Wednesday, February 8, 2017

First Hands on Experience with Cisco IOS-XRv, Exploring the XR..

Today I'm going to explore the IOS-XR, Cisco's extreme / high end operating system designed for service provider networks. I'm not doing it on an actual box, this is the IOS-XRv which runs in a virtual environment. Mostly everything is same here, except few differences related to actual hardware line cards. Operating System version I am using is 5.2.2

After few minutes of boot up process, it will ask you to press RETURN to get started, just like in regular IOS. As soon as you hit Enter, it will ask you to enter root-system username.
(click on the images to view in full size)








In this version of XRv, default root-system usernames are locked. You have to create your own username to unlock those root-system usernames.

In XRv, there are few preconfigured root-system user names. One is cisco with a password of cisco which I used to login.

In actual hardware box, you will have to go through the initial configuration like in regular IOS and setup an admin user before doing level 15 privileged work.

Let's see the usernames created by administrator. (non default usernames)
To do that, you have to go to the admin mode and issue a show run.. This mode is not available in regular IOS..
RP/0/0/CPU0:ios#admin
RP/0/0/CPU0:ios(admin)#show run

group root-system group is equal to the level 15 of regular IOS.









Let's create a new user for TAC support.. Examine the commands I have entered..












1st I went to config mode. Then I typed username TAC and I assigned him to the pre-configured group called cisco-support and then I gave him a password.

Not like in regular IOS, here you have to commit every change to get it effected. If you don't commit your changes, nothing will happen. This is a security feature in IOS-XR. The commands you type is stored in a separate config file. When you hit commit, the commands in that config file will be added to the running config file. No need to enter "write" to save config in NVRAM like in regular IOS.

As you can see, I have encountered a problem while committing the changes I have made and It says me to see the configuration failed file to determine what the problem is.












XR is intelligently analyzing the commands and if it is not correct it says how to correct it. You can see that it says "a user who belongs to cisco-support group must be also in the group of root-system".
So here I make the change..
Because I am still in the username configuration mode, I can just do it in one command..

Now let's see what is in the config file by entering show config.








You can also see what will happen if I commit the changes by entering show config merge command.













Now you can see the commit works and what will be the running config after committing the changes made..

So the commands to create a user for Cisco Support is like the following..
RP/0/0/CPU0:ios(admin)#config
RP/0/0/CPU0:ios(admin-config)#username TAC
RP/0/0/CPU0:ios(admin-config-un)#group root-system
RP/0/0/CPU0:ios(admin-config-un)#group cisco-support
RP/0/0/CPU0:ios(admin-config-un)#secret <pw>
RP/0/0/CPU0:ios(admin-config-un)#commit



Note:- If there is something wrong in your config; it will reject all the uncommitted changes when you are going to commit them. Even the correct configuration parts will be rejected. You can enter commit best-effort to commit the correct changes ignoring wrong configurations.

Note:- You can create users in normal exec-config mode (not in admin-config mode) like in regular IOS but that user will be shown in the show run command in exec mode.

Other normal IOS comands like show ip int br, show inventory etc will be there in the privileged exec mode like in regular IOS..


























Running config is so small because nothing is configured yet. MgmtEth is the interface which will be used for out of band management of the box..

Also ip routing & ipv6 unicast routing enabled by default..

Let's see a sub interface configuration now..

All the regular IOS commands are working fine in IOS-XR for interface & sub interface configurations. But you can see some native IOS-XR commands exists to do the same job too. Which means encapsulation dot1q 111 & ip address 10.1.11.11 255.255.255.0 commands also work here.

If you want to see what was the configuration before my last commit; enter
RP/0/0/CPU0:ios#show config rollback changes last 1

To rollback changes to last commit;
RP/0/0/CPU0:ios#rollback config last 1

Not only last 1, you can rollback to last 2 , 3 etc or even to a last commit point using the commit ID which is automatically assigning to the commits you made.





















You can set commit labels as well. But as soon as you give a label by entering commit label MYCOMMIT command it will apply the config to running config too. To view all the commits done by all the users; enter following commands
RP/0/0/CPU0:ios#show config commit list 
or

RP/0/0/CPU0:ios#show config commit list detail

You can set commit to auto rollback unless you give a confirmed commit within a specific time by issuing the following command..
RP/0/0/CPU0:ios(config)#commit confirmed 30

30 is the time in seconds.  To view these type of log messages in console; you would have to increase logging level to debugging by issuing following commands..
RP/0/0/CPU0:ios(config)#logging console debugging 
RP/0/0/CPU0:ios(config)#commit

You can completely replace your running config with your candicate config file by issuing the following command..
RP/0/0/CPU0:ios(config)#commit replace

But if you do not have any uncommitted changes in config file, this will delete all the running config by replacing empty config file..

0 comments to “First Hands on Experience with Cisco IOS-XRv, Exploring the XR..”

Post a Comment