
3.
cdp
4.
commit
5.
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4
Step 5
configure
Example:
RP/0/RP0/CPU0:router# cdp
interface type interface-path-id
Example:
RP/0/RP0/CPU0:router# int TenGigE 0/5/0/11/1
Example:
RP/0/RP0/CPU0:router(config-if)# int TenGigE 0/5/0/11/1
commit
PurposeCommand or Action
Enables CDP globally.cdp
Enters interface configuration mode.
Enables CDP on an interface.cdp
Modifying CDP Default Settings
This task explains how to modify the default version, hold-time setting, and timer settings.
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
59
Page 70
Modifying CDP Default Settings
SUMMARY STEPS
DETAILED STEPS
The commands can be entered in any order.Note
configure
1.
cdp advertise v1
2.
cdp holdtime seconds
3.
cdp timer seconds
4.
commit
5.
(Optional) show cdp
6.
Implementing CDP
PurposeCommand or Action
Step 1
Step 2
Step 3
Step 4
configure
cdp advertise v1
Example:
RP/0/RP0/CPU0:router(config)#
cdp advertise v1
cdp holdtime seconds
Example:
RP/0/RP0/CPU0:router(config)#
cdp holdtime 30
cdp timer seconds
Configures CDP to use only version 1 (CDPv1) in communicating with
neighboring devices.
By default, when CDP is enabled, the router sends CDPv2 packets. CDP
•
also sends and receives CDPv1 packets if the device with which CDP is
interacting does not process CDPv2 packets.
In this example, the router is configured to send and receive only CDPv1
•
packets.
Specifies the amount of time that the receiving networking device will hold a
CDP packet sent from the router before discarding it.
By default, when CDP is enabled, the receiving networking device holds
•
a CDP packet for 180 seconds before discarding it.
Note
The CDP hold time must be set to a higher number of seconds than
the time between CDP transmissions, which is set with the cdp
timer command.
In this example, the value of hold-time for the seconds argument is set to
•
30.
Specifies the frequency at which CDP update packets are sent.
By default, when CDP is enabled, CDP update packets are sent at a
Example:
RP/0/RP0/CPU0:router(config)#
cdp timer 20
•
frequency of once every 60 seconds.
Note
A lower timer setting causes CDP updates to be sent more
frequently.
In this example, CDP update packets are configured to be sent at a frequency
•
of once every 20 seconds.
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
60
Page 71
Implementing CDP
Monitoring CDP
PurposeCommand or Action
Step 5
Step 6
commit
show cdp
Example:
RP/0/RP0/CPU0:router# show cdp
Monitoring CDP
This task shows how to monitor CDP.
The commands can be entered in any order.Note
SUMMARY STEPS
1.
2.
3.
4.
(Optional)
Displays global CDP information.
The output displays the CDP version running on the router, the hold time setting,
and the timer setting.
show cdp entry {* | entry-name} [protocol | version]
show cdp interface [type interface-path-id | location node-id]
show cdp neighbors [type interface-path-id | location node-id] [detail]
show cdp traffic [location node-id]
DETAILED STEPS
Step 1
Step 2
Step 3
show cdp entry {* | entry-name} [protocol | version]
Example:
RP/0/RSP0/CPU0:router# show cdp entry *
show cdp interface [type interface-path-id | location node-id]
Example:
RP/0/RSP0/CPU0:router# show cdp interface pos
0/0/0/1
show cdp neighbors [type interface-path-id | location
node-id] [detail]
Example:
RP/0/RSP0/CPU0:router# show cdp neighbors
PurposeCommand or Action
Displays information about a specific neighboring
device or all neighboring devices discovered using
CDP.
Displays information about the interfaces on which
CDP is enabled.
Displays detailed information about neighboring
devices discovered using CDP.
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
61
Page 72
Monitoring CDP
Implementing CDP
PurposeCommand or Action
Step 4
show cdp traffic [location node-id]
Example:
RP/0/RSP0/CPU0:router# show cdp traffic
Examples
Displays information about the traffic gathered between
devices using CDP.
The following is sample output for the show cdp neighbors command:
RP/0/RP0/CPU0:router# show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
router1 Mg0/0/CPU0/0 177 T S WS-C2924M Fa0/12
router2 PO0/4/0/0 157 R 12008/GRP PO0/4/0/1
The following is sample output for the show cdp neighbors command. In this example, the optional type
instance arguments are used in conjunction with the detail optional keyword to display detailed information
about a CDP neighbor. The output includes information on both IPv4 and IPv6 addresses.
RP/0/RP0/CPU0:router# show cdp neighbors POS 0/4/0/0 detail
------------------------Device ID: uut-user
SysName : uut-user
Entry address(es):
IPv4 address: 1.1.1.1
IPv6 address: 1::1
IPv6 address: 2::2
Platform: cisco 12008/GRP, Capabilities: Router
Interface: POS0/4/0/3
Port ID (outgoing port): POS0/2/0/3
Holdtime : 177 sec
Version :
Cisco IOS XR Software, Version 0.0.0[Default]
Copyright (c) 2005 by cisco Systems, Inc.
advertisement version: 2
The following is sample output for the show cdp entry command. In this example, the optional entry
argument is used to display entry information related to a specific CDP neighbor.
RP/0/RP0/CPU0:router# show cdp entry router2
advertisement version: 2
------------------------Device ID: router2
SysName : router2
Entry address(es):
Platform: cisco 12008/GRP, Capabilities: Router
Interface: POS0/4/0/0
Port ID (outgoing port): POS0/4/0/1
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
62
Page 73
Implementing CDP
Configuration Examples for Implementing CDP
Holdtime : 145 sec
Version :
Cisco IOS XR Software, Version 0.48.0[Default]
Copyright (c) 2004 by cisco Systems, Inc.
advertisement version: 2
The following is sample output for the show cdp interface command. In this example, CDP information
related to Packet over SONET/SDH (POS) interface 0/4/0/0 is displayed.
RP/0/RP0/CPU0:router# show cdp interface pos 0/4/0/0
POS0/4/0/0 is Up
Encapsulation HDLC
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
The following is sample output for the show cdp traffic command:
RP/0/RP0/CPU0:router# show cdp traffic
CDP counters :
Packets output: 194, Input: 99
Hdr syntax: 0, Chksum error: 0, Encaps failed: 0
No memory: 0, Invalid packet: 0, Truncated: 0
CDP version 1 advertisements output: 0, Input: 0
CDP version 2 advertisements output: 194, Input: 99
Unrecognize Hdr version: 0, File open failed: 0
The following is sample output for the show cdp traffic command. In this example, the optional location
keyword and node-id argument are used to display information about the traffic gathered between devices
using CDP from the specified node.
RP/0/RP0/CPU0:router# show cdp traffic location 0/4/cpu0
CDP counters :
Packets output: 16, Input: 13
Hdr syntax: 0, Chksum error: 0, Encaps failed: 0
No memory: 0, Invalid packet: 0, Truncated: 0
CDP version 1 advertisements output: 0, Input: 0
CDP version 2 advertisements output: 16, Input: 13
Unrecognize Hdr version: 0, File open failed: 0
Configuration Examples for Implementing CDP
Enabling CDP: Example
The following example shows how to configure CDP globally and then enable CDP on Packet over
SONET/SDH (POS) interface 0/3/0/0:
cdp
interface POS0/3/0/0
cdp
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
63
Page 74
Additional References
Implementing CDP
Modifying Global CDP Settings: Example
The following example shows how to modify global CDP settings. In this example, the timer setting is set to
20 seconds, the hold-time setting is set to 30 seconds, and the version of CDP used to communicate with
neighboring devices is set to CDPv1:
cdp timer 20
cdp holdtime 30
cdp advertise v1
The following example shows how to use the show cdp command to verify the CDP global settings:
RP/0/RP0/CPU0:router# show cdp
Global CDP information:
Sending CDP packets every 20 seconds
Sending a holdtime value of 30 seconds
Sending CDPv2 advertisements is not enabled
Additional References
The following sections provide references related to implementing CDP on Cisco IOS XR software.
Related Documents
Cisco IOS XR CDP commands
Cisco IOS XR commands
Getting started with Cisco IOS XR Software
Information about user groups and task IDs
Document TitleRelated Topic
CDP Commands on Cisco IOS XR Software module
of System Management Command Reference for
Cisco NCS 5000 Series Routers
Configuring AAA Services on Cisco IOS XR Software
module of System Security Configuration Guide for
Cisco NCS 5000 Series Routers
Standards
TitleStandards
No new or modified standards are supported by this
—
feature, and support for existing standards has not
been modified by this feature.
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
64
Page 75
Implementing CDP
Additional References
MIBs
MIBs LinkMIBs
—
RFCs
No new or modified RFCs are supported by this
feature, and support for existing RFCs has not been
modified by this feature.
Technical Assistance
The Cisco Technical Support website contains
thousands of pages of searchable technical content,
including links to products, technologies, solutions,
technical tips, and tools. Registered Cisco.com users
can log in from this page to access even more content.
To locate and download MIBs using Cisco IOS XR
software, use the Cisco MIB Locator found at the
following URL and choose a platform under the
Cisco Access Products menu: http://cisco.com/public/
sw-center/netmgmt/cmtk/mibs.shtml
TitleRFCs
—
LinkDescription
http://www.cisco.com/cisco/web/support/index.html
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
65
Page 76
Additional References
Implementing CDP
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
66
Page 77
CHAPTER 7
Configuring Periodic MIB Data Collection and Transfer
This document describes how to periodically transfer selected MIB data from your router to a specified
Network Management System (NMS). The periodic MIB data collection and transfer feature is also known
as bulk statistics.
Prerequisites for Periodic MIB Data Collection and Transfer, page 67
•
Information About Periodic MIB Data Collection and Transfer, page 67
•
How to Configure Periodic MIB Data Collection and Transfer, page 69
•
Periodic MIB Data Collection and Transfer: Example, page 74
•
Prerequisites for Periodic MIB Data Collection and Transfer
To use periodic MIB data collection and transfer, you should be familiar with the Simple Network Management
Protocol (SNMP) model of management information. You should also know what MIB information you want
to monitor on your network devices, and the OIDs or object names for the MIB objects to be monitored.
Information About Periodic MIB Data Collection and Transfer
SNMP Objects and Instances
A type (or class) of SNMP management information is called an object. A specific instance from a type of
management information is called an object instance (or SNMP variable). To configure a bulk statistics
collection, you must specify the object types to be monitored using a bulk statistics object list and the specific
instances of those objects to be collected using a bulk statistics schema.
MIBs, MIB tables, MIB objects, and object indices can all be specified using a series of numbers called an
object identifier (OID). OIDs are used in configuring a bulk statistics collection in both the bulk statistics
object lists (for general objects) and in the bulk statistics schemas (for specific object instances).
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
67
Page 78
Bulk Statistics Object Lists
Bulk Statistics Object Lists
To group the MIB objects to be polled, you need to create one or more object lists. A bulk statistics object
list is a user-specified set of MIB objects that share the same MIB index. Object lists are identified using a
name that you specify. Named bulk statistics object lists allow the same configuration to be reused in different
bulk statistics schemas.
All the objects in an object list must share the same MIB index. However, the objects do not need to be in the
same MIB and do not need to belong to the same MIB table. For example, it is possible to group ifInOctets
and a CISCO-IF-EXTENSION-MIB object in the same schema, because the containing tables for both objects
are indexed by the ifIndex.
Bulk Statistics Schemas
Data selection for the Periodic MIB Data Collection and Transfer Mechanism requires the definition of a
schema with the following information:
Configuring Periodic MIB Data Collection and Transfer
Name of an object list.
•
Instance (specific instance or series of instances defined using a wild card) that needs to be retrieved for
•
objects in the specified object list.
How often the specified instances need to be sampled (polling interval). The default polling interval is
•
5 minutes.
A bulk statistics schema is also identified using a name that you specify. This name is used when configuring
the transfer options.
Bulk Statistics Transfer Options
After configuring the data to be collected, a single virtual file (VFile or bulk statistics file) with all collected
data is created. This file can be transferred to a network management station using FTP or TFTP. You can
specify how often this file should be transferred. The default transfer interval is once every 30 minutes. You
can also configure a secondary destination for the file to be used if, for whatever reason, the file cannot be
transferred to the primary network management station.
The value of the transfer interval is also the collection period (collection interval) for the local bulk statistics
file. After the collection period ends, the bulk statistics file is frozen, and a new local bulk statistics file is
created for storing data. The frozen bulk statistics file is then transferred to the specified destination.
By default, the local bulk statistics file is deleted after successful transfer to an network management station.
Benefits of Periodic MIB Data Collection and Transfer
Periodic MIB data collection and transfer (bulk statistics feature) allows many of the same functions as the
bulk file MIB (CISCO-BULK-FILE-MIB.my), but offers some key advantages. The main advantage is that
this feature can be configured through the CLI and does not require an external monitoring application.
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
68
Page 79
Configuring Periodic MIB Data Collection and Transfer
How to Configure Periodic MIB Data Collection and Transfer
Periodic MIB data collection and transfer is mainly targeted for medium to high-end platforms that have
sufficient local storage (volatile or permanent) to store bulk statistics files. Locally storing bulk statistics files
helps minimize loss of data during temporary network outages.
This feature also has more powerful data selection features than the bulk file MIB; it allows grouping of MIB
objects from different tables into data groups (object lists). It also incorporates a more flexible instance selection
mechanism, where the application is not restricted to fetching an entire MIB table.
How to Configure Periodic MIB Data Collection and Transfer
Configuring a Bulk Statistics Object List
The first step in configuring the Periodic MIB Data Collection and Transfer Mechanism is to configure one
or more object lists.
SUMMARY STEPS
DETAILED STEPS
Step 1
Step 2
Step 3
configure
snmp-server mib bulkstat object-list list-name
Example:
snmp-server mib bulkstat object-list ifMib
add {oid | object-name}
Example:
RP/0/RP0/CPU0:router(config-bulk-objects)#
add 1.3.6.1.2.1.2.2.1.11
RP/0/RP0/CPU0:router(config-bulk-objects)#
add ifAdminStatus
RP/0/RP0/CPU0:router(config-bulk-objects)#
add ifDescr
configure
1.
snmp-server mib bulkstat object-list list-name
2.
add {oid | object-name}
3.
commit
4.
PurposeCommand or Action
Defines an SNMP bulk statistics object list and enters bulk statistics
object list configuration mode.
Adds a MIB object to the bulk statistics object list. Repeat as desired
until all objects to be monitored in this list are added.
Note
All the objects in a bulk statistics object list have to be
indexed by the same MIB index. However, the objects in
the object list do not need to belong to the same MIB or
MIB table.
When specifying an object name instead of an OID (using
the add command), only object names with mappings
shown in the show snmp mib object command output can
be used.
Step 4
commit
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
69
Page 80
Configuring a Bulk Statistics Schema
Configuring a Bulk Statistics Schema
The second step in configuring periodic MIB data collection and transfer is to configure one or more schemas.
Before You Begin
The bulk statistics object list to be used in the schema must be defined.
SUMMARY STEPS
configure
1.
snmp-server mib bulkstat schema schema-name
2.
object-list list-name
3.
Do one of the following:
4.
instance exact {interface interface-id [sub-if] | oid oid}
•
instance wild {interface interface-id [sub-if] | oid oid}
•
Configuring Periodic MIB Data Collection and Transfer
DETAILED STEPS
Step 1
Step 2
Step 3
configure
snmp-server mib bulkstat schema schema-name
Example:
RP/0/RP0/CPU0:router(config)# snmp-server mib
bulkstat schema intE0
RP/0/RP0/CPU0:router(config-bulk-sc)#
object-list list-name
Example:
RP/0/RP0/CPU0:router(config-bulk-sc)#
object-list
ifMib
Step 4
instance range start oid end oid
•
instance repetition oid max repeat-number
•
poll-interval minutes
5.
commit
6.
PurposeCommand or Action
Names the bulk statistics schema and enters bulk statistics schema
mode.
Specifies the bulk statistics object list to be included in this schema.
Specify only one object list per schema. If multiple object-list
commands are executed, the earlier ones are overwritten by newer
commands.
Specifies the instance information for objects in this schema:Do one of the following:
instance exact {interface interface-id [sub-if]
•
| oid oid}
The instance exact command indicates that the specified
•
instance, when appended to the object list, represents the
complete OID.
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
70
Page 81
Configuring Periodic MIB Data Collection and Transfer
instance wild {interface interface-id [sub-if] |
•
oid oid}
instance range start oid end oid
•
instance repetition oid max repeat-number
•
Example:
RP/0/RP0/CPU0:router(config-bulk-sc)# instance
wild oid 1
or
RP/0/RP0/CPU0:router(config-bulk-sc)# instance
exact interface TenGigE 0/1.25
or
RP/0/RP0/CPU0:router(config-bulk-sc)# instance
range start 1 end 2
or
RP/0/RP0/CPU0:router(config-bulk-sc)# instance
repetition 1 max 4
Step 5
Step 6
poll-interval minutes
Example:
RP/0/RP0/CPU0:router(config-bulk-sc)#
poll-interval 10
commit
Configuring Bulk Statistics Transfer Options
PurposeCommand or Action
The instance wild command indicates that all subindices of
•
the specified OID belong to this schema. The wild keyword
allows you to specify a partial, “wild carded” instance.
The instance range command indicates a range of instances
•
on which to collect data.
The instance repetition command indicates data collection
•
to repeat for a certain number of instances of a MIB object.
Note
Only one instance command can be configured per
schema. If multiple instance commands are executed,
the earlier ones are overwritten by new commands.
Sets how often data should be collected from the object instances
specified in this schema, in minutes. The default is once every 5
minutes. The valid range is from 1 to 20000.
Configuring Bulk Statistics Transfer Options
The final step in configuring periodic MIB data collection and transfer is to configure the transfer options.
The collected MIB data are kept in a local file-like entity called a VFile (virtual file, referred to as a bulk
statistics file in this document). This file can be transferred to a remote network management station at intervals
you specify.
Before You Begin
The bulk statistics object lists and bulk statistics schemas must be defined before configuring the bulk statistics
transfer options.
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
71
Page 82
Configuring Bulk Statistics Transfer Options
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
Configuring Periodic MIB Data Collection and Transfer
configure
snmp-server mib bulkstat transfer-id transfer-id
buffer-size bytes
format {schemaASCII}
schema schema-name
transfer-interval minutes
url primary url
url secondary url
retry number
retain minutes
enable
commit minutes
DETAILED STEPS
Step 1
Step 2
configure
snmp-server mib bulkstat transfer-id
transfer-id
Example:
RP/0/RP0/CPU0:router(config)# snmp-server
mib
bulkstat transfer bulkstat1
Step 3
Step 4
buffer-size bytes
Example:
RP/0/RP0/CPU0:router(config-bulk-tr)#
buffersize 3072
format {schemaASCII}
Example:
RP/0/RP0/CPU0:router(config-bulk-tr)#
format schemaASCII
PurposeCommand or Action
Identifies the transfer configuration with a name (transfer-id argument)
and enters bulk statistics transfer configuration mode.
(Optional) Specifies the maximum size for the bulk statistics data file,
in bytes. The valid range is from 1024 to 2147483647 bytes. The default
buffer size is 2048 bytes.
Note
If the maximum buffer size for a bulk statistics file is reached
before the transfer interval time expires, all additional data
received is deleted. To correct this behavior, you can decrease
the polling frequency, or increase the size of the bulk statistics
buffer.
(Optional) Specifies the format of the bulk statistics data file (VFile).
The default is schemaASCII.
Note
Transfers can only be performed using schemaASCII
(cdcSchemaASCII) format. SchemaASCII is a human-readable
format that contains parser-friendly hints for parsing data values.
Step 5
72
schema schema-name
Specifies the bulk statistics schema to be transferred. Repeat this
command as desired. Multiple schemas can be associated with a single
Example:
transfer configuration; all collected data are placed in a single bulk data
file (VFile).
RP/0/RP0/CPU0:router(config-bulk-tr)#
schema TenGigE 0/5/0/11/1
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
Page 83
Configuring Periodic MIB Data Collection and Transfer
RP/0/RP0/CPU0:router(config-bulk-tr)#
schema TenGigE/0-CAR
RP/0/RP0/CPU0:router(config-bulk-tr)#
schema TenGigE 0/5/0/11/1
Configuring Bulk Statistics Transfer Options
PurposeCommand or Action
Step 6
Step 7
Step 8
Step 9
transfer-interval minutes
Example:
RP/0/RP0/CPU0:router(config-bulk-tr)#
transfer-interval 20
url primary url
Example:
RP/0/RP0/CPU0:router(config-bulk-tr)# url
primary
ftp://user:password@host/folder/bulkstat1
url secondary url
Example:
RP/0/RP0/CPU0:router(config-bulk-tr)# url
secondary
tftp://10.1.0.1/tftpboot/user/bulkstat1
retry number
Example:
RP/0/RP0/CPU0:router(config-bulk-tr)#
retry 1
(Optional) Specifies how often the bulk statistics file are transferred, in
minutes. The default value is once every 30 minutes. The transfer interval
is the same as the collection interval.
Specifies the network management system (host) that the bulk statistics
data file is transferred to, and the protocol to use for transfer. The
destination is specified as a Uniform Resource Locator (URL). FTP or
TFTP can be used for the bulk statistics file transfer.
(Optional) Specifies a backup transfer destination and protocol for use
in the event that transfer to the primary location fails. FTP or TFTP can
be used for the bulk statistics file transfer.
(Optional) Specifies the number of transmission retries. The default value
is 0 (in other words, no retries). If an attempt to send the bulk statistics
file fails, the system can be configured to attempt to send the file again
using this command.
One retry includes an attempt first to the primary destination then, if the
transmission fails, to the secondary location. For example, if the retry
value is 1, an attempt is made first to the primary URL, then to the
secondary URL, then to the primary URL again, then to the secondary
URL again. The valid range is from 0 to 100.
If all retries fail, the next normal transfer occurs after the configured
transfer-interval time.
Step 10
retain minutes
Example:
RP/0/RP0/CPU0:router(config-bulk-tr)#
retain 60
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
(Optional) Specifies how long the bulk statistics file should be kept in
system memory, in minutes, after the completion of the collection interval
and a transmission attempt is made. The default value is 0. Zero (0)
indicates that the file is deleted immediately after the transfer is attempted.
The valid range is from 0 to 20000.
Note
If the retry command is used, you should configure a retain
interval larger than 0. The interval between retries is the retain
interval divided by the retry number. For example, if retain 10
and retry 2 are configured, two retries are attempted once every
5 minutes. Therefore, if retain 0 is configured, no retries are
attempted.
73
Page 84
Periodic MIB Data Collection and Transfer: Example
Configuring Periodic MIB Data Collection and Transfer
PurposeCommand or Action
Step 11
Step 12
enable
Example:
RP/0/RP0/CPU0:router(config-bulk-tr)#
enable
commit minutes
Example:
RP/0/RP0/CPU0:router(config-bulk-tr)#
retain 60
Begins the bulk statistics data collection and transfer process for this
configuration.
For successful execution of this action, at least one schema with
•
non-zero number of objects must be configured.
Periodic collection and file transfer begins only if this command is
•
configured. Conversely, the no enable command stops the collection
process. A subsequent enable starts the operations again.
Each time the collection process is started using the enable
•
command, data is collected into a new bulk statistics file. When
the no enable command is used, the transfer process for any
collected data immediately begins (in other words, the existing bulk
statistics file is transferred to the specified management station).
If the maximum buffer size for a bulk statistics file is reached before the
transfer interval time expires, the transfer operation is still initiated, but
any bulk statistics data received after the file was full, and before it was
transferred, are deleted. To correct this behavior, you can decrease the
polling frequency, or increase the size of the bulk statistics buffer.
If retain 0 is configured, no retries are attempted. This is because the
interval between retries is the retain value divided by the retry value. For
example, if retain 10 and retry 2 are configured, retries are attempted
once every 5 minutes. Therefore, if you configure the retry command,
you should also configure an appropriate value for the retain command.
Periodic MIB Data Collection and Transfer: Example
This example shows how to configure periodic MIB data collection and transfer:
snmp-server mib bulkstat object-list cempo
add cempMemPoolName
add cempMemPoolType
!
snmp-server mib bulkstat schema cempWild
object-list cempo
instance wild oid 8695772
poll-interval 1
!
snmp-server mib bulkstat schema cempRepeat
object-list cempo
instance repetition 8695772.1 max 4294967295
poll-interval 1
!
snmp-server mib bulkstat transfer-id cempt1
enable
url primary tftp://223.255.254.254/auto/tftp-sjc-users3/username/dumpdcm
schema cempWild
schema cempRepeat
transfer-interval 2
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
74
Page 85
Configuring Periodic MIB Data Collection and Transfer
!
This example shows sample bulk statistics file content:
Periodic MIB Data Collection and Transfer: Example
Schema-def cempt1.cempWild "%u, %s, %s, %d" Epochtime instanceoid
cempt1.cempWild: 1339491515, 8695772.1, processor, 2
cempt1.cempWild: 1339491515, 8695772.2, reserved, 11
cempt1.cempWild: 1339491515, 8695772.3, image, 12
cempt1.cempWild: 1339491575, 8695772.1, processor, 2
cempt1.cempWild: 1339491575, 8695772.2, reserved, 11
cempt1.cempWild: 1339491575, 8695772.3, image, 12
Schema-def cempt1.cempRepeat "%u, %s, %s, %d" Epochtime instanceoid
cempt1.cempRepeat: 1339491515, 8695772.1, processor, 2
cempt1.cempRepeat: 1339491515, 8695772.2, reserved, 11
cempt1.cempRepeat: 1339491515, 8695772.3, image, 12
cempt1.cempRepeat: 1339491515, 26932192.1, processor, 2
cempt1.cempRepeat: 1339491515, 26932192.2, reserved, 11
cempt1.cempRepeat: 1339491515, 26932192.3, image, 12
cempt1.cempRepeat: 1339491515, 35271015.1, processor, 2
cempt1.cempRepeat: 1339491515, 35271015.2, reserved, 11
cempt1.cempRepeat: 1339491515, 35271015.3, image, 12
cempt1.cempRepeat: 1339491515, 36631989.1, processor, 2
cempt1.cempRepeat: 1339491515, 36631989.2, reserved, 11
cempt1.cempRepeat: 1339491515, 36631989.3, image, 12
cempt1.cempRepeat: 1339491515, 52690955.1, processor, 2
cempt1.cempRepeat: 1339491515, 52690955.2, reserved, 11
cempt1.cempRepeat: 1339491515, 52690955.3, image, 12
1.3.6.1.4.1.9.9.221.1.1.1.1.3 1.3.6.1.4.1.9.9.221.1.1.1.1.2
1.3.6.1.4.1.9.9.221.1.1.1.1.3 1.3.6.1.4.1.9.9.221.1.1.1.1.2
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
75
Page 86
Periodic MIB Data Collection and Transfer: Example
Configuring Periodic MIB Data Collection and Transfer
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
76
Page 87
Configuring Flexible Command Line Interface
This module describes how to configure and use flexible command line interface (CLI) configuration groups.
Flexible CLI Configuration Groups, page 77
•
Flexible Configuration Restrictions, page 77
•
Configuring a Configuration Group, page 79
•
Verifying the Configuration of Configuration Groups, page 81
•
Regular Expressions in Configuration Groups, page 83
•
Configuration Examples for Flexible CLI Configuration, page 93
•
Flexible CLI Configuration Groups
Flexible command line interface (CLI) configuration groups provide the ability to minimize repetitive
configurations by defining a series of configuration statements in a configuration group, and then applying
this group to multiple hierarchical levels in the router configuration tree.
Flexible CLI configuration groups utilize regular expressions that are checked for a match at multiple submodes
of the configuration tree based on where the group is applied within the hierarchy. If a match is found at a
configuration submode, the corresponding configuration defined in the group is inherited within the matched
submode.
Flexible CLI configuration groups also provide an auto-inheritance feature. Auto-inheritance means that any
change done to a CLI configuration group is automatically applied to the configuration in any matched
submodes that have an apply-group at that hierarchical level. This allows you to make a configuration change
or addition once, and have it applied automatically in multiple locations, depending on where you have applied
the flexible CLI configuration group.
CHAPTER 8
Flexible Configuration Restrictions
Note these restrictions while using flexible configuration groups:
Flexible CLI configuration groups are not supported in administration configurations and corresponding
•
apply-groups are not supported in administration configurations.
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
77
Page 88
Flexible Configuration Restrictions
Use of preconfigured interfaces in configuration groups is not supported.
•
Downgrading from an image that supports configuration groups to an image that does not support them
•
is not supported.
Access lists, quality of service and route policy configurations do not support the use of configuration
•
groups. Configurations such as these are not valid:
group g-not-supported
ipv4 access-list ...
!
ipv6 access-list ...
!
ethernet-service access-list ...
!
class-map ...
!
policy-map ...
!
route-policy ...
!
end-group
You can, however, reference such configurations, as shown in this example:
Configuring Flexible Command Line Interface
group g-reference-ok
router bgp 6500
neighbor 7::7
remote-as 65000
bfd fast-detect
update-source Loopback300
graceful-restart disable
address-family ipv6 unicast
route-policy test1 in
route-policy test2 out
soft-reconfiguration inbound always
!
!
!
interface Bundle-Ether1005
bandwidth 10000000
mtu 9188
service-policy output input_1
load-interval 30
!
end-group
• Some regular expressions are not supported within groups. For example, ‘?’, ‘|’ and ‘$,’ are not supported
within groups. Also some characters such as /d and /w are not supported.
◦ The choice operator “|” to express multiple match expressions within a regular expression is not
supported. For example, these expressions are not supported:
Gig.*|Gig.*\..*—To match on either Gigabit Ethernet main interfaces or Gigabit Ethernet
sub-interfaces.
Gig.*0/0/0/[1-5]|Gig.*0/0/0/[10-20]—To match on either Gig.*0/0/0/[1-5] or
Gig.*0/0/0/[10-20].
'TenGigE.*|HundredGigE.*—To match on either TenGigE.* or HundredGigE.* .
Commands that require a node identifier for the location keyword are not supported. For example, this
•
configuration is not supported:
lpts pifib hardware police location 0/RP0/CPU0
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
78
Page 89
Configuring Flexible Command Line Interface
Overlapping regular expressions within a configuration group for the same configuration are not supported.
•
For example:
group G-INTERFACE
interface 'gig.*a.*'
mtu 1500
!
interface 'gig.*e.* '
mtu 2000
!
end-group
interface gigabitethernet0/0/0/* ---- where * is 0 to 79 or 0 to 39
apply-group G-INTERFACE
This configuration is not permitted because it cannot be determined whether the interface
GigabitEthernet0/0/0/* configuration inherits mtu 1500 or mtu 2000. Both expressions in the
configuration group match GigabitEthernet0/0/0/*.
Up to eight configuration groups are permitted on one apply-group command.
•
Configuring a Configuration Group
Configuring a Configuration Group
A configuration group includes a series of configuration statements that can be used in multiple hierarchical
levels in the router configuration tree. By using regular expressions in a configuration group, you can create
generic commands that can be applied in multiple instances.
Use this task to create and use a configuration group.
Flexible CLI configurations are not available through the XML interface.Note
SUMMARY STEPS
configure
1.
group group-name
2.
Enter configuration commands, starting from global configuration mode. Use regular expressions for
3.
interface names and other variable instances.
end-group
4.
apply-group
5.
DETAILED STEPS
Step 1
Step 2
configure
group group-name
Example:
RP/0/RP0/CPU0:router(config)# group g-interf
Specifies a name for a configuration group and enters group configuration mode to define the group.The group-name
argument can have up to 32 characters and cannot contain any special characters.
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
79
Page 90
Simple Configuration Group: Example
Configuring Flexible Command Line Interface
Step 3
Step 4
Step 5
Enter configuration commands, starting from global configuration mode. Use regular expressions for interface names
and other variable instances.
Example:
RP/0/RP0/CPU0:router(config)# group g-interf
RP/0/RP0/CPU0:router(config-GRP)# interface 'GigabitEthernet.*'
RP/0/RP0/CPU0:router(config-GRP-if)# mtu 1500
Specifies the configuration statements that you want included in this configuration group.
For more information regarding the use of regular expressions, see Configuration Group Inheritance with Regular
Expressions: Example, on page 90. This example is applicable to all Gigabit Ethernet interfaces.
end-group
Example:
RP/0/RP0/CPU0:router(config-GRP-if)# end-group
Completes the configuration of a configuration group and exits to global configuration mode.
apply-group
Example:
RP/0/RP0/CPU0:router(config)# interface GigabitEthernet0/2/0/0
RP/0/RP0/CPU0:router(config-if)# apply-group g-interf
Adds the configuration of the configuration group into the router configuration applicable at the location that the group
is applied. Groups can be applied in multiple locations, and their effect depends on the location and context.
The MTU value from the group g-interf is applied to the interface GigabitEthernet0/2/0/0. If this group is applied in
global configuration mode, the MTU value is inherited by all Gigabit Ethernet interfaces that do not have an MTU value
configured.
Simple Configuration Group: Example
This example shows how to use configuration groups to add a global configuration to the system:
RP/0/RP0/CPU0:router(config)# group g-logging
RP/0/RP0/CPU0:router(config-GRP)# logging trap notifications
RP/0/RP0/CPU0:router(config-GRP)# logging console debugging
RP/0/RP0/CPU0:router(config-GRP)# logging monitor debugging
RP/0/RP0/CPU0:router(config-GRP)# logging buffered 10000000
RP/0/RP0/CPU0:router(config-GRP)# end-group
RP/0/RP0/CPU0:router(config)# apply-group g-logging
When this configuration is committed, all commands contained in the g-logging configuration group are
committed.
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
80
Page 91
Configuring Flexible Command Line Interface
Configuration Group Applied to Different Places: Example
Configuration Group Applied to Different Places: Example
Configuration groups can be applied to different places, and their effect depends on the context within which
they are applied. Consider this configuration group:
RP/0/RP0/CPU0:router(config)# group g-interfaces
RP/0/RP0/CPU0:router(config-GRP)# interface 'GigabitEthernet.*'
RP/0/RP0/CPU0:router(config-GRP-if)# mtu 1500
RP/0/RP0/CPU0:router(config-GRP-if)# exit
RP/0/RP0/CPU0:router(config-GRP)# interface 'GigabitEthernet.*'
RP/0/RP0/CPU0:router(config-GRP-if)# mtu 1000
RP/0/RP0/CPU0:router(config-GRP-if)# exit
RP/0/RP0/CPU0:router(config-GRP)# interface 'GigabitEthernet.*'
RP/0/RP0/CPU0:router(config-GRP-if)# mtu 2000
RP/0/RP0/CPU0:router(config-GRP-if)# end-group
This group can be applied to Gigabit Ethernet interface and in each instance the applicable MTU is applied.
For instance, in this example, the Gigabit Ethernet interface is configured to have an MTU of 1000:
RP/0/RP0/CPU0:router(config)# interface GigabitEthernet0/2/0/0
RP/0/RP0/CPU0:router(config-if)# apply-group g-interfaces
RP/0/RP0/CPU0:router(config-if)# ipv4 address 2.2.2.2 255.255.255.0
In this example, the Gigabit Ethernet interface is configured to have an MTU of 1500:
RP/0/RP0/CPU0:router(config)# interface GigabitEthernet0/2/0/0
RP/0/RP0/CPU0:router(config-if)# apply-group g-interfaces
RP/0/RP0/CPU0:router(config-if)# ipv4 address 3.3.3.3 255.255.255.0
The same configuration group is used in both cases, but only the applicable configuration statements are used.
Verifying the Configuration of Configuration Groups
Use this task to verify the router configuration using configuration groups:
SUMMARY STEPS
show running-config group [ group-name ]
1.
show running-config
2.
show running-config inheritance
3.
show running-config interface x/y/z inheritance detail
4.
DETAILED STEPS
PurposeCommand or Action
Step 1
show running-config group [ group-name ]
Example:
RP/0/RP0/CPU0:router# show running-config group
group g-int-ge
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
Displays the contents of a specific or all configured
configuration groups.
81
Page 92
Verifying the Configuration of Configuration Groups
interface 'GigabitEthernet.*'
mtu 1000
negotiation auto
!
end-group
Configuring Flexible Command Line Interface
PurposeCommand or Action
Step 2
Step 3
Step 4
show running-config
Example:
RP/0/RP0/CPU0:router# show running-config
group G-INTERFACE-MTU
interface ‘GigabitEthernet.*’
mtu 1500
!
end-group
interface GigabitEthernet0/4/1/0
apply-group G-INTERFACE-MTU
!
interface GigabitEthernet0/4/1/1
apply-group G-INTERFACE-MTU
mtu 2000
!
show running-config inheritance
Example:
RP/0/RP0/CPU0:router# show running-config inheritance
.
.
group G-INTERFACE-MTU
interface ‘GigabitEthernet.*’
mtu 1500
!
end-group
.
.
interface GigabitEthernet0/4/1/0
## Inherited from group G-INTERFACE-MTU
mtu 1500
!
interface GigabitEthernet0/4/1/1
mtu 2000
!
.
.
show running-config interface x/y/z inheritance detail
Example:
Displays the running configuration. Any applied groups
are displayed. There is no indication as to whether these
configuration groups affect the actual configuration or
not. In this example, although the group
G-INTERFACE-MTU is applied to
GigabitEthernet0/4/1/1, the configured MTU value is
2000 and not 1500. This happens if the command mtu
2000 is configured directly on the interface. An actual
configuration overrides a configuration group
configuration if they are the same.
Displays the inherited configuration where ever a
configuration group has been applied.
Displays the inherited configuration for a specific
configuration command.
RP/0/RP0/CPU0:router# show running-config interface
GigabitEthernet0/4/1/0 inheritance detail
interface GigabitEthernet/4/1/0
## Inherited from group G-INTERFACE-MTU
mtu 1500
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
82
Page 93
Configuring Flexible Command Line Interface
Regular Expressions in Configuration Groups
Regular Expressions in Configuration Groups
Regular expressions are used in configuration groups to make them widely applicable. Portable Operating
System Interface for UNIX (POSIX) 1003.2 regular expressions are supported in the names of configuration
statements. Single quotes must be used to delimit a regular expression.
Not all POSIX regular expressions are supported.Note
Regular Expressions for Interface Identifiers
Configuration groups do not accept exact interface identifiers. You must use a regular expression to identify
a group of interfaces that are applicable to the configuration group. The regular expression ‘.*’ is not allowed.
You must begin the regular expression for an interface identifier with an unambiguous word, followed by the
regular expression. For example, to configure Gigabit Ethernet interfaces, use the regular expression
'GigabitEthernet.*'.
To display a list of available interface types for your router configuration, enter interface ? at the configuration
group prompt:
Note
RP/0/RP0/CPU0:router(config-GRP)# interface ?
ATM 'RegExp': ATM Network Interface(s)
BVI 'RegExp': Bridge-Group Virtual Interface
Bundle-Ether 'RegExp': Aggregated Ethernet interface(s)
GigabitEthernet 'RegExp': GigabitEthernet/IEEE 802.3 interface(s)
IMA 'RegExp': ATM Network Interface(s)
Loopback 'RegExp': Loopback interface(s)
MgmtEth 'RegExp': Ethernet/IEEE 802.3 interface(s)
Multilink 'RegExp': Multilink network interface(s)
Null 'RegExp': Null interface
PW-Ether 'RegExp': PWHE Ethernet Interface
PW-IW 'RegExp': PWHE VC11 IP Interworking Interface
Serial 'RegExp': Serial network interface(s)
tunnel-ip 'RegExp': GRE/IPinIP Tunnel Interface(s)
tunnel-mte 'RegExp': MPLS Traffic Engineering P2MP Tunnel interface(s)
tunnel-te 'RegExp': MPLS Traffic Engineering Tunnel interface(s)
tunnel-tp 'RegExp': MPLS Transport Protocol Tunnel interface
Although you are required to enter only enough characters for the interface type to be unique, it is
recommended that you enter the entire phrase. All interface types used in regular expressions are
case-sensitive.
To specify a subinterface, prefix the expression with the characters \. (backslash period). For example, use
interface 'GigabitEthernet.*\..*' to configure all Gigabit Ethernet subinterfaces.
You can specify Layer 2 transport interfaces or point-to-point interfaces as shown in these examples:
group g-l2t
interface 'Gi.*\..*' l2transport
.
.
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
83
Page 94
Regular Expressions in Configuration Groups
end-group
group g-ptp
interface 'Gi.*\..*' point-to-point
.
.
end-group
Regular Expressions for an OSPF Configuration
Exact router process names and OSPF areas cannot be used. You must use a regular expression to specify a
process name or group of OSPF areas. To specify that the OSFP area can be either a scalar value or an IP
address, use the regular expression ‘.*’, as in this example:
group g-ospf
router ospf '.*'
area '.*'
mtu-ignore enable
!
!
end-group
To specify that the OSPF area must be an IP address, use the expression '\.' as in this example:
Configuring Flexible Command Line Interface
group g-ospf-ipaddress
router ospf '.*\..*\..*\..*'
area '.*'
passive enable
!
!
end-group
To specify that the OSPF area must be a scalar value, use the expression '1.*', as in this example:
group g-ospf-match-number
router ospf '.*'
area '1.*'
passive enable
!
!
end-group
Regular Expressions for a BGP AS
Exact BGP AS values cannot be used in configuration groups. Use a regular expression to specify either AS
plain format, or AS dot format as in the format X.Y. To match AS plain format instances, use a simple regular
expression. To match AS dot format instances, use two regular expressions separated by a dot, as shown in
this example:
group g-bgp
router bgp '*'.'*'
address-family ipv4 unicast
!
!
end-group
Regular Expressions for ANCP
Exact Access Node Control Protocol (ANCP) sender-name identifiers cannot be used in configuration groups.
Because the sender name argument can be either an IP address or a MAC address, you must specify in the
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
84
Page 95
Configuring Flexible Command Line Interface
regular expression which one is being used. Specify an IP address as '.*\..*\..*\..*'; specify a MAC
address as '.*\..*\..*'.
Resolving to a Uniform Type
Regular expressions must resolve to a uniform type. This is an example of an illegal regular expression:
group g-invalid
interface ‘.*’
bundle port-priority 10
!
interface ‘.*Ethernet.*’
bundle port-priority 10
!
end-group
In this example, the bundle command is supported for interface type GigabitEthernet but not for interface
type ‘FastEthernet’. The regular expressions ‘.*’ and ‘.*Ethernet.*’ match both GigabitEthernet and FastEthernet
types. Because the bundle command is not applicable to both these interface types, they do not resolve to a
uniform type and therefore the system does not allow this configuration.
Regular Expressions in Configuration Groups
Note
Note
If the system cannot determine from the regular expression what the configuration should be, the expression
is not considered valid.
The regular expression ‘.*’ is not allowed when referring to an interface identifier. You must begin the
regular expression for an interface identifier with an unambiguous word, followed by the regular expression.
Refer to Regular Expressions for Interface Identifiers in this section for more information.
Overlapping Regular Expressions
Regular expressions are used in names of configuration statements within a configuration group. This permits
inheritance by the configuration when applied to matching names. Single quotes are used to delimit the regular
expression. Overlapping regular expression within a configuration group for the same configuration is permitted.
The example, given below, illustrates the process of creating and applying multiple configuration groups:
RP/0//CPU0:router(config)#group FB_flexi_snmp
RP/0//CPU0:router(config-GRP)# snmp-server vrf '.*'
RP/0//CPU0:router(config-GRP-snmp-vrf)# host 1.1.1.1 traps version 2c group_1
RP/0//CPU0:router(config-GRP-snmp-vrf)# host 1.1.1.1 informs version 2c group_1
RP/0//CPU0:router(config-GRP-snmp-vrf)# context group_1
RP/0//CPU0:router(config-GRP-snmp-vrf)#
RP/0//CPU0:router(config-GRP-snmp-vrf)#commit
RP/0//CPU0:router(config-GRP-snmp-vrf)#root
RP/0//CPU0:router(config)#
RP/0//CPU0:router(config)#snmp-server vrf vrf1
RP/0//CPU0:router(config-snmp-vrf)#snmp-server vrf vrf10
RP/0//CPU0:router(config-snmp-vrf)#!
RP/0//CPU0:router(config-snmp-vrf)#snmp-server vrf vrf100
RP/0//CPU0:router(config-snmp-vrf)#
RP/0//CPU0:router(config-snmp-vrf)#commit
RP/0//CPU0:router(config-snmp-vrf)#root
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
85
Page 96
Regular Expressions in Configuration Groups
RP/0//CPU0:router(config)#
RP/0//CPU0:router(config)#apply-group FB_flexi_snmp
RP/0//CPU0:router(config)#do sh running-config group
group FB_flexi_snmp
snmp-server vrf '.*'
host 1.1.1.1 traps version 2c group_1
host 1.1.1.1 informs version 2c group_1
context group_1
!
end-group
apply-group FB_flexi_snmp
snmp-server vrf vrf1
!
snmp-server vrf vrf10
!
snmp-server vrf vrf100
!
RP/0/0/CPU0:ios#show running-config inheritance detail
group FB_flexi_snmp
snmp-server vrf '.*'
host 1.1.1.1 traps version 2c group_1
host 1.1.1.1 informs version 2c group_1
context group_1
!
end-group
snmp-server vrf vrf1
## Inherited from group FB_flexi_snmp
host 1.1.1.1 traps version 2c group_1
## Inherited from group FB_flexi_snmp
host 1.1.1.1 informs version 2c group_1
## Inherited from group FB_flexi_snmp
context group_1
!
snmp-server vrf vrf10
## Inherited from group FB_flexi_snmp
host 1.1.1.1 traps version 2c group_1
## Inherited from group FB_flexi_snmp
host 1.1.1.1 informs version 2c group_1
## Inherited from group FB_flexi_snmp
context group_1
!
snmp-server vrf vrf100
## Inherited from group FB_flexi_snmp
host 1.1.1.1 traps version 2c group_1
## Inherited from group FB_flexi_snmp
host 1.1.1.1 informs version 2c group_1
## Inherited from group FB_flexi_snmp
context group_1
Configuring Flexible Command Line Interface
The example given below demonstrates the regular expression. In this example snmp-server vrf '.*’ and
snmp-server vrf '[\w]+ are two different regular expressions.
group FB_flexi_snmp
snmp-server vrf '.*’
host 1.1.1.1 traps version 2c group_1
host 1.1.1.1 informs version 2c group_1
context group_1
!
snmp-server vrf '[\w]+’
host 2.2.2.2 traps version 2c group_2
host 2.2.2.2 informs version 2c group_2
context group_2
!
end-group
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
86
Page 97
Configuring Flexible Command Line Interface
This individual regular expression gets combined to all the three expressions - snmp-server vrf vrf1,
snmp-server vrf vrf10 and snmp-server vrf vrf100 as given below.
apply-group FB_flexi_snmp
snmp-server vrf vrf1
!
snmp-server vrf vrf10
!
snmp-server vrf vrf100
!
In a configuration group, there can be instances of regular expressions overlap. In such cases, the regular
expression with the highest priority is activated and inherited, when applied. It has that regular expression,
which comes first in the lexicographic order that has the highest priority.
The following example shows how to use overlapping regular expressions and how the expression with higher
priority is applied:
group FB_flexi_snmp
snmp-server vrf '.*’
Regular Expressions in Configuration Groups
host 1.1.1.1 traps version 2c group_1
host 1.1.1.1 informs version 2c group_1
context group_1
!
snmp-server vrf '[\w]+’
host 2.2.2.2 traps version 2c group_2
host 2.2.2.2 informs version 2c group_2
context group_2
!
end-group
The expression shown below has the highest priority:
group FB_flexi_snmp
snmp-server vrf '.*’
host 1.1.1.1 traps version 2c group_1
host 1.1.1.1 informs version 2c group_1
context group_1
The examples given above, show two different regular expression snmp-server vrf '.*’ and snmp-server
vrf '[\w]+'.
The expression below, shows how these two expressions get merged together:
apply-group FB_flexi_snmp
snmp-server vrf vrf1
!
snmp-server vrf vrf10
!
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
87
Page 98
Regular Expressions in Configuration Groups
snmp-server vrf vrf100
!
Any change in a regular expression with lower priority will not affect the inheritance.
Any changes made to an existing regular expression, which is of less (non-top) priority, it will not have any
effect on the inheritance.
snmp-server vrf '[\w]+’
host 2.2.2.2 traps version 2c group_2
host 2.2.2.2 informs version 2c group_2
context group_2
The expression with the higher priority gets inherited, as shown below:
group FB_flexi_snmp
snmp-server vrf '.*’
host 1.1.1.1 traps version 2c group_1
host 1.1.1.1 informs version 2c group_1
context group_1
Configuring Flexible Command Line Interface
Apply Groups Priority Inheritance
Priority governs inheritance.
Apply groups priority inheritance helps flexible configuration groups to handle common configuration
statements between groups. When multiple configuration groups have common configuration statements, the
inheritance priority is such that the configuration statements present in inner groups have precedence over
those configuration statements present in outer groups. In case of tiebreakers, the priority is assigned in
accordance to the lexicographical order of regular expressions. User defined order of commands are not
accepted.
For example, a configuration statement in configuration group ONE has precedence over another group. A
configuration statement in configuration group SEVEN is used only if it does not exist in any other group.
Within a configuration group, inheritance priority is the longest match.
apply-group SIX SEVEN
router ospf 0
apply-group FOUR FIVE
area 0
apply-group THREE
interface GigabitEthernet 0/0/0/0
apply-group ONE TWO
!
!
!
The above example shows two scenarios. The inner most group (apply-group ONE TWO) has the highest
priority.
Case 1
The first scenario shows which group gets the priority. The example states which group is applied between
different configuration groups (different groups with nothing in common). While applying group one (ONE
TWO), all the seven groups matches the interface interface GigabitEthernet 0/0/0/0- is applied.
Case 2
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
88
Page 99
Configuring Flexible Command Line Interface
Configuration Examples Using Regular Expressions
Here, when all have the same (common) configuration, group one will be active. That is apply-group ONE
TWO is active. If group ONE is deleted, then group TWO will be active.
Configuration Examples Using Regular Expressions
Configuration Group with Regular Expression: Example
This example shows the definition of a configuration group for configuring Gigabit Ethernet interfaces with
ISIS routing parameters, using regular expressions for the exact interface:
RP/0/RP0/CPU0:router(config)# group g-isis-gige
RP/0/RP0/CPU0:router(config-GRP)# router isis '.*'
RP/0/RP0/CPU0:router(config-GRP-isis)# interface 'GigabitEthernet.*'
RP/0/RP0/CPU0:router(config-GRP-isis-if)# lsp-interval 20
RP/0/RP0/CPU0:router(config-GRP-isis-if)# hello-interval 40
RP/0/RP0/CPU0:router(config-GRP-isis-if)# address-family ipv4 unicast
RP/0/RP0/CPU0:router(config-GRP-isis-if-af)# metric 10
RP/0/RP0/CPU0:router(config-GRP-isis-if-af)# end-group
RP/0/RP0/CPU0:router(config)#
To illustrate the use of this configuration group, assume that you want to configure these Gigabit Ethernet
interfaces with the ISIS routing parameters:
router isis green
interface GigabitEthernet0/0/0/0
lsp-interval 20
hello-interval 40
address-family ipv4 unicast
metric 10
!
!
interface GigabitEthernet0/0/0/1
lsp-interval 20
hello-interval 40
address-family ipv4 unicast
metric 10
!
!
interface GigabitEthernet0/0/0/2
lsp-interval 20
hello-interval 40
address-family ipv4 unicast
metric 10
!
!
interface GigabitEthernet0/0/0/3
lsp-interval 20
hello-interval 40
address-family ipv4 unicast
metric 10
!
!
!
There are three possible ways to use the configuration group to configure these interfaces. The first is by
applying the group within the interface configuration, as shown here:
router isis green
interface GigabitEthernet0/0/0/0
apply-group g-isis-gige
!
!
interface GigabitEthernet0/0/0/1
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
89
Page 100
Configuration Examples Using Regular Expressions
apply-group g-isis-gige
!
!
interface GigabitEthernet0/0/0/2
apply-group g-isis-gige
!
!
interface GigabitEthernet0/0/0/3
apply-group g-isis-gige
!
!
In this situation, only the interfaces to which you apply the configuration group inherit the configuration.
The second way to configure these interfaces using the configuration group is to apply the configuration group
within the router isis configuration, as shown here:
router isis green
apply-group g-isis-gige
interface GigabitEthernet0/0/0/0
!
interface GigabitEthernet0/0/0/1
!
interface GigabitEthernet0/0/0/2
!
interface GigabitEthernet0/0/0/3
!
!
Configuring Flexible Command Line Interface
In this way, any other Gigabit Ethernet interfaces that you configure in the ISIS green configuration also
inherit these configurations.
The third way to configure these interfaces using the configuration group is to apply the group at the global
level as shown here:
apply-group g-isis-gige
router isis green
interface GigabitEthernet0/0/0/0
!
interface GigabitEthernet0/0/0/1
!
interface GigabitEthernet0/0/0/2
!
interface GigabitEthernet0/0/0/3
!
!
In this example, the configuration of the group is applied to all Gigabit Ethernet interfaces configured for
ISIS.
Configuration Group Inheritance with Regular Expressions: Example
Local Configuration Has Precedence Over Configuration Group
An explicit configuration takes precedence over a configuration applied from a configuration group. For
example, assume that this configuration is running on the router:
router ospf 100
packet-size 1000
!
You configure this configuration group, apply it, and commit it to the configuration.
RP/0/RP0/CPU0:router(config)# group g-ospf
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
90
Loading...