How it Works
Cisco
Loading...
NCS 6000 Series
Configuration Manual
498 pgs6.69 Mb0
Configuration Manual
116 pgs2.94 Mb0
Table of contents
Loading...

Cisco NCS 6000 Series Configuration Manual

Download
Page 1

System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x

First Published: 2013-09-01
Last Modified: 2014-01-01
Americas Headquarters
Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883
Page 2
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright©1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULARPURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http://
www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1110R)
©
2014 Cisco Systems, Inc. All rights reserved.
Page 3

CONTENTS

Preface
CHAPTER 1
Preface ix
Changes to this Document ix
Obtaining Documentation and Submitting a Service Request ix
Upgrading FPD 1
FPD 1
Prerequisites for FPD Image Upgrades 2
Overview of FPD Image Upgrade Support 2
Automatic FPD Upgrade 2
FPD upgrade service 2
Determining Upgrade Requirement 3
Automatic FPD upgrade 3
Manual FPD upgrade 3
FPD upgrade 4
Additional References 5
CHAPTER 2
Process Placement 7
Prerequisites for Configuring Cisco IOS XR Process Placement 7
Information About Cisco IOS XR Process Placement 8
What Is a Process? 8
What Is Process Placement? 8
Default Placement Policy 8
Reasons to Change the Default Process Placement 9
Reoptimizing Process Placements 9
Reconfiguring Process Placements 9
Recommended Guidelines for Process Placement 10
Process Placement Based on Memory Consumption 10
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
iii
Page 4
Contents
Changing Process Affinities 10
affinity location set 10
affinity location type 10
affinity program 11
affinity self 11
Hierarchical Placement Policy 11
How to Configure Cisco IOS XR Process Placement 11
Reoptimizing Process Placement 11
Setting Memory Consumption Thresholds 12
Creating a Location Set Affinity 13
Creating a Location Type Affinity 15
Creating a Program Affinity 16
Creating a Self Affinity 18
CHAPTER 3
CHAPTER 4
Configuration Examples for Process Placement 19
Additional References 20
Configuring Manageability 23
Information About XML Manageability 23
How to Configure Manageability 24
Configuring the XML Agent 24
Configuration Examples for Manageability 25
Enabling VRF on an XML Agent: Examples 25
Additional References 25
Implementing NTP 27
Prerequisites for Implementing NTP on Cisco IOS XR Software 27
Information About Implementing NTP 28
How to Implement NTP 29
Configuring Poll-Based Associations 29
Configuring Broadcast-Based NTP Associates 31
Configuring NTP Access Groups 33
Configuring NTP Authentication 35
Disabling NTP Services on a Specific Interface 37
Configuring the Source IP Address for NTP Packets 38
Configuring the System as an Authoritative NTP Server 40
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
iv
Page 5
Contents
Updating the Hardware Clock 41
Verifying the Status of the External Reference Clock 42
Examples 43
Configuration Examples for Implementing NTP 43
Additional References 46
CHAPTER 5
Implementing Physical and Virtual Terminals 49
Prerequisites for Implementing Physical and Virtual Terminals 50
Information About Implementing Physical and Virtual Terminals 50
Line Templates 50
Line Template Configuration Mode 50
Line Template Guidelines 51
Terminal Identification 51
vty Pools 51
How to Implement Physical and Virtual Terminals on Cisco IOS XR Software 52
Modifying Templates 52
Creating and Modifying vty Pools 53
Monitoring Terminals and Terminal Sessions 55
Craft Panel Interface 56
Configuration Examples for Implementing Physical and Virtual Terminals 56
Additional References 58
CHAPTER 6
Implementing SNMP 61
Prerequisites for Implementing SNMP 62
Restrictions for SNMP Use on Cisco IOS XR Software 62
Information About Implementing SNMP 62
SNMP Functional Overview 62
SNMP Manager 62
SNMP Agent 62
MIB 62
SNMP Notifications 63
SNMP Versions 64
Comparison of SNMPv1, v2c, and v3 65
Security Models and Levels for SNMPv1, v2, v3 66
SNMPv3 Benefits 67
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
v
Page 6
Contents
SNMPv3 Costs 68
User-Based Security Model 68
View-Based Access Control Model 68
MIB Views 69
Access Policy 69
IP Precedence and DSCP Support for SNMP 69
How to Implement SNMP on Cisco IOS XR Software 69
Configuring SNMPv3 69
Configuring SNMP Trap Notifications 71
Setting the Contact, Location, and Serial Number of the SNMP Agent 72
Defining the Maximum SNMP Agent Packet Size 73
Changing Notification Operation Values 74
Setting IP Precedence and DSCP Values 75
CHAPTER 7
Configuring MIB Data to be Persistent 76
Configuring LinkUp and LinkDown Traps for a Subset of Interfaces 77
Configuration Examples for Implementing SNMP 79
Configuring SNMPv3: Examples 79
Configuring Trap Notifications: Example 82
Setting an IP Precedence Value for SNMP Traffic: Example 83
Setting an IP DSCP Value for SNMP Traffic: Example 84
Additional References 84
Configuring Periodic MIB Data Collection and Transfer 87
Prerequisites for Periodic MIB Data Collection and Transfer 87
Information About Periodic MIB Data Collection and Transfer 88
SNMP Objects and Instances 88
Bulk Statistics Object Lists 88
Bulk Statistics Schemas 88
Bulk Statistics Transfer Options 88
Benefits of Periodic MIB Data Collection and Transfer 89
How to Configure Periodic MIB Data Collection and Transfer 89
Configuring a Bulk Statistics Object List 89
Configuring a Bulk Statistics Schema 90
Configuring Bulk Statistics Transfer Options 92
Monitoring Periodic MIB Data Collection and Transfer 95
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
vi
Page 7
Contents
Periodic MIB Data Collection and Transfer: Example 96
CHAPTER 8
Implementing CDP 97
Prerequisites for Implementing CDP 97
Information About Implementing CDP 98
How to Implement CDP on Cisco IOS XR Software 99
Enabling CDP 99
Modifying CDP Default Settings 100
Monitoring CDP 101
Examples 102
Configuration Examples for Implementing CDP 104
Additional References 104
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
vii
Page 8
Contents
viii
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
Page 9

Preface

This guide describes the System Management configuration details for Cisco IOS XR software. This chapter contains details on the changes made to this document.
Changes to this Document, page ix
Obtaining Documentation and Submitting a Service Request, page ix

Changes to this Document

Table 1: For NCS 6000 Series Router
SummaryDateRevision
Initial release of this document.November 2013OL-30990-01

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information, see What's New in Cisco Product Documentation.
To receive new and revised Cisco technical content directly to your desktop, you can subscribe to the What's
New in Cisco Product Documentation RSS feed. RSS feeds are a free service.
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
ix
Page 10
Obtaining Documentation and Submitting a Service Request
Preface
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
x
Page 11

Upgrading FPD

In general terms, field-programmable devices (FPDs) are hardware devices implemented on router cards that support separate software upgrades. A field-programmable gate array (FPGA) is a type of programmable memory device that exists on most hardware components of the router. The term FPD has been introduced to collectively and generically describe any type of programmable hardware device on FPGAs. Cisco IOS XR software provides the Cisco FPD upgrade feature to manage the upgrade of FPD images .
For complete descriptions of the FPD commands listed in this module, see Related Documents, on page
5. .
Table 2: Feature History for Upgrading FPD Software on Cisco IOS XR Software
ModificationRelease
This feature was introduced.Release 5.0.0
Support for parallel FPD upgrade for power modules.Release 6.4.1
CHAPTER 1
FPD
This module contains the following topics:
FPD, page 1
Prerequisites for FPD Image Upgrades, page 2
Overview of FPD Image Upgrade Support, page 2
FPD upgrade service, page 2
Additional References, page 5
An FPD is a field programmable logic device which contains non-volatile, re-programmable memory to define its internal wiring and functionality. The contents of this non-volatile memory are called the FPD image or FPD firmware. Over the lifespan of an FPD, FPD firmware images may need upgrades for bug fixes or functionality improvements. These upgrades are performed in the field with minimum system impact.
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
1
Page 12

Prerequisites for FPD Image Upgrades

Prerequisites for FPD Image Upgrades
Before upgrading the FPD on your router you must install and activate the fpd.rpm package.
This is for the manual upgrade using the upgrade hw-module FPD command.

Overview of FPD Image Upgrade Support

An FPD image is used to upgrade the software on an FPD.
FPD versions must be compatible with the Cisco IOS XR software that is running on the router; if an incompatibility exists between an FPD version and the Cisco IOS XR software, the device with the FPGA may not operate properly until the incompatibility is resolved.
Related Topics
show hw-module fpd Command Output: Example
Upgrading FPD

Automatic FPD Upgrade

FPD auto-upgrade can be enabled and disabled. When auto FPD is enabled, it automatically updates FPDs when a SMU or image changes, including an updated firmware revision. Use the fpd auto-upgrade command to disable or enable auto-fpd.

FPD upgrade service

The main tasks of the FPD upgrade service are:
FPD image version checking to decide if a specific firmware image needs an upgrade or not.
Automatic FPD Image Upgrade (if enabled).
Manual FPD Image Upgrade using the upgrade hw-module fpd command.
Invoke the appropriate device driver with a name of the new image to load.
An FPD image package is used to upgrade FPD images. The install activate command is used to place the FPD binary files into the expected location on the boot devices.
Supported Upgrade Methods
RemarksMethod
Upgrade using CLI, force upgrade supported.Manual Upgrade
Auto Upgrade
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
2
Upgrade using install SMU activation or during image upgrade. User can enable/disable auto upgrade feature.
Page 13
Upgrading FPD

Determining Upgrade Requirement

Use the show hw-module fpd command to determine if an FPD upgrade is required. Check for NEED UPGD in the Status column.
Use the show fpd package command to find out which FPGAs are supported with your current software release and minimum hardware requirements for each module.

Automatic FPD upgrade

Use the fpd auto-upgrade enable command to enable the auto upgrade feature.
The FPD images are upgraded as part of the install activation of the new image. The FPDs are upgraded before the router is reloaded.
During an FPD auto-upgrade, the installed FPD rpm package includes an FPD image with a new version of software that is different than the version of the image running on the hardware. Once the FPDs have been upgraded, even if the base image is rolled backed to the older version, the FPD will not be downgraded to its previous version.
When a reload package is installed with new FPD images, the FPD images are upgraded before the router gets reloaded. This feature is controlled through an fpd auto-upgrade configuration option. The auto-upgrade feature does not address the following:
Determining Upgrade Requirement
FPD Upgrade during initial boot
FPD Upgrade during new card insertion

Manual FPD upgrade

Manual FPD upgrade is performed using the upgrade hw-module fpd command. All cards or all of FPGA in a card can be upgraded. If reload is required to activate FPD , the upgrade should be complete. All line-cards, fabric cards and RP cards cannot be reloaded during the process of the FPD upgrade.
FPD upgrade is transaction-based:
Each fpd upgrade cli execution is one transaction
Only one transaction is allowed at any given time
One transaction may include one or many FPD upgrade(s)
The force option can be used to forcibly upgrade the FPD (regardless of whether it is required or not). It triggers all FPDs to be upgraded or downgraded. The force option can also be used to downgrade or upgrade the FPGAs even after the version check.
In some cases, FPDs can have primary and backup images.Note
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
3
Page 14

FPD upgrade

FPD upgrade
Upgrading FPD
The key to understanding the FPD output is that nodes can have two firmware versions. One, which is currently running, and a downloaded version, which will become the running version after the next boot. The running version and downloaded version can be the same. There are circumstances where this is not the case, and that would be if a node was recently upgraded, and requires a reboot to load the new updated package. Generally, the downloaded version is the latest version, when compared to the running version. FPD packages that do not require a reload to activate the new firmware version would not see the version skew. Below is a sample output showing version skew on the CCC FPGA. After reload, both running and downloaded versions will be the same. CCC Power-On is in need of an upgrade. To see what version is expected, issue the command show fpd package and find the FPD device for that card type which is in need of upgrade.
show hw-module fpd
FPD Versions
================
Location Card type HWver FPD device Status Running Download
------------------------------------------------------------------------------­0/0 NC6-10X100G-L 0.6 CCC FPGA UPGD DONE 1.13 1.14 0/0 NC6-10X100G-L 0.6 BAO-MB FPGA READY 1.00 1.00 0/0 NC6-10X100G-L 0.6 CCC Power-On NEED UPGD 1.28 1.28 0/0 NC6-10X100G-L 0.6 Ethernet Switch READY 1.32 1.32 0/0 NC6-10X100G-L 0.6 BIOS FPD READY 9.10 9.10 0/0 NC6-10X100G-L 1.0 Slice-0 GN2411 READY 2.07 2.07 0/0 NC6-10X100G-L 1.0 Slice-1 GN2411 READY 2.07 2.07 0/0 NC6-10X100G-L 0.6 BAO-DB FPGA READY 1.00 1.00 0/0 NC6-10X100G-L 1.0 S2 GN2411 READY 2.07 2.07 0/0 NC6-10X100G-L 1.0 S3 GN2411 READY 2.07 2.07 0/0 NC6-10X100G-L 1.0 S4 GN2411 READY 2.07 2.07 show fpd package Mon Oct 7 18:08:21.994 UTC
=============================== ================================================
Field Programmable Device Package
================================================
Req SW Min Req Min Req Card Type FPD Description Reload Ver SW Ver Board Ver =================== ========================== ====== ======= ======== ========= P-L-1xPAT_SFP BAO-MB FPGA NO 0.20 0.20 0.0
CCC FPGA YES 1.14 1.14 0.0 CCC Power-On YES 1.30 1.30 0.0 Ethernet Switch YES 1.32 1.32 0.0 BIOS FPD YES 9.10 9.10 0.0 SB Certificates NO 1.00 1.00 0.0
To upgrade an fpd device, such as the one above, use the upgrade hw-module location 0/0 fpd CCC\ Power-On command or if it is more desirable to upgrade all components that need upgrading at the same
time, use the upgrade hw-module location all fpd all command. Note that this upgrade will require a reload of the node to take effect. Adding the force option will upgrade all FPD devices regardless if they require upgrading or not. This is not recommended.
The command used for upgrade is: upgrade hw-module location location of node fpd fpd device
The show fpd package command displays 4 very critical pieces of information with regard to firmware that is imbedded in the current running XR image. The first column displays whether a reload would be required to make the updated FPD version the running version. The second column shows the version number of firmware residing on the running XR image. The forth and fifth columns show, based on the current running XR image, what the minimum requirements are for both firmware and hardware versions for each programmable device.
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
4
Page 15
Upgrading FPD

Additional References

The following sections provide references related to FPD software upgrade.
Related Documents
Cisco IOS XR command master list
Additional References
Document TitleRelated Topic
Cisco IOS XR FPD upgrade-related commands
Initial system bootup and configuration information for a router using the Cisco IOS XR Software.
Information about user groups and task IDs
Standards
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
MIBs
System Management Command Reference for Cisco NCS 6000 Series Routers
Configuring AAA Services on module of System Security Configuration Guide for Cisco NCS 6000 Series Routers
TitleStandards
MIBs LinkMIBs
There are no applicable MIBs for this module.
RFCs
No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature.
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
To locate and download MIBs for selected platforms using Cisco IOS XR Software, use the Cisco MIB Locator found at the following URL: http://cisco.com/
public/sw-center/netmgmt/cmtk/mibs.shtml
TitleRFCs
5
Page 16
Additional References
Upgrading FPD
Technical Assistance
LinkDescription
The Cisco Technical Support website contains thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.
http://www.cisco.com/cisco/web/support/index.html
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
6
Page 17

Process Placement

This module describes conceptual information and configuration tasks for process placement on your router.
Process Placement on Cisco IOS XR software balances application processes between the available based on memory usage and other criteria. Use the procedures described in this document to reoptimize the placement of processes, or override the default placement policies.
For complete descriptions of the process placement commands listed in this module, see Related Documents,
on page 21. .
Table 3: Feature History for Configuring Cisco IOS XR Process Placement
This module contains the following topics:
CHAPTER 2
ModificationRelease
This feature was introduced.Release 5.0.0
Prerequisites for Configuring Cisco IOS XR Process Placement , page 7
Information About Cisco IOS XR Process Placement, page 8
How to Configure Cisco IOS XR Process Placement, page 11
Configuration Examples for Process Placement, page 19
Additional References, page 20

Prerequisites for Configuring Cisco IOS XR Process Placement

Note
Only processes that are identified in Cisco IOS XR software as placeable can be controlled through process placement configuration. Nonplaceable processes are not affected by placement policy. To learn the processes that are placeable, issue the show placement program all command.
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
7
Page 18

Information About Cisco IOS XR Process Placement

You must be in a user group associated with a task group that includes the proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
Information About Cisco IOS XR Process Placement

What Is a Process?

To achieve high availability and performance, the Cisco IOS XR software is built on a modular system of processes. Each process provides specific functionality for the system and runs in a protected memory space to ensure that problems with one process cannot impact the entire system. Multiple instances of a process can run on a single node, and multiple threads of execution can run on each process instance.
Under normal operating conditions, processes are managed automatically by the Cisco IOS XR software. Processes are started, stopped, or restarted as required by the running configuration of the router. In addition, processes are checkpointed to optimize performance during process restart and automatic switchover.
Process Placement

What Is Process Placement?

Process placement is the assignment of placeable processes to specific locations, such as an installed in the router.
Placeable processes include all routing processes, such as Open Shortest Path First Protocol (OSPF), Border Gateway Protocol (BGP), and multicast routing.

Default Placement Policy

In a new system, processes are distributed according to their affinity values among the available nodes and node pairs in a .
Note
The default process policy that is shipped on the system upon startup is suitable for general purposes. While customizing is possible, there is no requirement to change the process placement. If you believe the a change is required, you should work closely with Cisco personnel to ensure that the impact to your system is contained to just an instance of a process to avoid any undesirable results.
Following is the default placement policy:
Processes have a preference to run on paired nodes (nodes that have an associated standby node).
Processes have a preference to remain on their current node. Therefore, processes do not move
automatically, unless the unpaired node (or both nodes in a node pair) on which they are running fails. If the node fails, and there is no standby node, the processes are restarted on a different node.
When a new node pair is added, the following rules apply:
The currently running processes are not automatically moved to the new cards.
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
8
Page 19
Process Placement

Reasons to Change the Default Process Placement

The general preference is for new processes (such as a new ISIS instance) to start on the new node
pair, which contains the most available CPU and memory resources in the system.
Other affinity settings may override the general preference. For example, if the IS-IS process has
a strong affinity to run on the same node where ipv4_io is running, then IS-IS would be started on that node, and not the new node-pair.
Reasons to Change the Default Process Placement
Although the default process policy that is shipped on the system upon startup is suitable for general purposes, changes to the router configuration can result in the need for processes to be rebalanced among the available CPU and memory resources.
When a system is initially booted, the system assumes that all processes use the same amount of memory, thereby treating each process as equivalent. As the configuration grows, however, the CPU load and memory requirements of some application processes increase. Centralized applications may need a larger portion of the resources.
In addition, when a new is added to a system, only new processes or process instances are added to the node. This could result in some processes with too few resources, while the newer cards are underutilized.
Therefore, as the software configuration changes, or hardware is added, it may become necessary to rebalance processes among the available in .

Reoptimizing Process Placements

The easiest and most reliable method for users to redistribute processes among the available in is with the placement reoptimize command.
During router operation, the actual resource usage of each process is collected and compared to the router configuration and network topology. An ideal configuration for process placement is created and updated in real time.
To implement this ideal process placement configuration, enter the placement reoptimize command in EXEC mode. Before the changes are made, the system displays a summary of the predicted changes. You can either accept the changes or cancel the operation.
See Reoptimizing Process Placement, on page 11 for detailed instructions.

Reconfiguring Process Placements

You can also change the process placement affinities, or preferences, to override the default policies. For example, you may learn that some processes perform better on the primary node pair, or that some processes have better high-availability characteristics when running on a paired node (a node with a standby partner). Other processes might benefit from co-location or by being assigned to nodes far apart from each other.
Note
Consult with your technical support representative before changing the default process placement configuration. Incorrect configurations can cause system error, poor performance or downtime.
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
9
Page 20
Reconfiguring Process Placements
Recommended Guidelines for Process Placement
The following are a few recommended guidelines for changes to the process placement configuration:
Generally, the process placement feature functions well upon system startup; fine tuning is seldom
required.
Use the EXEC mode command placement reoptimize , as described in the Reoptimizing Process
Placements , on page 9 to automatically redistribute the processes among the available .
Keep process placement policy changes to a minimum, and always consult technical support personnel
before implementation.
Process Placement Based on Memory Consumption
You can change process placements based on memory use of processes. Memory use is expressed in terms of the memory footprint of the placeable process. The system attempts to spread the load among the nodes without exceeding their memory capacity. In addition, the system computes the affinity values to determine the best placement.
Cisco IOS XR software assumes that every placeable process uses one megabyte of memory.
For detailed instructions, see Setting Memory Consumption Thresholds, on page 12.
Process Placement
Changing Process Affinities
Process placement can also be controlled by changing the affinities, or preferences, of a process or process group. The following types of process affinities are operator configurable:
affinity location set
affinity location type
affinity program
affinity self
affinity location set
This affinity specifies a preference for a process to run on a specific node pair or set of node pairs. A node pair is either an active and standby pair of nodes [hosted on ], or a single active node on an that does not have a standby.
affinity location type
This affinity specifies a preference for a process to run on a particular location type. Available location types are as follows:
paired— nodes that have an associated standby node
primary—Primary node
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
10
Page 21
Process Placement
affinity program
affinity self

How to Configure Cisco IOS XR Process Placement

current —Current node. A processs affinity to its current node characterizes its preference to remain
on the same node where possible.
You configure the placement policy to allow certain processes to stay where they are (current ) or move by specifying the various affinity values. The higher the positive value of an affinity, the stronger the requirement that the process run at a location, and so on. A low or zero point value indicates a weaker requirement (or no preference) that a process run at a location.
This affinity specifies a preference for a process to run on the same node as another process, or to run on a different node than another process. You would want to use this affinity in the case that certain processes perform better when they are running together on the same node (attract); or on different nodes, apart from each other (repulse).
This affinity adjusts placement decisions when multiple instances of a process are started. An attract (positive) affinity indicates a preference to have all instances of a process run on the same node, while a repulse (negative) affinity indicates a preference to have each instance of a process run on different nodes.
Hierarchical Placement Policy
When you configure placement policies, you must remember that affinities are applied to the software in a hierarchical way.
Affinities applied to process instances take precedence over affinities applied to a process class. In the following example, all OSPF instances have a preference to run on the primary of the , but only OSPF instance 10 has a preference to run on a paired node:
RP/0/RP0/CPU0:router(config)# placement program ospf RP/0/RP0/CPU0:router(config-place)# affinity location-type primary attract 200
RP/0/RP0/CPU0:router(config)# placement program ospf instance 10 RP/0/RP0/CPU0:router(config-place)# affinity location-type paired attract 200
Class affinities take precedence over default process affinities. In the following example, all OSPF instances have a preference to be placed on unpaired nodes. This overrides the default policy for all processes to prefer paired nodes.
RP/0/RP0/CPU0:router(config)# placement program ospf RP/0/RP0/CPU0:router(config-place)# affinity location-type paired repulse 200
How to Configure Cisco IOS XR Process Placement

Reoptimizing Process Placement

This task reoptimizes the placeable processes among the available nodes according to memory and CPU usage.
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
11
Page 22

Setting Memory Consumption Thresholds

SUMMARY STEPS
1.
2.
DETAILED STEPS
placement reoptimize
Use one of the following commands:
yes
no
Process Placement
PurposeCommand or Action
Step 1
placement reoptimize
Example:
RP/0/RP0/CPU0:router# placement reoptimize
Step 2
yes
no
Example:
RP/0/RP0/CPU0:router# yes
Setting Memory Consumption Thresholds
SUMMARY STEPS
show placement policy global
1.
configure
2.
placement memory {maximum | threshold} value
3.
Use one of the following commands:
4.
Displays the predicted changes of the optimization.
Accepts or rejects the changes.Use one of the following commands:
end
commit
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
12
Page 23
Process Placement
DETAILED STEPS

Creating a Location Set Affinity

PurposeCommand or Action
Step 1
Step 2
Step 3
Step 4
Example:
RP/0/RP0/CPU0:router# show placement policy global
configure
placement memory {maximum | threshold}
value
Example:
RP/0/RP0/CPU0:router(config)# placement
memory maximum 80
end
commit
Example:
RP/0/RP0/CPU0:router(config-place)# end
or
RP/0/RP0/CPU0:router(config-place)# commit
Displays the current memory settings.show placement policy global
Use maximum value keyword and argument to set the maximum percentage of memory that can be used on a node (based on the estimated memory usage of the processes).
Use the threshold value keyword and argument to define the memory load level to trigger migration. The system attempts to balance all nodes at or below the threshold memory percentage. In other words, the system does not place a process on a node that has exceeded the threshold value, unless all other nodes have also reached their thresholds (or unless some other large affinity overrides this consideration).
Saves configuration changes.Use one of the following commands:
When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before exiting
(yes/no/cancel)?[cancel]:
Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and returns the router
to EXEC mode without committing the configuration changes.
Creating a Location Set Affinity
This task sets the affinity of a placement program (process) to or from node pairs.
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration changes.
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration session.
13
Page 24
Creating a Location Set Affinity
SUMMARY STEPS
DETAILED STEPS
Process Placement
configure
1.
placement program {program [instance instance] | default}
2.
affinity location-set node-id1 [node-id2] {attract strength | repulse strength | default | none}
3.
Use one of the following commands:
4.
end
commit
show placement location {node-id | all}
5.
show placement program {program | all}
6.
PurposeCommand or Action
Step 1
Step 2
Step 3
Step 4
configure
placement program {program [instance instance] | default}
Example:
RP/0/RP0/CPU0:router(config)# placement program ospf
affinity location-set node-id1 [node-id2] {attract strength | repulse strength | default | none}
Example:
RP/0/RP0/CPU0:router(config-place)# affinity
location-set 0/1/cpu0 0/1/cpu1 attract 200
end
commit
Example:
RP/0/RP0/CPU0:router(config-place)# end
or
RP/0/RP0/CPU0:router(config-place)# commit
Enters placement program configuration mode.
Sets the affinity of a placement program (process) to or from node pairs.
To specify multiple nodes, enter the value of the node-id argument for each node. You can specify up to 5 nodes.
Saves configuration changes.Use one of the following commands:
When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
exiting (yes/no/cancel)?[cancel]:
Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and returns
the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current
configuration session without exiting or committing the configuration changes.
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
14
Page 25
Process Placement

Creating a Location Type Affinity

PurposeCommand or Action
Use the commit command to save the configuration changes
to the running configuration file and remain within the configuration session.
Step 5
Step 6
show placement location {node-id | all}
Example:
RP/0/RP0/CPU0:router# show placement location all
show placement program {program | all}
Example:
RP/0/RP0/CPU0:router# show placement program
ospf
Creating a Location Type Affinity
This task sets affinity of a placement program (process) to or from a location type.
SUMMARY STEPS
configure
1.
placement program {program [instance instance] | default}
2.
affinity location-type {current | paired | primary} {attract strength | repulse strength | default | none}
3.
Use one of the following commands:
4.
Displays the location of a placement process.
Displays the operational state for each placement program.
DETAILED STEPS
Step 1
Step 2
configure
placement program {program [instance instance] | default}
Example:
RP/0/RP0/CPU0:router(config)# placement program bgp
end
commit
show placement location {node-id | all}
5.
show placement program {program | all}
6.
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
PurposeCommand or Action
Enters placement program configuration mode.
15
Page 26

Creating a Program Affinity

Process Placement
PurposeCommand or Action
Step 3
Step 4
affinity location-type {current | paired | primary} {attract strength | repulse strength | default | none}
Example:
RP/0/RP0/CPU0:router(config-place)#
affinity location-type current attract 10
end
commit
Example:
RP/0/RP0/CPU0:router(config-place)# end
or
RP/0/RP0/CPU0:router(config-place)# commit
Sets the affinity of a placement program (process) to or from a location type.
This example shows how to place Border Gateway Protocol
(BGP) in the most optimal location at run time when load balancing is required. BGP will not be tied to a node pair but move when necessary.
Saves configuration changes.Use one of the following commands:
When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before exiting
(yes/no/cancel)?[cancel]:
Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and returns
the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current
configuration session without exiting or committing the configuration changes.
Step 5
Step 6
show placement location {node-id | all}
Example:
RP/0/RP0/CPU0:router# show placement location all
show placement program {program | all}
Example:
RP/0/RP0/CPU0:router# show placement program bgp
Creating a Program Affinity
This task sets the affinity of a placement program (process) to or from another program.
Use the commit command to save the configuration changes
to the running configuration file and remain within the configuration session.
Displays the location of a placement process.
Displays the operational state for each placement program.
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
16
Page 27
Process Placement
SUMMARY STEPS
DETAILED STEPS
configure
1.
placement program {program [instance instance] | default}
2.
affinity program program {attract strength | repulse strength | default | none}
3.
Use one of the following commands:
4.
end
commit
show placement location {node-id | all}
5.
show placement program {program | all}
6.
PurposeCommand or Action
Creating a Program Affinity
Step 1
Step 2
Step 3
Step 4
configure
placement program {program [instance instance] | default}
Example:
RP/0/RP0/CPU0:router(config)# placement
program ipv4_rib
affinity program program {attract strength | repulse strength | default | none}
Example:
RP/0/RP0/CPU0:router(config-place)# affinity
program ipv6_rib repulse 200
end
commit
Example:
RP/0/RP0/CPU0:router(config-place)# end
or
RP/0/RP0/CPU0:router(config-place)# commit
Enters placement program configuration mode.
Sets the affinity of a placement program (process) to or from another program.
This example shows how to keep IPv4 and IPv6 Routing
Information Bases (RIBs) apart.
Saves configuration changes.Use one of the following commands:
When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
exiting (yes/no/cancel)?[cancel]:
Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and returns
the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current
configuration session without exiting or committing the configuration changes.
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
17
Page 28

Creating a Self Affinity

Process Placement
PurposeCommand or Action
Use the commit command to save the configuration changes
to the running configuration file and remain within the configuration session.
Step 5
Step 6
show placement location {node-id | all}
Example:
RP/0/RP0/CPU0:router# show placement location all
show placement program {program | all}
Example:
RP/0/RP0/CPU0:router# show placement program
all
Creating a Self Affinity
This task sets the affinity of a placement program (process) to or from one of its own instances.
SUMMARY STEPS
configure
1.
placement program program {instance instance | default}
2.
affinity self {attract strength| repulse strength | default | none}
3.
Use one of the following commands:
4.
Displays the location of a placement process.
Displays the operational state for each placement program.
DETAILED STEPS
Step 1
Step 2
configure
placement program program {instance instance | default}
Example:
RP/0/RP0/CPU0:router(config)# placement program bgp
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
18
end
commit
show placement location {node-id | all}
5.
show placement program {program | all}
6.
PurposeCommand or Action
Enters placement program configuration mode.
Page 29
Process Placement

Configuration Examples for Process Placement

PurposeCommand or Action
Step 3
Step 4
affinity self {attract strength| repulse strength | default | none}
Example:
RP/0/RP0/CPU0:router(config-place)# affinity
self repulse 200
end
commit
Example:
RP/0/RP0/CPU0:router(config-place)# end
or
RP/0/RP0/CPU0:router(config-place)# commit
Sets the affinity of a placement program (process) to or from one of its own instances.
Saves configuration changes.Use one of the following commands:
When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
exiting (yes/no/cancel)?[cancel]:
Entering yes saves configuration changes to the
running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and returns
the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current
configuration session without exiting or committing the configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the configuration session.
Step 5
Step 6
show placement location {node-id | all}
Example:
RP/0/RP0/CPU0:router# show placement location all
show placement program {program | all}
Example:
RP/0/RP0/CPU0:router# show placement program
bgp
Displays the location of a placement process.
Displays the operational state for each placement program.
Configuration Examples for Process Placement
This section contains examples to view the processes that are placeable in an SDR.
If you believe that a custom reconfiguration of the processes on your system is required, you should work closely with Cisco personnel to ensure that the impact to your system is contained to just an instance of a process to avoid any undesirable results.
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
19
Page 30

Additional References

Process Placement
To learn the processes that are placeable, enter the show placement program all command in EXEC mode.
RP/0/RP0/CPU0:router# show placement program all
Mon Aug 18 17:13:15.155 PST DST
If a program is shown as having 'rejected locations' (i.e., locations on which it cannot be placed), the locations in question can been seen using the "show placement policy program" command.
If a program has been placed but not yet started, the amount of time elapsed since the program was placed is shown in the 'waiting to start' field.
Parentheses around the node indicate that the node has not yet fully booted.
This will be true of standby nodes.
Program Placed at location # rejected Waiting
locations to start
-------------------------------------------------------------------------------­li_mgr 0/RP0/CPU0 (0/RP1/CPU0) rsi_master 0/RP0/CPU0 (0/RP1/CPU0) statsd_manager 0/RP0/CPU0 (0/RP1/CPU0) ipv4_rib 0/RP0/CPU0 (0/RP1/CPU0) ipv6_rib 0/RP0/CPU0 (0/RP1/CPU0) policy_repository 0/RP0/CPU0 (0/RP1/CPU0) ipv4_mpa 0/RP0/CPU0 (0/RP1/CPU0) ipv6_mpa 0/RP0/CPU0 (0/RP1/CPU0) bfd 0/RP0/CPU0 (0/RP1/CPU0) domain_services 0/RP0/CPU0 (0/RP1/CPU0) ftp_fs 0/RP0/CPU0 (0/RP1/CPU0) rcp_fs 0/RP0/CPU0 (0/RP1/CPU0) tftp_fs 0/RP0/CPU0 (0/RP1/CPU0) ipv4_connected 0/RP0/CPU0 (0/RP1/CPU0) ipv4_local 0/RP0/CPU0 (0/RP1/CPU0) ipv4_rump 0/RP0/CPU0 (0/RP1/CPU0) ipv6_connected 0/RP0/CPU0 (0/RP1/CPU0) ipv6_local 0/RP0/CPU0 (0/RP1/CPU0) ipv6_rump 0/RP0/CPU0 (0/RP1/CPU0) atmgcmgr 0/RP0/CPU0 (0/RP1/CPU0) eem_metric_dir 0/RP0/CPU0 (0/RP1/CPU0) l2tp_mgr 0/RP0/CPU0 (0/RP1/CPU0) l2vpn_mgr 0/RP0/CPU0 (0/RP1/CPU0) rt_check_mgr 0/RP0/CPU0 (0/RP1/CPU0) ipv4_static 0/RP0/CPU0 (0/RP1/CPU0) isis instance lab 0/RP0/CPU0 (0/RP1/CPU0) ospf instance 100 0/RP0/CPU0 (0/RP1/CPU0) isis_uv 0/RP0/CPU0 (0/RP1/CPU0) ospf_uv 0/RP0/CPU0 (0/RP1/CPU0) mpls_vpn_mib 0/RP0/CPU0 (0/RP1/CPU0) rsvp 0/RP0/CPU0 (0/RP1/CPU0) mpls_ldp 0/RP0/CPU0 (0/RP1/CPU0) lspv_server 0/RP0/CPU0 (0/RP1/CPU0) ospf instance 0 0/RP0/CPU0 (0/RP1/CPU0) ospfv3 instance 0 0/RP0/CPU0 (0/RP1/CPU0) ospfv3_uv 0/RP0/CPU0 (0/RP1/CPU0)
Additional References
The following sections provide references related to Cisco IOS XR Process Placement.
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
20
Page 31
Process Placement
Additional References
Related Documents
Document TitleRelated Topic
Cisco IOS XR process placement commands
Cisco IOS XR master command index
Getting started with Cisco IOS XR software
Information about user groups and task IDs
Standards
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
Process and Memory Management Commands on Cisco IOS XR software module of System Management Command Reference for Cisco NCS 6000 Series Routers
Configuring AAA Services on Cisco IOS XR software module of System Security Configuration Guide for Cisco NCS 6000 Series Routers
TitleStandards
MIBs
RFCs
No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature.
MIBs LinkMIBs
To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at the following URL and choose a platform under the Cisco Access Products menu: http://cisco.com/public/
sw-center/netmgmt/cmtk/mibs.shtml
TitleRFCs
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
21
Page 32
Additional References
Process Placement
Technical Assistance
LinkDescription
The Cisco Technical Support website contains thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.
http://www.cisco.com/cisco/web/support/index.html
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
22
Page 33

Configuring Manageability

This module describes the configuration required to enable the Extensible Markup Language (XML) agent services. The XML Parser Infrastructure provides parsing and generation of XML documents with Document Object Model (DOM), Simple Application Programming Interface (API) for XML (SAX), and Document Type Definition (DTD) validation capabilities:
DOM allows customers to programmatically create, manipulate, and generate XML documents.
SAX supports user-defined functions for XML tags.
DTD allows for validation of defined document types.
Table 4: Feature History for Configuring Manageability on Cisco IOS XR Software
This feature was introduced.Release 5.0.0
This module contains the following topics:
CHAPTER 3
Information About XML Manageability, page 23
How to Configure Manageability, page 24
Configuration Examples for Manageability, page 25
Additional References, page 25

Information About XML Manageability

The Cisco IOS XR Extensible Markup Language (XML) API provides a programmable interface to the router for use by external management applications. This interface provides a mechanism for router configuration and monitoring utilizing XML formatted request and response streams. The XML interface is built on top of the Management Data API (MDA), which provides a mechanism for Cisco IOS XR components to publish their data models through MDA schema definition files.
Cisco IOS XR software provides the ability to access the router via XML using a dedicated TCP connection, Secure Socket Layer (SSL), or a specific VPN routing and forwarding (VRF) instance.
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
23
Page 34

How to Configure Manageability

How to Configure Manageability

Configuring the XML Agent

SUMMARY STEPS
xml agent [ssl]
1.
iteration on size iteration-size
2.
session timeout timeout
3.
throttle {memory size | process-rate tags}
4.
vrf { default | vrf-name} [access-list access-list-name]
5.
DETAILED STEPS
Configuring Manageability
Step 1
Step 2
Step 3
Step 4
xml agent [ssl]
Example:
RP/0/RP0/CPU0:router:router(config)# xml agent
iteration on size iteration-size
Example:
RP/0/RP0/CPU0:router:router(config-xml-agent)#
iteration on size 500
session timeout timeout
Example:
RP/0/RP0/CPU0:router:router(config-xml-agent)#
session timeout 5
throttle {memory size | process-rate tags}
Example:
RP/0/RP0/CPU0:router:router(config-xml-agent)#
throttle memory 300
PurposeCommand or Action
Enables Extensible Markup Language (XML) requests over a dedicated TCP connection and enters XML agent configuration mode. Use the ssl keyword to enable XML requests over Secure Socket Layer (SSL).
Configures the iteration size for large XML agent responses in KBytes. The default is 48.
Configures an idle timeout for the XML agent in minutes. By default, there is no timeout.
Configures the XML agent processing capabilities.
Specify the memory size in Mbytes. Values can range from
100 to 600. The default is 300.
Specify the process-rate as the number of tags that the
XML agent can process per second. Values can range from 1000 to 30000. By default the process rate is not throttled.
Step 5
24
vrf { default | vrf-name} [access-list access-list-name]
Configures the dedicated agent or SSL agent to receive and send messages via the specified VPN routing and forwarding (VRF)
Example:
RP/0/RP0/CPU0:router:router(config-xml-agent)#
vrf my-vrf
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
instance.
Page 35
Configuring Manageability

Configuration Examples for Manageability

Enabling VRF on an XML Agent: Examples

The following example illustrates how to configure the dedicated XML agent to receive and send messages via VRF1, VRF2 and the default VRF:
RP/0/RP0/CPU0:router:router(config)# xml agent RP/0/RP0/CPU0:router:router(config-xml-agent)# vrf VRF1 RP/0/RP0/CPU0:router:router(config-xml-agent)# vrf VRF2
The following example illustrates how to remove access to VRF2 from the dedicated agent:
Configuration Examples for Manageability
RP/0/RP0/CPU0:router:router(config)# xml agent RP/0/RP0/CPU0:router:router(config-xml-agent)# no vrf VRF2
The following example shows how to configure the XML SSL agent to receive and send messages through VRF1, VRF2 and the default VRF:
RP/0/RP0/CPU0:router:router(config)# xml agent ssl RP/0/RP0/CPU0:router:router(config-xml-agent)# vrf VRF1 RP/0/RP0/CPU0:router:router(config-xml-agent)# vrf VRF2
The following example removes access for VRF2 from the dedicated XML agent:
RP/0/RP0/CPU0:router:router(config)# xml agent ssl RP/0/RP0/CPU0:router:router(config-xml-agent)# no vrf VRF2

Additional References

The following sections provide references related to configuring manageability on Cisco IOS XR software.
Related Documents
Cisco IOS XR commands
Document TitleRelated Topic
Information about user groups and task IDs
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
Configuring AAA Services on Cisco IOS XR Software module of System Security Configuration Guide for Cisco NCS 6000 Series Routers
25
Page 36
Additional References
Configuring Manageability
Standards and RFCs
TitleStandard/RFC
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
MIBs
RFCs
No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature.
MIBs LinkMIB
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:
http://www.cisco.com/go/mibs
TitleRFCs
Technical Assistance
The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.
To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.
LinkDescription
http://www.cisco.com/cisco/web/support/index.html
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
26
Page 37

Implementing NTP

Network Time Protocol (NTP) is a protocol designed to time-synchronize devices within a network. Cisco IOS XR software implements NTPv4. NTPv4 retains backwards compatibility with the older versions of NTP, including NTPv3 and NTPv2 but excluding NTPv1, which has been discontinued due to security vulnerabilities.
This module describes the tasks you need to implement NTP on the Cisco IOS XR software.
For more information about NTP on the Cisco IOS XR software and complete descriptions of the NTP commands listed in this module, see Related Documents, on page 46. To locate documentation for other commands that might appear in the course of running a configuration task, search online in .
Table 5: Feature History for Implementing NTP on Cisco IOS XR Software
ModificationRelease
This feature was introduced.Release 5.0.0
CHAPTER 4
This module contains the following topics:
Prerequisites for Implementing NTP on Cisco IOS XR Software, page 27
Information About Implementing NTP, page 28
How to Implement NTP, page 29
Configuration Examples for Implementing NTP, page 43
Additional References, page 46

Prerequisites for Implementing NTP on Cisco IOS XR Software

You must be in a user group associated with a task group that includes the proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
27
Page 38

Information About Implementing NTP

Information About Implementing NTP
NTP synchronizes timekeeping among a set of distributed time servers and clients. This synchronization allows events to be correlated when system logs are created and other time-specific events occur.
NTP uses the User Datagram Protocol (UDP) as its transport protocol. All NTP communication uses Coordinated Universal Time (UTC). An NTP network usually receives its time from an authoritative time source, such as a radio clock or an atomic clock attached to a time server. NTP distributes this time across the network. NTP is extremely efficient; no more than one packet per minute is necessary to synchronize two machines to within a millisecond of each other.
NTP uses the concept of a stratumto describe how many NTP hopsaway a machine is from an authoritative time source. A stratum 1time server typically has an authoritative time source (such as a radio or atomic clock, or a GPS time source) directly attached, a stratum 2time server receives its time via NTP from a stratum 1time server, and so on.
NTP avoids synchronizing to a machine whose time may not be accurate, in two ways. First, NTP never synchronizes to a machine that is not synchronized itself. Second, NTP compares the time reported by several machines and does not synchronize to a machine whose time is significantly different than the others, even if its stratum is lower. This strategy effectively builds a self-organizing tree of NTP servers.
The Cisco implementation of NTP does not support stratum 1 service; in other words, it is not possible to connect to a radio or atomic clock (for some specific platforms, however, you can connect a GPS time-source device). We recommend that time service for your network be derived from the public NTP servers available in the IP Internet.
If the network is isolated from the Internet, the Cisco implementation of NTP allows a machine to be configured so that it acts as though it is synchronized via NTP, when in fact it has determined the time using other means. Other machines can then synchronize to that machine via NTP.
Several manufacturers include NTP software for their host systems, and a publicly available version for systems running UNIX and its various derivatives is also available. This software also allows UNIX-derivative servers to acquire the time directly from an atomic clock, which would subsequently propagate time information along to Cisco routers.
Implementing NTP
The communications between machines running NTP (known as associations) are usually statically configured; each machine is given the IP address of all machines with which it should form associations. Accurate timekeeping is made possible by exchanging NTP messages between each pair of machines with an association.
In a LAN environment, NTP can be configured to use IP broadcast messages. As compared to polling, IP broadcast messages reduce configuration complexity, because each machine can simply be configured to send or receive broadcast or multicast messages. However, the accuracy of timekeeping is marginally reduced because the information flow is one-way only.
An NTP broadcast client listens for broadcast messages sent by an NTP broadcast server at a designated IPv4 address. The client synchronizes the local clock using the first received broadcast message.
The time kept on a machine is a critical resource, so we strongly recommend that you use the security features of NTP to avoid the accidental or malicious setting of incorrect time. Two mechanisms are available: an access list-based restriction scheme and an encrypted authentication mechanism.
When multiple sources of time (VINES, hardware clock, manual configuration) are available, NTP is always considered to be more authoritative. NTP time overrides the time set by any other method.
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
28
Page 39
Implementing NTP

How to Implement NTP

Configuring Poll-Based Associations

No specific command enables NTP; the first NTP configuration command that you issue enables NTP.Note
You can configure the following types of poll-based associations between the router and other devices (which may also be routers):
Client mode
Symmetric active mode
The client and the symmetric active modes should be used when NTP is required to provide a high level of time accuracy and reliability.
When a networking device is operating in the client mode, it polls its assigned time serving hosts for the current time. The networking device then picks a host from all the polled time servers to synchronize with. Because the relationship that is established in this case is a client-host relationship, the host does not capture or use any time information sent by the local client device. This mode is most suited for file-server and workstation clients that are not required to provide any form of time synchronization to other local clients. Use the server command to individually specify the time-serving hosts that you want your networking device to consider synchronizing with and to set your networking device to operate in the client mode.
When a networking device is operating in the symmetric active mode, it polls its assigned time-serving hosts for the current time and it responds to polls by its hosts. Because this is a peer-to-peer relationship, the host also retains time-related information about the local networking device that it is communicating with. This mode should be used when there are several mutually redundant servers that are interconnected via diverse network paths. Most stratum 1 and stratum 2 servers on the Internet today adopt this form of network setup. Use the peer command to individually specify the time-serving hosts that you want your networking device to consider synchronizing with and to set your networking device to operate in the symmetric active mode.
When the router polls several other devices for the time, the router selects one device with which to synchronize.
How to Implement NTP
Note
To configure a peer-to-peer association between the router and another device, you must also configure the router as a peer on the other device.
You can configure multiple peers and servers, but you cannot configure a single IP address as both a peer and a server at the same time.
To change the configuration of a specific IP address from peer to server or from server to peer, use the no form of the peer or server command to remove the current configuration before you perform the new configuration. If you do not remove the old configuration before performing the new configuration, the new configuration does not overwrite the old configuration.
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
29
Page 40
Configuring Poll-Based Associations
SUMMARY STEPS
DETAILED STEPS
Implementing NTP
configure
1.
ntp
2.
server ip-address [version number] [key key-id] [minpoll interval] [maxpoll interval] [source type
3.
interface-path-id] [prefer] [burst] [iburst]
peer ip-address [version number] [key key-id] [minpoll interval] [maxpoll interval] [source type
4.
interface-path-id] [prefer]
Use one of the following commands:
5.
end
commit
Step 1
Step 2
Step 3
Step 4
Step 5
configure
Example:
RP/0/RP0/CPU0:router(config)# ntp
server ip-address [version number] [key key-id] [minpoll interval] [maxpoll interval] [source type interface-path-id] [prefer] [burst] [iburst]
Example:
RP/0/RP0/CPU0:router(config-ntp)# server
172.16.22.44 minpoll 8 maxpoll 12
peer ip-address [version number] [key key-id] [minpoll interval] [maxpoll interval] [source type interface-path-id] [prefer]
Example:
RP/0/RP0/CPU0:router(config-ntp)# peer
192.168.22.33 minpoll 8 maxpoll 12 source tengige
0/0/0/1
PurposeCommand or Action
Enters NTP configuration mode.ntp
Forms a server association with another system. This step can be repeated as necessary to form associations with multiple devices.
Forms a peer association with another system. This step can be repeated as necessary to form associations with multiple systems.
Note
To complete the configuration of a peer-to-peer association between the router and the remote device, the router must also be configured as a peer on the remote device.
Saves configuration changes.Use one of the following commands:
end
commit
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
30
When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
Page 41
Implementing NTP
Example:
RP/0/RP0/CPU0:router(config-ntp)# end
or
RP/0/RP0/CPU0:router(config-ntp)# commit

Configuring Broadcast-Based NTP Associates

PurposeCommand or Action
exiting(yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current
configuration session without exiting or committing the configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the configuration session.
Configuring Broadcast-Based NTP Associates
In a broadcast-based NTP association, an NTP server propagates NTP broadcast packets throughout a network. Broadcast clients listen for the NTP broadcast packets propagated by the NTP server and do not engage in any polling.
Broadcast-based NTP associations should be used when time accuracy and reliability requirements are modest and if your network is localized and has a large number of clients (more than 20). Broadcast-based NTP associations also are recommended for use on networks that have limited bandwidth, system memory, or CPU resources. Time accuracy is marginally reduced in broadcast-based NTP associations because information flows only one way.
Use the broadcast client command to set your networking device to listen for NTP broadcast packets propagated through a network. For broadcast client mode to work, the broadcast server and its clients must be located on the same subnet. The time server that is transmitting NTP broadcast packets must be enabled on the interface of the given device using the broadcast command.
Use the broadcast command to set your networking device to send NTP broadcast packets.
No specific command enables NTP; the first NTP configuration command that you issue enables NTP.Note
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
31
Page 42
Configuring Broadcast-Based NTP Associates
SUMMARY STEPS
configure
1.
ntp
2.
(Optional) broadcastdelay microseconds
3.
interface type interface-path-id
4.
broadcast client
5.
broadcast [destination ip-address] [key key-id] [version number]
6.
Use one of the following commands:
7.
DETAILED STEPS
end
commit
Implementing NTP
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
configure
Example:
RP/0/RP0/CPU0:router(config)# ntp
broadcastdelay microseconds
Example:
RP/0/RP0/CPU0:router(config-ntp)# broadcastdelay 5000
interface type interface-path-id
Example:
RP/0/RP0/CPU0:router(config-ntp)# interface POS 0/1/0/0
Example:
RP/0/RP0/CPU0:router(config-ntp-int)# broadcast client
broadcast [destination ip-address] [key key-id] [version number]
Example:
PurposeCommand or Action
Enters NTP configuration mode.ntp
(Optional) Adjusts the estimated round-trip delay for NTP broadcasts.
Enters NTP interface configuration mode.
Configures the specified interface to receive NTP broadcast packets.broadcast client
Note
Go to Step 6, on page 32 to configure the interface to send NTP broadcast packets.
Configures the specified interface to send NTP broadcast packets.
Note
Go to Step 5, on page 32 to configure the interface to receive NTP broadcast packets.
RP/0/RP0/CPU0:router(config-ntp-int)#
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
32
Page 43
Implementing NTP
Step 7

Configuring NTP Access Groups

PurposeCommand or Action
broadcast destination 10.50.32.149
Saves configuration changes.Use one of the following commands:
end
commit
Example:
RP/0/RP0/CPU0:router(config-ntp-int)# end
or
RP/0/RP0/CPU0:router(config-ntp-int)# commit
When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current
configuration session without exiting or committing the configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the configuration session.
Configuring NTP Access Groups
No specific command enables NTP; the first NTP configuration command that you issue enables NTP.Note
The access list-based restriction scheme allows you to grant or deny certain access privileges to an entire network, a subnet within a network, or a host within a subnet.
The access group options are scanned in the following order, from least restrictive to most restrictive:
1
peerAllows time requests and NTP control queries and allows the system to synchronize itself to a
system whose address passes the access list criteria.
2
serveAllows time requests and NTP control queries, but does not allow the system to synchronize itself
to a system whose address passes the access list criteria.
3
serve-onlyAllows only time requests from a system whose address passes the access list criteria.
4
query-onlyAllows only NTP control queries from a system whose address passes the access list criteria.
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
33
Page 44
Configuring NTP Access Groups
SUMMARY STEPS
DETAILED STEPS
Implementing NTP
If the source IP address matches the access lists for more than one access type, the first type is granted. If no access groups are specified, all access types are granted to all systems. If any access groups are specified, only the specified access types are granted.
For details on NTP control queries, see RFC 1305 (NTP version 3).
configure
1.
ntp
2.
access-group{peer | query-only | serve | serve-only} access-list-name
3.
Use one of the following commands:
4.
end
commit
Step 1
Step 2
Step 3
Step 4
configure
Example:
RP/0/RP0/CPU0:router(config)# ntp
access-group{peer | query-only | serve | serve-only} access-list-name
Example:
RP/0/RP0/CPU0:router(config-ntp)# access-group peer access1
end
commit
Example:
RP/0/RP0/CPU0:router(config-ntp)# end
or
RP/0/RP0/CPU0:router(config-ntp)# commit
PurposeCommand or Action
Enters NTP configuration mode.ntp
Creates an access group and applies a basic IPv4 or IPv6 access list to it.
Saves configuration changes.Use one of the following commands:
When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration changes.
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
34
Page 45
Implementing NTP

Configuring NTP Authentication

This task explains how to configure NTP authentication.
Configuring NTP Authentication
PurposeCommand or Action
Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration changes.
Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration session.
SUMMARY STEPS
No specific command enables NTP; the first NTP configuration command that you issue enables NTP.Note
The encrypted NTP authentication scheme should be used when a reliable form of access control is required. Unlike the access-list-based restriction scheme that is based on IP addresses, the encrypted authentication scheme uses authentication keys and an authentication process to determine if NTP synchronization packets sent by designated peers or servers on a local network are deemed as trusted, before the time information that it carries along is accepted.
The authentication process begins from the moment an NTP packet is created. A message authentication code (MAC) is computed using the MD5 Message Digest Algorithm and the MAC is embedded into an NTP synchronization packet. The NTP synchronization packet together with the embedded MAC and key number are transmitted to the receiving client. If authentication is enabled and the key is trusted, the receiving client computes the MAC in the same way. If the computed MAC matches the embedded MAC, the system is allowed to sync to the server that uses this key in its packets.
After NTP authentication is properly configured, your networking device only synchronizes with and provides synchronization to trusted time sources.
configure
1.
ntp
2.
authenticate
3.
authentication-key key-number md5 [clear | encrypted] key-name
4.
trusted-key key-number
5.
Use one of the following commands:
6.
end
commit
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
35
Page 46
Configuring NTP Authentication
DETAILED STEPS
Implementing NTP
PurposeCommand or Action
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
configure
Example:
RP/0/RP0/CPU0:router(config)# ntp
Example:
RP/0/RP0/CPU0:router(config-ntp)# authenticate
authentication-key key-number md5 [clear | encrypted] key-name
Example:
RP/0/RP0/CPU0:router(config-ntp)# authentication-key 42 md5 clear key1
trusted-key key-number
Example:
RP/0/RP0/CPU0:router(config-ntp)# trusted-key 42
Enters NTP configuration mode.ntp
Enables the NTP authentication feature.authenticate
Defines the authentication keys.
Each key has a key number, a type, a value, and, optionally, a
name. Currently the only key type supported is md5.
Defines trusted authentication keys.
If a key is trusted, this router only synchronizes to a system that
uses this key in its NTP packets.
Saves configuration changes.Use one of the following commands:
end
commit
Example:
RP/0/RP0/CPU0:router(config-ntp)# end
or
RP/0/RP0/CPU0:router(config-ntp)# commit
When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration changes.
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
36
Page 47
Implementing NTP
PurposeCommand or Action
Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration session.

Disabling NTP Services on a Specific Interface

NTP services are disabled on all interfaces by default.
NTP is enabled globally when any NTP commands are entered. You can selectively prevent NTP packets from being received through a specific interface by turning off NTP on a given interface.
SUMMARY STEPS
Disabling NTP Services on a Specific Interface
DETAILED STEPS
Step 1
configure
Step 2
Example:
RP/0/RP0/CPU0:router(config)# ntp
Step 3
configure
1.
ntp
2.
Use one of the following commands:
3.
no interface type interface-path-id
interface type interface-path-id disable
Use one of the following commands:
4.
end
commit
PurposeCommand or Action
Enters NTP configuration mode.ntp
Disables NTP services on the specified interface.Use one of the following commands:
no interface type interface-path-id
interface type interface-path-id disable
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
37
Page 48

Configuring the Source IP Address for NTP Packets

Example:
RP/0/RP0/CPU0:router(config-ntp)# no interface pos 0/0/0/1
or
RP/0/RP0/CPU0:router(config-ntp)# interface
POS 0/0/0/1 disable
Step 4
Implementing NTP
PurposeCommand or Action
Saves configuration changes.Use one of the following commands:
end
commit
Example:
RP/0/RP0/CPU0:router(config-ntp)# end
or
RP/0/RP0/CPU0:router(config-ntp)# commit
When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and returns
the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current
configuration session without exiting or committing the configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the configuration session.
Configuring the Source IP Address for NTP Packets
By default, the source IP address of an NTP packet sent by the router is the address of the interface through which the NTP packet is sent. Use this procedure to set a different source address.
No specific command enables NTP; the first NTP configuration command that you issue enables NTP.Note
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
38
Page 49
Implementing NTP
SUMMARY STEPS
DETAILED STEPS
configure
1.
ntp
2.
source type interface-path-id
3.
Use one of the following commands:
4.
end
commit
PurposeCommand or Action
Configuring the Source IP Address for NTP Packets
Step 1
Step 2
Step 3
Step 4
configure
Example:
RP/0/RP0/CPU0:router(config)# ntp
source type interface-path-id
Example:
RP/0/RP0/CPU0:router(config-ntp)#
source POS 0/0/0/1
end
commit
Example:
RP/0/RP0/CPU0:router(config-ntp)#
end
or
RP/0/RP0/CPU0:router(config-ntp)#
commit
Enters NTP configuration mode.ntp
Configures an interface from which the IP source address is taken.
Note
This interface is used for the source address for all packets sent to all destinations. If a source address is to be used for a specific association, use the source keyword in the peer or server command shown in
Configuring Poll-Based Associations, on page 29.
Saves configuration changes.Use one of the following commands:
When you issue the end command, the system prompts you to commit
changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and returns the router to
EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current configuration session
without exiting or committing the configuration changes.
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration session.
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
39
Page 50

Configuring the System as an Authoritative NTP Server

Configuring the System as an Authoritative NTP Server
You can configure the router to act as an authoritative NTP server, even if the system is not synchronized to an outside time source.
No specific command enables NTP; the first NTP configuration command that you issue enables NTP.Note
SUMMARY STEPS
configure
1.
ntp
2.
master stratum
3.
Use one of the following commands:
4.
Implementing NTP
DETAILED STEPS
Step 1
configure
Step 2
Example:
RP/0/RP0/CPU0:router(config)# ntp
Step 3
master stratum
Example:
RP/0/RP0/CPU0:router(config-ntp)#
master 9
Step 4
end
commit
PurposeCommand or Action
Enters NTP configuration mode.ntp
Makes the router an authoritative NTP server.
Note
Use the master command with caution. It is very easy to override valid time sources using this command, especially if a low stratum number is configured. Configuring multiple machines in the same network with the master command can cause instability in time keeping if the machines do not agree on the time.
Saves configuration changes.Use one of the following commands:
end
commit
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
40
When you issue the end command, the system prompts you to commit
changes:
Uncommitted changes found, commit them before
Page 51
Implementing NTP
Example:
RP/0/RP0/CPU0:router(config-ntp)#
end
or
RP/0/RP0/CPU0:router(config-ntp)#
commit

Updating the Hardware Clock

PurposeCommand or Action
exiting(yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to the running configuration
file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and returns the router to
EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current configuration session
without exiting or committing the configuration changes.
Use the commit command to save the configuration changes to the running
configuration file and remain within the configuration session.
Updating the Hardware Clock
On devices that have hardware clocks (system calendars), you can configure the hardware clock to be periodically updated from the software clock. This is advisable for devices using NTP, because the time and date on the software clock (set using NTP) is more accurate than the hardware clock. The time setting on the hardware clock has the potential to drift slightly over time.
No specific command enables NTP; the first NTP configuration command that you issue enables NTP.Note
SUMMARY STEPS
configure
1.
ntp
2.
update-calendar
3.
Use one of the following commands:
4.
end
commit
DETAILED STEPS
Step 1
PurposeCommand or Action
configure
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
41
Page 52

Verifying the Status of the External Reference Clock

Implementing NTP
PurposeCommand or Action
Step 2
Step 3
Step 4
Example:
RP/0/RP0/CPU0:router(config)# ntp
update-calendar
Example:
RP/0/RP0/CPU0:router(config-ntp)# update-calendar
end
commit
Example:
RP/0/RP0/CPU0:router(config-ntp)# end
or
RP/0/RP0/CPU0:router(config-ntp)# commit
Enters NTP configuration mode.ntp
Configures the router t o update its system calendar from the software clock at periodic intervals.
Saves configuration changes.Use one of the following commands:
When you issue the end command, the system prompts you to commit
changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and returns the router
to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration changes.
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration session.
Verifying the Status of the External Reference Clock
This task explains how to verify the status of NTP components.
The commands can be entered in any order.Note
SUMMARY STEPS
show ntp associations [detail] [location node-id]
1.
show ntp status [location node-id]
2.
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
42
Page 53
Implementing NTP
DETAILED STEPS

Configuration Examples for Implementing NTP

PurposeCommand or Action
Step 1
Step 2
show ntp associations [detail] [location node-id]
Example:
RP/0/RP0/CPU0:router# show ntp associations
show ntp status [location node-id]
Example:
RP/0/RP0/CPU0:router# show ntp status
Displays the status of NTP associations.
Displays the status of NTP.
Examples
The following is sample output from the show ntp associations command:
The following is sample output from the show ntp status command:
Configuration Examples for Implementing NTP
Configuring Poll-Based Associations: Example
The following example shows an NTP configuration in which the routers system clock is configured to form a peer association with the time server host at IP address 192.168.22.33, and to allow the system clock to be synchronized by time server hosts at IP address 10.0.2.1 and 172.19.69.1:
ntp
server 10.0.2.1 minpoll 5 maxpoll 7 peer 192.168.22.33
server 172.19.69.1
Configuring Broadcast-Based Associations: Example
The following example shows an NTP client configuration in which interface 0/2/0/0 is configured to receive NTP broadcast packets, and the estimated round-trip delay between an NTP client and an NTP broadcast server is set to 2 microseconds:
ntp
interface tengige 0/2/0/0
broadcast client exit
broadcastdelay 2
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
43
Page 54
Configuration Examples for Implementing NTP
The following example shows an NTP server configuration where interface 0/2/0/2 is configured to be a broadcast server:
ntp
interface tengige 0/2/0/2
broadcast
Configuring NTP Access Groups: Example
The following example shows a NTP access group configuration where the following access group restrictions are applied:
Peer restrictions are applied to IP addresses that pass the criteria of the access list named peer-acl.
Serve restrictions are applied to IP addresses that pass the criteria of access list named serve-acl.
Serve-only restrictions are applied to IP addresses that pass the criteria of the access list named
serve-only-acl.
Query-only restrictions are applied to IP addresses that pass the criteria of the access list named
query-only-acl.
Implementing NTP
ntp
peer 10.1.1.1 peer 10.1.1.1 peer 10.2.2.2 peer 10.3.3.3 peer 10.4.4.4 peer 10.5.5.5 peer 10.6.6.6 peer 10.7.7.7 peer 10.8.8.8 access-group peer peer-acl access-group serve serve-acl access-group serve-only serve-only-acl access-group query-only query-only-acl exit
ipv4 access-list peer-acl
10 permit ip host 10.1.1.1 any 20 permit ip host 10.8.8.8 any exit
ipv4 access-list serve-acl
10 permit ip host 10.4.4.4 any 20 permit ip host 10.5.5.5 any exit
ipv4 access-list query-only-acl
10 permit ip host 10.2.2.2 any 20 permit ip host 10.3.3.3 any exit
ipv4 access-list serve-only-acl
10 permit ip host 10.6.6.6 any 20 permit ip host 10.7.7.7 any exit
Configuring NTP Authentication: Example
The following example shows an NTP authentication configuration. In this example, the following is configured:
NTP authentication is enabled.
Two authentication keys are configured (key 2 and key 3).
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
44
Page 55
Implementing NTP
Configuration Examples for Implementing NTP
The router is configured to allow its software clock to be synchronized with the clock of the peer (or
vice versa) at IP address 10.3.32.154 using authentication key 2.
The router is configured to allow its software clock to be synchronized with the clock by the device at
IP address 10.32.154.145 using authentication key 3.
The router is configured to synchronize only to systems providing authentication key 3 in their NTP
packets.
ntp
authenticate authentication-key 2 md5 encrypted 06120A2D40031D1008124 authentication-key 3 md5 encrypted 1311121E074110232621 trusted-key 3 server 10.3.32.154 key 3 peer 10.32.154.145 key 2
Disabling NTP on an Interface: Example
The following example shows an NTP configuration in which 0/2/0/0 interface is disabled:
ntp
interface tengige 0/2/0/0
disable
exit authentication-key 2 md5 encrypted 06120A2D40031D1008124 authentication-key 3 md5 encrypted 1311121E074110232621 authenticate trusted-key 3 server 10.3.32.154 key 3 peer 10.32.154.145 key 2
Configuring the Source IP Address for NTP Packets: Example
The following example shows an NTP configuration in which Ethernet management interface 0/0/CPU0/0 is configured as the source address for NTP packets:
ntp
authentication-key 2 md5 encrypted 06120A2D40031D1008124 authentication-key 3 md5 encrypted 1311121E074110232621 authenticate trusted-key 3 server 10.3.32.154 key 3 peer 10.32.154.145 key 2 source MgmtEth0/0/CPU0/0
Configuring the System as an Authoritative NTP Server: Example
The following example shows a NTP configuration in which the router is configured to use its own NTP master clock to synchronize with peers when an external NTP source becomes unavailable:
ntp
master 6
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
45
Page 56

Additional References

Updating the Hardware Clock: Example
The following example shows an NTP configuration in which the router is configured to update its hardware clock from the software clock at periodic intervals:
ntp
server 10.3.32.154 update-calendar
Additional References
The following sections provide references related to implementing NTP on Cisco IOS XR software.
Related Documents
Implementing NTP
Document TitleRelated Topic
Cisco IOS XR clock commands
Cisco IOS XR NTP commands
Information about getting started with Cisco IOS XR Software
Cisco IOS XR master command index
Information about user groups and task IDs
Standards
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
Clock Commands on module of System Management Command Reference for Cisco NCS 6000 Series Routers
NTP Commands on module of System Management Command Reference for Cisco NCS 6000 Series Routers
Configuring AAA Services on module of System Security Configuration Guide for Cisco NCS 6000 Series Routers
TitleStandards
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
46
Page 57
Implementing NTP
Additional References
MIBs
MIBs LinkMIBs
RFCs
TitleRFCs
RFC 1059
RFC 1119
RFC 1305
Network Time Protocol, Version 1: Specification and Implementation
Network Time Protocol, Version 2: Specification and Implementation
Network Time Protocol, Version 3: Specification, Implementation, and Analysis
Technical Assistance
The Cisco Technical Support website contains thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.
To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at the following URL and choose a platform under the Cisco Access Products menu: http://cisco.com/public/
sw-center/netmgmt/cmtk/mibs.shtml
LinkDescription
http://www.cisco.com/cisco/web/support/index.html
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
47
Page 58
Additional References
Implementing NTP
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
48
Page 59
CHAPTER 5

Implementing Physical and Virtual Terminals

Line templates define standard attribute settings for incoming and outgoing transport over physical and virtual terminal lines (vtys). Vty pools are used to apply template settings to ranges of vtys.
Note
Table 6: Feature History for Implementing Physical and Virtual Templates on Cisco IOS XR Software
Before creating or modifying the vty pools, enable the telnet server using the telnet server command in XR Config mode. See IP Addresses and Services Configuration Guide for Cisco NCS 6000 Series Routers and IP Addresses and Services Command Reference for Cisco NCS 6000 Series Routers for more information.
This module describes the new and revised tasks you need to implement physical and virtual terminals on your Cisco IOS XR network.
For more information about physical and virtual terminals on the Cisco IOS XR software and complete descriptions of the terminal services commands listed in this module, see Related Documents, on page 58. To locate documentation for other commands that might appear in the course of running a configuration task, search online in .
ModificationRelease
This feature was introduced.Release 5.0.0
This module contains the following topics:
Prerequisites for Implementing Physical and Virtual Terminals, page 50
Information About Implementing Physical and Virtual Terminals, page 50
How to Implement Physical and Virtual Terminals on Cisco IOS XR Software, page 52
Craft Panel Interface, page 56
Configuration Examples for Implementing Physical and Virtual Terminals, page 56
Additional References, page 58
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
49
Page 60
Implementing Physical and Virtual Terminals

Prerequisites for Implementing Physical and Virtual Terminals

Prerequisites for Implementing Physical and Virtual Terminals
You must be in a user group associated with a task group that includes the proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Information About Implementing Physical and Virtual Terminals

To implement physical and virtual terminals, you need to understand the concepts in this section.

Line Templates

The following line templates are available in the Cisco IOS XR software.
Default line template—The default line template that applies to a physical and virtual terminal lines.
Console line template—The line template that applies to the console line.
User-defined line templates—User-defined line templates that can be applied to a range of virtual terminal
lines.

Line Template Configuration Mode

Changes to line template attributes are made in line template configuration mode. To enter line template configuration mode, issue the line command from XR Config mode, specifying the template to be modified. These line templates can be configured with the line command:
console—console template
default—default template
template—user-defined template
After you specify a template with the line command, the router enters line template configuration mode where you can set the terminal attributes for the specified line. This example shows how to specify the attributes for the console:
RP/0/RP0/CPU0:router(config)# line console RP/0/RP0/CPU0:router(config-line)#
From line template configuration mode, use the online help feature ( ? ) to view all available options. Some useful options include:
absolute-timeout—Specifies a timeout value for line disconnection.
escape-character—Changes the line escape character.
exec-timeout—Specifies the EXEC timeout.
length—Sets the number of lines displayed on the screen.
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
50
Page 61
Implementing Physical and Virtual Terminals
session-limit—Specifies the allowable number of outgoing connections.
session-timeout—Specifies an interval for closing the connection if there is no input traffic.
timestamp—Displays the timestamp before each command.
width—Specifies the width of the display terminal.

Line Template Guidelines

The following guidelines apply to modifying the console template and to configuring a user-defined template:
Modify the templates for the physical terminal lines on the router (the console port) from line template
configuration mode. Use the line console command from XR Config mode to enter line template configuration mode for the console template.
Modify the template for virtual lines by configuring a user-defined template with the line template-name
command, configuring the terminal attributes for the user-defined template from line template configuration, and applying the template to a range of virtual terminal lines using the vty pool command.
Line Template Guidelines
Attributes not defined in the console template, or any virtual template, are taken from the default template.
The default settings for the default template are described for all commands in line template configuration mode in the Terminal Services Commands on module in System Management Command Reference for Cisco NCS 6000 Series Routers.
Note
Before creating or modifying the vty pools, enable the telnet server using the telnet server command in XR Config mode. See IP Addresses and Services Configuration Guide for Cisco NCS 6000 Series Routers and IP Addresses and Services Command Reference for Cisco NCS 6000 Series Routers for more information.

Terminal Identification

The physical terminal lines for the console port is identified by its location, expressed in the format of rack/slot/module , on the active or standby route processor (RP) where the respective console port resides. For virtual terminals, physical location is not applicable; the Cisco IOS XR software assigns a vty identifier to vtys according to the order in which the vty connection has been established.

vty Pools

Each virtual line is a member of a pool of connections using a common line template configuration. Multiple vty pools may exist, each containing a defined number of vtys as configured in the vty pool. The Cisco IOS XR software supports the following vty pools by default:
Default vty poolThe default vty pool consists of five vtys (vtys 0 through 4) that each reference the
default line template.
Default fault manager poolThe default fault manager pool consists of six vtys (vtys 100 through 105)
that each reference the default line template.
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
51
Page 62

How to Implement Physical and Virtual Terminals on Cisco IOS XR Software

In addition to the default vty pool and default fault manager pool, you can also configure a user-defined vty pool that can reference the default template or a user-defined template.
When configuring vty pools, follow these guidelines:
The vty range for the default vty pool must start at vty 0 and must contain a minimum of five vtys.
The vty range from 0 through 99 can reference the default vty pool.
The vty range from 5 through 99 can reference a user-defined vty pool.
The vty range from 100 is reserved for the fault manager vty pool.
The vty range for fault manager vty pools must start at vty 100 and must contain a minimum of six vtys.
A vty can be a member of only one vty pool. A vty pool configuration will fail if the vty pool includes
a vty that is already in another pool.
If you attempt to remove an active vty from the active vty pool when configuring a vty pool, the
configuration for that vty pool will fail.
Implementing Physical and Virtual Terminals
How to Implement Physical and Virtual Terminals on Cisco IOS XR Software

Modifying Templates

This task explains how to modify the terminal attributes for the console and default line templates. The terminal attributes that you set will modify the template settings for the specified template.
SUMMARY STEPS
configure
1.
line {console | default}
2.
Configure the terminal attribute settings for the specified template using the commands in line template
3.
configuration mode.
Use one of the following commands:
4.
end
commit
DETAILED STEPS
Step 1
Step 2
52
PurposeCommand or Action
configure
Enters line template configuration mode for the specified line template.line {console | default}
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
Page 63
Implementing Physical and Virtual Terminals
Example:
RP/0/RP0/CPU0:router(config)# line console
or
RP/0/RP0/CPU0:router(config)# line default
Step 3
Configure the terminal attribute settings for the specified template using the commands in line template configuration mode.

Creating and Modifying vty Pools

PurposeCommand or Action
console —Enters line template configuration mode for the console
template.
default —Enters line template configuration mode for the default
line template.
Step 4
end
commit
Example:
RP/0/RP0/CPU0:router(config-line)# end
or
RP/0/RP0/CPU0:router(config-line)# commit
Saves configuration changes.Use one of the following commands:
When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration changes.
Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration session.
Creating and Modifying vty Pools
This task explains how to create and modify vty pools.
You can omit Step 3, on page 54 to Step 5, on page 54 if you are configuring the default line template to reference a vty pool.
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
53
Page 64
Creating and Modifying vty Pools
SUMMARY STEPS
DETAILED STEPS
Implementing Physical and Virtual Terminals
configure
1.
telnet {ipv4 | ipv6} server max-servers limit
2.
line template template-name
3.
Configure the terminal attribute settings for the specified line template using the commands in line template
4.
configuration mode.
exit
5.
vty-pool {default | pool-name | eem} first-vty last-vty [line-template {default | template-name}]
6.
commit
7.
PurposeCommand or Action
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
configure
telnet {ipv4 | ipv6} server max-servers limit
Example:
RP/0/RP0/CPU0:router(config)# telnet
ipv4 server max-servers 10
line template template-name
Example:
RP/0/RP0/CPU0:router(config)# line
template 1
Configure the terminal attribute settings for the specified line template using the commands in line template configuration mode.
exit
Example:
RP/0/RP0/CPU0:router(config-line)# exit
vty-pool {default | pool-name | eem} first-vty last-vty [line-template {default | template-name}]
Specifies the number of allowable Telnet servers. Up to 100 Telnet servers are allowed.
Note
By default no Telnet servers are allowed. You must configure this command in order to enable the use of Telnet servers.
Enters line template configuration mode for a user-defined template.
Exits line template configuration mode and returns the router to global configuration mode.
Creates or modifies vty pools.
If you do not specify a line template with the line-template
keyword, a vty pool defaults to the default line template.
Example:
RP/0/RP0/CPU0:router(config)# vty-pool
default 0 5 line-template default
or
RP/0/RP0/CPU0:router(config)# vty-pool
pool1 5 50 line-template template1
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
54
default —Configures the default vty pool.
The default vty pool must start at vty 0 and must contain a
minimum of five vtys (vtys 0 through 4).
You can resize the default vty pool by increasing the range
of vtys that compose the default vty pool.
Page 65
Implementing Physical and Virtual Terminals
or
RP/0/RP0/CPU0:router(config)# vty-pool
eem 100 105 line-template template1

Monitoring Terminals and Terminal Sessions

PurposeCommand or Action
pool-name —Creates a user-defined vty pool.
A user-defined pool must start at least at vty 5, depending
on whether the default vty pool has been resized.
If the range of vtys for the default vty pool has been resized,
use the first range value free from the default line template. For example, if the range of vtys for the default vty pool has been configured to include 10 vtys (vty 0 through 9), the range value for the user-defined vty pool must start with vty
10.
eem —Configures the embedded event manager pool.
The default embedded event manager vty pool must start at
vty 100 and must contain a minimum of six vtys (vtys 100 through 105).
line-template template-name —Configures the vty pool to
reference a user-defined template.
Step 7
commit
Monitoring Terminals and Terminal Sessions
This task explains how to monitor terminals and terminal sessions using the show EXEC commands available for physical and terminal lines.
The commands can be entered in any order.Note
SUMMARY STEPS
(Optional) show line [aux location node-id | console location node-id | vty number]
1.
(Optional) show terminal
2.
(Optional) show users
3.
DETAILED STEPS
Step 1
show line [aux location node-id | console location node-id | vty number]
PurposeCommand or Action
(Optional) Displays the terminal parameters of terminal lines.
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
55
Page 66

Craft Panel Interface

Example:
RP/0/RP0/CPU0:router# show line
Implementing Physical and Virtual Terminals
PurposeCommand or Action
Specifying the show line aux location node-id EXEC command
displays the terminal parameters of the auxiliary line.
Specifying the show line console location node-id EXEC command
displays the terminal parameters of the console.
For the location node-id keyword and argument, enter the location
of the Route Processor (RP) on which the respective auxiliary or console port resides.
The node-id argument is expressed in the format of
rack/slot/module .
Specifying the show line vty number EXEC command displays the
terminal parameters for the specified vty.
Step 2
Step 3
show terminal
Example:
RP/0/RP0/CPU0:router# show terminal
show users
Example:
RP/0/RP0/CPU0:router# show users
(Optional) Displays the terminal attribute settings for the current terminal line.
(Optional) Displays information about the active lines on the router.
Craft Panel Interface
The Craft Panel is an easily-accessible and user-friendly interface which assists the field operator in troubleshooting the router. It consists of a LCD display and three LEDs. The LEDs indicate minor, major and critical alarms.
For more details of the Craft Panel Interface, refer the Hardware and System set-up guides.

Configuration Examples for Implementing Physical and Virtual Terminals

System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
56
Modifying the Console Template: Example
This configuration example shows how to modify the terminal attribute settings for the console line template:
line console
exec-timeout 0 0 escape-character 0x5a
Page 67
Implementing Physical and Virtual Terminals
session-limit 10 disconnect-character 0x59 session-timeout 100 transport input telnet transport output telnet
In this configuration example, the following terminal attributes are applied to the console line template:
The EXEC time out for terminal sessions is set to 0 minutes, 0 seconds. Setting the EXEC timeout to 0
minutes and 0 seconds disables the EXEC timeout function; thus, the EXEC session for the terminal session will never time out.
The escape character is set to the 0x5a hexadecimal value (the 0x5a hexadecimal value translates into
the Zcharacter).
The session limit for outgoing terminal sessions is set to 10 connections.
The disconnect character is set to 0x59 hexadecimal value (the 0x59 hexadecimal character translates
into the Ycharacter).
The session time out for outgoing terminal sessions is set to 100 minutes (1 hour and 40 minutes).
The allowed transport protocol for incoming terminal sessions is Telnet.
Configuration Examples for Implementing Physical and Virtual Terminals
The allowed transport protocol for outgoing terminal sessions is Telnet.
To verify that the terminal attributes for the console line template have been applied to the console, use the show line command:
RP/0/RP0/CPU0:router# show line console location 0/0/CPU0
Tty Speed Modem Uses Noise Overruns Acc I/O * con0/0/CPU0 9600 - - - 0/0 -/-
Line con0_0_CPU0, Location "Unknown", Type "Unknown" Length: 24 lines, Width: 80 columns Baud rate (TX/RX) is 9600, 1 parity, 2 stopbits, 8 databits Template: console Config: Allowed transports are telnet.
Modifying the Default Template: Example
This configuration example shows how to override the terminal settings for the default line template:
line default
exec-timeout 0 0 width 512 length 512
In this example, the following terminal attributes override the default line template default terminal attribute settings:
The EXEC timeout for terminal sessions is set to 0 minutes and 0 seconds. Setting the EXEC timeout
to 0 minutes and 0 seconds disables the EXEC timeout function; thus, the EXEC session for the terminal session will never time out (the default EXEC timeout for the default line template is 10 minutes).
The width of the terminal screen for the terminals referencing the default template is set to 512 characters
(the default width for the default line template is 80 characters).
The length, the number of lines that will display at one time on the terminal referencing the default
template, is set to 512 lines (the default length for the default line template is 24 lines).
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
57
Page 68

Additional References

Implementing Physical and Virtual Terminals
Configuring a User-Defined Template to Reference the Default vty Pool: Example
This configuration example shows how to configure a user-defined line template (named test in this example) for vtys and to configure the line template test to reference the default vty pool:
line template test
exec-timeout 100 0 width 100 length 100 exit
vty-pool default 0 4 line-template test
Configuring a User-Defined Template to Reference a User-Defined vty Pool: Example
This configuration example shows how to configure a user-defined line template (named test2 in this example) for vtys and to configure the line template test to reference a user-defined vty pool (named pool1 in this example):
line template test2
exec-timeout 0 0 session-limit 10 session-timeout 100 transport input all transport output all exit
vty-pool pool1 5 50 line-template test2
Configuring a User-Defined Template to Reference the Fault Manager vty Pool: Example
This configuration example shows how to configure a user-defined line template (named test3 in this example) for vtys and to configure the line template test to reference the fault manager vty pool:
line template test3
width 110 length 100 session-timeout 100 exit vty-pool eem 100 106 line-template test3
Additional References
The following sections provide references related to implementing physical and virtual terminals on Cisco IOS XR software.
Related Documents
Cisco IOS XR terminal services commands
Cisco IOS XR command master index
Document TitleRelated Topic
Terminal Services Commands on module of System Management Command Reference for Cisco NCS 6000 Series Routers
Information about getting started with Cisco IOS XR software
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
58
Page 69
Implementing Physical and Virtual Terminals
Additional References
Document TitleRelated Topic
Information about user groups and task IDs
Standards
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
MIBs
Configuring AAA Services on module of System Security Configuration Guide for Cisco NCS 6000 Series Routers
TitleStandards
MIBs LinkMIBs
To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at the following URL and choose a platform under the Cisco Access Products menu: http://cisco.com/public/
sw-center/netmgmt/cmtk/mibs.shtml
RFCs
No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature.
Technical Assistance
The Cisco Technical Support website contains thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.
TitleRFCs
LinkDescription
http://www.cisco.com/cisco/web/support/index.html
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
59
Page 70
Additional References
Implementing Physical and Virtual Terminals
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
60
Page 71

Implementing SNMP

Simple Network Management Protocol (SNMP) is an application-layer protocol that provides a message format for communication between SNMP managers and agents. SNMP provides a standardized framework and a common language used for the monitoring and management of devices in a network.
This module describes the new and revised tasks you need to implement SNMP on your Cisco IOS XR network.
For detailed conceptual information about SNMP on the Cisco IOS XR software and complete descriptions of the SNMP commands listed in this module, see Related Documents, on page 84. For information on specific MIBs, refer to . To locate documentation for other commands that might appear in the course of performing a configuration task, search online in .
Table 7: Feature History for Implementing SNMP on Cisco IOS XR Software
ModificationRelease
CHAPTER 6
Release 3.9.0
Support was added for 3DES and AES encryption.
The ability to preserve ENTITY-MIB and CISCO-CLASS-BASED-QOS-MIB data was added.
Support was added for SNMP over IPv6.Release 4.2.0
This module contains the following topics:
Prerequisites for Implementing SNMP, page 62
Restrictions for SNMP Use on Cisco IOS XR Software, page 62
Information About Implementing SNMP, page 62
How to Implement SNMP on Cisco IOS XR Software, page 69
Configuration Examples for Implementing SNMP, page 79
Additional References, page 84
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
61
Page 72

Prerequisites for Implementing SNMP

Prerequisites for Implementing SNMP
You must be in a user group associated with a task group that includes the proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Restrictions for SNMP Use on Cisco IOS XR Software

SNMP outputs are only 32-bits wide and therefore cannot display any information greater than 232. 232is equal to 4.29 Gigabits. Note that a 10 Gigabit interface is greater than this and so if you are trying to display speed information regarding the interface, you might see concatenated results.

Information About Implementing SNMP

Implementing SNMP
To implement SNMP, you need to understand the concepts described in this section.

SNMP Functional Overview

The SNMP framework consists of three parts:
SNMP manager
SNMP agent
Management Information Base (MIB)
SNMP Manager
The SNMP manager is the system used to control and monitor the activities of network hosts using SNMP. The most common managing system is called a network management system (NMS). The term NMS can be applied to either a dedicated device used for network management, or the applications used on such a device. A variety of network management applications are available for use with SNMP. These features range from simple command-line applications to feature-rich graphical user interfaces (such as the CiscoWorks 2000 line of products).
SNMP Agent
62
The SNMP agent is the software component within the managed device that maintains the data for the device and reports these data, as needed, to managing systems. The agent and MIB reside on the router. To enable the SNMP agent, you must define the relationship between the manager and the agent.
MIB
The Management Information Base (MIB) is a virtual information storage area for network management information, which consists of collections of managed objects. Within the MIB there are collections of related
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
Page 73
Implementing SNMP

SNMP Notifications

objects, defined in MIB modules. MIB modules are written in the SNMP MIB module language, as defined in STD 58, RFC 2578, RFC 2579, and RFC 2580. Note that individual MIB modules are also referred to as MIBs; for example, the Interfaces Group MIB (IF-MIB) is a MIB module within the MIB on your system.
The SNMP agent contains MIB variables whose values the SNMP manager can request or change through Get or Set operations. A manager can get a value from an agent or store a value into that agent. The agent gathers data from the MIB, the repository for information about device parameters and network data. The agent can also respond to manager requests to get or set data.
Figure 1: Communication Between an SNMP Agent and Manager, on page 63 illustrates the communications
relationship between the SNMP manager and agent. A manager can send the agent requests to get and set MIB values. The agent can respond to these requests. Independent of this interaction, the agent can send unsolicited notifications (traps) to the manager to notify the manager of network conditions.
Figure 1: Communication Between an SNMP Agent and Manager
SNMP Notifications
A key feature of SNMP is the ability to generate notifications from an SNMP agent. These notifications do not require that requests be sent from the SNMP manager. On Cisco IOS XR software, unsolicited (asynchronous) notifications can be generated only as traps. Traps are messages alerting the SNMP manager to a condition on the network. Notifications can indicate improper user authentication, restarts, the closing of a connection, loss of connection to a neighbor router, or other significant events.
Note
Inform requests (inform operations) are supported in Cisco IOS XR software from release 4.1 onwards. For more information see,
http://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k_r5-3/sysman/command/reference/b-sysman-cr53xasr/b-sysman-cr53xasr_chapter_010010.html#wp2863682680
Traps are less reliable than informs because the receiver does not send any acknowledgment when it receives a trap. The sender cannot determine if the trap was received. An SNMP manager that receives an inform request acknowledges the message with an SNMP response protocol data unit (PDU). If the manager does not receive an inform request, it does not send a response. If the sender never receives a response, the inform request can be sent again. Thus, informs are more likely to reach their intended destination.
However, traps are often preferred because informs consume more resources in the router and in the network. Unlike a trap, which is discarded as soon as it is sent, an inform request must be held in memory until a response is received or the request times out. Also, traps are sent only once, and an inform may be retried several times. The retries increase traffic and contribute to a higher overhead on the network. Thus, traps and inform requests provide a trade-off between reliability and resources.
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
63
Page 74

SNMP Versions

Implementing SNMP
In this illustration, the agent router sends a trap to the SNMP manager. Although the manager receives the trap, it does not send any acknowledgment to the agent. The agent has no way of knowing that the trap reached its destination.
Figure 2: Trap Received by the SNMP Manager
In this illustration, the agent sends a trap to the manager, but the trap does not reach the manager. Because the agent has no way of knowing that the trap did not reach its destination, the trap is not sent again. The manager never receives the trap.
Figure 3: Trap Not Received by the SNMP Manager
SNMP Versions
Cisco IOS XR software supports the following versions of SNMP:
Both SNMPv1 and SNMPv2c use a community-based form of security. The community of managers able to access the agent MIB is defined by an IP address access control list and password.
SNMPv2c support includes a bulk retrieval mechanism and more detailed error message reporting to management stations. The bulk retrieval mechanism supports the retrieval of tables and large quantities of information, minimizing the number of round-trips required. The SNMPv2c improved error handling support includes expanded error codes that distinguish different kinds of error conditions; these conditions are reported through a single error code in SNMPv1. Error return codes now report the error type. Three kinds of exceptions are also reported: no such object exceptions, no such instance exceptions, and end of MIB view exceptions.
SNMPv3 is a security model. A security model is an authentication strategy that is set up for a user and the group in which the user resides. A security level is the permitted level of security within a security model. A
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
64
Simple Network Management Protocol Version 1 (SNMPv1)
Simple Network Management Protocol Version 2c (SNMPv2c)
Simple Network Management Protocol Version 3 (SNMPv3)
Page 75
Implementing SNMP
combination of a security model and a security level will determine which security mechanism is employed when an SNMP packet is handled. See Table 9: SNMP Security Models and Levels, on page 66 for a list of security levels available in SNMPv3. The SNMPv3 feature supports RFCs 3411 to 3418.
You must configure the SNMP agent to use the version of SNMP supported by the management station. An agent can communicate with multiple managers; for this reason, you can configure the Cisco IOS-XR software to support communications with one management station using the SNMPv1 protocol, one using the SNMPv2c protocol, and another using SMNPv3.
Comparison of SNMPv1, v2c, and v3
SNMP v1, v2c, and v3 all support the following operations:
get-request—Retrieves a value from a specific variable.
get-next-request—Retrieves the value following the named variable; this operation is often used to
retrieve variables from within a table. With this operation, an SNMP manager does not need to know the exact variable name. The SNMP manager searches sequentially to find the needed variable from within the MIB.
SNMP Versions
get-response—Operation that replies to a get-request, get-next-request, and set-request sent by an NMS.
set-request—Operation that stores a value in a specific variable.
trap—Unsolicited message sent by an SNMP agent to an SNMP manager when some event has occurred.
Table 8: SNMPv1, v2c, and v3 Feature Support, on page 65 identifies other key SNMP features supported
by the SNMP v1, v2c, and v3.
Table 8: SNMPv1, v2c, and v3 Feature Support
SNMP v3SNMP v2cSNMP v1Feature
YesYesNoGet-Bulk Operation
NoInform Operation
Yes (No on the Cisco IOS XR software)
Yes (No on the Cisco IOS XR software)
YesYesNo64 Bit Counter
YesYesNoTextual Conventions
YesNoNoAuthentication
YesNoNoPrivacy (Encryption)
Controls (Views)
YesNoNoAuthorization and Access
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
65
Page 76
SNMP Versions
Security Models and Levels for SNMPv1, v2, v3
The security level determines if an SNMP message needs to be protected from disclosure and if the message needs to be authenticated. The various security levels that exist within a security model are as follows:
noAuthNoPriv—Security level that does not provide authentication or encryption.
authNoPriv—Security level that provides authentication but does not provide encryption.
authPriv—Security level that provides both authentication and encryption.
Three security models are available: SNMPv1, SNMPv2c, and SNMPv3. The security model combined with the security level determine the security mechanism applied when the SNMP message is processed.
Table 9: SNMP Security Models and Levels, on page 66 identifies what the combinations of security models
and levels mean.
Table 9: SNMP Security Models and Levels
Implementing SNMP
What HappensEncryptionAuthenticationLevelModel
NoCommunity stringnoAuthNoPrivv1
Uses a community string match for authentication.
NoCommunity stringnoAuthNoPrivv2c
Uses a community string match for authentication.
NoUsernamenoAuthNoPrivv3
Uses a username match for authentication.
authNoPrivv3
NoHMAC-MD5 or
HMAC-SHA
Provides authentication based on the HMAC1-MD5
2
algorithm or the HMAC-SHA3.
authPrivv3
DESHMAC-MD5 or
HMAC-SHA
Provides authentication based on the HMAC-MD5 or HMAC-SHA algorithms. Provides DES456-bit encryption in addition to authentication based on the CBC5DES (DES-56) standard.
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
66
Page 77
Implementing SNMP

SNMPv3 Benefits

What HappensEncryptionAuthenticationLevelModel
1
Hash-Based Message Authentication Code
2
Message Digest 5
3
Secure Hash Algorithm
4
Data Encryption Standard
5
Cipher Block Chaining
6
Triple Data Encryption Standard
7
Advanced Encryption Standard
authPrivv3
3DESHMAC-MD5 or
HMAC-SHA
Provides authentication based on the HMAC-MD5 or HMAC-SHA algorithms. Provides 168-bit 3DES6level of encryption.
authPrivv3
AESHMAC-MD5 or
HMAC-SHA
Provides authentication based on the HMAC-MD5 or HMAC-SHA algorithms. Provides 128-bit AES7level of encryption.
Use of 3DES and AES encryption standards requires that the security package (k9sec) be installed. For information on installing software packages, see Upgrading and Managing Cisco IOS XR Software.
SNMPv3 Benefits
SNMPv3 provides secure access to devices by providing authentication, encryption and access control. These added security benefits secure SNMP against the following security threats:
Masquerade—The threat that an SNMP user may assume the identity of another SNMP user to perform
Message stream modification—The threat that messages may be maliciously reordered, delayed, or
Disclosure—The threat that exchanges between SNMP engines could be eavesdropped. Protecting
In addition, SNMPv3 provides access control over protocol operations on SNMP managed objects.
management operations for which that SNMP user does not have authorization.
replayed (to an extent that is greater than can occur through the natural operation of a subnetwork service) to cause SNMP to perform unauthorized management operations.
against this threat may be required as a matter of local policy.
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
67
Page 78

SNMPv3 Costs

SNMPv3 Costs
Implementing SNMP
SNMPv3 authentication and encryption contribute to a slight increase in the response time when SNMP operations on MIB objects are performed. This cost is far outweighed by the security advantages provided by SNMPv3.
Table 10: Order of Response Times from Least to Greatest, on page 68 shows the order of response time
(from least to greatest) for the various security model and security level combinations.
Table 10: Order of Response Times from Least to Greatest
Security LevelSecurity Model
noAuthNoPrivSNMPv2c
noAuthNoPrivSNMPv3
authNoPrivSNMPv3
User-Based Security Model
SNMPv3 User-Based Security Model (USM) refers to SNMP message-level security and offers the following services:
Message integrityEnsures that messages have not been altered or destroyed in an unauthorized manner
and that data sequences have not been altered to an extent greater than can occur nonmaliciously.
Message origin authenticationEnsures that the claimed identity of the user on whose behalf received
data was originated is confirmed.
Message confidentialityEnsures that information is not made available or disclosed to unauthorized
individuals, entities, or processes.
SNMPv3 authorizes management operations only by configured users and encrypts SNMP messages.
USM uses two authentication protocols:
HMAC-MD5-96 authentication protocol
HMAC-SHA-96 authentication protocol
USM uses Cipher Block Chaining (CBC)-DES (DES-56) as the privacy protocol for message encryption.
authPrivSNMPv3
View-Based Access Control Model
The View-Based Access Control Model (VACM) enables SNMP users to control access to SNMP managed objects by supplying read, write, or notify access to SNMP objects. It prevents access to objects restricted by views. These access policies can be set when user groups are configured with the snmp-server group command.
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
68
Page 79
Implementing SNMP
MIB Views
Access Policy

IP Precedence and DSCP Support for SNMP

For security reasons, it is often valuable to be able to restrict the access rights of some groups to only a subset of the management information within the management domain. To provide this capability, access to a management object is controlled through MIB views, which contain the set of managed object types (and, optionally, the specific instances of object types) that can be viewed.
Access policy determines the access rights of a group. The three types of access rights are as follows:
read-view access—The set of object instances authorized for the group when objects are read.
write-view access—The set of object instances authorized for the group when objects are written.
notify-view access—The set of object instances authorized for the group when objects are sent in a
notification.
IP Precedence and DSCP Support for SNMP
SNMP IP Precedence and differentiated services code point (DSCP) support delivers QoS specifically for SNMP traffic. You can change the priority setting so that SNMP traffic generated in a router is assigned a specific QoS class. The IP Precedence or IP DSCP code point value is used to determine how packets are handled in weighted random early detection (WRED).
After the IP Precedence or DSCP is set for the SNMP traffic generated in a router, different QoS classes cannot be assigned to different types of SNMP traffic in that router.
The IP Precedence value is the first three bits in the type of service (ToS) byte of an IP header. The IP DSCP code point value is the first six bits of the differentiate services (DiffServ Field) byte. You can configure up to eight different IP Precedence markings or 64 different IP DSCP markings.

How to Implement SNMP on Cisco IOS XR Software

This section describes how to implement SNMP.
The snmp-server commands enable SNMP on Management Ethernet interfaces by default. For information on how to enable SNMP server support on other inband interfaces, see the Implementing Management Plane
Protection on Cisco IOS XR Software module in System Security Configuration Guide for Cisco NCS 6000 Series Routers.

Configuring SNMPv3

This task explains how to configure SNMPv3 for network management and monitoring.
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
69
Page 80
Configuring SNMPv3
Implementing SNMP
Note
SUMMARY STEPS
DETAILED STEPS
Step 1
Step 2
configure
snmp-server view view-name oid-tree {included | excluded}
Example:
No specific command enables SNMPv3; the first snmp-server global configuration command (config), that you issue enables SNMPv3. Therefore, the sequence in which you issue the snmp-server commands for this task does not matter.
configure
1.
snmp-server view view-name oid-tree {included | excluded}
2.
snmp-server group name {v1 | v2c | v3 {auth | noauth | priv}} [read view] [write view] [notify view]
3.
[access-list-name]
snmp-server user username groupname {v1 | v2c | v3 [auth {md5 | sha} {clear | encrypted}
4.
auth-password [priv des56 {clear | encrypted} priv-password]]} [access-list-name]
commit
5.
PurposeCommand or Action
Creates or modifies a view record.
Step 3
Step 4
Step 5
RP/0/RP0/CPU0:router(config)# snmp-server view view_name 1.3.6.1.2.1.1.5 included
snmp-server group name {v1 | v2c | v3 {auth | noauth | priv}} [read view] [write view] [notify view]
[access-list-name]
Example:
RP/0/RP0/CPU0:router(config)# snmp-server group group_name v3 noauth read view_name1 write view_name2
snmp-server user username groupname {v1 | v2c | v3 [auth {md5 | sha} {clear | encrypted}
auth-password [priv des56 {clear | encrypted} priv-password]]} [access-list-name]
Example:
RP/0/RP0/CPU0:router(config)# snmp-server user noauthuser group_name v3
commit
Configures a new SNMP group or a table that maps SNMP users to SNMP views.
Configures a new user to an SNMP group.
Note
Only one remote host can be assigned to the same username for SNMP version 3. If you configure the same username with different remote hosts, only the last username and remote host combination will be accepted and will be seen in the show running configuration. In the case of multiple SNMP managers, multiple unique usernames are required.
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
70
Page 81
Implementing SNMP

Configuring SNMP Trap Notifications

This task explains how to configure the router to send SNMP trap notifications.
Configuring SNMP Trap Notifications
Note
SUMMARY STEPS
DETAILED STEPS
Step 1
configure
You can omit Step 3, on page 70 if you have already completed the steps documented under the
Configuring SNMPv3, on page 69 task.
configure
1.
snmp-server group name {v1 | v2c | v3 {auth | noauth | priv}} [read view] [write view] [notify view]
2.
[access-list-name]
snmp-server user username groupname {v1 | v2c | v3 [auth {md5 | sha} {clear | encrypted}
3.
auth-password [priv des56 {clear | encrypted} priv-password]]} [access-list-name]
snmp-server host address [traps] [version {1 | 2c | 3 [auth | noauth | priv]}] community-string [udp-port
4.
port] [notification-type]
snmp-server traps [notification-type]
5.
commit
6.
(Optional) show snmp host
7.
PurposeCommand or Action
Step 2
Step 3
snmp-server group name {v1 | v2c | v3 {auth | noauth | priv}} [read view] [write view] [notify view] [access-list-name]
Example:
RP/0/RP0/CPU0:router(config)# snmp-server group
group_name v3 noauth read view_name1 write view_name2
snmp-server user username groupname {v1 | v2c | v3 [auth {md5 | sha} {clear | encrypted}
auth-password [priv des56 {clear | encrypted} priv-password]]} [access-list-name]
Example:
RP/0/RP0/CPU0:router(config)# snmp-server user
noauthuser group_name v3
Configures a new SNMP group or a table that maps SNMP users to SNMP views.
Configures a new user to an SNMP group.
Note
Only one remote host can be assigned to the same username for SNMP version 3. If you configure the same username with different remote hosts, only the last username and remote host combination will be accepted and will be seen in the show running configuration. In the case of multiple SNMP managers, multiple unique usernames are required.
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
71
Page 82

Setting the Contact, Location, and Serial Number of the SNMP Agent

Implementing SNMP
PurposeCommand or Action
Step 4
Step 5
Step 6
Step 7
snmp-server host address [traps] [version {1 | 2c | 3 [auth | noauth | priv]}] community-string [udp-port port] [notification-type]
Example:
RP/0/RP0/CPU0:router(config)# snmp-server host
12.26.25.61 traps version 3
noauth userV3noauth
snmp-server traps [notification-type]
Example:
RP/0/RP0/CPU0:router(config)# snmp-server traps
bgp
commit
show snmp host
Example:
RP/0/RP0/CPU0:router# show snmp host
Specifies SNMP trap notifications, the version of SNMP to use, the security level of the notifications, and the recipient (host) of the notifications.
Enables the sending of trap notifications and specifies the type of trap notifications to be sent.
If a trap is not specified with the notification-type
argument, all supported trap notifications are enabled on the router. To display which trap notifications are available on your router, enter the snmp-server traps ? command.
(Optional) Displays information about the configured SNMP notification recipient (host), port number, and security model.
Setting the Contact, Location, and Serial Number of the SNMP Agent
This task explains how to set the system contact string, system location string, and system serial number of the SNMP agent.
The sequence in which you issue the snmp-server commands for this task does not matter.Note
SUMMARY STEPS
configure
1.
(Optional) snmp-server contact system-contact-string
2.
(Optional) snmp-server location system-location
3.
(Optional) snmp-server chassis-id serial-number
4.
commit
5.
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
72
Page 83
Implementing SNMP
DETAILED STEPS

Defining the Maximum SNMP Agent Packet Size

PurposeCommand or Action
Step 1
Step 2
Step 3
Step 4
Step 5
configure
snmp-server contact system-contact-string
Example:
RP/0/RP0/CPU0:router(config)# snmp-server contact Dial System Operator at beeper # 27345
snmp-server location system-location
Example:
RP/0/RP0/CPU0:router(config)# snmp-server location Building 3/Room 214
snmp-server chassis-id serial-number
Example:
RP/0/RP0/CPU0:router(config)# snmp-server chassis-id 1234456
commit
(Optional) Sets the system contact string.
(Optional) Sets the system location string.
(Optional) Sets the system serial number.
Defining the Maximum SNMP Agent Packet Size
This task shows how to configure the largest SNMP packet size permitted when the SNMP server is receiving a request or generating a reply.
The sequence in which you issue the snmp-server commands for this task does not matter.Note
SUMMARY STEPS
configure
1.
(Optional) snmp-server packetsize byte-count
2.
commit
3.
DETAILED STEPS
Step 1
configure
PurposeCommand or Action
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
73
Page 84

Changing Notification Operation Values

Implementing SNMP
PurposeCommand or Action
Step 2
Step 3
snmp-server packetsize byte-count
Example:
RP/0/RP0/CPU0:router(config)# snmp-server packetsize 1024
commit
Changing Notification Operation Values
After SNMP notifications have been enabled, you can specify a value other than the default for the source interface, message queue length, or retransmission interval.
This task explains how to specify a source interface for trap notifications, the message queue length for each host, and the retransmission interval.
The sequence in which you issue the snmp-server commands for this task does not matter.Note
SUMMARY STEPS
(Optional) Sets the maximum packet size.
DETAILED STEPS
Step 1
Step 2
configure
1.
(Optional) snmp-server trap-source type interface-path-id
2.
(Optional) snmp-server queue-length length
3.
(Optional) snmp-server trap-timeout seconds
4.
commit
5.
configure
snmp-server trap-source type interface-path-id
Example:
RP/0/RP0/CPU0:router(config)# snmp-server trap-source
POS 0/0/1/0
PurposeCommand or Action
(Optional) Specifies a source interface for trap notifications.
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
74
Page 85
Implementing SNMP

Setting IP Precedence and DSCP Values

PurposeCommand or Action
Step 3
Step 4
Step 5
snmp-server queue-length length
Example:
RP/0/RP0/CPU0:router(config)# snmp-server queue-length 20
snmp-server trap-timeout seconds
Example:
RP/0/RP0/CPU0:router(config)# snmp-server trap-timeout 20
commit
Setting IP Precedence and DSCP Values
This task describes how to configure IP Precedence or IP DSCP for SNMP traffic.
Before You Begin
SNMP must be configured.
(Optional) Establishes the message queue length for each notification.
(Optional) Defines how often to resend notifications on the retransmission queue.
SUMMARY STEPS
DETAILED STEPS
Step 1
Step 2
configure
1.
Use one of the following commands:
2.
snmp-server ipv4 precedence value
snmp-server ipv4 dscp value
commit
3.
configure
Use one of the following commands:
snmp-server ipv4 precedence value
snmp-server ipv4 dscp value
PurposeCommand or Action
Configures an IP precedence or IP DSCP value for SNMP traffic.
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
75
Page 86

Configuring MIB Data to be Persistent

Example:
RP/0/RP0/CPU0:router(config)# snmp-server dscp 24
Step 3
commit
Configuring MIB Data to be Persistent
Many SNMP MIB definitions define arbitrary 32-bit indices for their object tables. MIB implementations often do a mapping from the MIB indices to some internal data structure that is keyed by some other set of data. In these MIB tables the data contained in the table are often other identifiers of the element being modelled. For example, in the ENTITY-MIB, entries in the entPhysicalTable are indexed by the 31-bit value, entPhysicalIndex, but the entities could also be identified by the entPhysicalName or a combination of the other objects in the table.
Because of the size of some MIB tables, significant processing is required to discover all the mappings from the 32-bit MIB indices to the other data which the network management station identifies the entry. For this reason, it may be necessary for some MIB indices to be persistent across process restarts, switchovers, or device reloads. The ENTITY-MIB entPhysicalTable and CISCO-CLASS-BASED-QOS-MIB are two such MIBs that often require index values to be persistent.
Also, because of query response times and CPU utilization during CISCO-CLASS-BASED-QOS-MIB statistics queries, it is desirable to cache service policy statistics.
Implementing SNMP
PurposeCommand or Action
SUMMARY STEPS
DETAILED STEPS
Step 1
snmp-server entityindex persist
Example:
RP/0/RP0/CPU0:router(config)# snmp-server entityindex
persist
(Optional) snmp-server entityindex persist
1.
(Optional) snmp-server mibs cbqosmib persist
2.
(Optional) snmp-server cbqosmib cache refresh time time
3.
(Optional) snmp-server cbqosmib cache service-policy count count
4.
snmp-server ifindex persist
5.
PurposeCommand or Action
(Optional) Enables the persistent storage of ENTITY-MIB data.
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
76
Page 87
Implementing SNMP

Configuring LinkUp and LinkDown Traps for a Subset of Interfaces

PurposeCommand or Action
Step 2
Step 3
Step 4
Step 5
snmp-server mibs cbqosmib persist
Example:
RP/0/RP0/CPU0:router(config)# snmp-server mibs cbqosmib persist
snmp-server cbqosmib cache refresh time time
Example:
RP/0/RP0/CPU0:router(config)# snmp-server mibs cbqosmib cache refresh time 45
snmp-server cbqosmib cache service-policy count count
Example:
RP/0/RP0/CPU0:router(config)# snmp-server mibs cbqosmib cache service-policy count 50
snmp-server ifindex persist
Example:
RP/0/RP0/CPU0:router(config)# snmp-server ifindex persist
(Optional) Enables persistent storage of the CISCO-CLASS-BASED-QOS-MIB data.
(Optional) Enables QoS MIB caching with a specified cache refresh time.
(Optional) Enables QoS MIB caching with a limited number of service policies to cache.
Enables ifIndex persistence globally on all Simple Network Management Protocol (SNMP) interfaces.
Configuring LinkUp and LinkDown Traps for a Subset of Interfaces
By specifying a regular expression to represent the interfaces for which you are interested in setting traps, you can enable or disable linkUp and linkDown traps for a large number of interfaces simultaneously.
Before You Begin
SNMP must be configured.
SUMMARY STEPS
configure
1.
snmp-server interface subset subset-number regular-expression expression
2.
notification linkupdown disable
3.
commit
4.
(Optional) show snmp interface notification subset subset-number
5.
(Optional) show snmp interface notification regular-expression expression
6.
(Optional) show snmp interface notification type interface-path-id
7.
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
77
Page 88
Configuring LinkUp and LinkDown Traps for a Subset of Interfaces
DETAILED STEPS
Implementing SNMP
PurposeCommand or Action
Step 1
Step 2
Step 3
Step 4
Step 5
configure
snmp-server interface subset subset-number regular-expression expression
Example:
RP/0/RP0/CPU0:router(config)# snmp-server interface subset 10
regular-expression "^Gig[a-zA-Z]+[0-9/]+\." RP/0/RP0/CPU0:router(config-snmp-if-subset)#
notification linkupdown disable
Example:
RP/0/RP0/CPU0:router(config-snmp-if-subset)# notification linkupdown disable
commit
show snmp interface notification subset
subset-number
Example:
Enters snmp-server interface mode for the interfaces identified by the regular expression.
The subset-number argument identifies the set of interfaces, and also assigns a priority to the subset in the event that an interface is included in more than one subset. Lower numbers have higher priority and their configuration takes precedent over interface subsets with higher numbers.
The expression argument must be entered surrounded by double quotes.
Refer to the Understanding Regular Expressions, Special Characters, and Patterns module in for more information regarding regular expressions.
Disables linkUp and linkDown traps for all interfaces being configured. To enable previously disabled interfaces, use the no form of this command.
(Optional) Displays the linkUp and linkDown notification status for all interfaces identified by the subset priority.
Step 6
Step 7
78
RP/0/RP0/CPU0:router# show snmp interface notification subset 10
show snmp interface notification regular-expression
expression
(Optional) Displays the linkUp and linkDown notification status for all interfaces identified by the regular expression.
Example:
RP/0/RP0/CPU0:router# show snmp interface notification
regular-expression "^Gig[a-zA-Z]+[0-9/]+\."
show snmp interface notification type interface-path-id
(Optional) Displays the linkUp and linkDown notification status for the specified interface.
Example:
RP/0/RP0/CPU0:router# show snmp interface notification
tengige 0/4/0/3.10
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
Page 89
Implementing SNMP

Configuration Examples for Implementing SNMP

Configuration Examples for Implementing SNMP

Configuring SNMPv3: Examples

Setting an Engine ID
This example shows how to set the identification of the local SNMP engine:
snmp-server engineID local 00:00:00:09:00:00:00:a1:61:6c:20:61
After the engine ID has been configured, the SNMP agent restarts.Note
Verifying the Identification of the Local SNMP Engines
This example shows how to verify the identification of the local SNMP engine:
config
show snmp engineid
SNMP engineID 00000009000000a1ffffffff
Creating a View
There are two ways to create a view:
You can include the object identifier (OID) of an ASN.1 subtree of a MIB family from a view by using
the included keyword of the snmp-server view command.
You can exclude the OID subtree of the ASN.1 subtree of a MIB family from a view by using the
excluded keyword of the snmp-server view command.
This example shows how to create a view that includes the sysName (1.3.6.1.2.1.1.5) object:
config
snmp-server view SNMP_VIEW1 1.3.6.1.2.1.1.5 included
This example shows how to create a view that includes all the OIDs of a system group:
config
snmp-server view SNMP_VIEW1 1.3.6.1.2.1.1 included
This example shows how to create a view that includes all the OIDs under the system group except the sysName object (1.3.6.1.2.1.1.5), which has been excluded:
config
snmp-server view SNMP_VIEW1 1.3.6.1.2.1.1 included snmp-server view SNMP_VIEW1 1.3.6.1.2.1.1.5 excluded
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
79
Page 90
Configuring SNMPv3: Examples
Verifying Configured Views
This example shows how to display information about the configured views:
RP/0/RP0/CPU0:router# show snmp view
v1default 1.3.6.1 - included nonVolatile active SNMP_VIEW1 1.3.6.1.2.1.1 - included nonVolatile active SNMP_VIEW1 1.3.6.1.2.1.1.5 - excluded nonVolatile active
Creating Groups
If you do not explicitly specify a notify, read, or write view, the Cisco IOS XR software uses the v1 default (1.3.6.1). This example shows how to create a group that utilizes the default view:
RP/0/RP0/CPU0:router(config)# snmp-server group group-name v3 auth
The following configuration example shows how to create a group that has read access to all the OIDs in the system except the sysUpTime object (1.3.6.1.2.1.1.3), which has been excluded from the view applied to the group, but write access only to the sysName object (1.3.6.1.2.1.1.5):
Implementing SNMP
!
snmp-server view view_name1 1.3.6.1.2.1.1 included snmp-server view view_name1 1.3.6.1.2.1.1.3 excluded snmp-server view view_name2 1.3.6.1.2.1.1.5 included snmp-server group group_name1 v3 auth read view_name1 write view_name2 !
Verifying Groups
This example shows how to verify the attributes of configured groups:
RP/0/RP0/CPU0:router# show snmp group
groupname: group_name1 security model:usm readview : view_name1 writeview: view_name2 notifyview: v1default row status: nonVolatile
Creating and Verifying Users
Given the following SNMPv3 view and SNMPv3 group configuration:
!
snmp-server view view_name 1.3.6.1.2.1.1 included snmp-server group group_name v3 noauth read view_name write view-name !
This example shows how to create a noAuthNoPriv user with read and write view access to a system group:
config
snmp-server user noauthuser group_name v3
The user must belong to a noauth group before a noAuthNoPriv user can be created.Note
Only one remote host can be assigned to the same username for SNMP version 3. If you configure the same username with different remote hosts, only the last username and remote host combination will be accepted
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
80
Page 91
Implementing SNMP
Configuring SNMPv3: Examples
and will be seen in the show running configuration. In the case of multiple SNMP managers, multiple unique usernames are required.
This example shows the same username case which only the last configuration will be accepted:
snmp-server user username nervectrgrp remote 10.69.236.146 udp-port 162 v3 auth sha <password> priv aes 128 <password> snmp-server user username nervectrgrp remote 10.214.127.2 udp-port 162 v3 auth sha <password>
priv aes 128 <password> snmp-server user username nervectrgrp remote 10.69.236.147 udp-port 162 v3 auth sha <password> priv aes 128 <password> RP/0/RP0/CPU0:router# show run snmp-server user
snmp-server user username nervectrgrp remote 10.69.236.147 udp-port 162 v3 auth sha
encrypted <password> priv aes 128 encrypted <password>
This example shows all 3 hosts for username1, username2, and username3 will be accepted.
:
snmp-server user username1 nervectrgrp remote 10.69.236.146 udp-port 162 v3 auth sha <password> priv aes 128 <password> snmp-server user username2 nervectrgrp remote 10.214.127.2 udp-port 162 v3 auth sha <password> priv aes 128 <password> snmp-server user username3 nervectrgrp remote 10.69.236.147 udp-port 162 v3 auth sha <password> priv aes 128 <password> RP/0/RP0/CPU0:router# show run snmp-server user
snmp-server user batmanusr1 nervectrgrp remote 10.69.236.146 udp-port 162 v3 auth sha
encrypted <password> priv aes 128 encrypted <password>
snmp-server user batmanusr2 nervectrgrp remote 10.214.127.2 udp-port 162 v3 auth sha
encrypted <password> priv aes 128 encrypted <password>
snmp-server user batmanusr3 nervectrgrp remote 10.69.236.147 udp-port 162 v3 auth sha
encrypted <password> priv aes 128 encrypted <password>
This example shows how to verify the attributes that apply to the SNMP user:
RP/0/RP0/CPU0:router# show snmp user
User name: noauthuser Engine ID: localSnmpID storage-type: nonvolatile active
Given the following SNMPv3 view and SNMPv3 group configuration:
!
snmp-server view SNMP_VIEW1 1.3.6.1.2.1.1 included snmp-server group SNMP_GROUP1 v3 auth notify SNMP_VIEW1 read SNMP_VIEW1 write SNMP_VIEW1
!
This example shows how to create a user with authentication (including encryption), read, and write view access to a system group:
config
snmp-server user userv3authpriv SNMP_GROUP1 v3 auth md5 password123 priv aes 128 password123
Given the following SNMPv3 view and SNMPv3 group configuration:
!
snmp-server view view_name 1.3.6.1.2.1.1 included snmp group group_name v3 priv read view_name write view_name !
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
81
Page 92

Configuring Trap Notifications: Example

This example shows how to create authNoPriv user with read and write view access to a system group:
RP/0/RP0/CPU0:router(config)# snmp-server user authuser group_name v3 auth md5 clear auth_passwd
Implementing SNMP
Note
Because the group is configured at a security level of Auth, the user must be configured as authat a minimum to access this group (privusers could also access this group). The authNoPriv user configured in this group, authuser, must supply an authentication password to access the view. In the example, auth_passwd is set as the authentication password string. Note that clear keyword is specified before the auth_passwd password string. The clear keyword indicates that the password string being supplied is unencrypted.
This example shows how to verify the attributes that apply to SNMP user:
RP/0/RP0/CPU0:router# show snmp user
User name: authuser Engine ID: localSnmpID storage-type: nonvolatile active
Given the following SNMPv3 view and SNMPv3 group configuration:
!
snmp view view_name 1.3.6.1.2.1.1 included snmp group group_name v3 priv read view_name write view_name !
This example shows how to create an authPriv user with read and write view access to a system group:
config
snmp-server user privuser group_name v3 auth md5 clear auth_passwd priv des56 clear
priv_passwd
Note
Because the group has a security level of Priv, the user must be configured as a privuser to access this group. In this example, the user, privuser, must supply both an authentication password and privacy password to access the OIDs in the view.
This example shows how to verify the attributes that apply to the SNMP user:
RP/0/RP0/CPU0:router# show snmp user
User name: privuser Engine ID: localSnmpID storage-type: nonvolatile active
Configuring Trap Notifications: Example
The following example configures an SNMP agent to send out different types of traps. The configuration includes a v2c user, a noAuthNoPriv user, anauthNoPriv user, and an AuthPriv user.
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
82
Page 93
Implementing SNMP

Setting an IP Precedence Value for SNMP Traffic: Example

Note
The default User Datagram Protocol (UDP) port is 161. If you do not a specify a UDP port with the udp-port keyword and port argument, then the configured SNMP trap notifications are sent to port 161.
!
snmp-server host 10.50.32.170 version 2c userv2c udp-port 2345 snmp-server host 10.50.32.170 version 3 auth userV3auth udp-port 2345 snmp-server host 10.50.32.170 version 3 priv userV3priv udp-port 2345 snmp-server host 10.50.32.170 version 3 noauth userV3noauth udp-port 2345 snmp-server user userv2c groupv2c v2c snmp-server user userV3auth groupV3auth v3 auth md5 encrypted 140F0A13
snmp-server user userV3priv groupV3priv v3 auth md5 encrypted 021E1C43 priv des56 encrypted
1110001C
snmp-server user userV3noauth groupV3noauth v3 LROwner snmp-server view view_name 1.3 included snmp-server community public RW snmp-server group groupv2c v2c read view_name snmp-server group groupV3auth v3 auth read view_name snmp-server group groupV3priv v3 priv read view_name snmp-server group groupV3noauth v3 noauth read view_name !
This example shows how to verify the configuration SNMP trap notification recipients host, the recipients of SNMP trap notifications. The output displays the following information:
IP address of the configured notification host
UDP port where SNMP notification messages are sent
Type of trap configured
Security level of the configured user
Security model configured
config
show snmp host
Notification host: 10.50.32.170 udp-port: 2345 type: trap user: userV3auth security model: v3 auth
Notification host: 10.50.32.170 udp-port: 2345 type: trap user: userV3noauth security model: v3 noauth
Notification host: 10.50.32.170 udp-port: 2345 type: trap user: userV3priv security model: v3 priv
Notification host: 10.50.32.170 udp-port: 2345 type: trap user: userv2c security model: v2c
Setting an IP Precedence Value for SNMP Traffic: Example
The following example shows how to set the SNMP IP Precedence value to 7:
configure
snmp-server ipv4 precedence 7 exit
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: y
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
83
Page 94

Setting an IP DSCP Value for SNMP Traffic: Example

Setting an IP DSCP Value for SNMP Traffic: Example
The following example shows how to set the IP DSCP value of SNMP traffic to 45:
configure
snmp-server ipv4 dscp 45 exit
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: y

Additional References

The following sections provide references related to Implementing SNMP on Cisco IOS XR software.
Related Documents
Document TitleRelated Topic
Implementing SNMP
Cisco IOS XR SNMP commands
MIB information
Cisco IOS XR commands
Getting started with Cisco IOS XR software
Information about user groups and task IDs
Cisco IOS XR Quality of Service
Standards
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
SNMP Server Commands on module of System Management Command Reference for Cisco NCS 6000 Series Routers
Configuring AAA Services on module of System Security Configuration Guide for Cisco NCS 6000 Series Routers
Modular Quality of Service Configuration Guide for Cisco NCS 6000 Series Routers
TitleStandards
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
84
Page 95
Implementing SNMP
Additional References
MIBs
MIBs LinkMIBs
RFCs
RFC 3411
RFC 3412
RFC 3413
RFC 3414
To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at the following URL and choose a platform under the Cisco Access Products menu: http://cisco.com/public/
sw-center/netmgmt/cmtk/mibs.shtml
TitleRFCs
An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks
Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)
Simple Network Management Protocol (SNMP) Applications
User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)
RFC 3415
RFC 3416
RFC 3417
RFC 3418
Technical Assistance
The Cisco Technical Support website contains thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.
View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)
Version 2 of the Protocol Operations for the Simple Network Management Protocol (SNMP)
Transport Mappings for the Simple Network Management Protocol (SNMP)
Management Information Base (MIB) for the Simple Network Management Protocol (SNMP)
LinkDescription
http://www.cisco.com/cisco/web/support/index.html
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
85
Page 96
Additional References
Implementing SNMP
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
86
Page 97

Configuring Periodic MIB Data Collection and Transfer

This document describes how to periodically transfer selected MIB data from your router to a specified Network Management System (NMS). The periodic MIB data collection and transfer feature is also known as bulk statistics.
Table 11: Feature History for Periodic MIB Data Collection and Transfer
ModificationRelease
CHAPTER 7
Release 4.2.0
This module contains the following topics:
Prerequisites for Periodic MIB Data Collection and Transfer, page 87
Information About Periodic MIB Data Collection and Transfer, page 88
How to Configure Periodic MIB Data Collection and Transfer, page 89
Periodic MIB Data Collection and Transfer: Example, page 96
The periodic MIB data collection and transfer feature was introduced and supported the IF-MIB only.
Additional MIBs were supported.Release 4.2.1

Prerequisites for Periodic MIB Data Collection and Transfer

To use periodic MIB data collection and transfer, you should be familiar with the Simple Network Management Protocol (SNMP) model of management information. You should also know what MIB information you want to monitor on your network devices, and the OIDs or object names for the MIB objects to be monitored.
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
87
Page 98
Configuring Periodic MIB Data Collection and Transfer

Information About Periodic MIB Data Collection and Transfer

Information About Periodic MIB Data Collection and Transfer

SNMP Objects and Instances

A type (or class) of SNMP management information is called an object. A specific instance from a type of management information is called an object instance (or SNMP variable). To configure a bulk statistics collection, you must specify the object types to be monitored using a bulk statistics object list and the specific instances of those objects to be collected using a bulk statistics schema.
MIBs, MIB tables, MIB objects, and object indices can all be specified using a series of numbers called an object identifier (OID). OIDs are used in configuring a bulk statistics collection in both the bulk statistics object lists (for general objects) and in the bulk statistics schemas (for specific object instances).

Bulk Statistics Object Lists

To group the MIB objects to be polled, you need to create one or more object lists. A bulk statistics object list is a user-specified set of MIB objects that share the same MIB index. Object lists are identified using a name that you specify. Named bulk statistics object lists allow the same configuration to be reused in different bulk statistics schemas.
All the objects in an object list must share the same MIB index. However, the objects do not need to be in the same MIB and do not need to belong to the same MIB table. For example, it is possible to group ifInOctets and a CISCO-IF-EXTENSION-MIB object in the same schema, because the containing tables for both objects are indexed by the ifIndex.

Bulk Statistics Schemas

Data selection for the Periodic MIB Data Collection and Transfer Mechanism requires the definition of a schema with the following information:
Name of an object list.
Instance (specific instance or series of instances defined using a wild card) that needs to be retrieved for
objects in the specified object list.
How often the specified instances need to be sampled (polling interval). The default polling interval is
5 minutes.
A bulk statistics schema is also identified using a name that you specify. This name is used when configuring the transfer options.

Bulk Statistics Transfer Options

After configuring the data to be collected, a single virtual file (VFile or bulk statistics file) with all collected data is created. This file can be transferred to a network management station using FTP or TFTP. You can specify how often this file should be transferred. The default transfer interval is once every 30 minutes. You can also configure a secondary destination for the file to be used if, for whatever reason, the file cannot be transferred to the primary network management station.
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
88
Page 99
Configuring Periodic MIB Data Collection and Transfer

Benefits of Periodic MIB Data Collection and Transfer

The value of the transfer interval is also the collection period (collection interval) for the local bulk statistics file. After the collection period ends, the bulk statistics file is frozen, and a new local bulk statistics file is created for storing data. The frozen bulk statistics file is then transferred to the specified destination.
By default, the local bulk statistics file is deleted after successful transfer to an network management station.
Benefits of Periodic MIB Data Collection and Transfer
Periodic MIB data collection and transfer (bulk statistics feature) allows many of the same functions as the bulk file MIB (CISCO-BULK-FILE-MIB.my), but offers some key advantages. The main advantage is that this feature can be configured through the CLI and does not require an external monitoring application.
Periodic MIB data collection and transfer is mainly targeted for medium to high-end platforms that have sufficient local storage (volatile or permanent) to store bulk statistics files. Locally storing bulk statistics files helps minimize loss of data during temporary network outages.
This feature also has more powerful data selection features than the bulk file MIB; it allows grouping of MIB objects from different tables into data groups (object lists). It also incorporates a more flexible instance selection mechanism, where the application is not restricted to fetching an entire MIB table.

How to Configure Periodic MIB Data Collection and Transfer

Configuring a Bulk Statistics Object List

The first step in configuring the Periodic MIB Data Collection and Transfer Mechanism is to configure one or more object lists.
SUMMARY STEPS
configure
1.
snmp-server mib bulkstat object-list list-name
2.
add {oid | object-name}
3.
commit
4.
DETAILED STEPS
PurposeCommand or Action
Step 1
Step 2
configure
snmp-server mib bulkstat object-list list-name
Example:
snmp-server mib bulkstat object-list ifMib
Defines an SNMP bulk statistics object list and enters bulk statistics object list configuration mode.
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
89
Page 100

Configuring a Bulk Statistics Schema

Configuring Periodic MIB Data Collection and Transfer
PurposeCommand or Action
Step 3
Step 4
add {oid | object-name}
Example:
RP/0/RP0/CPU0:router(config-bulk-objects)#
add 1.3.6.1.2.1.2.2.1.11
RP/0/RP0/CPU0:router(config-bulk-objects)#
add ifAdminStatus
RP/0/RP0/CPU0:router(config-bulk-objects)#
add ifDescr
commit
What to Do Next
Configure a bulk statistics schema.
Configuring a Bulk Statistics Schema
The second step in configuring periodic MIB data collection and transfer is to configure one or more schemas.
Before You Begin
Adds a MIB object to the bulk statistics object list. Repeat as desired until all objects to be monitored in this list are added.
Note
All the objects in a bulk statistics object list have to be indexed by the same MIB index. However, the objects in the object list do not need to belong to the same MIB or MIB table.
When specifying an object name instead of an OID (using the add command), only object names with mappings shown in the show snmp mib object command output can be used.
SUMMARY STEPS
The bulk statistics object list to be used in the schema must be defined.
configure
1.
snmp-server mib bulkstat schema schema-name
2.
object-list list-name
3.
Do one of the following:
4.
instance exact {interface interface-id [sub-if] | oid oid}
instance wild {interface interface-id [sub-if] | oid oid}
instance range start oid end oid
instance repetition oid max repeat-number
poll-interval minutes
5.
commit
6.
System Management Configuration Guide for the Cisco NCS 6000 Series Router, Release 5.0.x
90
Loading...
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use