CIsco ASR 9006

Similar Messages

• Cisco ASR 9006 IOS XR 4.3.0 aaa authorization

  Hi,
  I've configured two Cisco ASR 9006 with IOS XR 4.3.0 with the aaa. I've a problem with the authorization statement.
  I need to distiguish two groups.
  Network Administrator (Full access, show, configuration etc etc)
  Network Viewer (Users in this group can use only the show command)
  I cannot find anything clear on the documentation. Can you help me?
  Below the actual configuration (without authorization)
  tacacs source-interface Loopback0 vrf default
  tacacs-server host 10.10.10.1 port 49
  tacacs-server key 7 XXXXXXXXXX
  tacacs-server timeout 10
  username emergency
  group netadmin
  password 7 XXXXXXXXXXXXXXX
  aaa accounting exec default start-stop group ACS
  aaa accounting system default start-stop group ACS
  aaa group server tacacs+ ACS
  server 10.10.10.1
  aaa authentication login default group ACS local
  I have configured two Shell Command Authorization Sets in my ACS. One for ReadOnly and one for Full Access.
  The ReadOnly Group (called AccessoSolaLettura) is on the attacched png called asr_1.PNG
  The Full Access Group (called AccessCompleto) is on the attached png called asr_2.PNG
  I associated this Shell Authorization sets to two users group. (Network Administrator and Network Viewer).
  The first one with Level 15 and the second one with Level 7. (Attached file ACS_1.png and ACS_2.png)
  Can you tell me if the ACS configuration is right and which configuration is needed on the ASR?
  The ACS Release is 4.2(0) Build 124.
  Tnx
  Leonardo

  Hi Leonardo,
  In XR we have the concept of tasks and taskgroup for determining what a user can do, and we recommend using this. For tasks we have the read/write/execute/debug permissions.
  For instance to run 'show bgp summary' we need the read permission on the task BGP. Instead of assigning individual permissions per user we can create a taskgroup and the user can inherit everything from a taskgroup.
  So for instance we can add read BGP, read OSPF, and read system to the taskgroup test. We can then have the user inherit the taskgroup test and get all the permissions that taskgroup has. We can inherit multiple tasks and taskgroups.
  In addition we have some predefined task groups (for the full access user you will want the cisco-support and root-system taskgroups).
  You can find some more information in the following posts
  http://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k_r4-3/security/configuration/guide/b_syssec_cg43xasr9k/b_syssec_cg43asr9k_chapter_010.html
  https://supportforums.cisco.com/docs/DOC-15944
  HTH,
  Sam

• Ask the Experts: Understanding Cisco ASR 9000 Series Aggregation Services Routers Platform Architecture and Packet Forwarding Troubleshooting

  With Xander Thuijs
  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn how to Cisco ASR 9000 Series Aggregation Services Routers with Cisco expert Xander Thuijs. The Cisco ASR 9000 Series Aggregation Services Routers product family offers a significant added value compared to the prior generations of carrier Ethernet routing offerings. The Cisco ASR 9000 Series is an operationally simple, future-optimized platform using next-generation hardware and software. The ASR 9000 platform family is composed of the Cisco ASR 9010 Router, the Cisco ASR 9006 Router, the Cisco ASR 9922 Router, Cisco ASR 9001 Router and the Cisco ASR 9000v Router.
  This is a continuation of the live Webcast.
  Xander Thuijs is a principal engineer for the Cisco ASR 9000 Series and Cisco IOS-XR product family at Cisco. He is an expert and advisor in many technology areas, including IP routing, WAN, WAN switching, MPLS, multicast, BNG, ISDN, VoIP, Carrier Ethernet, System Architecture, network design and many others. He has more than 20 years of industry experience in carrier Ethernet, carrier routing, and network access technologies. Xander  holds a dual CCIE certification (number 6775) in service provider and voice technologies. He has a master of science degree in electrical engineering from Hogeschool van University in Amsterdam.
  Remember to use the rating system to let Xander know if you have received an adequate response.
  Xander might not be able to answer each question because of the volume expected during this event. Remember that you can continue the conversation on the Service Providers community XR OS And Platforms  shortly after the event. This event lasts through Friday, May 24, 2013. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.
  Webcast  related links:
  Slides
  Webcast  Video Recording
  FAQ

  Is there a Cisco lab available for ASR 9000
  we have "XR4U" stations coming available soon when XR 511 comes alive. The plan is for a downloadable play image like that. In the interim we have 2 demo systems available, and they can be booked via your account manager representative.
  How will MOD160 perform with multiple 9000NVS?
  very well. the mod 160 has 4 NPU's, 2 per bay. So if you have a 4x10 MPA to serve a satellite, you effectively have a single NPU per 20 1Gigs from the satellite. The pps performance will be stellar. However it might be price technically more ideal to connect satellite with a 36x10. Since the MOD-x has native MPA's with 1G also.
       2. Is there a shortcut for a Bundle-EthernetX interface, such as port-channel interface (poX), in Cisco IOS® ?.
  usability enhancement is there, we are trying to push this into a new reasonable release. follow CSCuh04526
       3. What  is the revolutions per minute (RPM) on these hard disk drives (HDDs)  compared to the solid state drives (SDDs)? Will the spinning drives be  slow?
  depends on the type we had avaialble at time of production, you will see different sizes and disks on the RSP2. the rpm of the HD is not so much an issue as much as the buffered writing we used to do in XR. This is fixed up with XR43 where the disk writing performance is much better. the HD/SDD is used for logging storage only (and maybe your pictures) but other then that we're not that concerned with write perf of the HD.
  regards
  xander

• ASR 9006 to 6509 1 gig fiber connection

  I have an ASR 9006 with a SFP-GE-L connecting to a Cisco 6500.  The link shows up on the ASR side but not on the 6500 side.  If I move the SFP from the ASR to a
  different 6500 chassis the connection works so I know the SFP is working. 
  Any ideas on making this link work?

  The issue ended up being a negotiation issue.  Apparently IOS-XR is set for nonegotiate disabled by default and IOS is enabled by default. 
  The fix being to put "speed nonegotiate" on the IOS side interfaces and it came up

• Dual asr 9006 cluster

  Hi expert,
  I have two asr 9006. I'm using dual rsp on router. I'm using Cisco IOS XR Software, Version 4.1.2.
  I want to use two asr 9006 to cluster. But How can do this? I can't find documents on the cisco web site or internet. 

  Hi Umit,
  SW requirement
  •Supported since 4.2.1
  •Requires cluster software license on each chassis
  HW requirement – Chassis
  •Only ASR 9006 and 9010 are supported in 4.2.x
  •ASR 9001 is supported starting in 4.3.0
  •ASR 9001-S and 9922 are supported starting in 4.3.1
  •ASR 9904 and 9912 are supported starting in 5.1.1
  •Only like-like chassis are supported
  HW requirement – Line card and RSP
  •Dual RSP440 for 9006/9010/9904
  •Dual RP for 9912/9922
  •Single RSP 9001/9001-S
  •No RSP-4/8G support
  •Only Typhoon LC and SIP-700 allowed to boot
  •Only Typhoon LC support IRL
  •VSM/ISM not supported
  We have more information on nV Edge posted here
  https://supportforums.cisco.com/docs/DOC-34114
  HTH,
  Sam

• Traffic policing question on Cisco ASR 1001

  Hi Experts,
  I have a request to setup aggregated traffic policing on a Cisco ASR 1001 router for multiple networks within a router.
  Lets say I have a router with several subinterfaces:
  interface GigabitEthernet0/2
   description WAN
   ip address x.x.x.x x.x.x.x
  interface GigabitEthernet0/1.70
   description Lan_1
   encapsulation dot1Q 70
   ip address 192.168.55.1 255.255.255.0
  interface GigabitEthernet0/1.80
   description LAN_2
   encapsulation dot1Q 80
   ip address 192.168.56.1 255.255.255.0
  interface GigabitEthernet0/1.90
   description Servers
   encapsulation dot1Q 90
   ip address 172.16.10.1 255.255.255.0
  I have a WAN link 100Mbit/s and I need to police traffic, so that I have 30Mbit/s for servers (GigabitEthernet0/1.90) and the rest 70Mbit I want to share between Interface Lan_1 and LAN_2. The Idea is that I need 70Mbit/s equally shared between two interfaces, so that I have fair policing on both iunterfaces. What is the best way to achieve this?
  Many Thanks

  Hello
  The below configuration is a possible option, Its provides policing inbound from the clients interfaces and LLQ priority queung on the wan interface for the servers and  shaping values from LAN1 & 2 traffic is set to 35MB.each.
  Notice nothing is defined for the default class, however i am on the understanding this is given by default 1% of Hqos implementations.
  Maybe others on here could review to verify any problems with this post and share their thoughts?
  ip access-list extended SRVS_acl
   permit ip 172.16.10.0 0.0.0.255 any
  ip access-list extended LAN1_acl
   permit ip 192.168.55.0 0.0.0.255 any
  ip access-list extended LAN2_acl
   permit ip 192.168.56.0 0.0.0.255 any
  class-map match-all SRVS_CM
   match access-group name SRVS_acl
  class-map match-all LAN_1_CM
   match access-group name  LAN1_acl
  class-map match-all LAN_2_CM
   match access-group name LAN2_acl
  policy-map SRVS_PM
   class SRVS_CM
      police 30720000 conform-action transmit exceed-action drop
  policy-map LAN_2_PM
   class LAN_2_CM
      police 35840000 conform-action transmit 
  policy-map LAN_1_PM
   class LAN_1_CM
      police 35840000 conform-action transmit 
  interface GigabitEthernet0/1.70
  service-policy input LAN_1_PM
  interface GigabitEthernet0/1.90
   service-policy input SRVS_PM
  interface GigabitEthernet0/1.80
   service-policy input LAN_2_PM
  policy-map WAN_CHILD
   class SRVS_CM
    priority 30720
   class LAN_1_CM
    shape average 35840000
   class LAN_2_CM
    shape average 35840000
   class class-default
    fair-queue
  policy-map WAN_PARENT
   class class-default
    shape average 102400000
    service-policy WAN_CHILD
  int  GigabitEthernet0/2
  bandwidth 102400
  service-policy output WAN_PARENT
  res
  Paul

• Can I rate-limit on the sub-interface in cisco asr 1013?

  Hi,
  I am looking for the command of rate-limit on a sub-interface in cisco asr 1013.
  Cisco IOS Software, IOS-XE Software (X86_64_LINUX_IOSD-ADVENTERPRISEK9-M), Version 15.2(2)S, RELEASE SOFTWARE (fc1)
  IOS XE Version: 03.06.00.S
  Please let me know if it is possible in cisco asr 1013. If yes then what are the commands.
  Zobair

  The ASR no longer supports the rate-limit command, but it does support the same functionality in a QoS policy.
  Please find a sample configuration -
  ASR1004(config)#policy-map test
  ASR1004(config-pmap)#class class-default
  ASR1004(config-pmap-c)#shape average 10000
  Applying for both ingress and egress : -
  ASR1004(config)#int gig1/1/0
  ASR1004(config-if)#service-policy output test   
  or
  ASR1004(config-if)#service-policy input test

• Cisco ASR Router Software Version 4.3.1 // PRTG Custom Sensor

  Dears,
  We are encountering problem in doing costume SNMP sensors in PRTG, whenever I create a customized sensor, the sensor goes up and down.  We have faced this problem after updating the software of our Cisco ASR to 4.3.1. In older versions, it was working well.  Is there a problem in Cisco ASR 4.3.1 SNMP with PRTG ? I would appreciate it if you can support in this case as we are in need of these customized sensors. We have gor  all of them down because of the update
  Regards,

  Dear Alexander,
  The standard sensors of PRTG are working well such as traffic sensors, ping etc, but the customized sensors are not working well in version 4.3.1. I always do a customized sensors for QoS, SLAs and others and they are working well in versions below 4.3.1.
  Furthermore, I have tested those OIDs by using Paessler SNMP Tester and I have seen that the reading is not showing properly. For instance, I have a customized OID that shows the reading every 60s (as a minimum) only while in older versions of ASR software I can see the reading every 30s or below of that particular OID using the same version of PRTG!
  Conclusion:
  PRTG latest version + ASR 4.3.1 = Customized sesnors are not working well
  PRTG latest version + ASR Older version = Customized sesnors are working well
  Kind regards,

• Monitoring Cisco ASR 1002 with IOS-XE in IPM 4.2

  We are running LMS 3.2 with IPM 4.2 installed....and we are looking to do IPSLA monitoring on a couple of our Cisco ASR's with IOS-XE code installed.
  I looked at the IPSLA feature mapping and it only talks about supported IOS code....do we need to upgrade our current IPM module to a current version?

  Hi Konstantin,
  Regarding "It is strange that these commands cleaned from sh run view.": this is normal for many default configuration commands.
  Mine is a lab device so I cannot really comment on stability or provide you a recommendation based on that. However, I see that the download section from Cisco.com mentiones the following release as the recommended based on quality, stability and longevity:
  asr1002x-universal.03.07.04a.S.152-4.S4a.SPA.bin
  The best would be for you to check this with yor cisco Account Team or Advanced Services Team as normally they are the proper point of contacts for SW advisory.
  Regards.

• Does the mtu more 1500 bytes interface serial on cisco ASR 901?

  Cisco ASR 901
  Cisco A901-12C-FT-D
  asr901-universalk9-mz.154-2.S.bin
  (config-if)#mtu ?
    <64-1500>  MTU size in bytes
  Нow to increase up to 1516 (for MPLS)

  Hi Mick,
  Can you try override keyword if it works in your case..
  (config-if)#mpls mtu ?
    <64-1500>  MTU (bytes)
    override   Override mpls mtu maximum of interface mtu
  SWP-ACC-SIX(config-if)#mpls mtu override ?
    <1501-1580>  MTU (bytes)  ================> mtu is 1500 and mpls mtu can be configured upto 1580.
  --Pls dont forget to rate helpful posts--
  Regards,
  Mohit 

• Cisco ASR 1006 Cube license

  Dears,
  i have cisco asr router 1006 and i need to check the license cube license.
  i tried show license but it doesnt accept the command.
  Please advise how to check the cube license and its ersial number.
  BR,
  Haytham

  Have you tried...
  show facility-alarm status
  to identify what the critical alarm is and then fix.
  You may be able to also use
  clear facility-alarm
  However, most likely it could be some issue such as failed power supply, etc that will not clear.

• Cisco ASR - How to connect an OTV internal interface to a FabricPath domain

  Scenario - migrate servers while maintaining their existing IP address from data centre 1 to data centre 2 with minimal downtime. Diagram attached.
  I'm planning on using a Cisco ASR1001-X with AES license at DC1 and DC2 and configuring the routers with OTV to extend 10 x VLANs between the data centres. The join interface would connect directly to the WAN circuit NTU and the Internal Interface would connect to the switch and be configured as a service instance with 10 VLANs tagged using dot1q. The problem is that DC1 switch infrastructure is using Cisco Nexus 56xx configured with FabricPath. I can't find any information that suggests that i can patch the Cisco ASR router's internal interface directly into a FabricPath switchport or what the configuration would be.
  Older OTV documentation refers to Nexus 7000 and OTV stating the following: "Because OTV encapsulation is done on M-series modules, OTV cannot read FabricPath packets. Because of this restriction, terminating FabricPath and reverting to Classical Ethernet where the OTV VDC resides is necessary."
  Is this true for the Cisco ASR also? The only workaround i can think of is to install a cheap catalyst switch connected to the FabricPath domain and re-introduce spanning-tree at the edge but this seems backwards to me. Any help or suggestions appreciated? Thanks

  Thanks Minh,
  So it is possible to have switchports configured as routed, fabricpath and trunk/access in a fabricpath configuration? Do i need to add any spanning-tree pseudo or priority configuration?
  Sample configs:
  #ASR
  interface GigabitEthernet0/0/1
   no ip address
   service instance 1 ethernet
    encapsulation dot1q 1
    bridge-domain 1
   service instance 2 ethernet
    encapsulation dot1q 2
    bridge-domain 2
   service instance 3 ethernet
    encapsulation dot1q 3
    bridge-domain 3
  #Nexus 56xx
  interface e1/5
    switchport mode trunk
    switchport trunk allow vlan 1,2,3

• Maximum cos1 (voice traffic) supported by Cisco ASR 1006 router

  Dear Team,
  Please confirm the maximum cos 1 traffic supported by cisco ASR 1006 router.

  Yes, it would. If you are planning on terminating a single site on this router I would spread over multiple routers for redundancy.
  Table 6 explains number of ports and channels providing you have the DSPs: 
  http://www.cisco.com/c/dam/en/us/products/collateral/routers/2800-series-integrated-services-routers-isr/product_data_sheet0900aecd8057f2e0.pdf

• Cisco ASR 1006 and WAAS

  Hi,
  Is there any built-in WAAS and NME features or services in Cisco ASR 1006? Or is there any WAAS or NME module that can be installed in Cisco ASR 1006? I found that for Cisco ISR 1900, 2900, and 3900, WAAS and NME services can be enabled by installing SRE and NME module. But can't find any information for Cisco ASR 1006.
  Really appreciate your help.
  Thanks

  Hi Marvin
  There is no option for this.
  on the 4510 the only options under the interface are
  speed nonegotiate or no speed nonegotiate (for auto)
  Similarly on the ASR no negotiation auto or negotiation auto. setting each device to auto/manual or manual/auto has no effect on the ASR port - its still down
  Cheers

• PPPoGEC Cisco ASR 1001

  Hi Cisco Professional,
  We want to implementing PPPoE over port-channel (using subinterfaces L2) in Cisco ASR 1001 routers, my question is if this router support this feature?, in the other hand i've see  documents about this theme, pls check these links:
  http://www.cisco.com/en/US/docs/ios/ios_xe/cether/configuration/guide/ce_lnkbndl_xe.html
  http://www.cisco.com/en/US/docs/ios-xml/ios/cether/configuration/xe-3s/ce-ieee-link-bndl-xe.html
  My IOS version Cisco ASR 1001 is:
  System image file is "bootflash:/asr1001-universalk9.03.04.00.S.151-3.S.bin"
  We want this configuration on the router,
  no     interface     GigabitEthernet0/0/0.25
  interface     port-channel     10.25
  description     TURBONETT     PUBLICA     UT
  encapsulation     dot1Q     25
  ip     address     10.17.44.254     255.255.252.0
  no     interface     GigabitEthernet0/0/0.52
  interface     port-channel     10.52
  description     TURBONETT-UT
  encapsulation     dot1Q     52
  pppoe     enable     group     global
  pppoe     max-sessions     4000
  no     interface     GigabitEthernet0/0/0.61
  interface     port-channel     10.61
  description     Turbonett-Sector-A
  encapsulation     dot1Q     61
  pppoe     enable     group     global
  pppoe     max-sessions     4000
  Kind Regards,
  Renzo Tovar

  Hi Renzo,
  PPPoEoVLAN on GEC (LACP mode) is supported as of XE 3.7. I see that you are using XE 3.4 here so I would suggest to move to XE 3.7 and try this feature.
  This is a sample configuration for the feature:
  interface GigabitEthernet2/1/0
  no ip address
  negotiation auto
  channel-group 2 mode active
  interface GigabitEthernet3/1/0
  no ip address
  negotiation auto
  channel-group 2 mode active
  lacp port-priority 65000
  interface Port-channel2
  no ip address
  load-interval 30
  no negotiation auto
  lacp max-bundle 1
  lacp fast-switchover
  interface Port-channel2.200
  encapsulation dot1Q 200
  pppoe enable group global
  interface Port-channel2.500
  encapsulation dot1Q 500 second-dot1q 1500
  pppoe enable group global
  As you can see, both PPPoEoVLAN and  PPPoEoQinQ are supported.
  Hope this helps.
  Best regards.