In this guide, we’ll walk through some essential configuration steps with practical examples of Cisco NCS 500 router configuration.
Related Post
Configuration Template
RP/0/RP0/CPU0:ICTFELLA-RTR01#sh run
Building configuration...
!! IOS XR Configuration 7.7.x
!! Last configuration change at Thu Jul 11 13:24:04 202x by ictfella
!
service unsupported-transceiver
hostname ICTFELLA-RTR01
snmp-server traps alarm
clock timezone AEST Australia/xxxxx
logging trap notifications
logging facility local6
logging x.x.x.x vrf Mgmt-intf
logging source-interface MgmtEth0/RP0/CPU0/0
logging hostnameprefix ICTFELLA-RTR01
service timestamps log datetime localtime show-timezone
service timestamps debug datetime localtime msec show-timezone
==============================================================
radius-server vsa attribute ignore unknown
radius-server host x.x.x.x auth-port 1812 acct-port 1813
key 7 xxxxxxxx
!
radius-server host x.x.x.x auth-port 1812 acct-port 1813
key 7 xxxxxxxx
!
username ictfella
group root-lr
group cisco-support
secret 10 xxxxxxxxxxxx
!
username root
group root-lr
group cisco-support
secret 10 xxxxxxxxxxxx
!
aaa accounting exec ICT_Accounting start-stop group ICT_RADIUS
aaa group server radius ICT_RADIUS
server x.x.x.x auth-port 1812 acct-port 1813
server x.x.x.x auth-port 1812 acct-port 1813
vrf Mgmt-intf
source-interface MgmtEth0/RP0/CPU0/0
!
aaa authorization exec ICT_Authorization group ICT_RADIUS none
aaa authentication login ICT_Local local
aaa authentication login ICT_Authentication group ICT_RADIUS local
cdp
vrf Mgmt-intf
description Dedicated Management VRF
address-family ipv4 unicast
!
!
vrf VRF_ICT
description Dedicated VRF for ICT
address-family ipv4 unicast
!
!
line template VTY
users group root-lr
accounting exec ICT_Accounting
authorization exec ICT_Authorization
login authentication ICT_Authentication
exec-timeout 15 0
access-class ingress MGMT-ACL
transport input ssh
!
line console
login authentication ICT_Local
exec-timeout 20 0
!
vty-pool default 0 15 line-template VTY
==============================================
snmp-server ifindex persist
snmp-server host x.x.x.x traps version 2c ictfella_snmp
snmp-server host x.x.x.x traps version 3 priv ictfella_SNMP_RO
snmp-server host x.x.x.x traps version 2c ictfella_snmp
snmp-server host x.x.x.x traps version 3 priv ictfella_SNMP_RO
snmp-server user ictfella_SNMP_RO ictfella_SNMP_RO v3 auth sha encrypted xxxxxxxxxx priv aes 128 encrypted xxxxxxxx IPv4 MGMT-ACL
snmp-server community ictfella_snmp RO IPv4 MGMT-ACL
snmp-server group ictfella_SNMP_RO v3 priv IPv4 MGMT-ACL
snmp-server traps snmp linkup
snmp-server traps snmp linkdown
snmp-server traps snmp coldstart
snmp-server traps snmp warmstart
snmp-server traps snmp authentication
snmp-server traps power
snmp-server contact ICTFella xxxxxxxx
snmp-server location ICTFELLA
snmp-server trap-source IPv4 MgmtEth0/RP0/CPU0/0
ntp
server vrf Mgmt-intf x.x.x.x
server vrf Mgmt-intf x.x.x.x
source vrf Mgmt-intf MgmtEth0/RP0/CPU0/0
update-calendar
!
call-home
service active
contact smart-licensing
profile CiscoTAC-1
active
destination transport-method email disable
destination transport-method http
!
!
==============================================
ipv4 access-list MGMT-ACL
10 remark ictfella
10 permit ipv4 host x.x.x.x any
10000 remark DENY ALL
10010 deny ipv4 any any log
!
interface Loopback0
vrf VRF_ICT
ipv4 address x.x.x.x 255.255.255.255
!
interface MgmtEth0/RP0/CPU0/0
description MGMT interface
vrf Mgmt-intf
ipv4 address x.x.x.x 255.255.255.0
!
interface TenGigE0/0/0/0
description CONNECTION ICTFElla
mtu 9216
vrf VRF_ICT
ipv4 address x.x.x.x 255.255.255.252
!
!
================================================
prefix-set PS_RFC1918_PRIVATE
192.168.0.0/8 le 32,
172.16.0.0/12 le 32,
192.168.0.0/16 le 32
end-set
!
prefix-set PS_DEFAULT_AND_ICTFELLA_ROUTES
0.0.0.0/0,
10.0.0.0/16 le 32,
10.2.0.0/16 le 32
end-set
!
route-policy ALLOW_ALL_IN
pass
end-policy
!
route-policy ALLOW_ALL_OUT
pass
end-policy
!
route-policy RPL_VRF_ICT_IN
if destination in PS_DEFAULT_AND_ICTFELLA_ROUTES then
drop
elseif destination in PS_RFC1918_PRIVATE then
pass
elseif as-path originates-from '65444' then
pass
elseif as-path originates-from '65445' then
pass
elseif as-path originates-from '65446' then
pass
endif
end-policy
!
=======================================================
router static
vrf Mgmt-intf
address-family ipv4 unicast
0.0.0.0/0 x.x.x.1
!
!
!
snmp-server traps bgp
!
router bgp 65xxx
bgp log neighbor changes detail
address-family ipv4 unicast
!
address-family vpnv4 unicast
!
neighbor x.x.x.x
remote-as 65xxx
!
neighbor x.x.x.x
remote-as 65xxx
!
vrf VRF_ICT
rd 65xxx:14
bgp router-id x.x.x.x
address-family ipv4 unicast
label mode per-vrf
redistribute connected
!
neighbor x.x.x.x
remote-as 65xxx
address-family ipv4 unicast
route-policy RPL_VRF_ICT_IN in
route-policy ALLOW_ALL_OUT out
soft-reconfiguration inbound always
!
!
neighbor x.x.x.x
remote-as 65xxx
address-family ipv4 unicast
route-policy ALLOW_ALL_IN in
route-policy ALLOW_ALL_OUT out
soft-reconfiguration inbound always
!
!
!
!
!
==================================================
lldp
!
ssh client source-interface MgmtEth0/RP0/CPU0/0
ssh server algorithms cipher [email protected]
ssh server algorithms host-key ecdsa-nistp256 ecdsa-nistp384 ecdsa-nistp521
ssh server algorithms key-exchange ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521
ssh server v2
ssh server vrf Mgmt-intf
end