Isr 4400 SWCFG
Isr 4400 SWCFG
Isr 4400 SWCFG
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Short Description 2
CHAPTER 2 Overview 3
Introduction 3
Processes 4
Overview 55
ROMMON Images 55
Rommon Compatibility Matrix 56
Provisioning Files 60
File Systems 60
Autogenerated File Directories and Files 61
Flash Storage 62
Configuring the Configuration Register for Autoboot 62
Licensing 63
Cisco Software Licensing 63
Consolidated Packages 63
Technology Packages 64
securityk9 64
uck9 64
appxk9 64
Feature Licenses 64
HSECK9 65
Performance 65
Boost Performance Licenses 66
LED Indicators 69
Related Documentation 70
How to Install and Upgrade the Software 70
Managing and Configuring a Router to Run Using a Consolidated Package 70
Configuring a Router to Boot the Consolidated Package via TFTP Using the boot Command:
Example 71
Managing and Configuring a Router to Run Using Individual Packages 75
Installing Subpackages from a Consolidated Package 75
Installing Subpackages from a Consolidated Package on a Flash Drive 80
How to Install and Upgrade the Software for Cisco IOS XE Denali Release 16.3 81
CHAPTER 16 Managing Cisco Enhanced Services and Network Interface Modules 247
Information About Cisco Enhanced Services and Network Interface Modules 247
Modules Supported 248
Network Interface Modules 248
Cisco Fourth-Generation LTE Network Interface Module 248
Cisco 4-Port and 8-Port Layer 2 Gigabit EtherSwitch Network Interface Module 248
Cisco Fourth-Generation T1/E1 Voice and WAN Network Interface Module 248
Cisco SSD/HDD Carrier Card NIM 249
Cisco 1-, 2-, and 4-Port Serial NIM 249
Upgrading the SSD or HDD Firmware 249
Error Monitoring 250
Enhanced Service Modules 250
Cisco SM-1 T3/E3 Service Module 250
Cisco UCS E-Series Server 251
Cisco SM-X Layer 2/3 EtherSwitch Service Module 251
Copying the Consolidated Package from the TFTP Server to the Router 299
Configuring the Router to Boot Using the Consolidated Package Stored on the Router 300
Extracting the Subpackages from a Consolidated Package into the Same File System 302
Extracting the Subpackages from a Consolidated Package into a Different File System 304
Configuring the Router to Boot Using Subpackages 305
Backing Up Configuration Files 311
Copying a Startup Configuration File to BootFlash 311
Copying a Startup Configuration File to a USB Flash Drive 312
Copying a Startup Configuration File to a TFTP Server 312
Displaying Digitally Signed Cisco Software Signature Information 312
Obtaining the Description of a Module or Consolidated Package 316
Objectives
This guide provides an overview of the Cisco 4000 Series Integrated Services Routers (ISRs) and explains
how to configure the various features on these routers.
The structure of this document is explained in Overview, on page 3.
Related Documentation
• Documentation Roadmap for the Cisco 4400 Series Integrated Services Routers
• Release Notes for the Cisco 4400 Series Integrated Services Routers
Commands
Cisco IOS XE commands are identical in look, feel, and usage to Cisco IOS commands on most platforms.
Features
The router runs Cisco IOS XE software which is used on multiple platforms. For more information on the
available software features, see the configuration guides on the Cisco IOS XE Software Documentation page.
In addition to the features in the Cisco IOS XE Configuration Guides, there are also separate configuration
guides for the features listed in the following table.
Feature URL
To verify support for specific features, use the Cisco Feature Navigator tool. For more information, see Using
Cisco Feature Navigator, on page 20.
Document Conventions
This documentation uses the following conventions:
Convention Description
Convention Description
Convention Description
Nested sets of square brackets or braces indicate optional or required choices within optional or required
elements. For example:
Convention Description
Convention Description
bold screen Examples of text that you must enter are set in Courier
bold font.
Caution Means reader be careful. In this situation, you might do something that could result in equipment damage or
loss of data.
Note Means reader take note. Notes contain helpful suggestions or references to materials that may not be contained
in this manual.
Note For CUBE feature support information in Cisco IOS XE Bengaluru 17.6.1a and later releases, see Cisco
Unified Border Element IOS-XE Configuration Guide.
Note The documentation set for this product strives to use bias-free language. For purposes of this documentation
set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial
identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be
present in the documentation due to language that is hardcoded in the user interfaces of the product software,
language used based on standards documentation, or language that is used by a referenced third-party product.
Feature Information
Use Cisco Feature Navigator to find information about feature support, platform support, and Cisco software
image support. An account on Cisco.com is not required.
Related References
• Cisco IOS Command References, All Releases
Short Description
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and
other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/c/en/us/about/
legal/trademarks.html. Third-party trademarks mentioned are the property of their respective owners. The use
of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)
Cisco 4400 Series ISRs Cisco 4300 Series ISR s Cisco 4200 Series ISRs
Note Unless otherwise specified, the information in this document is applicable to both Cisco 4400 Series, Cisco
4300 Series and Cisco 4200 Series routers.
Introduction
The Cisco 4000 Series ISRs are modular routers with LAN and WAN connections that can be configured by
means of interface modules, including Cisco Enhanced Service Modules (SM-Xs), and Network Interface
Modules (NIMs). NIM slots also support removable storage for hosted applications.
The following features are provided for enterprise and service provider applications:
• Enterprise Applications
• High-end branch gateway
• Regional site aggregation
• Key server or PfR primary controller
The router runs Cisco IOS XE software, and uses software components in many separate processes. This
modular architecture increases network resiliency, compared to standard Cisco IOS software.
Processes
The list of background processes in the following table may be useful for checking router state and
troubleshooting. However, you do not need to understand these processes to understand most router operations.
For further details of router capabilities and models, see the Hardware Installation Guide for the Cisco 4000
Series Integrated Services Routers.
Step 1 Configure your terminal emulation software with the following settings:
• 9600 bits per second (bps)
• 8 data bits
• No parity
• No flow control
Step 2 Connect to the CON port using the RJ-45-to-RJ-45 cable and the RJ-45-to-DB-25 DTE adapter or the RJ-45-to-DB-9
DTE adapter (labeled Terminal).
Step 2 (Go to Step 3 if the enable password has not been configured.) At the password prompt, enter your system password:
Password: enablepass
When your password is accepted, the privileged EXEC mode prompt is displayed.
Router#
You now have access to the CLI in privileged EXEC mode and you can enter the necessary commands to complete your
desired tasks.
Step 3 If you enter the setup command, see “Using Cisco Setup Command Facility” in the “Initial Configuration” section of
the Hardware Installation Guide for the Cisco 4000 Series Integrated Services Routers.
Step 4 To exit the console session, enter the quit command:
Router# quit
of 360 to 4096 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few
minutes.
How many bits in the modulus [512]: 1024 % Generating 1024 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 0 seconds)
xxx_lab(config)#
Step 4 By default, the vtys? transport is Telnet. In this case, Telnet is disabled and only SSH is supported:
xxx_lab(config)#line vty 0 4
xxx_lab(config-line)#transport input SSH
Step 5 Create a username for SSH authentication and enable login authentication:
xxx_lab(config)# username jsmith privilege 15 secret 0 p@ss3456
xxx_lab(config)#line vty 0 4
xxx_lab(config-line)# login local
Step 1 From your terminal or PC, enter one of the following commands:
• connect host [port] [keyword]
• telnet host [port] [keyword]
Here, host is the router hostname or IP address, port is a decimal port number (23 is the default), and keyword is a
supported keyword. For more information about these commands, see the Cisco IOS Terminal Services Command
Reference document.
Note If you are using an access server, specify a valid port number, such as telnet 172.20.52.40 2004, in addition to
the hostname or IP address.
The following example shows how to use the telnet command to connect to a router named router:
unix_host% telnet router
Trying 172.20.52.40...
Connected to 172.20.52.40.
Escape character is '^]'.
unix_host% connect
Step 5 When the enable password is accepted, the privileged EXEC mode prompt is displayed:
Router#
Step 6 You now have access to the CLI in privileged EXEC mode and you can enter the necessary commands to complete your
desired tasks.
Step 7 To exit the Telnet session, use the exit or logout command.
Router# logout
Ctrl-B or the Left Arrow key1 Move the cursor back one character.
Ctrl-F or the Right Arrow key1 Move the cursor forward one character.
Command Purpose
Ctrl-P or the Up Arrow key1 Recalls commands in the history buffer, beginning
with the most recent command. Repeat the key
sequence to recall successively older commands.
Ctrl-N or the Down Arrow key1 Returns to more recent commands in the history buffer
after recalling commands with Ctrl-P or the Up
Arrow key.
Router# show history While in EXEC mode, lists the last few commands
you entered.
1
The arrow keys function only on ANSI-compatible terminals such as VT100s.
available to you at any given time depend on the mode that you are currently in. Entering a question mark (?)
at the CLI prompt allows you to obtain a list of commands available for each command mode.
When you log in to the CLI, you are in user EXEC mode. User EXEC mode contains only a limited subset
of commands. To have access to all commands, you must enter privileged EXEC mode, normally by using a
password. From privileged EXEC mode, you can issue any EXEC command—user or privileged mode—or
you can enter global configuration mode. Most EXEC commands are one-time commands. For example, show
commands show important status information, and clear commands clear counters or interfaces. The EXEC
commands are not saved when the software reboots.
Configuration modes allow you to make changes to the running configuration. If you later save the running
configuration to the startup configuration, these changed commands are stored when the software is rebooted.
To enter specific configuration modes, you must start at global configuration mode. From global configuration
mode, you can enter interface configuration mode and a variety of other modes, such as protocol-specific
modes.
ROM monitor mode is a separate mode used when the Cisco IOS XE software cannot load properly. If a valid
software image is not found when the software boots or if the configuration file is corrupted at startup, the
software might enter ROM monitor mode.
The following table describes how to access and exit various common command modes of the Cisco IOS XE
software. It also shows examples of the prompts displayed for each mode.
Privileged EXEC From user EXEC mode, Router# To return to user EXEC
use the enable command. mode, use the disable
command.
In the diagnostic mode, a subset of the commands that are available in user EXEC mode are made available
to the users. Among other things, these commands can be used to:
• Inspect various states on the router, including the IOS state.
• Replace or roll back the configuration.
• Provide methods of restarting the IOS or other processes.
• Reboot hardware, such as the entire router, a module, or possibly other hardware components.
• Transfer files into or off of the router using remote access methods such as FTP, TFTP, and SCP.
The diagnostic mode provides a more comprehensive user interface for troubleshooting than previous routers,
which relied on limited access methods during failures, such as ROMMON, to diagnose and troubleshoot
Cisco IOS problems. The diagnostic mode commands can work when the Cisco IOS process is not working
properly. These commands are also available in privileged EXEC mode on the router when the router is
working normally.
Getting Help
Entering a question mark (?) at the CLI prompt displays a list of commands available for each command
mode. You can also get a list of keywords and arguments associated with any command by using the
context-sensitive help feature.
To get help that is specific to a command mode, a command, a keyword, or an argument, use one of the
following commands.
Command Purpose
Cisco IOS XE software displays a list and brief descriptions of the available keywords and arguments. For
example, if you are in global configuration mode and want to see all the keywords and arguments for the arap
command, you should type arap ?.
The <cr> symbol in command help output stands for carriage return. On older keyboards, the carriage return
key is the Return key. On most modern keyboards, the carriage return key is the Enter key. The <cr> symbol
at the end of command help output indicates that you have the option to press Enter to complete the command
and that the arguments and keywords in the list preceding the <cr> symbol are optional. The <cr> symbol by
itself indicates that no more arguments or keywords are available, and that you must press Enter to complete
the command.
The following table shows examples of using the question mark (?) to assist you in entering commands.
Command Comment
Router> enable Enter the enable command and password to access
Password: <password>
privileged EXEC commands. You are in privileged
Router#
EXEC mode when the prompt changes to a “ # ”
from the “ > ”, for example, Router> to Router#
Router# configure terminal Enter the configure terminal privileged EXEC
Enter configuration commands, one per line. End
command to enter global configuration mode. You
with CNTL/Z.
Router(config)# are in global configuration mode when the prompt
changes to Router (config)#
Router(config)# interface GigabitEthernet ? Enter interface configuration mode by specifying
<0-0> GigabitEthernet interface number the interface that you want to configure, using the
<0-2> GigabitEthernet interface number
interface GigabitEthernet global configuration
Router(config)# interface GigabitEthernet 1/? command.
<0-4> Port Adapter number
Enter ? to display what you must enter next on the
Router (config)# interface GigabitEthernet 1/3/? command line.
<0-15> GigabitEthernet interface number When the <cr> symbol is displayed, you can press
Enter to complete the command.
Router (config)# interface GigabitEthernet
1/3/8? You are in interface configuration mode when the
. <0-3> prompt changes to Router(config-if)#
Router (config)# interface GigabitEthernet
1/3/8.0
Router(config-if)#
Command Comment
Router(config-if)# ? Enter ? to display a list of all the interface
Interface configuration commands:
configuration commands available for the interface.
.
. This example shows only some of the available
. interface configuration commands.
ip Interface Internet
Protocol
config commands
keepalive Enable keepalive
lan-name LAN Name command
llc2 LLC2 Interface Subcommands
Command Comment
Router(config-if)# ip ? Enter the command that you want to configure for
Interface IP configuration subcommands: the interface. This example uses the ip command.
access-group Specify access control
for packets Enter ? to display what you must enter next on the
accounting Enable IP accounting on
this interface
command line. This example shows only some of
address Set the IP address of an the available interface IP configuration commands.
interface
authentication authentication subcommands
Router(config-if)# ip address ? Enter the command that you want to configure for
A.B.C.D IP address the interface. This example uses the ip address
negotiated IP Address negotiated over
PPP command.
Router(config-if)# ip address
Enter ? to display what you must enter next on the
command line. In this example, you must enter an
IP address or the negotiated keyword.
A carriage return (<cr>) is not displayed. Therefore,
you must enter additional keywords or arguments
to complete the command.
Router(config-if)# ip address 172.16.0.1 ? Enter the keyword or argument that you want to
A.B.C.D IP subnet mask use. This example uses the 172.16.0.1 IP address.
Router(config-if)# ip address 172.16.0.1
Enter ? to display what you must enter next on the
command line. In this example, you must enter an
IP subnet mask.
<cr> is not displayed. Therefore, you must enter
additional keywords or arguments to complete the
command.
Command Comment
Router(config-if)# ip address 172.16.0.1 Enter the IP subnet mask. This example uses the
255.255.255.0 ? 255.255.255.0 IP subnet mask.
secondary Make this IP address a
secondary address Enter ? to display what you must enter next on the
<cr>
Router(config-if)# ip address 172.16.0.1
command line. In this example, you can enter the
255.255.255.0 secondary keyword, or you can press Enter.
<cr> is displayed. Press Enter to complete the
command, or enter another keyword.
Router(config-if)# ip address 172.16.0.1 Press Enter to complete the command.
255.255.255.0
Router(config-if)#
It may take a few minutes to save the configuration. After the configuration has been saved, the following
output is displayed:
[OK]
Router#
As a matter of routine maintenance on any Cisco router, users should back up the startup configuration file
by copying the startup configuration file from NVRAM to one of the router’s other file systems and,
additionally, to a network server. Backing up the startup configuration file provides an easy method of
recovering the startup configuration file if the startup configuration file in NVRAM becomes unusable for
any reason.
The copy command can be used to back up startup configuration files.
For more detailed information on managing configuration files, see the “Managing Configuration Files”
section in the Cisco IOS XE Configuration Fundamentals Configuration Guide.
Example
In this example, a modifier of the show interface command (include protocol) is used to provide only the
output lines in which the expression protocol is displayed:
Router# show interface | include protocol
GigabitEthernet0/0/0 is administratively down, line protocol is down
0 unknown protocol drops
GigabitEthernet0/0/1 is administratively down, line protocol is down
0 unknown protocol drops
GigabitEthernet0/0/2 is administratively down, line protocol is down
0 unknown protocol drops
GigabitEthernet0/0/3 is administratively down, line protocol is down
0 unknown protocol drops
GigabitEthernet0 is up, line protocol is up
0 unknown protocol drops
Loopback0 is up, line protocol is up
0 unknown protocol drops
images are included in a release. To identify the set of software images available in a specific release or to
find out if a feature is available in a given Cisco IOS XE software image, you can use Cisco Feature Navigator
or see the Release Notes for Cisco IOS XE.
Release notes are intended to be release-specific for the most current release, and the information provided
in these documents may not be cumulative in providing information about features that first appeared in
previous releases. For cumulative feature information, refer to the Cisco Feature Navigator at:
http://www.cisco.com/go/cfn/.
The value of minutes sets the amount of time that the CLI waits before timing out. Setting the CLI session timeout
increases the security of a CLI session. Specify a value of 0 for minutes to disable session timeout.
Step 2 Enter the line upon which you want to be able to use the lock command.
Router(config)# line console 0
To use Smart Licensing, you must first set up a Smart Account on Cisco Software Central
(http://software.cisco.com/).
For a more detailed overview on Cisco Licensing, go to https://cisco.com/go/licensingguide.
For Smart Licensing configuration information for access and edge routers, see the https://www.cisco.com/
c/en/us/td/docs/ios-xml/ios/smart-licensing/qsg/b_Smart_Licensing_QuickStart/b_Smart_Licensing_QuickStart_
chapter_01.html.
SUMMARY STEPS
1. enable
2. configure terminal
3. license smart enable
4. exit
5. write memory
6. show license all
DETAILED STEPS
Device> enable
Device# exit
SUMMARY STEPS
1. enable
2. configure terminal
3. no license smart enable
4. exit
5. write memory
6. reload
7. show license all
DETAILED STEPS
Device> enable
Device(config)# exit
Step 6 reload (Optional) Restarts the device to enable the new feature set.
Example: Note Reload the device if you have not reloaded the
device after configuring the Cisco One Suites.
Device# reload
Step 7 show license all (Optional) Displays summary information about all licenses.
Example:
Device Registration
SUMMARY STEPS
1. enable
2. license smart register idtoken idtoken [force]
3. license smart deregister
4. license smart renew [ID | auth]
DETAILED STEPS
Device> enable
Step 2 license smart register idtoken idtoken [force] Registers the device with the back-end server. Token id can
be obtained from your virtual a/c in the Smart Licensing
Example:
server.
Device# license smart register idtoken 123 • force: To forcefully register your device irrespective
of either the device is registered or not.
Step 3 license smart deregister Deregisters the device from the backend server.
Example:
Registration:
Status: REGISTERED
Smart Account: BU Production Test
Virtual Account: ISR4K
Export-Controlled Functionality: Allowed
Initial Registration: SUCCEEDED on Sep 04 15:40:03 2015 PDT
Last Renewal Attempt: None
Next Renewal Attempt: Mar 02 15:40:02 2016 PDT
Registration Expires: Sep 03 15:34:53 2016 PDT
License Authorization:
Status: AUTHORIZED on Sep 04 15:40:09 2015 PDT
Last Communication Attempt: SUCCEEDED on Sep 04 15:40:09 2015 PDT
Next Communication Attempt: Oct 04 15:40:08 2015 PDT
Communication Deadline: Dec 03 15:35:01 2015 PDT
License Usage
==============
ISR_4400_FoundationSuite (ISR_4400_FoundationSuite):
Description: Cisco ONE Foundation Perpetual License ISR 4400
Count: 1
Version: 1.0
Status: AUTHORIZED
ISR_4400_AdvancedUCSuite (ISR_4400_AdvancedUCSuite):
Description: Cisco ONE Advanced UC Perpetual License ISR 4400
Count: 1
Version: 1.0
Status: AUTHORIZED
ISR_4451_2G_Performance (ISR_4451_2G_Performance):
Description: Performance on Demand License for 4450 Series
Count: 1
Version: 1.0
Status: AUTHORIZED
Product Information
===================
UDI: PID:ISR4451-X/K9,SN:FOC17042FJ9
Agent Version
=============
Smart Agent for Licensing: 1.4.0_rel/16
Component Versions: SA:(1_4_rel)1.0.15, SI:(dev22)1.2.6, CH:(dev5)1.0.32, PK:(dev18)1.0.17
Device#
Note The warning message that is displayed in the following example applies only for Cisco ISR G2
platform. For Cisco 4000 Series ISR platform, it does not display warning message when you enable
the smart license.
Step 1 Connect the RJ-45 end of a serial cable to the RJ-45 console port on the router.
Step 2 After the device initial configuration wizard appears, enter No to get into the device prompt when the following system
message appears on the router.
Would you like to enter the initial configuration dialog? [yes/no]: no
Step 3 From the configuration mode, enter the following configuration parameters.
!
ip dhcp pool WEBUIPool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
username webui privilege 15 password cisco
!
interface gig 0/0/1
ip address 192.168.1.1 255.255.255.0
!
Step 4 Connect your device to the router using an Ethernet cable to the gig 0/0/1 interface.
Step 5 Set up your system as a DHCP client to obtain the IP address of the router automatically.
Step 6 Launch the browser and enter the device IP address in your browser’s address line. For a secure connection, type
https://192.168.1.1/#/dayZeroRouting. For a less secure connection, enter http://192.168.1.1/#/dayZeroRouting.
Step 7 Enter the default username (webui) and default password (cisco).
Step 1 Choose the Basic Mode or Advanced Mode and click Go To Account Creation Page.
Step 2 Enter the username and password. Reenter the password to confirm.
Step 3 Click Create and Launch Wizard.
Step 4 Enter the device name and domain name.
Step 5 Select the appropriate time zone from the Time Zone drop-down list.
Step 6 Select the appropriate date and time mode from the Date and Time drop-down list.
Step 7 Click LAN Settings.
Step 1 Choose the Web DHCP Pool/DHCP Pool name or the Create and Associate Access VLAN option.
a) If you choose the Web DHCP Pool, specify the following:
Pool Name—Enter the DHCP Pool Name.
Network—Enter network address and the subnet mask.
b) If you choose the Create and Associate Access VLAN option, specify the following:
Access VLAN—Enter the Access VLAN identification number. The range is from 1 to 4094.
Network—Enter the IP address of the VLAN.
Management Interfaces—Select the interface and move to the selected list box using the right and left arrows. You
can also double click or drag and drop to move the interface to the selected list box.
Step 1 Select the primary WAN type. You can configure Serial, 3G/4G, Ethernet, or Broadband (xDSL) as primary WAN
depending on the WAN types supported by the router.
Step 2 Select the interface from the drop-down list.
Step 3 Check the Get DNS Server info directly from ISP check box to get the DNS server information directly from the service
provider. You can also manually enter the Primary DNS and Secondary DNS.
Step 4 Check the Get IP automatically from ISP check box to get the IP address information directly from the service provider.
You can also manually enter the IP address and subnet mask.
Step 5 Check the Enable NAT check box to enable NAT. It is recommended to enable NAT.
Step 6 Check the Enable PPPOE check box to enable PPPoE. If you have enabled PPPoE, select the required authentication
mode. The options are: PAP and CHAP.
Step 7 Enter the username and password provided by the service provider.
Step 8 Click Security / APP Visibility WAN Settings.
Step 1 Select the secondary WAN type. You can configure Serial, 3G/4G, Ethernet, or Broadband (xDSL) as a secondary WAN
depending on the WAN types supported by the router.
Step 2 Select the interface from the drop-down list.
Step 3 Check the Get DNS Server info directly from ISP check box to get the DNS server information directly from the service
provider. You can also manually enter the Primary DNS and Secondary DNS.
Step 4 Check the Get IP automatically from ISP check box to get the IP address information directly from the service provider.
You can also manually enter the IP address and subnet mask.
Step 5 Check the Enable NAT check box to enable NAT. It is recommended to enable NAT.
Step 6 Check the Enable PPPOE check box to enable PPPoE. If you have enabled PPPoE, select the required authentication
mode. The options are PAP and CHAP.
Step 7 Enter the username and password provided by the service provider.
Step 8 Click Security / APP Visibility WAN Settings.
Step 1 Check the Enable Cisco Recommended Security Settings check box to ensure that all passwords are not shown in plain
text. The passwords are encrypted.
Step 2 Click Day 0 Config Summary.
Step 3 To preview the configuration, click CLI Preview to preview the configuration.
Step 4 Click Finish to complete the Day Zero setup.
Step 1 Configure the HTTP server. By default, the HTTP server configuration should be present on the device. Ensure the
configuration by checking if the ip http server and ip http secure-server commands are present in the running
configuration.
Device #configure terminal
Device (config)#ip http server
Device (config)#ip http secure-server
Step 2 Set up the authentication options to log into Web UI. You can use one of these methods to authenticate:
a) You can authenticate using local database. To use a local database for Web UI authentication, ensure to have the ip
http authentication local command in the running configuration. This command is preconfigured on the device. If
the command is not present, configure the device as shown in this example:
Device #configure terminal
Device (config)#ip http authentication local
b) Authenticate using AAA options. To use AAA authentication for Web UI, ensure to configure ‘ip http authentication
aaa’ on the device. Also, ensure that the required AAA server configuration is present on the device.
Device #configure terminal
Device (config)#ip http authentication local
Step 3 Launch the browser. In the address bar, type the IP address of the device. For a secure connection, type https://ip-address.
Step 4 Enter the default username (webui) and default password (cisco).
Step 5 Click Log In.
Monitor and Troubleshoot Device Cisco IOS XE Release 17.5.1a You can now monitor and
PnP Onboarding using WebUI troubleshoot your Day-0 device
onboarding using WebUI through
PnP onboarding. If the automated
PnP onboarding fails, you can
manually onboard your device.
A device can be automatically onboarded to Cisco vManage through either Zero Touch Provisioning (ZTP)
or the Plug and Play (PnP) process. This section describes the procedure to monitor and troubleshoot device
onboarding through the PnP method. This feature on WebUI enables you to monitor and troubleshoot the PnP
onboarding process, and also see its real-time status. If this onboarding is stuck or fails, you can terminate
the process and onboard your device manually.
Prerequisites
• Your device (a computer that can run a web browser) running the WebUI and the device you are
onboarding must be connected through an L2 switch port (NIM) on the device.
• The DHCP client-identifier on your device must be set to string “webui”.
• Your device must support Cisco SD-WAN Day-0 device onboarding on WebUI.
mode by selecting Controller Mode. A dialogue box appears, asking if you want to continue.
Click Yes. Your device reloads to switch to controller mode.
• Booting your device in controller mode:
If your device is already in the controller mode, you do not have to make any changes to the mode.
Go to the URL https://192.168.1.1 or https://192.168.1.1/webui. If your device supports Cisco
SD-WAN Day-0 device onboarding on WebUI, the URL is redirected to
https://192.168.1.1/ciscosdwan/ and you can log in using the default credentials for Cisco IOS XE
SD-WAN devices - admin/admin.
Note If the device does not have start-up configuration at the time of PnP onboarding, the WebUI is
enabled by default on supported devices.
2. On the Welcome to Cisco SDWAN Onboarding Wizard page, click Reset Default Password.
Note The default password of your Day-0 device is weak. Therefore, for a secure log in, you must reset
the password when you first log in to the device on WebUI. The WebUI configuration is
automatically deleted after the device is onboarded successfully. In rare cases where the template
configuration for your device on Cisco vManage has the WebUI configuration, it is not deleted
even after a successful device onboarding.
3. You are redirected to the Device hardware and software details page. Enter your password and click
Submit.
4. The next page displays the onboarding progress and lists statuses of different components of the PnP
Connect Portal and Cisco SD-WAN controllers. If the PnP IPv4 component fails, it indicates that the
device PnP onboarding has failed.
To view and download logs for the onboarding process, click the information icon on the right hand
side of the SDWAN Onboarding Progress bar.
5. If the automated PnP onboarding fails, click Terminate Automated Onboarding. This allows you to
onboard your device manually.
6. A dialogue box appears. To continue with the termination, click Yes. It might take a few minutes for
the termination to complete.
7. On the Bootstrap Configuration page click Select File and choose the bootstrap file for your device.
This file can be either a generic bootstrap file (common platform-specific file) or a full configuration
bootstrap file that you can download from Cisco vManage. This file must contain details such as the
vBond number, UUID, WAN interface, root CA and configuration.
8. Click Upload.
9. After your file is successfully uploaded, click Submit.
10. You can see the SDWAN Onboarding Progress page again with statuses of the Cisco SD-WAN
controllers. To open the Controller Connection History table click the information icon on the right
hand side of the SDWAN Control Connections bar. In this table you can see the state of your onboarded
device. After the onboarding is complete, the state of your device changes to connect.
For information on accessing the router using the console port, see Using Cisco IOS XE Software, on page
7.
SUMMARY STEPS
1. enable
2. configure terminal
3. transport-map type console transport-map-name
4. connection wait [allow [interruptible] | none [disconnect]]
5. (Optional) banner [diagnostic | wait] banner-message
6. exit
7. transport type console console-line-number input transport-map-name
DETAILED STEPS
Router> enable
Step 3 transport-map type console transport-map-name Creates and names a transport map for handling console
connections, and enters transport map configuration mode.
Example:
Step 4 connection wait [allow [interruptible] | none Specifies how a console connection will be handled using
[disconnect]] this transport map.
Example: • allow interruptible—The console connection waits
for a Cisco IOS VTY line to become available, and
Router(config-tmap)# connection wait none also allows users to enter diagnostic mode by
interrupting a console connection that is waiting for a
Cisco IOS VTY line to become available. This is the
default setting.
Note Users can interrupt a waiting connection by
entering Ctrl-C or Ctrl-Shift-6.
• none—The console connection immediately enters
diagnostic mode.
Router(config-tmap)# exit
Step 7 transport type console console-line-number input Applies the settings defined in the transport map to the
transport-map-name console interface.
Example: The transport-map-name for this command must match the
transport-map-name defined in the transport-map type
Router(config)# transport type console 0 input console command.
consolehandler
Examples
The following example shows how to create a transport map to set console port access policies and
attach to console port 0:
Router(config)# transport-map type console consolehandler
Router(config-tmap)# connection wait allow interruptible
Router(config-tmap)# banner diagnostic X
Enter TEXT message. End with the character 'X'.
--Welcome to diagnostic mode--
X
Router(config-tmap)# banner wait X
Enter TEXT message. End with the character 'X'.
Waiting for IOS vty line
X
Router(config-tmap)# exit
Router(config)# transport type console 0 input consolehandler
SUMMARY STEPS
1. enable
2. configure terminal
3. transport-map type persistent telnet transport-map-name
4. connection wait [allow [interruptible] | none [disconnect]]
5. (Optional) banner [diagnostic | wait] banner-message
6. transport interface gigabitethernet 0
7. exit
8. transport type persistent telnetinput transport-map-name
DETAILED STEPS
Router> enable
Step 3 transport-map type persistent telnet Creates and names a transport map for handling persistent
transport-map-name Telnet connections, and enters transport map configuration
mode.
Example:
Step 4 connection wait [allow [interruptible] | none Specifies how a persistent Telnet connection will be handled
[disconnect]] using this transport map:
Example: • allow—The Telnet connection waits for a Cisco IOS
vty line to become available, and exits the router if
Router(config-tmap)# connection wait none interrupted.
• allow interruptible—The Telnet connection waits for
the Cisco IOS vty line to become available, and also
allows user to enter diagnostic mode by interrupting
Step 5 (Optional) banner [diagnostic | wait] banner-message (Optional) Creates a banner message that will be seen by
users entering diagnostic mode or waiting for the Cisco IOS
Example:
vty line because of the persistent Telnet configuration.
Router(config-tmap)# banner diagnostic X • diagnostic—Creates a banner message seen by users
Enter TEXT message. End with the character 'X'. directed into diagnostic mode because of the persistent
--Welcome to Diagnostic Mode--
Telnet configuration.
X
Router(config-tmap)# Note Users can interrupt a waiting connection by
entering Ctrl-C or Ctrl-Shift-6.
• wait—Creates a banner message seen by users waiting
for the vty line to become available.
• banner-message—The banner message, which begins
and ends with the same delimiting character.
Step 6 transport interface gigabitethernet 0 Applies the transport map settings to the management
Ethernet interface (interface gigabitethernet 0).
Example:
Persistent Telnet can be applied only to the management
Router(config-tmap)# transport interface Ethernet interface on the router. This step must be taken
gigabitethernet 0 before applying the transport map to the management
Ethernet interface.
Router(config-tmap)# exit
Step 8 transport type persistent telnetinput Applies the settings defined in the transport map to the
transport-map-name management Ethernet interface.
Example: The transport-map-name for this command must match the
transport-map-name defined in the transport-map type
Router(config)# transport type persistent telnet persistent telnet command.
input telnethandler
Examples
In the following example, a transport map that will make all Telnet connections wait for a Cisco IOS
XE vty line to become available before connecting to the router, while also allowing the user to
interrupt the process and enter diagnostic mode, is configured and applied to the management Ethernet
interface (interface gigabitethernet 0).
A diagnostic and a wait banner are also configured.
The transport map is then applied to the interface when the transport type persistent telnet input
command is entered to enable persistent Telnet.
Router(config)# transport-map type persistent telnet telnethandler
Router(config-tmap)# connection wait allow interruptible
Router(config-tmap)# banner diagnostic X
Enter TEXT message. End with the character 'X'.
--Welcome to diagnostic mode--
X
Router(config-tmap)# banner wait X
Enter TEXT message. End with the character 'X'.
Waiting for IOS IOS Process--
X
Router(config-tmap)# transport interface gigabitethernet 0
Router(config-tmap)# exit
Router(config)# transport type persistent telnet input telnethandler
SUMMARY STEPS
1. enable
2. configure terminal
3. transport-map type persistent ssh transport-map-name
4. connection wait [allow [interruptible] | none [disconnect]]
5. rsa keypair-name rsa-keypair-name
6. (Optional) authentication-retries number-of-retries
7. (Optional) banner [diagnostic | wait] banner-message
8. (Optional) time-out timeout-interval
9. transport interface gigabitethernet 0
10. exit
11. transport type persistent ssh input transport-map-name
DETAILED STEPS
Router> enable
Step 3 transport-map type persistent ssh Creates and names a transport map for handling persistent
transport-map-name SSH connections, and enters transport map configuration
mode.
Example:
Step 4 connection wait [allow [interruptible] | none Specifies how a persistent SSH connection will be handled
[disconnect]] using this transport map:
Example: • allow—The SSH connection waits for a Cisco IOS
VTY line to become available, and exits the router if
Router(config-tmap)# connection wait interruptible interrupted.
• allow interruptible—The SSH connection waits for
the VTY line to become available, and also allows a
user to enter diagnostic mode by interrupting an SSH
connection waiting for the VTY line to become
available. This is the default setting.
Note Users can interrupt a waiting connection
by entering Ctrl-C or Ctrl-Shift-6.
• none—The SSH connection immediately enters
diagnostic mode.
• none disconnect—The SSH connection does not wait
for the VTY line and does not enter diagnostic mode.
Therefore, all SSH connections are rejected if no VTY
line is immediately available.
Step 5 rsa keypair-name rsa-keypair-name Names the RSA keypair to be used for persistent SSH
connections.
Example:
For persistent SSH connections, the RSA keypair name
Router(config)# rsa keypair-name sshkeys must be defined using this command in transport map
configuration mode. The RSA keypair definitions defined
elsewhere on the router, such as through the use of the ip
ssh rsa keypair-name command, do not apply to persistent
SSH connections.
No rsa-keypair-name is defined by default.
Step 7 (Optional) banner [diagnostic | wait] (Optional) Creates a banner message that will be seen by
banner-message users entering diagnostic mode or waiting for the VTY
line because of the persistent SSH configuration.
Example:
• diagnostic—Creates a banner message seen by users
Router(config-tmap)# banner diagnostic X directed to diagnostic mode because of the persistent
Enter TEXT message. End with the character 'X'. SSH configuration.
--Welcome to Diagnostic Mode--
X • wait—Creates a banner message seen by users
Router(config-tmap)#
waiting for the VTY line to become available.
• banner-message—The banner message, which begins
and ends with the same delimiting character.
Step 8 (Optional) time-out timeout-interval (Optional) Specifies the SSH time-out interval, in seconds.
Example: The default timeout-interval is 120 seconds.
Router(config-tmap)# time-out 30
Step 9 transport interface gigabitethernet 0 Applies the transport map settings to the Ethernet
management interface (interface gigabitethernet 0).
Example:
Persistent SSH can be applied only to the Ethernet
Router(config-tmap)# transport interface management interface on the router.
gigabitethernet 0
Router(config-tmap)# exit
Step 11 transport type persistent ssh input Applies the settings defined in the transport map to the
transport-map-name Ethernet management interface.
Example: The transport-map-name for this command must match
the transport-map-name defined in the transport-map
Router(config)# transport type persistent ssh type persistent ssh command.
input sshhandler
Examples
The following example shows a transport map that will make all SSH connections wait for the VTY
line to become active before connecting to the router being configured and applied to the Ethernet
management interface (interface gigabitethernet 0). The RSA keypair is named sshkeys.
This example only uses the commands required to configure persistent SSH.
In the following example, a transport map is configured and will apply the following settings to users
attempting to access the Ethernet management port via SSH:
• SSH users will wait for the VTY line to become active, but will enter diagnostic mode if the
attempt to access the Cisco IOS software through the VTY line is interrupted.
• The RSA keypair name is sshkeys.
• The connection allows one authentication retry.
• The banner --Welcome to Diagnostic Mode-- will appear if diagnostic mode is entered as
a result of SSH handling through this transport map.
• The banner --Waiting for vty line-- will appear if the connection is waiting for the VTY
line to become active.
• The transport map is then applied to the interface when the transport type persistent ssh input
command is entered to enable persistent SSH:
Example
The following example shows transport maps that are configured on the router: a console port
(consolehandler), persistent SSH (sshhandler), and persistent Telnet transport (telnethandler):
Router# show transport-map all
Transport Map:
Name: consolehandler
Type: Console Transport
Connection:
Wait option: Wait Allow Interruptable
Wait banner:
bshell banner:
Transport Map:
Name: sshhandler
Type: Persistent SSH Transport
Interface:
GigabitEthernet0
Connection:
Wait option: Wait Allow Interruptable
Wait banner:
Bshell banner:
Welcome to Diagnostic Mode
SSH:
Timeout: 120
Authentication retries: 5
RSA keypair: sshkeys
Transport Map:
Name: telnethandler
Type: Persistent Telnet Transport
Interface:
GigabitEthernet0
Connection:
Wait option: Wait Allow Interruptable
Wait banner:
Bshell banner:
Transport Map:
Name: telnethandling1
Type: Persistent Telnet Transport
Connection:
Wait option: Wait Allow
Connection:
Wait option: Wait Allow Interruptable
Wait banner:
Bshell banner:
Interface:
GigabitEthernet0
Connection:
Wait option: Wait Allow Interruptable
Wait banner:
Bshell banner:
SSH:
Timeout: 120
Authentication retries: 5
RSA keypair: sshkeys
Interface:
GigabitEthernet0
Connection:
Wait option: Wait Allow Interruptable
Wait banner:
Bshell banner:
Transport Map:
Name: telnethandling1
Type: Persistent Telnet Transport
Connection:
Wait option: Wait Allow
Interface:
GigabitEthernet0
Connection:
Wait option: Wait Allow Interruptable
Wait banner:
Bshell banner:
Connection:
Wait option: Wait Allow Interruptable
Wait banner:
Bshell banner:
Interface:
GigabitEthernet0
Connection:
Wait option: Wait Allow Interruptable
Wait banner:
Bshell banner:
SSH:
Timeout: 120
Authentication retries: 5
RSA keypair: sshkeys
Router#
Use the show platform software configuration access policy command to view the current configurations
for handling the incoming console port, SSH, and Telnet connections. The output of this command provides
the current wait policy for each type of connection (Telnet, SSH, and console), as well as information on the
currently configured banners.
Unlike the show transport-map command, the show platform software configuration access policy
command is available in diagnostic mode so that it can be entered in scenarios where you need transport map
configuration information, but cannot access the Cisco IOS CLI.
Example
Router# show platform software configuration access policy
The current access-policies
Method : telnet
Rule : wait
Shell banner:
Wait banner :
Method : ssh
Rule : wait
Shell banner:
Wait banner :
Method : console
Rule : wait with interrupt
Shell banner:
Wait banner :
Example
The following example shows the show platform software configuration access policy command
being issued both before and after a new transport map for SSH are configured. During the
configuration, the connection policy and banners are set for a persistent SSH transport map, and the
transport map for SSH is enabled.
Router# show platform software configuration access policy
The current access-policies
Method : telnet
Rule : wait with interrupt
Shell banner:
Welcome to Diagnostic Mode
Wait banner :
Waiting for IOS Process
Method : ssh
Rule : wait
Shell banner:
Wait banner :
Method : console
Rule : wait with interrupt
Shell banner:
Wait banner :
Method : telnet
Rule : wait with interrupt
Shell banner:
Welcome to Diagnostic Mode
Wait banner :
Waiting for IOS process
Method : ssh
Rule : wait with interrupt
Shell banner:
Welcome to Diag Mode
Wait banner :
Waiting for IOS
Method : console
Rule : wait with interrupt
Shell banner:
Wait banner :
Step 1 Connect the RJ-45 end of the adapter cable to the black AUX port on the router.
Step 2 Use the show line command to determine the async interface of the AUX port:
Router# show line
Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int
* 0 CTY - - - - - 0 0 0/0 -
1 AUX 9600/9600 - - - - - 0 0 0/0 -
2 VTY - - - - - 0 0 0/0 -
3 VTY - - - - - 0 0 0/0 -
4 VTY - - - - - 0 0 0/0 -
5 VTY - - - - - 0 0 0/0 -
6 VTY - - - - - 0 0 0/0 -
Step 3 Use the following commands to configure the router AUX line::
Router(config)# line 1
Router(config-line)#modem inOut
Router(config-line)#modem autoconfigure type usr_sportster
Router(config-line)#speed 115200 [Speed to be set according to the modem manual]
Router(config-line)#stopbits 1 [Stopbits to be set according to the modem manual]
Router(config-line)#transport input all
Router(config-line)#flowcontrol hardware [flowcontrol to be set according to the modem manual]
Router(config-line)#password cisco
Router(config-line)#login
Router(config-line)#end
Router(config)#enable password lab
Step 4 Use the reverse telnet method on the modem to verify the modem connectivity and configuration string:
Router(config)#int loopback 0
Router(config-if)#ip add 192.0.2.1 255.255.255.0
Router(config-if)#end
Router#telnet 192.0.2.1 2001
Trying 192.0.2.1, 2001 ... Open
Step 5 Use an analog phone to verify that the phone line is active and functions properly. Then, connect the analog phone line
to the modem.
Step 6 Initialize an EXEC modem call to the router from another device (PC) to test the modem connection.
Step 7 When the connection is established, the dial in client is prompted for a password. Enter the correct password.
Note: This password should match the one that is configured on the auxiliary port line.
Overview
Installing software on the router involves installing a consolidated package (bootable image). This consists
of a bundle of subpackages (modular software units), with each subpackage controlling a different set of
functions.
These are the two main methods to install the software:
• Managing and Configuring a Router to Run Using a Consolidated Package, on page 70—This method
allows for individual upgrade of subpackages and generally has reduced boot times compared to the
method below. Use this method if you want to individually upgrade a module's software.
• Managing and Configuring a Router to Run Using Individual Packages, on page 75—This a simple
method that is similar to a typical Cisco router image installation and management that is supported
across Cisco routers.
It is better to upgrade software in a planned period of maintenance when an interruption in service is acceptable.
The router needs to be rebooted for a software upgrade to take effect.
ROMMON Images
A ROMMON image is a software package used by ROM Monitor (ROMMON) software on a router. The
software package is separate from the consolidated package normally used to boot the router. For more
information on ROMMON, see the "ROM Monitor Overview and Basic Procedures" section in the Upgrading
Field-Programmable Hardware Devices for Cisco 4000 Series ISRs guide.
An independent ROMMON image (software package) may occasionally be released and the router can be
upgraded with the new ROMMON software. For detailed instructions, see the documentation that accompanies
the ROMMON image.
Note A new version of the ROMMON image is not necessarily released at the same time as a consolidated package
for a router.
Table 8: Supported ROMMON Releases for Cisco 4000 Series Integrated Service Routers
Platform 16.2(1r) 16.2(2r) 16.4(3r) 16.7(3r) 16.7(4r) 16.7(5r) 16.8(1r) 16.9(1r) 16.12(1r) 16.12(2r) 17.6.1
Cisco Yes Yes Yes Yes Yes Yes — Yes Yes Yes Yes
4321
ISR
Cisco Yes Yes Yes Yes Yes Yes — Yes Yes Yes Yes
4331
ISR
Cisco Yes Yes Yes Yes Yes Yes — Yes Yes Yes Yes
4351
ISR
Note When you upgrade from Cisco IOS XE 3.x to 16.x image, you should first upgrade the rommon release to
the 16.7(5r) rommon release. After upgrading to the 16.7(5r) rommon release, based on the IOS XE 16.x
image, the rommon release can be auto-upgraded to a later rommon release.
Note The rommon release 16.9(1r) is the first release that supports the Cisco BIOS Protection. After a device is
upgraded to the 16.9(1r) rommon release, the rommon release cannot be downgraded to a release earlier than
16.9(1r). All future rommon releases can be downgraded to the 16.9(1r) release. Also, if a platform has a
16.9(1r) or later release installed, an IOS XE 16.9.1 or later release or a SD-WAN 16.11.1 or later release
must be used for the upgrade.
Note ROMMON images for IOS XE Release 17.1.x through 17.5.x are aligned with release 16.12(2r).
Note From Cisco IOS XE Release 17.6.1 onwards, the ROMMON image will not be released as a standalone
package, and will be packaged with the IOS XE image. 17.6.1 ROMMON will only be used in devices with
manufacturing date equal or later than 2535. You can view your device manufacturing date with the CLI
command show license udi. For example,
elixir_p1b_11#show license udi
UDI: PID:C1131X-8PWB, SN: FGL2451L5MJ
Cisco IOS Cisco 4321 Cisco 4321 Cisco 4331 Cisco 4351 Cisco 4431 Cisco 4451 Cisco 4461
XE Release ISR ISR ISR ISR ISR ISR ISR
Cisco IOS Cisco 4321 Cisco 4321 Cisco 4331 Cisco 4351 Cisco 4431 Cisco 4451 Cisco 4461
XE Release ISR ISR ISR ISR ISR ISR ISR
Note For devices with manufacturing date equal or later than 2535, the minimum supported ROMMON version is
17.6.1. These devices cannot downgrade to older ROMMON versions.
Table 10: Recommended ROMMON Release for Cisco IOS XE 16.x.x Releases
Cisco IOS Cisco 4321 Cisco 4321 Cisco 4331 Cisco 4351 Cisco 4431 Cisco 4451 Cisco 4461
XE Release ISR ISR ISR ISR ISR ISR ISR
Note For devices with manufacturing date equal or later than 2535, the minimum supported ROMMON version is
17.6.1. These devices cannot downgrade to older ROMMON versions. For devices with IOS XE 16.12 and
preinstalled ROMMON 17.6.1r, the minimum supported ROMMON version is 17.6.1r. Do not downgrade
the ROMMON to 16.12(2r); these devices cannot downgrade to older ROMMON versions.
Provisioning Files
This section provides background information about the files and processes used in Managing and Configuring
a Router to Run Using Individual Packages, on page 75.
The consolidated package on a router consists of a collection of subpackages and a provisioning file titled
packages.conf. To run the software, the usual method used is to boot the consolidated package, which is
copied into memory, expanded, mounted, and run within memory. The provisioning file's name can be renamed
but subpackage file's names cannot be renamed. The provisioning file and subpackage files must be kept in
the same directory. The provisioning file does not work properly if any individual subpackage file is contained
within a different directory.
Note An exception to this is that if a new or upgraded module firmware package is subsequently installed, it need
not be in the same directory as the provisioning file.
Configuring a router to boot, using the provisioning file packages.conf, is beneficial because no changes have
to be made to the boot statement after the Cisco IOS XE software is upgraded.
File Systems
The following table provides a list of file systems that can be seen on the Cisco 4000 series routers.
harddisk: Hard disk file system (if NIM-SSD, NIM-HDD, or internal mSATA flash device is
present in the router).
Note The internal mSATA flash device is supported only on Cisco ISR4300
Series routers.
nvram: Router NVRAM. You can copy the startup configuration to NVRAM or from
NVRAM.
system: System memory file system, which includes the running configuration.
usb0: The Universal Serial Bus (USB) flash drive file systems.
usb1: Note The USB flash drive file system is visible only if a USB drive is installed
in usb0: or usb1: ports.
Use the ? help option, or use the copy command in command reference guides, if you find a file system that
is not listed in the table above.
crashinfo files Crashinfo files may appear in the bootflash: file system.
These files provide descriptive information of a crash and may be useful for
tuning or troubleshooting purposes. However, the files are not part of router
operations, and can be erased without impacting the functioning of the router.
lost+found directory This directory is created on bootup if a system check is performed. Its
appearance is completely normal and does not indicate any issues with the
router.
Flash Storage
Subpackages are installed to local media storage, such as flash. For flash storage, use the dir bootflash:
command to list the file names.
For more information about the configuration register, see Use of the Configuration Register on All Cisco
Routers and Configuring a Router to Boot the Consolidated Package via TFTP Using the boot Command:
Example, on page 71.
Note Setting the configuration register to 0x2102 will set the router to autoboot the Cisco IOS XE software.
Note The console baud rate is set to 9600 after changing the confreg to 0x2102 or 0x0. If you cannot establish a
console session after setting confreg, or garbage output appears, change the setting on your terminal emulation
software to 9600.
Licensing
Cisco Software Licensing
Cisco software licensing consists of processes and components to activate Cisco IOS software feature sets by
obtaining and validating Cisco software licenses.
You can enable licensed features and store license files in the bootflash of your router. Licenses pertain to
consolidated packages, technology packages, or individual features.
An evaluation license is automatically converted to a Right to Use model after 60 days and this license is valid
permanently. The conversion to a permanent license applies only to evaluation licenses. For other features
supported on your router, you must purchase a permanent license.
See the "Configuring the Cisco IOS Software Activation Feature" chapter of the Software Activation
Configuration Guide, Cisco IOS XE Release 3S.
Consolidated Packages
One of the following two consolidated packages (images) is preinstalled on the router:
• universalk9—Contains the ipbasek9 base package and the securityk9, uck9, and appxk9 technology
packages.
• universalk9_npe—Contains the ipbasek9 base package and the securityk9_npe, uck9, and appxk9
technology packages. This image has limited crypto functionality.
Note The terms super package and image also refer to a consolidated package.
Many features within the consolidated package are contained in the ipbasek9 base package. The license key
for the ipbasek9 package is activated by default.
Technology Packages
Technology packages contain software features within a consolidated package. To use different sets of features,
enable the licenses of selected technology packages. You can enable the licenses for any combination of
technology packages.
Each technology package has an evaluation license that converts to a Right to Use (RTU) license after 60
days and is then valid permanently.
The following is a list of technology packages:
Note In Cisco 1000 Series Integrated Series Routers, although L2TPv2 sessions comes up without appxk9, you
need the appxk9 license for the traffic to go through the sessions. You also need the appxk9 license to apply
the QoS policies to the L2TPv2 sessions.
securityk9
The securityk9 technology package includes all crypto features, including IPsec, SSL/SSH, Firewall, and
Secure VPN.
The securityk9_npe package (npe = No Payload Encryption) includes all the features in the securityk9
technology package without the payload-encryption functionality. This is to fulfill export restriction
requirements. The securityk9_npe package is available only in the universalk9_npe image. The difference
in features between the securityk9 package and the securityk9_npe package is therefore the set of
payload-encryption-enabling features such as IPsec and Secure VPN.
uck9
The Unified Communications technology package is required to enable Cisco Unified Border Element (Cisco
UBE) functionality. To use Cisco UBE features, you will require session licenses and a Security technology
package to secure the media.
appxk9
The appxk9 technology package contains Application Experience features, which are similar to the features
in the DATA package of the Cisco Integrated Services Routers Generation 2 routers. For more information,
see: http://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/
software-activation-on-integrated-services-routers-isr/white_paper_c11_556985.html#wp9000791.
There are many features in the appxk9 package, including MPLS, PfR, L2/L3 VPN, Broadband, and AVC.
Feature Licenses
To use each of the following features, enable a corresponding feature license, as explained in the following
sections:
HSECK9
The HSECK9 license is required for a feature to have full crypto functionality. Without the HSECK9 license,
only 225 secure tunnels and 85 Mbps of crypto bandwidth would be available. The HSECK9 license allows
features in the securityk9 technology package to use the maximum number of secure tunnels and crypto
bandwidth. To enable the HSECK9 license, purchase the FL-44-HSEC-K9 license from Cisco.com and
install it using the license install license-files command. For further information on obtaining and installing
feature licenses, see Configuring the Cisco IOS Software Activation Feature.
Note The HSECK9 feature does not have an evaluation license that converts to an RTU license after 60 days; a
feature license must be obtained.
If you do not enable the export control functionality, the device does not send the HSECK9 license request
to the Smart Licensing server even if the HSECK9 license feature is configured on the device.
Note Starting from IOS XE Fuji 16.8.1, limits for number of tunnels and crypto throughput are enhanced. Without
HSEC, the new throughput limit is 250 Mbps each direction and number of tunnels is 1000.
To enable the license for the HSECK9 feature, the securityk9 technology package is also required. For more
information about the securityk9 technology package, see securityk9, on page 64.
Performance
The performance feature, which allows for increased throughput, is enabled by the performance license. This
feature is part of the ipbasek9 technology package. To enable the feature, order the performance license (part
number FL-44-PERF-K9). The license is displayed as the throughput license.
You can upgrade the throughput of the ESP from 2.5 Gbps to 5 Gbps by activating the right-to-use license
and then reloading the router. For more information on the right-to-use license activation, see Configuring
Cisco Right-To-Use License Configuration Guide. If you want to determine the current throughput level
of the ESP, run the show platform hardware throughput level command. The following example shows the
output of this command before the performance upgrade license is applied:
To configure the throughput level, perform the following steps and to upgrade the throughput level use the
platform hardware throughput level { 2500000 | 5000000} command.
To configure the throughput level, perform the following steps and to upgrade the throughput level use the
platform hardware throughput level { 2500000 | 5000000} command.
Router>enable
Router#configure terminal
Router(config)#platform hardware throughput level 5000000
% The config will take effect on next reboot
Router(config)#exit
Router#copy running-config startup-config
Router#reload
Note To use the Boost performance license, the device must be running the Cisco IOS XE software version 16.07.01
or later. Also, the boost license command will not be available if the device is registered in CSSM before the
license is added to license CSSM repository. You have to deregister and register back the device from the
CSSM to execute the boost license command.
Note When you enable boost license on Cisco 4000 Series ISRs, you cannot configure the virtual-service container
for Snort IPS and ISR-WAAS.
Building configuration...
[OK]
% Throughput boost is configured, it will take effect after reload
3. The platform hardware throughput level boost is automatically added to the configuration.
Device#show running-config | include throughput
4. Save the configuration and reload the device to enable Boost performance license. After the reload, the
Boost Performance is activated as shown in this example.
Device#show license
<output omitted>
Return of license:
• The device is in the smart license mode with boost performance command configured.
• Use show running-config and the show license summary commands to display the boost performance
information from the smart account.
• Use the no platform hardware throughput level boost command to disable the functionality.
Note The command is removed from the configuration, but the license is released only after the device is reloaded.
The throughput level does not take effect until the device is reloaded.
The license visibility is available till the device is reloaded.
One count of boost performance license is reduced from the usage pool, and one license is returned to its
original pool.
LED Indicators
For information on LEDs on the router, see "LED Indicators" in the "Overview" section of the Hardware
Installation Guide for the Cisco 4000 Series Integrated Services Routers.
For information on LEDs on the SSD Carrier Card NIM, see "Overview of the SSD Carrier Card NIM
(NIM-SSD)" in the "Installing and Upgrading Internal Modules and FRUs" section of the Hardware Installation
Guide for the Cisco 4000 Series Integrated Services Routers.
Related Documentation
For further information on software licenses, see Software Activation on Cisco Integrated Services Routers
and Cisco Integrated Service Routers G2.
For further information on obtaining and installing feature licenses, see Configuring the Cisco IOS Software
Activation Feature.
Note Do not use these procedures if you also need to install any optional subpackages or plan to upgrade individual
subpackages. See Managing and Configuring a Router to Run Using Individual Packages, on page 75.
• Managing and Configuring a Consolidated Package Using copy and boot Commands, on page 70
• Configuring a Router to Boot the Consolidated Package via TFTP Using the boot Command: Example,
on page 71
Managing and Configuring a Consolidated Package Using copy and boot Commands
To upgrade a consolidated package, copy the consolidated package to the bootflash: directory on the router
using the copy command. After making this copy of the consolidated package, configure the router to boot
using the consolidated package file.
The following example shows the consolidated package file being copied to the bootflash: file system via
TFTP. The config register is then set to boot using boot system commands, and the boot system commands
instruct the router to boot using the consolidated package stored in the bootflash: file system. The new
configuration is then saved using the copy running-config startup-config command, and the system is then
reloaded to complete the process.
Router# dir bootflash:
Directory of bootflash:/
11 drwx 16384 Dec 4 2007 04:32:46 -08:00 lost+found
86401 drwx 4096 Dec 4 2007 06:06:24 -08:00 .ssh
14401 drwx 4096 Dec 4 2007 06:06:36 -08:00 .rollback_timer
28801 drwx 4096 Mar 18 2008 17:31:17 -07:00 .prst_sync
43201 drwx 4096 Dec 4 2007 04:34:45 -08:00 .installer
Configuring a Router to Boot the Consolidated Package via TFTP Using the boot Command: Example
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#boot system tftp://10.81.116.4/rtp-isr4400-54/isr4400.bin
Router(config)#config-register 0x2102
Router(config)#exit
Router# show run | include boot
boot-start-marker
boot system tftp://10.81.116.4/rtp-isr4400-54/isr4400.bin
boot-end-marker
license boot level adventerprise
Router# copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
Router# reload
Proceed with reload? [confirm]
Sep 13 17:42:54.445 R0/0: %PMAN-5-EXITACTION: Process manager is exiting: process exit with
Key Sectors:(Primary,GOOD),(Backup,GOOD),(Revocation,GOOD)
Size of Primary = 2288 Backup = 2288 Revocation = 300
IP_ADDRESS: 172.18.42.119
IP_SUBNET_MASK: 255.255.255.0
DEFAULT_GATEWAY: 172.18.42.1
TFTP_SERVER: 10.81.116.4
TFTP_FILE: rtp-isr4400-54/isr4400.bin
TFTP_MACADDR: a4:4c:11:9d:ad:97
TFTP_VERBOSE: Progress
TFTP_RETRY_COUNT: 18
TFTP_TIMEOUT: 7200
TFTP_CHECKSUM: Yes
ETHER_PORT: 0
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
Router>
Router>
Router>enable
Router# show version
Cisco IOS XE Software, Version BLD_V154_3_S_XE313_THROTTLE_LATEST_20140527_070027-ext
Cisco IOS Software, ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Experimental Version
15.4(20140527:095327)
v154_3_s_xe313_throttle-BLD-BLD_V154_3_S_XE313_THROTTLE_LATEST_20140527_070027-ios 156]
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
SUMMARY STEPS
1. show version
2. dir bootflash:
3. show platform
4. mkdir bootflash: URL-to-directory-name
5. request platform software package expand file URL-to-consolidated-package to
URL-to-directory-name
6. reload
7. boot URL-to-directory-name/packages.conf
8. show version installed
DETAILED STEPS
Step 4 mkdir bootflash: URL-to-directory-name Creates a directory to save the expanded software image.
Example: You can use the same name as the image to name the
Router# mkdir bootflash:mydir directory.
Step 5 request platform software package expand file Expands the software image from the TFTP server
URL-to-consolidated-package to URL-to-directory-name (URL-to-consolidated-package) into the directory used to
save the image (URL-to-directory-name), which was created
Example:
in Step 4.
Router# request platform software package expand
file
bootflash:isr4400-universalk9-NIM.bin to
bootflash:mydir
Step 7 boot URL-to-directory-name/packages.conf Boots the consolidated package, by specifying the path and
name of the provisioning file: packages.conf.
Example:
rommon 1 > boot bootflash:mydir/packages.conf
Step 8 show version installed Displays the version of the newly installed software.
Example:
Router# show version installed
Package: Provisioning File, version: n/a, status:
active
Examples
The initial part of the example shows the consolidated package, isr4400-universalk9.164422SSA.bin,
being copied to the TFTP server. This is a prerequisite step. The remaining part of the example shows
the consolidated file, packages.conf, being booted.
Router# copy tftp:isr4400/isr4400-universalk9.164422SSA.bin bootflash:
Address or name of remote host []? 192.0.2.1
Destination filename [isr4400-universalk9.164422SSA.bin]?
Accessing tftp://192.0.2.1/isr4400/isr4400-universalk9.164422SSA.bin...
Loading isr4400/isr4400-universalk9.164422SSA.bin from 192.0.2.1 (via GigabitEthernet0):
!!!!!!!!
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
to bootflash:isr4400-universalk9.dir1
Verifying parameters
Validating package type
Copying package files
SUCCESS: Finished expanding all-in-one software package.
Router# reload
Proceed with reload? [confirm]
How to Install and Upgrade the Software for Cisco IOS XE Denali Release 16.3
To install or upgrade the software, use one of the following methods to use the software from a consolidated
package or an individual package. Also see Overview section.
• Managing and Configuring a Router to Run Using a Consolidated Package section
• Managing and Configuring a Router to Run Using Individual Packages section
• Configuring a Router to Boot the Consolidated Package via TFTP Using the boot Command: Example
section
• Upgrading to Cisco IOS XE Denali Release 16.3 section
Note When the device boots up for first time and if the device requires an upgrade, the entire boot process may
take several minutes. This process will be longer than a normal boot due to the ROMMON upgrade.
Building configuration...
[OK]
Router# reload
Proceed with reload? [confirm]
Sep 13 17:42:54.445 R0/0: %PMAN-5-EXITACTION: Process manager is exiting: process exit with
Key Sectors:(Primary,GOOD),(Backup,GOOD),(Revocation,GOOD)
Size of Primary = 2288 Backup = 2288 Revocation = 300
IP_ADDRESS: 172.18.42.119
IP_SUBNET_MASK: 255.255.255.0
DEFAULT_GATEWAY: 172.18.42.1
TFTP_SERVER: 10.81.116.4
TFTP_FILE: rtp-isr4400-54/isr4400.bin
TFTP_MACADDR: a4:4c:11:9d:ad:97
TFTP_VERBOSE: Progress
TFTP_RETRY_COUNT: 18
TFTP_TIMEOUT: 7200
TFTP_CHECKSUM: Yes
ETHER_PORT: 0
To make the new ROMMON permanent, you must restart the RP.
ROMMON upgrade successful. Rebooting for upgrade to take effect.
Expected hash:
ddaf35a193617abacc417349ae204131
12e6fa4e89a97ea20a9eeee64b55d39a
2192992a274fc1a836ba3c23a3feebbd
454d4423643ce80e2a9ac94fa54ca49f
Obtained hash:
ddaf35a193617abacc417349ae204131
12e6fa4e89a97ea20a9eeee64b55d39a
2192992a274fc1a836ba3c23a3feebbd
454d4423643ce80e2a9ac94fa54ca49f
ROM:Sha512 Self Test Passed
Self Tests Latency: 418 msec
Rom image verified correctly
Expected hash:
DDAF35A193617ABACC417349AE204131
12E6FA4E89A97EA20A9EEEE64B55D39A
2192992A274FC1A836BA3C23A3FEEBBD
454D4423643CE80E2A9AC94FA54CA49F
Obtained hash:
DDAF35A193617ABACC417349AE204131
12E6FA4E89A97EA20A9EEEE64B55D39A
2192992A274FC1A836BA3C23A3FEEBBD
454D4423643CE80E2A9AC94FA54CA49F
Sha512 Self Test Passed
Rom image verified correctly
IP_ADDRESS: 172.18.42.119
IP_SUBNET_MASK: 255.255.255.0
DEFAULT_GATEWAY: 172.18.42.1
TFTP_SERVER: 10.81.116.4
TFTP_FILE: rtp-isr4400-54/isr4400.bin
TFTP_MACADDR: a4:4c:11:9d:ad:97
TFTP_VERBOSE: Progress
TFTP_RETRY_COUNT: 18
TFTP_TIMEOUT: 7200
TFTP_CHECKSUM: Yes
ETHER_PORT: 0
Expected hash:
DDAF35A193617ABACC417349AE204131
12E6FA4E89A97EA20A9EEEE64B55D39A
2192992A274FC1A836BA3C23A3FEEBBD
454D4423643CE80E2A9AC94FA54CA49F
Obtained hash:
DDAF35A193617ABACC417349AE204131
12E6FA4E89A97EA20A9EEEE64B55D39A
2192992A274FC1A836BA3C23A3FEEBBD
454D4423643CE80E2A9AC94FA54CA49F
Sha512 Self Test Passed
Found package arch type ARCH_i686_TYPE
Found package FRU type FRU_RP_TYPE
Calculating SHA-1 hash...Validate package: SHA-1 hash:
calculated 8B082C48:35C23C9E:8A091441:D6FACEE6:B5111533
expected 8B082C48:35C23C9E:8A091441:D6FACEE6:B5111533
Image validated
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
location and name of the firmware package and use this information in the steps below for
URL-to-package-name.
You can install a firmware subpackage if the router has been configured using, for example, Managing and
Configuring a Router to Run Using Individual Packages, on page 75.
Firmware subpackages are not released individually. You can select a firmware package from within a
consolidated package after expanding the consolidated package. The firmware package can then be installed
as shown in the procedure below.
Note Read the Release Notes document pertaining to the consolidated package to verify that the firmware within
the consolidated package is compatible with the version of Cisco IOS XE software that is currently installed
on a router.
SUMMARY STEPS
1. show version
2. dir bootflash:
3. show platform
4. mkdir bootflash: URL-to-directory-name
5. request platform software package expand file URL-to-consolidated-package to
URL-to-directory-name
6. reload
7. boot URL-to-directory-name /packages.conf
8. show version installed
DETAILED STEPS
Step 2 dir bootflash: Displays the previous version of software and that a package
is present.
Example:
Router# dir bootflash:
Step 5 request platform software package expand file Expands the software image from the TFTP server
URL-to-consolidated-package to URL-to-directory-name (URL-to-consolidated-package) into the directory used to
save the image (URL-to-directory-name), which was created
Example:
in the Step 4.
Router# request platform software package expand
file
bootflash:isr4400-universalk9-NIM.bin to
bootflash:mydir
Step 7 boot URL-to-directory-name /packages.conf Boots the consolidated package by specifying the path and
name of the provisioning file: packages.conf.
Example:
rommon 1 > boot bootflash:mydir/packages.conf
Step 8 show version installed Displays the version of the newly installed software.
Example:
Router# show version installed
Package: Provisioning File, version: n/a, status:
active
Examples
The initial part of the following example shows the consolidated package,
isr4400-universalk9.164422SSA.bin, being copied to the TFTP server. This is a prerequisite step.
The remaining part of the example shows the consolidated file, packages.conf, being booted.
Router# tftp:isr4400/isr4400-universalk9.164422SSA.bin bootflash:
Address or name of remote host []? 192.0.2.1
Destination filename [isr4400-universalk9.164422SSA.bin]?
Accessing tftp://192.0.2.1/isr4400/isr4400-universalk9.164422SSA.bin...
Loading isr4400/isr4400-universalk9.164422SSA.bin from 192.0.2.1 (via GigabitEthernet0):
!!!!!!!!
[OK - 410506248 bytes]
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
Router# reload
Proceed with reload? [confirm]
• Send a request to the platform software package expand file boot flash:/mydir/<IOS-XE image> to
expand the super package.
• Reload the hardware module subslot to boot the module with the new firmware.
• Verify that the module is booted up with the new firmware using the show platform software subslot
x/y module firmware command.
SUMMARY STEPS
1. copy Cisco IOS XE image into bootflash: mydir.
2. request platform software package expand file bootflash:/mydir /<IOS-XE image to expand
super package.
3. reload.
4. boot bootflash:mydir/ /packages.conf.
5. copy NIM firmware subpackage to the folder bootflash:mydir/.
6. request platform software package install rp 0 file bootflash:/mydir/<firmware subpackage>.
7. hw-module subslot x/y reload to boot the module with the new firmware.
8. show platform software subslot 0/2 module firmware to verify that the module is booted up with
the new firmware.
DETAILED STEPS
Step 2 request platform software package expand file Expands the platform software package to super package.
bootflash:/mydir /<IOS-XE image to expand super
package.
Example:
Router# request platform software package expand
file
bootflash:/mydir/isr4400-universalk9.03.14.00.S.155-1.S-std.SPA.bin
Step 4 boot bootflash:mydir/ /packages.conf. Boots the super package by specifying the path and name
of the provisioning file: packages.conf.
Example:
rommon 1 > boot bootflash:mydir/packages.conf
Step 5 copy NIM firmware subpackage to the folder Copies the NIM firmware subpackage into bootflash:mydir.
bootflash:mydir/.
Example:
bootflash:mydir/
Step 6 request platform software package install rp 0 file Installs the software package.
bootflash:/mydir/<firmware subpackage>.
Example:
Router#equest platform software package install rp
0 file
bootflash:mydir/isr4400-firmware_nim_xdsl.2014-11-17_11.05_39n.SSA.pkg
Step 7 hw-module subslot x/y reload to boot the module with Reloads the hardware module subslot and boots the module
the new firmware. with the new firmware.
Example:
Router#hw-module subslot 0/2 reload
Step 8 show platform software subslot 0/2 module firmware Displays the version of the newly installed firmware.
to verify that the module is booted up with the new
firmware.
Example:
Router# show platform software subslot 0/2 module
firmware
Pe
Examples
The following example shows how to perform firmware upgrade in a router module:
Routermkdir bootflash:mydir
Create directory filename [mydir]?
Created dir bootflash:/mydir
Router#c
Router#copy bootflash:isr4400-universalk9.03.14.00.S.155-1.S-std.SPA.bin bootflash:mydir/
Destination filename [mydir/isr4400-universalk9.03.14.00.S.155-1.S-std.SPA.bin]?
Copy in progress...CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCC
425288648 bytes copied in 44.826 secs (9487544 bytes/sec)
Router#
Router#
Router#dir bootflash:mydir
Directory of bootflash:/mydir/
Verifying parameters
Validating package type
Copying package files
SUCCESS: Finished expanding all-in-one software package.
Router#reload
Proceed with reload? [confirm]
#
File size is 0x150ae3cc
Located mydir/isr4400-mono-universalk9.03.14.00.S.155-1.S-std.SPA.pkg
Image size 353035212 inode num 356929, bks cnt 86191 blk size 8*512
###################################################################
######################################################################
Boot image size = 353035212 (0x150ae3cc) bytes
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
*Dec 12 09:28:58.922:
%IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL:
Module name = esg Next reboot level = appxk9 and License = appxk9
*Dec 12 09:28:58.943:
%IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL:
Module name = esg Next reboot level = ipbasek9 and License = ipbasek9
*Dec 12 09:28:58.981:
%ISR_THROUGHPUT-6-LEVEL: Throughput level has been set to 1000000 kbps
*Dec 12 09:29:13.302: %SPANTREE-5-EXTENDED_SYSID: Extended SysId enabled for type vlan
*Dec 12 09:29:14.142: %LINK-3-UPDOWN: Interface Lsmpi0, changed state to up
*Dec 12 09:29:14.142: %LINK-3-UPDOWN: Interface EOBC0, changed state to up
*Dec 12 09:29:14.142: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state to down
*Dec 12 09:29:14.142: %LINK-3-UPDOWN: Interface LIIN0, changed state to up
*Dec 12 09:28:51.438: %CMRP-3-PFU_MISSING:cmand: The platform does not detect a power
supply in slot 1
*Dec 12 09:29:01.256: %CMLIB-6-THROUGHPUT_VALUE:cmand: Throughput license found, throughput
set to 1000000 kbps
*Dec 12 09:29:03.223: %CPPHA-7-START:cpp_ha: CPP 0 preparing ucode
*Dec 12 09:29:03.238: %CPPHA-7-START:cpp_ha: CPP 0 startup init
*Dec 12 09:29:11.335: %CPPHA-7-START:cpp_ha: CPP 0 running init
*Dec 12 09:29:11.645: %CPPHA-7-READY:cpp_ha: CPP 0 loading and initialization complete
*Dec 12 09:29:11.711: %IOSXE-6-PLATFORM:cpp_cp:
Process CPP_PFILTER_EA_EVENT__API_CALL__REGISTER
*Dec 12 09:29:16.280:
%IOSXE_MGMTVRF-6-CREATE_SUCCESS_INFO:
Management vrf Mgmt-intf created with ID 1, ipv4 table-id 0x1, ipv6 table-id 0x1E000001
*Dec 12 09:29:16.330:
%LINEPROTO-5-UPDOWN: Line protocol on Interface Lsmpi0, changed state to up
*Dec 12 09:29:16.330:
%LINEPROTO-5-UPDOWN: Line protocol on Interface EOBC0, changed state to up
*Dec 12 09:29:16.330:
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to down
*Dec 12 09:29:16.330:
%LINEPROTO-5-UPDOWN: Line protocol on Interface LIIN0, changed state to up
*Dec 12 09:29:17.521: %SYS-5-LOG_CONFIG_CHANGE: Buffer logging disabled
*Dec 12 09:29:18.867: %SYS-5-CONFIG_I: Configured from memory by console
*Dec 12 09:29:18.870:
%IOSXE_OIR-6-REMSPA: SPA removed from subslot 0/0, interfaces disabled
*Dec 12 09:29:18.870:
%IOSXE_OIR-6-REMSPA: SPA removed from subslot 0/1, interfaces disabled
*Dec 12 09:29:18.871:
%IOSXE_OIR-6-REMSPA: SPA removed from subslot 0/2, interfaces disabled
*Dec 12 09:29:18.873:
%SPA_OIR-6-OFFLINECARD: SPA (ISR4451-X-4x1GE) offline in subslot 0/0
*Dec 12 09:29:18.874: %SPA_OIR-6-OFFLINECARD: SPA (NIM-VA-B) offline in subslot 0/1
*Dec 12 09:29:18.874: %SPA_OIR-6-OFFLINECARD: SPA (NIM-VAB-A) offline in subslot 0/2
*Dec 12 09:29:18.876: %IOSXE_OIR-6-INSCARD: Card (fp) inserted in slot F0
*Dec 12 09:29:18.876: %IOSXE_OIR-6-ONLINECARD: Card (fp) online in slot F0
*Dec 12 09:29:18.882: %IOSXE_OIR-6-INSSPA: SPA inserted in subslot 0/0
*Dec 12 09:29:18.884: %IOSXE_OIR-6-INSSPA: SPA inserted in subslot 0/1
*Dec 12 09:29:18.884: %IOSXE_OIR-6-INSSPA: SPA inserted in subslot 0/2
*Dec 12 09:29:18.935: %SYS-5-RESTART: System restarted --
Cisco IOS Software, ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5(1)S,
RELEASE SOFTWARE (fc5)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Thu 20-Nov-14 18:28 by mcpre
*Dec 12 09:29:18.895: %SPA-3-ENVMON_NOT_MONITORED:iomd: Environmental monitoring
is not enabled for ISR4451-X-4x1GE[0/0]
*Dec 12 09:29:19.878: %LINK-5-CHANGED: Interface GigabitEthernet0,
Daemon Status: UP
TC Mode: PTM
Selftest Result: 0x00
DELT configuration: disabled
DELT state: not running
Line 1:
Router#
Router#
Router#copy bootflash:isr4400-firmware_nim_xdsl.2014-11-17_11.05_39n.SSA.pkg
bootflash:mydir/
Destination filename [mydir/isr4400-firmware_nim_xdsl.2014-11-17_11.05_39n.SSA.pkg]?
Copy in progress...CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
6640604 bytes copied in 1.365 secs (4864911 bytes/sec)
Router#
Modem Up time
-------------------------------------------
0D 0H 25M 38S
Router#
Modem Up time
-------------------------------------------
0D 0H 0M 42S
Router#
Default Configuration
When you boot up the router, the router looks for a default file name-the PID of the router. For example, the
Cisco 4000 Series Integrated Services Routers look for a file named isr 4451.cfg. The Cisco 4000 Series ISR
looks for this file before finding the standard files-router-confg or the ciscortr.cfg.
The Cisco 4000 ISR looks for the isr4451.cfg file in the bootflash. If the file is not found in the bootflash, the
router then looks for the standard files-router-confg and ciscortr.cfg. If none of the files are found, the router
then checks for any inserted USB that may have stored these files in the same particular order.
Note If there is a configuration file with the PID as its name in an inserted USB, but one of the standard files are
in bootflash, the system finds the standard file for use.
Use the show running-config command to view the initial configuration, as shown in the following example:
Router# show running-config
Building configuration...
Current configuration : 977 bytes
!
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
no aaa new-model
!
ipv6 multicast rpf use-bgp
!
!
multilink bundle-name authenticated
!
!
redundancy
mode none
!
interface GigabitEthernet0/0/0
no ip address
negotiation auto
!
interface GigabitEthernet0/0/1
no ip address
negotiation auto
!
interface GigabitEthernet0/0/2
no ip address
negotiation auto
!
interface GigabitEthernet0/0/3
no ip address
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
negotiation auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
control-plane
!
!
line con 0
stopbits 1
line vty 0 4
login
!
!
end
SUMMARY STEPS
1. configure terminal
2. hostname name
3. enable secret password
4. no ip domain-lookup
DETAILED STEPS
Step 4 no ip domain-lookup Disables the router from translating unfamiliar words (typos)
into IP addresses.
Example:
For complete information on global parameter commands,
Router(config)# no ip domain-lookup see the Cisco IOS Release Configuration Guide
documentation set.
SUMMARY STEPS
1. interface gigabitethernet slot/bay/port
2. ip address ip-address mask
3. ipv6 address ipv6-address/prefix
4. no shutdown
5. exit
DETAILED STEPS
Step 2 ip address ip-address mask Sets the IP address and subnet mask for the specified
Gigabit Ethernet interface. Use this Step if you are
Example:
configuring an IPv4 address.
Router(config-if)# ip address 192.168.12.2
255.255.255.0
Step 3 ipv6 address ipv6-address/prefix Sets the IPv6 address and prefix for the specified Gigabit
Ethernet interface. Use this step instead of Step 2, if you
Example:
are configuring an IPv6 address.
Router(config-if)# ipv6 address
2001.db8::ffff:1/128
Step 4 no shutdown Enables the Gigabit Ethernet interface and changes its state
from administratively down to administratively up.
Example:
Router(config-if)# no shutdown
Step 5 exit Exits configuration mode for the Gigabit Ethernet interface
and returns to privileged EXEC mode.
Example:
Router(config-if)# exit
SUMMARY STEPS
1. interface type number
2. (Option 1) ip address ip-address mask
3. (Option 2) ipv6 address ipv6-address/prefix
4. exit
DETAILED STEPS
Step 2 (Option 1) ip address ip-address mask Sets the IP address and subnet mask on the loopback
interface. (If you are configuring an IPv6 address, use the
Example:
ipv6 address ipv6-address/prefix command described
below.
Router(config-if)# ip address 10.108.1.1
255.255.255.0
Step 3 (Option 2) ipv6 address ipv6-address/prefix Sets the IPv6 address and prefix on the loopback interface.
Example:
Router(config-if)# 2001:db8::ffff:1/128
Step 4 exit Exits configuration mode for the loopback interface and
returns to global configuration mode.
Example:
Router(config-if)# exit
Example
Enter the show interface loopback command. You should see an output similar to the following
example:
Alternatively, use the ping command to verify the loopback interface, as shown in the following
example:
Note Each port can use any number of the available feature filters. A single port can use a maximum of 28 feature
filters. If all the 4 GE ports uses the filters equally, then each port can have a maximum of seven filters.
Note Each port can use any number of the available feature filters. A single port can use a maximum of 30 feature
filters. If both the ports uses the filters equally, then each port can have a maximum of 15 filters.
Gigabit0/0/0 32 = 1 + 28
Gigabit0/0/1 1
Gigabit0/0/2 1
Gigabit0/0/3 1
TenGigabit0/0/0 32 = 1 + 30
TenGigabit0/0/1 1
Table 14: Cisco 4451 and 4431 ISRs GigabitEthernet Interface MAC Filters Distribution
Gigabit0/0/0 32 = 1 + 28
Gigabit0/0/1 1
Gigabit0/0/2 1
Gigabit0/0/3 1
Table 15: Cisco ISR4351 and 4331 ISR MAC Filter Distribution
Gigabit0/0/0 16 = 1 + 15
Gigabit0/0/1 16 1 15
Gigabit0/0/2 16 1 15
Table 16: Cisco 4321 and 4221 ISRs MAC Filter Distribution
Gigabit0/0/0 16 = 1 + 15
Gigabit0/0/1 16 = 1 + 15
Note CDP is not enabled by default on Cisco Aggregation Services Routers or on the Cisco CSR 1000v.
For more information on using CDP, see Cisco Discovery Protocol Configuration Guide, Cisco IOS XE
Release 3S.
SUMMARY STEPS
1. line [aux | console | tty | vty] line-number
2. password password
3. login
4. exec-timeout minutes [seconds]
5. exit
DETAILED STEPS
Step 2 password password Specifies a unique password for the console terminal line.
Example:
Router(config-line)# login
Step 4 exec-timeout minutes [seconds] Sets the interval during which the EXEC command
interpreter waits until user input is detected. The default is
Example:
10 minutes. Optionally, adds seconds to the interval value.
Router(config-line)# exec-timeout 5 30 The example provided here shows a timeout of 5 minutes
Router(config-line)# and 30 seconds. Entering a timeout of 0 0 specifies never
to time out.
Router(config-line)# exit
Step 6 line [aux | console | tty | vty] line-number Specifies a virtual terminal for remote console access.
Example:
Step 7 password password Specifies a unique password for the virtual terminal line.
Example:
Router(config-line)# login
Router(config-line)# end
Example
The following configuration shows the command-line access commands.
You do not have to input the commands marked default. These commands appear automatically in
the configuration file that is generated when you use the show running-config command.
!
line console 0
exec-timeout 10 0
password 4youreyesonly
login
transport input none (default)
stopbits 1 (default)
line vty 0 4
password secret
login
!
SUMMARY STEPS
1. (Option 1) ip route prefix mask {ip-address | interface-type interface-number [ip-address]}
2. (Option 2) ipv6 route prefix/mask {ipv6-address | interface-type interface-number [ipv6-address]}
3. end
DETAILED STEPS
Step 2 (Option 2) ipv6 route prefix/mask {ipv6-address | Specifies a static route for the IP packets.
interface-type interface-number [ipv6-address]}
Example:
Step 3 end Exits global configuration mode and enters privileged EXEC
mode.
Example:
Router(config)# end
Example
Verifying Configuration
In the following configuration example, the static route sends out all IP packets with a destination
IP address of 192.168.1.0 and a subnet mask of 255.255.255.0 on the Gigabit Ethernet interface to
another device with an IP address of 10.10.10.2. Specifically, the packets are sent to the configured
PVC.
You do not have to enter the command marked default. This command appears automatically in the
configuration file generated when you use the running-config command.
!
ip classless (default)
ip route 192.168.1.0 255.255.255.0
To verify that you have configured static routing correctly, enter the show ip route command (or
show ipv6 route command) and look for static routes marked with the letter S.
When you use an IPv4 address, you should see verification output similar to the following:
When you use an IPv6 address, you should see verification output similar to the following:
C 2001:DB8:3::/64 [0/0]
via GigabitEthernet0/0/2, directly connected
S 2001:DB8:2::/64 [1/0]
via 2001:DB8:3::1
SUMMARY STEPS
1. router rip
2. version {1 | 2}
3. network ip-address
4. no auto-summary
5. end
DETAILED STEPS
Router(config-router)# version 2
Router(config-router)# end
Example
Verifying Configuration
The following configuration example shows RIP Version 2 enabled in IP networks 10.0.0.0 and
192.168.1.0. To see this configuration, use the show running-config command from privileged
EXEC mode.
!
Router# show running-config
Building configuration...
no aaa new-model
!
transport-map type console consolehandler
banner wait ^C
Waiting for IOS vty line
^C
banner diagnostic ^C
Welcome to diag mode
^C
!
clock timezone EST -4 0
!
!
!
ipv6 multicast rpf use-bgp
!
!
multilink bundle-name authenticated
!
redundancy
mode none
!
ip ftp source-interface GigabitEthernet0
ip tftp source-interface GigabitEthernet0
!
!
interface GigabitEthernet0/0/0
no ip address
negotiation auto
!
interface GigabitEthernet0/0/1
no ip address
negotiation auto
!
interface GigabitEthernet0/0/2
no ip address
negotiation auto
!
interface GigabitEthernet0/0/3
no ip address
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
ip address 172.18.77.212 255.255.255.240
negotiation auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0 172.18.77.209
!
control-plane
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password cisco
login
!
transport type console 0 input consolehandler
!
ntp server vrf Mgmt-intf 10.81.254.131
!
end
To verify that you have configured RIP correctly, enter the show ip route command and look for
RIP routes marked with the letter R. You should see an output similar to the one shown in the
following example:
Router# show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
SUMMARY STEPS
1. router eigrp as-number
2. network ip-address
3. end
DETAILED STEPS
Router(config-router)# end
Example
To verify that you have configured IP EIGRP correctly, enter the show ip route command, and look
for EIGRP routes marked by the letter D. You should see verification output similar to the following:
Router# show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
DETAILED STEPS
Router> enable
Step 4 ip address ip-address mask [secondary] dhcp pool Assigns an IP address to the GigabitEthernet
Example: • ip address ip-address—IP address for the interface.
Router(config-if)# end
Interface IHQ IQD OHQ OQD RXBS RXPS TXBS TXPS TRTL
------------------------------------------------------------------------------------------
* GigabitEthernet0/0/0 0 0 0 0 0 0 0 0 0
* GigabitEthernet0/0/1 0 0 0 0 0 0 0 0 0
* GigabitEthernet0/0/2 0 0 0 0 0 0 0 0 0
* GigabitEthernet0/0/3 0 0 0 0 0 0 0 0 0
* GigabitEthernet 0 0 0 0 0 0 0 0 0
The show process cpu command displays Cisco IOS CPU utilization average:
Router# show process cpu
CPU utilization for five seconds: 0%/0%; one minute: 0%; five minutes: 0%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
1 583 48054 12 0.00% 0.00% 0.00% 0 Chunk Manager
2 991 176805 5 0.00% 0.00% 0.00% 0 Load Meter
3 0 2 0 0.00% 0.00% 0.00% 0 IFCOM Msg Hdlr
4 0 11 0 0.00% 0.00% 0.00% 0 Retransmission o
5 0 3 0 0.00% 0.00% 0.00% 0 IPC ISSU Dispatc
6 230385 119697 1924 0.00% 0.01% 0.00% 0 Check heaps
7 49 28 1750 0.00% 0.00% 0.00% 0 Pool Manager
8 0 2 0 0.00% 0.00% 0.00% 0 Timers
9 17268 644656 26 0.00% 0.00% 0.00% 0 ARP Input
10 197 922201 0 0.00% 0.00% 0.00% 0 ARP Background
11 0 2 0 0.00% 0.00% 0.00% 0 ATM Idle Timer
12 0 1 0 0.00% 0.00% 0.00% 0 ATM ASYNC PROC
13 0 1 0 0.00% 0.00% 0.00% 0 AAA_SERVER_DEADT
14 0 1 0 0.00% 0.00% 0.00% 0 Policy Manager
15 0 2 0 0.00% 0.00% 0.00% 0 DDR Timers
16 1 15 66 0.00% 0.00% 0.00% 0 Entity MIB API
17 13 1195 10 0.00% 0.00% 0.00% 0 EEM ED Syslog
18 93 46 2021 0.00% 0.00% 0.00% 0 PrstVbl
19 0 1 0 0.00% 0.00% 0.00% 0 RO Notify Timers
The following sections describe the fields in the show platform software status control-processor command
output.
Load Average
Load average represents the process queue or process contention for CPU resources. For example, on a
single-core processor, an instantaneous load of 7 would mean that seven processes are ready to run, one of
which is currently running. On a dual-core processor, a load of 7 would mean that seven processes are ready
to run, two of which are currently running.
Memory Utilization
Memory utilization is represented by the following fields:
• Total—Total line card memory
• Used—Consumed memory
• Free—Available memory
• Committed—Virtual memory committed to processes
CPU Utilization
CPU utilization is an indication of the percentage of time the CPU is busy, and is represented by the following
fields:
• CPU—Allocated processor
• User—Non-Linux kernel processes
• System—Linux kernel process
• Nice—Low-priority processes
• Idle—Percentage of time the CPU was inactive
• IRQ—Interrupts
• SIRQ—System Interrupts
• IOwait—Percentage of time CPU was waiting for I/O
Memory (kB)
Slot Status Total Used (Pct) Free (Pct) Committed (Pct)
RP0 Healthy 3971216 3426452 (86%) 544764 (14%) 2595212 (65%)
CPU Utilization
Slot CPU User System Nice Idle IRQ SIRQ IOwait
RP0 0 1.60 0.90 0.00 97.30 0.10 0.10 0.00
1 0.09 1.29 0.00 98.60 0.00 0.00 0.00
2 0.10 0.10 0.00 99.79 0.00 0.00 0.00
3 0.00 0.00 0.00 100.00 0.00 0.00 0.00
4 0.60 4.90 0.00 94.50 0.00 0.00 0.00
5 0.70 1.30 0.00 98.00 0.00 0.00 0.00
6 0.10 0.00 0.00 99.90 0.00 0.00 0.00
7 1.39 0.49 0.00 98.10 0.00 0.00 0.00
The size of the bootflash disk must be at least of the same size as that of the physical memory installed on the
router. If this condition is not met, a syslog alarm is generated as shown in the following example:
%IOSXEBOOT-2-FLASH_SIZE_CHECK: (rp/0): Flash capacity (8 GB) is insufficient for fault
analysis based on
installed memory of RP (16 GB)
%IOSXEBOOT-2-FLASH_SIZE_CHECK: (rp/0): Please increase the size of installed flash to at
least 16 GB (same as
physical memory size)
If alarm severity is not specified, alarm messages for all severity levels are sent to logging devices.
Module Removed
*Aug 22 13:27:33.774: %ISR4451-X_OIR-6-REMSPA: Module removed from subslot 1/1, interfaces
disabled
*Aug 22 13:27:33.775: %SPA_OIR-6-OFFLINECARD: Module (SPA-4XT-SERIAL) offline in subslot
1/1
Module Reinserted
*Aug 22 13:32:29.447: %ISR4451-X_OIR-6-INSSPA: Module inserted in subslot 1/1
*Aug 22 13:32:34.916: %SPA_OIR-6-ONLINECARD: Module (SPA-4XT-SERIAL) online in subslot 1/1
*Aug 22 13:32:35.523: %LINK-3-UPDOWN: SIP1/1: Interface EOBC1/1, changed state to up
Alarms
To view alarms, use the show facility-alarm status command. The following example shows a critical alarm
for the power supply:
To view critical alarms, use the show facility-alarm status critical command, as shown in the following
example:
Router# show facility-alarm status critical
System Totals Critical: 5 Major: 0 Minor: 0
To view the operational state of the major hardware components on the router, use the show platform diag
command. This example shows that power supply P0 has failed:
Router# show platform diag
Chassis type: ISR4451/K9
Slot: 0, ISR4451-NGSM
Running state : ok
Internal state : online
Internal operational state : ok
Physical insert detect time : 00:01:09 (1w0d ago)
Software declared up time : 00:01:42 (1w0d ago)
CPLD version : 12061320
Firmware version : 12.2(20120618:163328)[ciscouser-ESGROM_20120618_GAMMA 101]
Slot: 1, ISR4451-NGSM
Running state : ok
Internal state : online
Internal operational state : ok
Physical insert detect time : 00:01:09 (1w0d ago)
Software declared up time : 00:01:43 (1w0d ago)
CPLD version : 12061320
Firmware version : 12.2(20120618:163328)[ciscouser-ESGROM_20120618_GAMMA 101]
Slot: 2, ISR4451-NGSM
Running state : ok
Internal state : online
Internal operational state : ok
Network Management System Alerts a Network Administrator when an Alarm is Reported Through
SNMP
The SNMP is an application-layer protocol that provides a standardized framework and a common language
used for monitoring and managing devices in a network. Of all the approaches to monitor alarms, SNMP is
the best approach to monitor more than one router in an enterprise and service provider setup.
SNMP provides notification of faults, alarms, and conditions that might affect services. It allows a network
administrator to access router information through a network management system (NMS) instead of reviewing
logs, polling devices, or reviewing log reports.
To use SNMP to get alarm notification, use the following MIBs:
• ENTITY-MIB, RFC 4133 (required for the CISCO-ENTITY-ALARM-MIB and
CISCO-ENTITY-SENSOR-MIB to work)
• CISCO-ENTITY-ALARM-MIB
• CISCO-ENTITY-SENSOR-MIB (for transceiver environmental alarm information, which is not provided
through the CISCO-ENTITY-ALARM-MIB)
The process lifecycle notification component failed, Note the time of the message and investigate the
preventing proper detection of a process start and stop. kernel error message logs to learn more about the
This problem is likely the result of a software defect problem and see if it is correctable. If the problem
in the software subpackage. cannot be corrected or the logs are not helpful, copy
the error message exactly as it appears on the console
along with the output of the show tech-support
command and provide the gathered information to a
Cisco technical support representative.
Error Message: %PMAN-0-PROCFAILCRIT A critical process [chars] has failed (rc [dec])
A process important to the functioning of the router Note the time of the message and investigate the error
has failed. message logs to learn more about the problem. If the
problem persists, copy the message exactly as it
appears on the console or in the system log. Research
and attempt to resolve the issue using the tools and
utilities provided at: http://www.cisco.com/tac. With
some messages, these tools and utilities will supply
clarifying information. Search for resolved software
issues using the Bug Search Tool at:
http://www.cisco.com/cisco/psn/bssprt/bss. If you still
require assistance, open a case with the Technical
Assistance Center at:
http://tools.cisco.com/ServiceRequestTool/create/, or
contact your Cisco technical support representative
and provide the representative with the information
you have gathered. Attach the following information
to your case in nonzipped, plain-text (.txt) format: the
output of the show logging and show tech-support
commands and your pertinent troubleshooting logs.
Error Message: %PMAN-3-PROCFAILOPT An optional process [chars] has failed (rc [dec])
A process that does not affect the forwarding of traffic Note the time of the message and investigate the
has failed. kernel error message logs to learn more about the
problem. Although traffic will still be forwarded after
receiving this message, certain functions on the router
may be disabled because of this message and the error
should be investigated. If the logs are not helpful or
indicate a problem you cannot correct, copy the
message exactly as it appears on the console or in the
system log. Research and attempt to resolve the issue
using the tools and utilities provided at
http://www.cisco.com/tac. With some messages, these
tools and utilities will supply clarifying information.
Search for resolved software issues using the Bug
Search Tool at:
http://www.cisco.com/cisco/psn/bssprt/bss. If you still
require assistance, open a case with the Technical
Assistance Center at:
http://tools.cisco.com/ServiceRequestTool/create/, or
contact your Cisco technical support representative
and provide the representative with the information
you have gathered. Attach the following information
to your case in nonzipped, plain-text (.txt) format: the
output of the show logging and show tech-support
commands and your pertinent troubleshooting logs.
Error Message: %PMAN-3-PROCFAIL The process [chars] has failed (rc [dec])
The process has failed as the result of an error. This message will appear with other messages related
to the process. Check the other messages to determine
the reason for the failures and see if corrective action
can be taken. If the problem persists, copy the message
exactly as it appears on the console or in the system
log. Research and attempt to resolve the issue using
the tools and utilities provided at:
http://www.cisco.com/tac. With some messages, these
tools and utilities will supply clarifying information.
Search for resolved software issues using the Bug
Search Tool at:
http://www.cisco.com/cisco/psn/bssprt/bss. If you still
require assistance, open a case with the Technical
Assistance Center at:
http://tools.cisco.com/ServiceRequestTool/create/, or
contact your Cisco technical support representative
and provide the representative with the information
you have gathered. Attach the following information
to your case in nonzipped, plain-text (.txt) format: the
output of the show logging and show tech-support
commands and your pertinent troubleshooting logs.
Error Message: %PMAN-3-PROCFAIL_IGNORE [chars] process exits and failures are being ignored
due to debug settings. Normal router functionality will be affected. Critical router
functions like RP switchover, router reload, FRU resets, etc. may not function properly.
A process failure is being ignored due to the If this behavior is desired and the debug settings are
user-configured debug settings. set according to a user's preference, no action is
needed. If the appearance of this message is viewed
as a problem, change the debug settings. The router
is not expected to behave normally with this debug
setting. Functionalities such as SSO switchover, router
reloads, FRU resets, and so on will be affected. This
setting should only be used in a debug scenario. It is
not normal to run the router with this setting.
Error Message: %PMAN-3-PROCHOLDDOWN The process [chars] has been helddown (rc [dec])
The process was restarted too many times with This message will appear with other messages related
repeated failures and has been placed in the hold-down to the process. Check the other messages to determine
state. the reason for the failures and see if corrective action
can be taken. If the problem persists, copy the message
exactly as it appears on the console or in the system
log. Research and attempt to resolve the issue using
the tools and utilities provided at:
http://www.cisco.com/tac. With some messages, these
tools and utilities will supply clarifying information.
Search for resolved software issues using the Bug
Search Tool at:
http://www.cisco.com/cisco/psn/bssprt/bss. If you still
require assistance, open a case with the Technical
Assistance Center at:
http://tools.cisco.com/ServiceRequestTool/create/, or
contact your Cisco technical support representative
and provide the representative with the information
you have gathered. Attach the following information
to your case in nonzipped, plain-text (.txt) format: the
output of the show logging and show tech-support
commands and your pertinent troubleshooting logs.
The route processor is being reloaded because there Ensure that the reload is not due to an error condition.
is no ready standby instance.
The RP is being reloaded. Ensure that the reload is not due to an error condition.
If it is due to an error condition, collect information
requested by the other log messages.
The system is being reloaded. Ensure that the reload is not due to an error condition.
If it is due to an error condition, collect information
requested by the other log messages.
The executable file used for the process is bad or has Ensure that the named executable is replaced with the
permission problem. correct executable.
The executable file used for the process is missing, Ensure that the named executable is present and the
or a dependent library is bad. dependent libraries are good.
The executable file used for the process is empty. Ensure that the named executable is non-zero in size.
The process manager is exiting. Ensure that the process manager is not exiting due to
an error condition. If it is due to an error condition,
collect information requested by the other log
messages.
The process has gracefully shut down. No user action is necessary. This message is provided
for informational purposes only.
The process has launched and is operating properly. No user action is necessary. This message is provided
for informational purposes only.
The process has requested a stateless restart. No user action is necessary. This message is provided
for informational purposes only.
Tracing Overview
Tracing is a function that logs internal events. Trace files containing trace messages are automatically created
and saved to the tracelogs directory on the hard disk: file system on the router, which stores tracing files in
bootflash.
The contents of trace files are useful for the following purposes:
• Troubleshooting—Helps to locate and solve an issue with a router. The trace files can be accessed in
diagnostic mode even if other system issues are occurring simultaneously.
• Debugging—Helps to obtain a detailed view of system actions and operations.
Use the following commands to view trace information and set tracing levels:
• show platform software trace message—Shows the most recent trace information for a specific module.
This command can be used in privileged EXEC and diagnostic modes. When used in diagnostic mode,
this command can gather trace log information during a Cisco IOS XE failure.
• set platform software trace—Sets a tracing level that determines the types of messages that are stored
in the output. For more information on tracing levels, see Tracing Levels, on page 140.
Tracing Levels
Tracing levels determine how much information should be stored about a module in the trace buffer or file.
The following table shows all the tracing levels that are available and provides descriptions of what types of
messages are displayed with each tracing level.
If a tracing level is set, messages are collected from both lower tracing levels and from its own level.
For example, setting the tracing level to 3 (error) means that the trace file will contain output messages for
levels: 0 (emergencies), 1 (alerts), 2 (critical), and 3 (error).
If you set the trace level to 4 (warning), it results in output messages for levels: 0 (emergencies), 1 (alerts), 2
(critical), 3 (error), and 4 (warning).
The default tracing level for every module on the router is 5 (notice).
A tracing level is not set in a configuration mode, which results in tracing-level settings being returned to
default values after the router reloads.
Caution Setting the tracing level of a module to debug level or higher can have a negative impact on the performance.
Caution Setting high tracing levels on a large number of modules can severely degrade performance. If a high tracing
level is required in a specific context, it is almost always preferable to set the tracing level of a single module
to a higher level rather than setting multiple modules to high levels.
bsignal Notice
btrace Notice
cce Notice
cdllib Notice
cef Notice
chasfs Notice
chasutil Notice
erspan Notice
ess Notice
ether-channel Notice
evlib Notice
evutil Notice
file_alloc Notice
fman_rp Notice
fpm Notice
fw Notice
icmp Notice
interfaces Notice
iosd Notice
ipc Notice
ipclog Notice
iphc Notice
IPsec Notice
mgmte-acl Notice
mlp Notice
mqipc Notice
nat Notice
nbar Notice
netflow Notice
om Notice
peer Notice
qos Notice
route-map Notice
sbc Notice
services Notice
sw_wdog Notice
tdl_acl_config_type Notice
tdl_acl_db_type Notice
tdl_cdlcore_message Notice
tdl_cef_config_common_type Notice
tdl_cef_config_type Notice
tdl_dpidb_config_type Notice
tdl_fman_rp_comm_type Notice
tdl_fman_rp_message Notice
tdl_fw_config_type Notice
tdl_hapi_tdl_type Notice
tdl_icmp_type Notice
tdl_ip_options_type Notice
tdl_ipc_ack_type Notice
tdl_IPsec_db_type Notice
tdl_mcp_comm_type Notice
tdl_mlp_config_type Notice
tdl_mlp_db_type Notice
tdl_om_type Notice
tdl_ui_message Notice
tdl_ui_type Notice
tdl_urpf_config_type Notice
tdllib Notice
trans_avl Notice
uihandler Notice
uipeer Notice
uistatus Notice
urpf Notice
vista Notice
wccp Notice
Environmental Monitoring
The router provides a robust environment-monitoring system with several sensors that monitor the system
temperatures. Microprocessors generate interrupts to the HOST CPU for critical events and generate a periodic
status and statistics report. The following are some of the key functions of the environmental monitoring
system:
• Monitoring temperature of CPUs, motherboard, and midplane
• Monitoring fan speed
• Recording abnormal events and generating notifications
• Monitoring Simple Network Management Protocol (SNMP) traps
• Generating and collecting Onboard Failure Logging (OBFL) data
• Sending call home event notifications
• Logging system error messages
• Displaying present settings and status
In addition, each power supply monitors its internal temperature and voltage. A power supply is either within
tolerance (normal) or out of tolerance (critical). If an internal power supply's temperature or voltage reaches
a critical level, the power supply shuts down without any interaction with the system processor.
The following table displays the levels of status conditions used by the environmental monitoring system.
Table 18: Levels of Status Conditions Used by the Environmental Monitoring System
Warning The system has exceeded a specified threshold. The system continues to
operate, but operator action is recommended to bring the system back to a
normal state.
The environmental monitoring system sends system messages to the console, for example, when the conditions
described here are met:
Fan Failure
When the system power is on, all the fans should be operational. Although the system continues to operate if
a fan fails, the system displays the following message:
%IOSXE_PEM-3-FANFAIL: The fan in slot 2/0 is encountering a failure condition
These commands show the current values of parameters such as temperature and voltage.
The environmental monitoring system updates the values of these parameters every 60 seconds. Brief examples
of these commands are shown below:
NAME: "Power Supply Module 0", DESCR: "450W AC Power Supply for Cisco ISR4450"
PID: XXX-XXXX-XX , VID: XXX, SN: DCA1547X047
NAME: "Power Supply Module 1", DESCR: "450W AC Power Supply for Cisco ISR4450"
PID: XXX-XXXX-XX , VID: XXX, SN: DCA1614Y022
NAME: "POE Module 0", DESCR: "Single POE for Cisco ISR4451"
PID: PWR-POE-4400 , VID: , SN: FHH1638P00E
NAME: "POE Module 1", DESCR: "Single POE for Cisco ISR4451"
PID: PWR-POE-4400 , VID: , SN: FHH1638P00G
NAME: "GE-POE Module", DESCR: "POE Module for On Board GE for Cisco ISR4400"
PID: 800G2-POE-2 , VID: V01, SN: FOC151849W9
NAME: "NIM subslot 0/0", DESCR: "Front Panel 4 ports Gigabitethernet Module"
PID: ISR4451-X-4x1GE , VID: V01, SN: JAB092709EL
NAME: "SM subslot 1/0", DESCR: "SM-X-1T3/E3 - Clear T3/E3 Serial Module"
PID: SM-X-1T3/E3 , VID: V01, SN: FOC164750RG
Note Cisco ISR 4321 does not display the serial numbers of power supply and fan tray with the show
inventory command.
Slot: 0, ISR4451/K9
Running state : ok
Internal state : online
Internal operational state : ok
Physical insert detect time : 00:01:04 (3d10h ago)
Software declared up time : 00:01:43 (3d10h ago)
CPLD version : 12121625
Firmware version : 15.3(1r)S
Slot: 1, ISR4451/K9
Running state : ok
Internal state : online
Internal operational state : ok
Physical insert detect time : 00:01:04 (3d10h ago)
Software declared up time : 00:01:44 (3d10h ago)
CPLD version : 12121625
Firmware version : 15.3(1r)S
Slot: 2, ISR4451/K9
Running state : ok
Internal state : online
Internal operational state : ok
Physical insert detect time : 00:01:04 (3d10h ago)
Software declared up time : 00:01:45 (3d10h ago)
CPLD version : 12121625
Firmware version : 15.3(1r)S
Per-core Statistics
CPU0: CPU Utilization (percentage of time spent)
User: 1.00, System: 2.90, Nice: 0.00, Idle: 96.00
IRQ: 0.10, SIRQ: 0.00, IOwait: 0.00
CPU1: CPU Utilization (percentage of time spent)
User: 10.71, System: 29.22, Nice: 0.00, Idle: 60.06
IRQ: 0.00, SIRQ: 0.00, IOwait: 0.00
CPU2: CPU Utilization (percentage of time spent)
User: 0.80, System: 1.30, Nice: 0.00, Idle: 97.90
IRQ: 0.00, SIRQ: 0.00, IOwait: 0.00
CPU3: CPU Utilization (percentage of time spent)
User: 10.61, System: 34.03, Nice: 0.00, Idle: 55.25
IRQ: 0.00, SIRQ: 0.10, IOwait: 0.00
CPU4: CPU Utilization (percentage of time spent)
User: 0.60, System: 1.20, Nice: 0.00, Idle: 98.20
IRQ: 0.00, SIRQ: 0.00, IOwait: 0.00
CPU5: CPU Utilization (percentage of time spent)
User: 13.18, System: 35.46, Nice: 0.00, Idle: 51.24
IRQ: 0.00, SIRQ: 0.09, IOwait: 0.00
CPU6: CPU Utilization (percentage of time spent)
User: 0.80, System: 2.40, Nice: 0.00, Idle: 96.80
IRQ: 0.00, SIRQ: 0.00, IOwait: 0.00
CPU7: CPU Utilization (percentage of time spent)
User: 10.41, System: 33.63, Nice: 0.00, Idle: 55.85
IRQ: 0.00, SIRQ: 0.10, IOwait: 0.00
EEPROM version : 4
Compatible Type : 0xFF
PCB Serial Number : FHH153900AU
Controller Type : 1902
Hardware Revision : 0.0
PCB Part Number : 73-13854-01
Top Assy. Part Number : 800-36894-01
Board Revision : 01
Deviation Number : 122081
Fab Version : 01
Product Identifier (PID) : CISCO------<0A>
Version Identifier (VID) : V01<0A>
Chassis Serial Number : FHH1539P00Q
Chassis MAC Address : 0000.0000.0000
MAC Address block size : 96
Asset ID : REV1B<0A>
Asset ID :
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
-----------------------------------------------------------------
Technology Technology-package Technology-package
Current Type Next reboot
------------------------------------------------------------------
appx None None None
uc None None None
security None None None
ipbase ipbasek9 Permanent ipbasek9
• Configuring the External PoE Service Module Power Supply Mode, on page 161
• Examples for Configuring Power Supply Mode, on page 161
• Available PoE Power, on page 163
Note The default mode for the router power supply is redundant mode.
Note The default mode for the external PoE service module power supply is redundant mode.
The show power command shows whether boost or redundant mode is configured and whether this mode is
currently running on the system.
Note To ensure the PoE feature is functional on the external PoE module, verify the availability of PoE power on
your router using the show platform and show power commands.
To determine there is enough PoE power for use by an external PoE service module, use the show platform
and show power commands to calculate the available PoE power based on the wattage values of the main
power supplies and PoE inverters.
Take the values of your main P0 and P1 power supplies to give the Total Power (for main power supplies.)
Then take the values of your PoE1 and PoE2 power inverters to calculate the Total PoE Power.
The following table shows example modes of operation, which may be similar to your configuration.
The Total PoE Power value, in the final column of the table needs to be 500 W or higher for the PoE feature
to be functional on a connected PoE service module.
Note Add power inverters to the router before inserting an external PoE module. Otherwise, even if the Total PoE
Power is sufficient, the PoE power will not be used by the external PoE module and the module will need to
be re-booted for the PoE feature to be functional.
Configuring a power mode of boost or redundant on the main power supplies, or PoE inverters, may affect
the value for Total PoE Power.
The following table shows all power values in Watts. The wattage ratings of the main power supplies are
shown in columns Main P0 and Main P1. The wattage ratings of the PoE inverters are shown in columns
PoE0 and PoE1.
Mode Main P0 Main P1 Config Total PoE0 PoE1 Config Total PoE
Example Mode Power Mode Power
(Main)
Note In the table above, for 500 W or higher Total PoE Power to be available, the "Total Power" (of the main power
supplies) must be 1000 W or higher.
For 1000 W Total PoE Power (see Mode Example 8 above), there must be two 1000 W main power supplies
(in Boost mode) and two PoE inverters (also in Boost mode).
Caution Care should be taken while removing the power supplies and power inverters (especially in Boost mode of
operation). If the total power consumption is higher than can be supported by one power supply alone and in
this condition a power supply is removed, the hardware can be damaged. This may then result in the system
being unstable or unusable.
Similarly, in the case where there is only one PoE inverter providing PoE power to a service module, and in
this condition the PoE inverter is removed, the hardware may be damaged, and may result in the system being
unstable or unusable.
Managing PoE
The Power over Ethernet (PoE) feature allows you to manage power on the FPGE ports. By using PoE, you
do not need to supply connected PoE-enabled devices with wall power. This eliminates the cost for additional
electrical cabling that would otherwise be necessary for connected devices. The router supports PoE (802.3af)
and PoE+ (802.3at). PoE provides up to 15.4 W of power, and PoE+ provides up to 30 W of power.
• PoE Support for FPGE Ports, on page 165
• Monitoring Your Power Supply, on page 165
• Enabling Cisco Discovery Protocol, on page 110
• Configuring PoE for FPGE Ports, on page 168
Power Allocated
Admin Value: 30.0
Power drawn from the source: 15.4
Power available to the device: 15.4
Absent Counter: 0
Over Current Counter: 0
Short Current Counter: 0
Invalid Signature Counter: 0
Power Denied Counter: 0
Note CDP is not enabled by default on Cisco Aggregation Services Routers or on the Cisco CSR 1000v.
For more information on using CDP, see Cisco Discovery Protocol Configuration Guide, Cisco IOS XE
Release 3S.
DETAILED STEPS
Router> enable
Step 3 cdp run Enables Cisco Discovery Protocol (CDP) on your router.
Example:
Step 6 power inline {auto { auto [max milli-watts] | never} Allows you to set the power inline options for FPGE ports.
Example: • auto—The auto keyword automatically detects the
power inline devices and supplies power to such
Router(config-if)# power inline auto devices.
Router(config-if)# exit
Additional References
The following sections provide references related to the power efficiency management feature.
MIBs
CISCO-ENTITY-FRU-CONTROL-MIB To locate and download MIBs for selected platforms, Cisco IOS
releases, and feature sets, use the Cisco MIB Locator at:
http://www.cisco.com/go/mibs.
Also see MIB Specifications Guide for the Cisco 4451-X Integrated
Services Router.
Technical Assistance
Description Link
The routers are joined by a configurable control link and data synchronization link. The control link is used
to communicate the status of the routers. The data synchronization link is used to transfer stateful information
to synchronize the stateful database for the calls and media flows. Each pair of redundant interfaces are
configured with the same unique ID number, also known as the RII. For information on configuring Interchassis
HA on your router, see Configuring Interchassis High Availability, on page 175.
IPsec Failover
The IPsec Failover feature increases the total uptime (or availability) of your IPsec network. Traditionally,
the increased availability of your IPsec network is accomplished by employing a redundant (standby) router
in addition to the original (active) router. When the active router becomes unavailable for a reason, the standby
router takes over the processing of IKE and IPsec. IPsec failover falls into two categories: stateless failover
and stateful failover.
On the router, only the stateless form of IPsec failover is supported. This stateless failover uses protocols such
as the Hot Standby Router Protocol (HSRP) to provide primary to secondary cutover and also allows the
active and standby VPN gateways to share a common virtual IP address.
Restrictions
• The failover time for a box-to-box application is higher for a non-box-to-box application.
• LAN and MESH scenarios are not supported.
• VRFs are not supported and cannot be configured under ZBFW High Availability data and control
interfaces.
• The maximum number of virtual MACs (and VRFs) supported by the Front Panel Gigabit Ethernet
(FPGE) interfaces depends on the platform. The supported Interfaces and Modules are listed in the
Interfaces and Modules page.. The Cisco 4451 ISR and Cisco 4431 ISR FPGE support two reserved
MACs and 24 filters which can be shared across all four FPGE interfaces. The Cisco 4351 ISR, Cisco
4331 ISR, and Cisco 4321 ISR FPGE support a maximum of 16 MACs with one reserved (BIA) and 15
Restrictions
• Only BFD version 1 is supported.
• When configured, only offloaded BFD sessions are supported;, BFD session on RP are not supported.
• Only Asynchronous mode or no echo mode of BFD is supported.
• 511 asynchronous BFD sessions are supported.
• BFD hardware offload is supported for IPv4 sessions with non-echo mode only.
• BFD offload is supported only on port-channel interfaces.
• BFD offload is supported only for the Ethernet interface.
• BFD offload is not supported for IPv6 BFD sessions.
• BFD offload is not supported for BFD with TE/FRR.
Note Prerequisites and links to additional documentation configuring Interchassis High Availability are listed in
Configuring Interchassis High Availability, on page 175.
The following example shows the redundancy application groups configured on the router:
Router# show redundancy application group
Group ID Group Name State
-------- ---------- -----
1 Generic-Redundancy-1 STANDBY
2 Generic-Redundancy2 ACTIVE
RF Domain: btob-one
RF state: STANDBY HOT
Peer RF state: ACTIVE
RF Domain: btob-two
RF state: ACTIVE
Peer RF state: STANDBY HOT
The following example shows details of the redundancy application transport client:
Router# show redundancy application transport client
Client Conn# Priority Interface L3 L4
( 0)RF 0 1 CTRL IPV4 SCTP
The following example shows configuration details for the redundancy application transport group:
Router# show redundancy application transport group
Transport Information for RG (1)
Client = RF
TI conn_id my_ip my_port peer_ip peer_por intf L3 L4
0 0 10.1.1.1 59000 10.2.2.2 59000 CTRL IPV4 SCTP
Client = MCP_HA
TI conn_id my_ip my_port peer_ip peer_por intf L3 L4
1 1 10.9.9.2 53000 10.9.9.1 53000 DATA IPV4 UDP_REL
Client = AR
TI conn_id my_ip my_port peer_ip peer_por intf L3 L4
2 0 10.0.0.0 0 10.0.0.0 0 NONE_IN NONE_L3 NONE_L4
Client = CF
TI conn_id my_ip my_port peer_ip peer_por intf L3 L4
3 0 10.9.9.2 59001 10.9.9.1 59001 DATA IPV4 SCTP
Transport Information for RG (2)
Client = RF
TI conn_id my_ip my_port peer_ip peer_por intf L3 L4
8 0 10.1.1.1 59004 10.1.1.2 59004 CTRL IPV4 SCTP
Client = MCP_HA
TI conn_id my_ip my_port peer_ip peer_por intf L3 L4
9 1 10.9.9.2 53002 10.9.9.1 53002 DATA IPV4 UDP_REL
Client = AR
TI conn_id my_ip my_port peer_ip peer_por intf L3 L4
10 0 10.0.0.0 0 10.0.0.0 0 NONE_IN NONE_L3 NONE_L4
Client = CF
TI conn_id my_ip my_port peer_ip peer_por intf L3 L4
11 0 10.9.9.2 59005 10.9.9.1 59005 DATA IPV4 SCTP
The following example shows the configuration details of redundancy application transport group 1:
Router# show redundancy application transport group 1
Transport Information for RG (1)
Client = RF
TI conn_id my_ip my_port peer_ip peer_por intf L3 L4
0 0 10.1.1.1 59000 10.1.1.2 59000 CTRL IPV4 SCTP
Client = MCP_HA
TI conn_id my_ip my_port peer_ip peer_por intf L3 L4
1 1 10.9.9.2 53000 10.9.9.1 53000 DATA IPV4 UDP_REL
Client = AR
TI conn_id my_ip my_port peer_ip peer_por intf L3 L4
2 0 10.0.0.0 0 10.0.0.0 0 NONE_IN NONE_L3 NONE_L4
Client = CF
TI conn_id my_ip my_port peer_ip peer_por intf L3 L4
3 0 10.9.9.2 59001 10.9.9.1 59001 DATA IPV4 SCTP
The following example shows configuration details of redundancy application transport group 2:
Router# show redundancy application transport group 2
Transport Information for RG (2)
Client = RF
TI conn_id my_ip my_port peer_ip peer_por intf L3 L4
8 0 10.1.1.1 59004 10.1.1.2 59004 CTRL IPV4 SCTP
Client = MCP_HA
TI conn_id my_ip my_port peer_ip peer_por intf L3 L4
9 1 10.9.9.2 53002 10.9.9.1 53002 DATA IPV4 UDP_REL
Client = AR
TI conn_id my_ip my_port peer_ip peer_por intf L3 L4
10 0 10.0.0.0 0 10.0.0.0 0 NONE_IN NONE_L3 NONE_L4
Client = CF
TI conn_id my_ip my_port peer_ip peer_por intf L3 L4
11 0 10.9.9.2 59005 10.9.9.1 59005 DATA IPV4 SCTP
The following example shows configuration details of the redundancy application control-interface group:
Router# show redundancy application control-interface group
The control interface for rg[1] is GigabitEthernet0/0/0
Interface is Control interface associated with the following protocols: 2 1
BFD Enabled
Interface Neighbors:
Peer: 10.1.1.2 Active RGs: 1 Standby RGs: 2 BFD handle: 0
The following example shows configuration details of the redundancy application control-interface group 1:
Router# show redundancy application control-interface group 1
The control interface for rg[1] is GigabitEthernet0/0/0
Interface is Control interface associated with the following protocols: 2 1
BFD Enabled
Interface Neighbors:
Peer: 10.1.1.2 Active RGs: 1 Standby RGs: 2 BFD handle: 0
The following example shows configuration details of the redundancy application control-interface group 2:
Router# show redundancy application control-interface group 2
The control interface for rg[2] is GigabitEthernet0/0/0
Interface is Control interface associated with the following protocols: 2 1
BFD Enabled
Interface Neighbors:
Peer: 10.1.1.2 Active RGs: 1 Standby RGs: 2 BFD handle: 0
The following example shows configuration details of the redundancy application faults group:
Router# show redundancy application faults group
Faults states Group 1 info:
Runtime priority: [50]
RG Faults RG State: Up.
Total # of switchovers due to faults: 0
Total # of down/up state changes due to faults: 2
Faults states Group 2 info:
Runtime priority: [135]
RG Faults RG State: Up.
Total # of switchovers due to faults: 0
Total # of down/up state changes due to faults: 2
The following example shows configuration details specific to redundancy application faults group 1:
Router# show redundancy application faults group 1
Faults states Group 1 info:
Runtime priority: [50]
RG Faults RG State: Up.
Total # of switchovers due to faults: 0
Total # of down/up state changes due to faults: 2
The following example shows configuration details specific to redundancy application faults group 2:
Router# show redundancy application faults group 2
Faults states Group 2 info:
Runtime priority: [135]
RG Faults RG State: Up.
Total # of switchovers due to faults: 0
Total # of down/up state changes due to faults: 2
The following example shows configuration details for the redundancy application protocol group:
Router# show redundancy application protocol group
RG Protocol RG 1
------------------
Role: Standby
Negotiation: Enabled
Priority: 50
Protocol state: Standby-hot
Ctrl Intf(s) state: Up
Active Peer: address 10.1.1.2, priority 150, intf Gi0/0/0
Standby Peer: Local
Log counters:
role change to active: 0
role change to standby: 1
disable events: rg down state 1, rg shut 0
ctrl intf events: up 2, down 1, admin_down 1
reload events: local request 0, peer request 0
RG Protocol RG 2
------------------
Role: Active
Negotiation: Enabled
Priority: 135
Protocol state: Active
Ctrl Intf(s) state: Up
Active Peer: Local
Standby Peer: address 10.1.1.2, priority 130, intf Gi0/0/0
Log counters:
role change to active: 1
role change to standby: 1
disable events: rg down state 1, rg shut 0
ctrl intf events: up 2, down 1, admin_down 1
reload events: local request 0, peer request 0
--------------------------
Ctx State: Active
Protocol ID: 2
Media type: Default
Control Interface: GigabitEthernet0/0/0
Current Hello timer: 3000
Configured Hello timer: 3000, Hold timer: 10000
Peer Hello timer: 3000, Peer Hold timer: 10000
Stats:
Pkts 118, Bytes 7316, HA Seq 0, Seq Number 118, Pkt Loss 0
Authentication not configured
Authentication Failure: 0
Reload Peer: TX 0, RX 0
Resign: TX 0, RX 1
Standby Peer: Present. Hold Timer: 10000
Pkts 102, Bytes 3468, HA Seq 0, Seq Number 1453977, Pkt Loss 0
The following example shows configuration details for the redundancy application protocol group 1:
Router# show redundancy application protocol group 1
RG Protocol RG 1
------------------
Role: Standby
Negotiation: Enabled
Priority: 50
Protocol state: Standby-hot
Ctrl Intf(s) state: Up
Active Peer: address 10.1.1.2, priority 150, intf Gi0/0/0
Standby Peer: Local
Log counters:
role change to active: 0
role change to standby: 1
disable events: rg down state 1, rg shut 0
ctrl intf events: up 2, down 1, admin_down 1
reload events: local request 0, peer request 0
The following example shows configuration details for the redundancy application protocol group 2:
Router# show redundancy application protocol group 2
RG Protocol RG 2
------------------
Role: Active
Negotiation: Enabled
Priority: 135
Protocol state: Active
Ctrl Intf(s) state: Up
Active Peer: Local
The following example shows configuration details for the redundancy application protocol 1:
Router# show redundancy application protocol 1
Protocol id: 1, name: rg-protocol-1
BFD: ENABLE
Hello timer in msecs: 3000
Hold timer in msecs: 10000
OVLD-1#show redundancy application protocol 2
Protocol id: 2, name: rg-protocol-2
BFD: ENABLE
Hello timer in msecs: 3000
Hold timer in msecs: 10000
The following example shows configuration details for redundancy application interface manager group:
Router# show redundancy application if-mgr group
RG ID: 1
==========
interface GigabitEthernet0/0/3.152
---------------------------------------
VMAC 0007.b421.4e21
VIP 10.1.1.255
Shut shut
Decrement 10
interface GigabitEthernet0/0/2.152
---------------------------------------
VMAC 0007.b421.5209
VIP 10.1.2.255
Shut shut
Decrement 10
RG ID: 2
==========
interface GigabitEthernet0/0/3.166
---------------------------------------
VMAC 0007.b422.14d6
VIP 10.1.255.254
Shut no shut
Decrement 10
interface GigabitEthernet0/0/2.166
---------------------------------------
VMAC 0007.b422.0d06
VIP 10.2.255.254
Shut no shut
Decrement 10
The following examples shows configuration details for redundancy application interface manager group 1
and group 2:
Router# show redundancy application if-mgr group 1
RG ID: 1
==========
interface GigabitEthernet0/0/3.152
---------------------------------------
VMAC 0007.b421.4e21
VIP 10.1.1.255
Shut shut
Decrement 10
interface GigabitEthernet0/0/2.152
---------------------------------------
VMAC 0007.b421.5209
VIP 10.2.1.255
Shut shut
Decrement 10
interface GigabitEthernet0/0/3.166
---------------------------------------
VMAC 0007.b422.14d6
VIP 10.1.255.254
Shut no shut
Decrement 10
interface GigabitEthernet0/0/2.166
---------------------------------------
VMAC 0007.b422.0d06
VIP 10.2.255.254
Shut no shut
Decrement 10
The following example shows configuration details for redundancy application data-interface group:
Router# show redundancy application data-interface group
The data interface for rg[1] is GigabitEthernet0/0/1
The data interface for rg[2] is GigabitEthernet0/0/1
The following examples show configuration details specific to redundancy application data-interface group
1 and group 2:
Router# show redundancy application data-interface group 1
The data interface for rg[1] is GigabitEthernet0/0/1
Note Configuration of BFD Offload is described in Configuring Bidirectional Forwarding, on page 176.
The show bfd neighbors command displays the BFD adjacency database:
Router# show bfd neighbor
IPv4 Sessions
NeighAddr LD/RD RH/RS State Int
192.0.2.10 362/1277 Up Up Gi0/0/1.2
192.0.2.11 445/1278 Up Up Gi0/0/1.3
192.0.2.12 1093/961 Up Up Gi0/0/1.4
192.0.2.13 1244/946 Up Up Gi0/0/1.5
192.0.2.14 1094/937 Up Up Gi0/0/1.6
192.0.2.15 1097/1260 Up Up Gi0/0/1.7
192.0.2.16 1098/929 Up Up Gi0/0/1.8
192.0.2.17 1111/928 Up Up Gi0/0/1.9
192.0.2.18 1100/1254 Up Up Gi0/0/1.10
The debug bfd neighbor detail command displays the debugging information related to BFD packets:
Router# show bfd neighbor detail
IPv4 Sessions
NeighAddr LD/RD RH/RS State Int
192.0.2.10 362/1277 Up Up Gi0/0/1.2
Session state is UP and not using echo function.
Session Host: Hardware
OurAddr: 192.0.2.11
Handle: 33
Local Diag: 0, Demand mode: 0, Poll bit: 0
MinTxInt: 50000, MinRxInt: 50000, Multiplier: 3
Received MinRxInt: 50000, Received Multiplier: 3
Holddown (hits): 0(0), Hello (hits): 50(0)
Rx Count: 3465, Rx Interval (ms) min/max/avg: 42/51/46
Tx Count: 3466, Tx Interval (ms) min/max/avg: 39/52/46
Elapsed time watermarks: 0 0 (last: 0)
Registered protocols: CEF EIGRP
Uptime: 00:02:50
Last packet: Version: 1 - Diagnostic: 0
State bit: Up - Demand bit: 0
Poll bit: 0 - Final bit: 0
C bit: 1
Multiplier: 3 - Length: 24
My Discr.: 1277 - Your Discr.: 362
Min tx interval: 50000 - Min rx interval: 50000
Min Echo interval: 0
Session Up Down
The show bfd drops command displays the number of packets dropped in BFD:
Router# show bfd drops
BFD Drop Statistics
IPV4 IPV6 IPV4-M IPV6-M MPLS_PW MPLS_TP_LSP
Invalid TTL 0 0 0 0 0 0
BFD Not Configured 0 0 0 0 0 0
No BFD Adjacency 33 0 0 0 0 0
Invalid Header Bits 0 0 0 0 0 0
Invalid Discriminator 1 0 0 0 0 0
Session AdminDown 94 0 0 0 0 0
Authen invalid BFD ver 0 0 0 0 0 0
Authen invalid len 0 0 0 0 0 0
Authen invalid seq 0 0 0 0 0 0
Authen failed 0 0 0 0 0 0
The debug bfd packet command displays debugging information about BFD control packets.
Router# debug bfd packet
*Nov 12 23:08:27.982: BFD-DEBUG Packet: Rx IP:192.0.2.22 ld/rd:1941/0 diag:0(No Diagnostic)
Down C cnt:4 ttl:254 (0)
*Nov 12 23:08:27.982: BFD-DEBUG Packet: Tx IP:192.0.2.22 ld/rd:983/1941 diag:3(Neighbor
Signaled Session Down) Init C cnt:44 (0)
*Nov 12 23:08:28.007: BFD-DEBUG Packet: Rx IP:192.0.2.22 ld/rd:1941/983 diag:0(No Diagnostic)
Up PC cnt:4 ttl:254 (0)
*Nov 12 23:08:28.007: BFD-DEBUG Packet: Tx IP:192.0.2.22 ld/rd:983/1941 diag:0(No Diagnostic)
Up F C cnt:0 (0)
*Nov 12 23:08:28.311: BFD-DEBUG Packet: Rx IP:192.0.2.22 ld/rd:1941/983 diag:0(No Diagnostic)
Up FC cnt:0 ttl:254 (0)
*Nov 12 23:08:28.311: BFD-DEBUG Packet: Tx IP:192.0.2.22 ld/rd:983/1941 diag:0(No Diagnostic)
Up C cnt:0 (0)
*Nov 12 23:08:28.311: BFD-DEBUG Packet: Rx IP:192.0.2.22 ld/rd:1907/0 diag:0(No Diagnostic)
Down C cnt:3 ttl:254 (0)
*Nov 12 23:08:28.311: BFD-DEBUG Packet: Tx IP:192.0.2.22 ld/rd:993/1907 diag:3(Neighbor
Signaled Session Down) Init C cnt:43 (0)
*Nov 12 23:08:28.311: BFD-DEBUG Packet: Rx IP:192.0.2.22 ld/rd:1941/983 diag:0(No Diagnostic)
Up C cnt:0 ttl:254 (0)
*Nov 12 23:08:28.626: BFD-DEBUG Packet: Rx IP:192.0.2.22 ld/rd:1907/993 diag:0(No Diagnostic)
Up PC cnt:3 ttl:254 (0)
*Nov 12 23:08:28.626: BFD-DEBUG Packet: Tx IP:192.0.2.22 ld/rd:993/1907 diag:0(No Diagnostic)
Up F C cnt:0 (0)
*Nov 12 23:08:28.645: BFD-DEBUG Packet: Rx IP:192.0.2.22 ld/rd:1907/993 diag:0(No Diagnostic)
Up C cnt:0 ttl:254 (0)
*Nov 12 23:08:28.700: BFD-DEBUG Packet: Rx IP:192.0.2.22 ld/rd:1907/993 diag:0(No Diagnostic)
Up FC cnt:0 ttl:254 (0)
*Nov 12 23:08:28.700: BFD-DEBUG Packet: Tx IP:192.0.2.22 ld/rd:993/1907 diag:0(No Diagnostic)
Up C cnt:0 (0)
*Nov 12 23:08:28.993: BFD-DEBUG Packet: Rx IP:192.0.2.22 ld/rd:1907/993 diag:0(No Diagnostic)
Up C cnt:0 ttl:254 (0)
The debug bfd event displays debugging information about BFD state transitions:
Router# deb bfd event
Additional References
The following documents provide information related to the BFD feature.
• Contact e-mail address (required for full registration with Smart Call Home, optional if Call Home is
enabled in anonymous mode), phone number (optional), and street address information (optional) should
be configured so that the receiver can determine the origin of messages received.
• At least one destination profile (predefined or user-defined) must be configured. The destination profile
you use depends on whether the receiving entity is a pager, an e-mail address, or an automated service
such as Cisco Smart Call Home.
If the destination profile uses e-mail message delivery, you must specify a Simple Mail Transfer Protocol
(SMTP) server.
• The router must have IP connectivity to an e-mail server or the destination HTTP server.
• If Cisco Smart Call Home is used, an active service contract covering the device is required to provide
full Cisco Smart Call Home service.
You need the following items to register for Smart Call Home:
• SMARTnet contract number for your router
• Your e-mail address
• Your Cisco.com username
Anonymous Reporting
Smart Call Home is a service capability included with many Cisco service contracts and is designed to assist
customers resolve problems more quickly. In addition, the information gained from crash messages helps
Cisco understand equipment and issues occurring in the field. If you decide not to use Smart Call Home, you
can still enable Anonymous Reporting to allow Cisco to securely receive minimal error and health information
from the device. If you enable Anonymous Reporting, your customer identity will remain anonymous, and
no identifying information will be sent.
Note When you enable Anonymous Reporting, you acknowledge your consent to transfer the specified data to
Cisco or to vendors operating on behalf of Cisco (including countries outside the United States). Cisco
maintains the privacy of all customers. For information about how Cisco treats personal information, see the
Cisco Privacy Statement at http://www.cisco.com/web/siteassets/legal/privacy.html.
When Call Home is configured in an anonymous way, only crash, inventory, and test messages are sent to
Cisco. No customer identifying information is sent.
For more information about what is sent in these messages, see Alert Group Trigger Events and Commands,
on page 228.
SUMMARY STEPS
1. configure terminal
2. call-home reporting {anonymous | contact-email-addr email-address} [http-proxy {ipv4-address
| ipv6-address | name} port port-number]
DETAILED STEPS
Note For security reasons, we recommend that you use the HTTPS transport options, due to the additional payload
encryption that HTTPS offers. The Transport Gateway software is downloadable from Cisco.com and is
available if you require an aggregation point or a proxy for connection to the Internet.
SUMMARY STEPS
1. configure terminal
2. service call-home
3. no service call-home
DETAILED STEPS
SUMMARY STEPS
1. configure terminal
2. call-home
3. contact-email-addr email-address
4. phone-number +phone-number
5. street-address street-address
6. customer-id text
7. site-id text
8. contract-id text
DETAILED STEPS
Step 3 contact-email-addr email-address Designates your e-mail address. Enter up to 200 characters
in e-mail address format with no spaces.
Example:
Router(cfg-call-home)# contact-email-addr
username@example.com
Step 5 street-address street-address (Optional) Assigns your street address where RMA
equipment can be shipped. Enter up to 200 characters. If
Example:
you include spaces, you must enclose your entry in quotes
Router(cfg-call-home)# street-address “1234 Picaboo (“”).
Street, Any city, Any state, 12345“
Step 7 site-id text (Optional) Identifies customer site ID. Enter up to 200
characters. If you include spaces, you must enclose your
Example:
entry in quotes (“”).
Router(cfg-call-home)# site-id Site1ManhattanNY
Step 8 contract-id text (Optional) Identifies your contract ID for the router. Enter
up to 64 characters. If you include spaces, you must enclose
Example:
your entry in quotes (“”).
Router(cfg-call-home)# contract-id Company1234
Example
The following example shows how to configure contact information:
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# call-home
Router(cfg-call-home)# contact-email-addr username@example.com
Note If you use the Cisco Smart Call Home service, the destination profile must use the XML message format.
• Transport method—Transport mechanism, either e-mail or HTTP (including HTTPS), for delivery of
alerts.
• For user-defined destination profiles, e-mail is the default, and you can enable either or both transport
mechanisms. If you disable both methods, e-mail is enabled.
• For the predefined Cisco TAC profile, you can enable either transport mechanism, but not both.
• Destination address—The actual address related to the transport method to which the alert should be
sent.
• Message formatting—The message format used for sending the alert. The format options for a user-defined
destination profile are long-text, short-text, or XML. The default is XML. For the predefined Cisco TAC
profile, only XML is allowed.
• Message size—The maximum destination message size. The valid range is 50 to 3,145,728 Bytes. The
default is 3,145,728 Bytes.
Anonymous reporting—You can choose for your customer identity to remain anonymous, and no
identifying information is sent.
• Subscribing to interesting alert-groups—You can choose to subscribe to alert-groups highlighting your
interests.
SUMMARY STEPS
1. configure terminal
2. call-home
3. profile name
4. [no] destination transport-method {email | http}
5. destination address {email email-address | http url}
6. destination preferred-msg-format {long-text | short-text | xml}
7. destination message-size-limit bytes
8. active
9. end
10. show call-home profile {name | all}
DETAILED STEPS
Step 3 profile name Enters the Call Home destination profile configuration
submode for the specified destination profile. If the
Example:
specified destination profile does not exist, it is created.
Router(config-call-home)# profile profile1
Step 4 [no] destination transport-method {email | http} (Optional) Enables the message transport method. The no
option disables the method.
Example:
Router(cfg-call-home-profile)# destination
transport-method email
Step 5 destination address {email email-address | http Configures the destination e-mail address or URL to which
url} Call Home messages are sent.
Example: Note When entering a destination URL, include either
Router(cfg-call-home-profile)# destination address http:// or https://, depending on whether the
email myaddress@example.com server is a secure server.
Step 10 show call-home profile {name | all} Displays the destination profile configuration for the
specified profile or all configured profiles.
Example:
Router# show call-home profile profile1
SUMMARY STEPS
1. configure terminal
2. call-home
3. copy profile source-profile target-profile
DETAILED STEPS
SUMMARY STEPS
1. configure terminal
2. call-home
3. profile name
4. anonymous-reporting-only
DETAILED STEPS
• Configuration
• Environment
• Inventory
• Snapshot
• Syslog
The triggering events for each alert group are listed in Alert Group Trigger Events and Commands, on page
228, and the contents of the alert group messages are listed in Message Contents, on page 235.
You can select one or more alert groups to be received by a destination profile.
Note A Call Home alert is only sent to destination profiles that have subscribed to the alert group containing that
Call Home alert. In addition, the alert group must be enabled.
To subscribe a destination profile to one or more alert groups, perform the following steps:
SUMMARY STEPS
1. configure terminal
2. call-home
3. alert-group {all | configuration | environment | inventory | syslog | crash | snapshot}
4. profile name
5. subscribe-to-alert-group all
6. subscribe-to-alert-group configuration [periodic {daily hh:mm | monthly date hh:mm |
weekly day hh:mm}]
7. subscribe-to-alert-group environment [severity {catastrophic | disaster | fatal | critical |
major | minor | warning | notification | normal | debugging}]
8. subscribe-to-alert-group inventory [periodic {daily hh:mm | monthly date hh:mm | weekly
day hh:mm}]
9. subscribe-to-alert-group syslog [severity {catastrophic | disaster | fatal | critical | major
| minor | warning | notification | normal | debugging}]
10. subscribe-to-alert-group crash
11. subscribe-to-alert-group snapshot periodic {daily hh:mm | hourly mm | interval mm |
monthly date hh:mm | weekly day hh:mm}
12. exit
DETAILED STEPS
Step 3 alert-group {all | configuration | environment | Enables the specified alert group. Use the keyword all to
inventory | syslog | crash | snapshot} enable all alert groups. By default, all alert groups are
enabled.
Example:
Router(cfg-call-home)# alert-group all
Step 4 profile name Enters the Call Home destination profile configuration
submode for the specified destination profile.
Example:
Router(cfg-call-home)# profile profile1
Step 5 subscribe-to-alert-group all Subscribes to all available alert groups using the lowest
severity.
Example:
Router(cfg-call-home-profile)# You can subscribe to alert groups individually by specific
subscribe-to-alert-group all type, as described in Step 6 through Step 11.
Note This command subscribes to the syslog debug
default severity. This causes a large number of
syslog messages to generate. You should
subscribe to alert groups individually, using
appropriate severity levels and patterns when
possible.
Step 6 subscribe-to-alert-group configuration [periodic Subscribes this destination profile to the Configuration
{daily hh:mm | monthly date hh:mm | weekly day alert group. The Configuration alert group can be
hh:mm}] configured for periodic notification, as described in
Periodic Notification, on page 202.
Example:
Router(cfg-call-home-profile)#
subscribe-to-alert-group configuration
periodic daily 12:00
Step 7 subscribe-to-alert-group environment [severity Subscribes this destination profile to the Environment alert
{catastrophic | disaster | fatal | critical | major group. The Environment alert group can be configured to
| minor | warning | notification | normal | filter messages based on severity, as described in Message
debugging}] Severity Threshold, on page 203.
Example:
Router(cfg-call-home-profile)#
subscribe-to-alert-group environment severity
major
Step 9 subscribe-to-alert-group syslog [severity Subscribes this destination profile to the Syslog alert group.
{catastrophic | disaster | fatal | critical | major The Syslog alert group can be configured to filter messages
| minor | warning | notification | normal | based on severity, as described in Message Severity
debugging}] Threshold, on page 203.
Example: You can specify a text pattern to be matched within each
Router(cfg-call-home-profile)# syslog message. If you configure a pattern, a Syslog alert
subscribe-to-alert-group environment severity group message is sent only if it contains the specified
major pattern and meets the severity threshold. If the pattern
contains spaces, you must enclose it in quotes (“”). You
can specify up to five patterns for each destination profile.
Step 10 subscribe-to-alert-group crash Subscribes to the Crash alert group in user profile. By
default, TAC profile subscribes to the Crash alert group
Example:
and cannot be unsubscribed.
Router(cfg-call-home-profile)# [no | default]
subscribe-to-alert-group crash
Step 11 subscribe-to-alert-group snapshot periodic {daily Subscribes this destination profile to the Snapshot alert
hh:mm | hourly mm | interval mm | monthly date group. The Snapshot alert group can be configured for
hh:mm | weekly day hh:mm} periodic notification, as described in Periodic Notification,
on page 202.
Example:
Router(cfg-call-home-profile)# By default, the Snapshot alert group has no command to
subscribe-to-alert-group snapshot periodic daily run. You can add commands into the alert group, as
12:00 described in Configuring a Snapshot Command List, on
page 203. In doing so, the output of the commands added
in the Snapshot alert group will be included in the snapshot
message.
Periodic Notification
When you subscribe a destination profile to the Configuration, Inventory, or Snapshot alert group, you can
choose to receive the alert group messages asynchronously or periodically at a specified time. The sending
period can be one of the following:
• Daily—Specifies the time of day to send, using an hour:minute format hh:mm, with a 24-hour clock (for
example, 14:30).
• Weekly—Specifies the day of the week and time of day in the format day hh:mm, where the day of the
week is spelled out (for example, Monday).
• Monthly—Specifies the numeric date, from 1 to 31, and the time of day, in the format date hh:mm.
• Interval—Specifies the interval at which the periodic message is sent, from 1 to 60 minutes.
• Hourly—Specifies the minute of the hour at which the periodic message is sent, from 0 to 59 minutes.
Note Hourly and by interval periodic notifications are available for the Snapshot alert group only.
Note Call Home severity levels are not the same as system message logging severity levels.
SUMMARY STEPS
1. configure terminal
2. call-home
3. [no | default] alert-group-config snapshot
4. [no | default] add-command command string
5. exit
DETAILED STEPS
Step 4 [no | default] add-command command string Adds the command to the Snapshot alert group. The no or
default command removes the corresponding command.
Example:
Router(cfg-call-home-snapshot)# add-command “show • command string—IOS command. Maximum length is
version” 128.
SUMMARY STEPS
1. configure terminal
2. call-home
3. mail-server [{ipv4-address | ipv6-address} | name] priority number
4. sender from email-address
5. sender reply-to email-address
6. source-interface interface-name
7. vrf vrf-name
DETAILED STEPS
Step 3 mail-server [{ipv4-address | ipv6-address} | name] Assigns an e-mail server address and its relative priority
priority number among configured e-mail servers.
Example: Provide either of these:
Router(cfg-call-home)# mail-server stmp.example.com • The e-mail server’s IP address.
priority 1
• The e-mail server’s fully qualified domain name
(FQDN) of 64 characters or less.
Step 4 sender from email-address (Optional) Assigns the e-mail address that appears in the
from field in Call Home e-mail messages. If no address is
Example:
specified, the contact e-mail address is used.
Router(cfg-call-home)# sender from
username@example.com
Step 5 sender reply-to email-address (Optional) Assigns the e-mail address that appears in the
reply-to field in Call Home e-mail messages.
Example:
Router(cfg-call-home)# sender reply-to
username@example.com
Step 6 source-interface interface-name Assigns the source interface name to send call-home
messages.
Example:
Router(cfg-call-home)# source-interface loopback1 • interface-name—Source interface name. Maximum
length is 64.
Step 7 vrf vrf-name (Optional) Specifies the VRF instance to send call-home
e-mail messages. If no vrf is specified, the global routing
Example:
table is used.
Router(cfg-call-home)# vrf vpn1
Note For HTTP messages, if the source interface is
associated with a VRF, use the ip http client
source-interface interface-name command in
global configuration mode to specify the VRF
instance that will be used for all HTTP clients
on the device.
Example
The following example shows the configuration of general e-mail parameters, including a primary
and secondary e-mail server:
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# call-home
Router(cfg-call-home)# mail-server smtp.example.com priority 1
Router(cfg-call-home)# mail-server 192.168.0.1 priority 2
Router(cfg-call-home)# sender from username@example.com
Router(cfg-call-home)# sender reply-to username@example.com
Router(cfg-call-home)# source-interface loopback1
Router(cfg-call-home)# vrf vpn1
Router(cfg-call-home)# exit
Router(config)#
SUMMARY STEPS
1. configure terminal
2. call-home
3. rate-limit number
DETAILED STEPS
Step 3 rate-limit number Specifies a limit on the number of messages sent per minute.
Example: • number—Range is 1 to 60. The default is 20.
Router(cfg-call-home)# rate-limit 40
SUMMARY STEPS
1. configure terminal
2. call-home
3. http-proxy {ipv4-address | ipv6-address | name} port port-number
DETAILED STEPS
Step 3 http-proxy {ipv4-address | ipv6-address | name} port Specifies the proxy server for the HTTP request.
port-number
Example:
Router(cfg-call-home)# http-proxy 192.0.2.1 port
1
Enabling AAA Authorization to Run IOS Commands for Call Home Messages
To specify an HTTP proxy server for sending Call Home HTTP(S) messages to a destination, perform the
following steps:
SUMMARY STEPS
1. configure terminal
2. call-home
3. aaa-authorization
4. aaa-authorization [username username]
DETAILED STEPS
SUMMARY STEPS
1. configure terminal
2. call-home
3. [no] syslog-throttling
DETAILED STEPS
SUMMARY STEPS
1. configure terminal
2. call-home
3. data-privacy {level {normal | high} | hostname}
DETAILED STEPS
Step 3 data-privacy {level {normal | high} | hostname} Scrubs data from running configuration file to protect the
privacy of the user. The default data-privacy level is normal.
Example:
Router(cfg-call-home)# data-privacy level high Note Enabling the data-privacy command can affect
CPU utilization when scrubbing a large amount
of data.
• normal—Scrubs all normal-level commands.
SUMMARY STEPS
1. call-home test [“test-message”] profile name
DETAILED STEPS
• When you manually trigger a crash, snapshot, configuration, or inventory alert group message and you
specify a destination profile name, a message is sent to the destination profile regardless of the profile’s
active status, subscription status, or severity setting.
• When you manually trigger a crash, snapshot, configuration, or inventory alert group message and do
not specify a destination profile name, a message is sent to all active profiles that have either a normal
or periodic subscription to the specified alert group.
To manually trigger Call Home alert group messages, perform the following steps:
SUMMARY STEPS
1. call-home send alert-group snapshot [profile name]
2. call-home send alert-group crash [profile name]
3. call-home send alert-group configuration [profile name]
4. call-home send alert-group inventory [profile name]
DETAILED STEPS
Step 2 call-home send alert-group crash [profile name] Sends a crash alert group message to one destination profile
if specified, or to all subscribed destination profiles.
Example:
Router# call-home send alert-group crash profile
profile1
Step 3 call-home send alert-group configuration [profile Sends a configuration alert group message to one destination
name] profile if specified, or to all subscribed destination profiles.
Example:
Router# call-home send alert-group configuration
profile profile1
Step 4 call-home send alert-group inventory [profile name] Sends an inventory alert group message to one destination
profile if specified, or to all subscribed destination profiles.
Example:
Router# call-home send alert-group inventory
profile profile1
• If a profile name is specified, the request is sent to the profile. If no profile is specified, the request is
sent to the Cisco TAC profile. The recipient profile does not need to be enabled for the call-home request.
The profile should specify the e-mail address where the transport gateway is configured so that the request
message can be forwarded to the Cisco TAC and the user can receive the reply from the Smart Call Home
service.
• The ccoid user-id is the registered identifier of the Smart Call Home user. If the user-id is specified, the
response is sent to the e-mail address of the registered user. If no user-id is specified, the response is sent
to the contact e-mail address of the device.
• Based on the keyword specifying the type of report requested, the following information is returned:
• config-sanity—Information on best practices as related to the current running configuration.
• bugs-list—Known bugs in the running version and in the currently applied features.
• command-reference—Reference links to all commands in the running configuration.
• product-advisory—Product Security Incident Response Team (PSIRT) notices, End of Life (EOL)
or End of Sales (EOS) notices, or field notices (FN) that may affect the devices in your network.
To submit a request for analysis and report information from the Cisco Output Interpreter tool, perform the
following steps:
SUMMARY STEPS
1. call-home request output-analysis “show-command” [profile name] [ccoid user-id]
2. call-home request {config-sanity | bugs-list | command-reference | product-advisory} [profile
name] [ccoid user-id]
DETAILED STEPS
Step 2 call-home request {config-sanity | bugs-list | Sends the output of a predetermined set of commands such
command-reference | product-advisory} [profile as the show running-config all, show version or show
name] [ccoid user-id] module commands, for analysis. In addition, the call home
request product-advisory sub-command includes all
Example:
inventory alert group commands. The keyword specified
Router# call-home request config-sanity profile TG after request specifies the type of report requested.
Example
The following example shows a request for analysis of a user-specified show command:
Router# call-home request output-analysis "show diag" profile TG
Manually Sending Command Output Message for One Command or a Command List
You can use the call-home send command to execute an IOS command or a list of IOS commands and send
the command output through HTTP or e-mail protocol.
Note the following guidelines when sending the output of a command:
• The specified IOS command or list of IOS commands can be any run command, including commands
for all modules. The command must be contained in quotes (“”).
• If the e-mail option is selected using the “email” keyword and an e-mail address is specified, the command
output is sent to that address. If neither the e-mail nor the HTTP option is specified, the output is sent in
long-text format with the specified service request number to the Cisco TAC (attach@cisco.com).
• If neither the “email” nor the “http” keyword is specified, the service request number is required for both
long-text and XML message formats and is provided in the subject line of the e-mail.
• If the HTTP option is specified, the CiscoTac-1 profile destination HTTP or HTTPS URL is used as the
destination. The destination e-mail address can be specified so that Smart Call Home can forward the
message to the e-mail address. The user must specify either the destination e-mail address or an SR
number but they can also specify both.
To execute a command and send the command output, perform the following step:
SUMMARY STEPS
1. call-home send {cli command | cli list} [email email msg-format {long-text | xml} | http
{destination-email-address email}] [tac-service-request SR#]
DETAILED STEPS
Example
The following example shows how to send the output of a command to a user-specified e-mail
address:
Router# call-home send “show diag” email support@example.com
The following example shows the command output sent in long-text format to attach@cisco.com,
with the SR number specified:
Router# call-home send “show version; show run” tac-service-request 123456
The following example shows the command output sent in XML message format to
callhome@cisco.com:
Router# call-home send “show version; show run” email callhome@cisco.com msg-format xml
The following example shows the command output sent in XML message format to the Cisco TAC
backend server, with the SR number specified:
Router# call-home send “show version; show run” http tac-service-request 123456
The following example shows the command output sent to the Cisco TAC backend server through
the HTTP protocol and forwarded to a user-specified email address:
Router# call-home send “show version; show run” http destination-email-address
user@company.com
Note If you configure the trustpool feature, the CA certificate is not required.
• The device verifies the digital signature of every single DS. If verification passes, the device stores the
DS file into a non-removable disk, such as bootflash or hard disk, so that DS files can be read after the
device is reloaded. On the router, the DS file is stored in the bootflash:/call home directory.
• The device continues sending periodic regular DS download requests to get the latest revision of DS and
replace the older one in device.
• The device monitors the event and executes the actions defined in the DS when the event happens.
• command
• emailto
• script
DS action types call-home and emailto collect event data and send a message to call-home servers or to the
defined email addresses. The message uses “diagnostic-signature” as its message type and DS ID as the
message sub-type.
The commands defined for the DS action type initiate CLI commands that can change configuration of the
device, collect show command outputs, or run any EXEC command on the device. The DS action type script
executes Tcl scripts.
Note The predefined CiscoTAC-1 profile is enabled as a DS profile by default and we recommend that you use it.
If used, you only need to change the destination transport-method to the http setting.
SUMMARY STEPS
1. configure terminal
2. service call-home
3. call-home
4. contact-email-addr email-address
5. mail-server {ipv4-addr | name} priority number
6. profile profile-name
7. destination transport-method {email | http}
8. destination address {email address | http url}
9. subscribe-to-alert-group inventory [periodic {daily hh:mm | monthly day hh:mm | weekly
day hh:mm}]
10. exit
DETAILED STEPS
Step 4 contact-email-addr email-address (Optional) Assigns an email address to be used for Call
Home customer contact.
Example:
Router(cfg-call-home)# contact-email-addr
userid@example.com
Step 5 mail-server {ipv4-addr | name} priority number (Optional) Configures a Simple Mail Transfer Protocol
(SMTP) email server address for Call Home. This
Example:
command is only used when sending email is part of the
Router(cfg-call-home)# mail-server 10.1.1.1 actions defined in any DS.
priority 4
Step 6 profile profile-name Configures a destination profile for Call Home and enters
call-home profile configuration mode.
Example:
Step 7 destination transport-method {email | http} Specifies a transport method for a destination profile in
the Call Home.
Example:
Router(cfg-call-home-profile)# destination Note To configure diagnostic signatures, you must
transport-method http use the http option.
Step 8 destination address {email address | http url} Configures the address type and location to which
call-home messages are sent.
Example:
Router(cfg-call-home-profile)# destination address Note To configure diagnostic signatures, you must
http use the http option.
https://tools.cisco.com/its/service/oddce/services/DDCEService
Step 9 subscribe-to-alert-group inventory [periodic {daily Configures a destination profile to send messages for the
hh:mm | monthly day hh:mm | weekly day hh:mm}] Inventory alert group for Call Home.
Example: • This command is used only for the periodic
Router(cfg-call-home-profile)# downloading of DS files.
subscribe-to-alert-group inventory periodic daily
14:30
What to do next
Set the profile configured in the previous procedure as the DS profile and configure other DS parameters.
SUMMARY STEPS
1. call-home
2. diagnostic-signature
3. profile ds-profile-name
4. environment ds_env-var-name ds-env-var-value
5. end
6. call-home diagnostic-signature [{deinstall | download} {ds-id | all} | install ds-id]
7. show call-home diagnostic-signature [ds-id {actions | events | prerequisite | prompt |
variables | failure | statistics | download}]
DETAILED STEPS
Step 3 profile ds-profile-name Specifies the destination profile on a device that DS uses.
Example:
Router(cfg-call-home-diag-sign)# profile user1
Step 4 environment ds_env-var-name ds-env-var-value Sets the environment variable value for DS on a device.
Example:
Router(cfg-call-home-diag-sign)# environment
ds_env1 envarval
Step 6 call-home diagnostic-signature [{deinstall | Downloads, installs, and uninstalls diagnostic signature
download} {ds-id | all} | install ds-id] files on a device.
Example:
Router# call-home diagnostic-signature download
6030
Step 7 show call-home diagnostic-signature [ds-id {actions Displays the call-home diagnostic signature information.
| events | prerequisite | prompt | variables | failure
| statistics | download}]
Example:
Router# show call-home diagnostic-signature actions
The following is sample output from the show call-home diagnostic-signature command for the
configuration displayed above:
outer# show call-home diagnostic-signature
SUMMARY STEPS
1. show call-home
2. show call-home detail
3. show call-home alert-group
4. show call-home mail-server status
5. show call-home profile {all | name}
6. show call-home statistics [detail | profile profile_name]
DETAILED STEPS
Step 2 show call-home detail Displays the Call Home configuration in detail.
Example:
Step 3 show call-home alert-group Displays the available alert groups and their status.
Example:
Router# show call-home alert-group
Step 4 show call-home mail-server status Checks and displays the availability of the configured e-mail
server(s).
Example:
Router# show call-home mail-server status
Step 5 show call-home profile {all | name} Displays the configuration of the specified destination
profile. Use the all keyword to display the configuration of
Example:
all destination profiles.
Router# show call-home profile all
Step 6 show call-home statistics [detail | profile Displays the statistics of Call Home events.
profile_name]
Example:
Router# show call-home statistics
Examples
aaa-authorization: disable
aaa-authorization username: callhome (default)
data-privacy: normal
syslog throttling: enable
Profiles:
Profile Name: campus-noc
Profile Name: CiscoTAC-1
Router#
Router# show call-home detail
Current call home settings:
call home feature : enable
call home message's from address: router@example.com
call home message's reply-to address: support@example.com
aaa-authorization: disable
aaa-authorization username: callhome (default)
data-privacy: normal
syslog throttling: enable
Profiles:
Alert-group Severity
------------------------ ------------
configuration normal
crash normal
environment debug
inventory normal
Syslog-Pattern Severity
------------------------ ------------
.*CALL_LOOP.* debug
Periodic configuration info message is scheduled every 14 day of the month at 11:12
Periodic inventory info message is scheduled every 14 day of the month at 10:57
Alert-group Severity
------------------------ ------------
crash normal
environment minor
Syslog-Pattern Severity
------------------------ ------------
.*CALL_LOOP.* debug
Router#
Router# show call-home alert-group
Available alert groups:
Keyword State Description
------------------------ ------- -------------------------------
configuration Enable configuration info
crash Enable crash and traceback info
environment Enable environmental info
Alert-group Severity
------------------------ ------------
configuration normal
crash normal
environment debug
inventory normal
Syslog-Pattern Severity
------------------------ ------------
.*CALL_LOOP.* debug
Periodic configuration info message is scheduled every 14 day of the month at 11:12
Periodic inventory info message is scheduled every 14 day of the month at 10:57
Alert-group Severity
------------------------ ------------
crash normal
environment minor
Syslog-Pattern Severity
------------------------ ------------
.*CALL_LOOP.* debug
Router#
Router# show call-home profile campus-noc
Profile Name: campus-noc
Profile status: ACTIVE
Preferred Message Format: xml
Message Size Limit: 3145728 Bytes
Transport Method: email
Email address(es): noc@example.com
HTTP address(es): Not yet set up
Alert-group Severity
------------------------ ------------
configuration normal
crash normal
environment debug
inventory normal
Syslog-Pattern Severity
------------------------ ------------
.*CALL_LOOP.* debug
Router#
Router# show call-home statistics
Message Types Total Email HTTP
------------- -------------------- -------------------- ------------------
Total Success 3 3 0
Config 3 3 0
Crash 0 0 0
Environment 0 0 0
Inventory 0 0 0
Snapshot 0 0 0
SysLog 0 0 0
Test 0 0 0
Request 0 0 0
Send-CLI 0 0 0
Total In-Queue 0 0 0
Config 0 0 0
Crash 0 0 0
Environment 0 0 0
Inventory 0 0 0
Snapshot 0 0 0
SysLog 0 0 0
Test 0 0 0
Request 0 0 0
Send-CLI 0 0 0
Total Failed 0 0 0
Config 0 0 0
Crash 0 0 0
Environment 0 0 0
Inventory 0 0 0
Snapshot 0 0 0
SysLog 0 0 0
Test 0 0 0
Request 0 0 0
Send-CLI 0 0 0
Total Ratelimit
-dropped 0 0 0
Config 0 0 0
Crash 0 0 0
Environment 0 0 0
Inventory 0 0 0
Snapshot 0 0 0
SysLog 0 0 0
Test 0 0 0
Request 0 0 0
Send-CLI 0 0 0
Parameters Default
Call Home feature status Disabled
User-defined profile status Active
Predefined Cisco TAC profile status Inactive
Transport method E-mail
Message format type XML
Destination message size for a message sent in long 3,145,728
text, short text, or XML format
Alert group status Enabled
Call Home message severity threshold Debug
Message rate limit for messages per minute 20
AAA Authorization Disabled
Call Home syslog message throttling Enabled
Data privacy level Normal
Alert Group Call Home Trigger Syslog Event Severity Description and
Event Commands
Executed
Crash SYSTEM_ CRASH – – Events related to
software crash.
The following
commands are
executed:
show version
show logging
show region
show inventory
show stack
crashinfo file (this
command shows the
contents of the
crashinfo file)
Alert Group Call Home Trigger Syslog Event Severity Description and
Event Commands
Executed
Configuration – – – User-generated
request for
configuration or
configuration
change event.
The following
commands are
executed:
show platform
show inventory
show
running-config all
show
startup-config
show version
– – SHUT 0 Environmental
Monitor initiated
shutdown.
– – ENVCRIT 2 Temperature or
voltage
measurement
exceeded critical
threshold.
Alert Group Call Home Trigger Syslog Event Severity Description and
Event Commands
Executed
– – ENVWARN 4 Temperature or
voltage
measurement
exceeded warning
threshold.
Alert Group Call Home Trigger Syslog Event Severity Description and
Event Commands
Executed
Inventory – – –
Alert Group Call Home Trigger Syslog Event Severity Description and
Event Commands
Executed
Inventory status
should be provided
whenever a unit is
cold-booted or when
FRUs are inserted or
removed. This is
considered a
noncritical event,
and the information
is used for status and
entitlement.
Commands executed
for all Inventory
messages sent in
anonymous mode
and for Delta
Inventory message
sent in full
registration mode:
show diag all
eeprom detail
show version
show inventory oid
show platform
Commands executed
for Full Inventory
message sent in full
registration mode:
show platform
show diag all
eeprom detail
show version
show inventory oid
show bootflash: all
show
data-corruption
show interfaces
show file systems
show memory
statistics
Alert Group Call Home Trigger Syslog Event Severity Description and
Event Commands
Executed
show process
memory
show process cpu
show process cpu
history
show license udi
show license detail
show buffers
Alert Group Call Home Trigger Syslog Event Severity Description and
Event Commands
Executed
Test – TEST – User-generated test
message.
The following
commands are
executed:
show platform
show inventory
show version
Note Cisco ISR 4321 does not display the serial numbers of power supply and fan tray with the show inventory
command.
Message Contents
This section consists of tables which list the content formats of alert group messages.
This section also includes the following subsections that provide sample messages:
• Sample Syslog Alert Notification in Long-Text Format, on page 240
• Sample Syslog Alert Notification in XML Format, on page 242
The following table lists the content fields of a short text message.
The following table shows the content fields that are common to all long text and XML messages. The fields
specific to a particular alert group message are inserted at a point between the common fields. The insertion
point is identified in the table.
Table 24: Common Fields for All Long Text and XML Messages
Data Item (Plain Text and XML) Description (Plain Text and XML) Call-Home Message Tag (XML
Only)
Data Item (Plain Text and XML) Description (Plain Text and XML) Call-Home Message Tag (XML
Only)
Example:
CISCO3845@C@12345678
Note For the following
platforms, the UDI is
the Printed Circuit
Board number (PCB),
and not the chassis
Serial Number (SN):
• ISR 4221
• ISR 4321
• ISR 4331
• ISR 4351
• ISR 4431
• ISR 4451
Data Item (Plain Text and XML) Description (Plain Text and XML) Call-Home Message Tag (XML
Only)
Server ID If the message is generated from For long text message only.
the fabric switch, this is the unique
device identifier (UDI) of the
switch.
• type is the product model
number from backplane
IDPROM.
• @ is a separator character.
• Sid is C, identifying the serial
ID as a chassis serial number.
• serial is the number identified
by the Sid field.
Example:
CISCO3845@C@12345678
Data Item (Plain Text and XML) Description (Plain Text and XML) Call-Home Message Tag (XML
Only)
The following table shows the inserted fields specific to a particular alert group message.
Note The following fields may be repeated if multiple commands are executed for this alert group.
The following table shows the inserted content fields for reactive messages (system failures that require a
TAC case) and proactive messages (issues that might result in degraded system performance).
Data Item (Plain Text and XML) Description (Plain Text and XML) Call-Home Message Tag (XML
Only)
Chassis hardware version Hardware version of chassis CallHome/Device/Cisco_Chassis/
HardwareVersion
Supervisor module software version Top-level software version CallHome/Device/Cisco_Chassis/
AdditionalInformation/AD@name=
“SoftwareVersion”
Affected FRU name Name of the affected FRU CallHome/Device/Cisco_Chassis/
generating the event message Cisco_Card/Model
Affected FRU serial number Serial number of affected FRU CallHome/Device/Cisco_Chassis/
Cisco_Card/SerialNumber
Affected FRU part number Part number of affected FRU CallHome/Device/Cisco_Chassis/
Cisco_Card/PartNumber
Data Item (Plain Text and XML) Description (Plain Text and XML) Call-Home Message Tag (XML
Only)
FRU slot Slot number of FRU generating the CallHome/Device/Cisco_Chassis/
event message Cisco_Card/LocationWithinContainer
FRU hardware version Hardware version of affected FRU CallHome/Device/Cisco_Chassis/
Cisco_Card/HardwareVersion
FRU software version Software version(s) running on CallHome/Device/Cisco_Chassis/
affected FRU Cisco_Card/SoftwareIdentity/
VersionString
The following table shows the inserted content fields for an inventory message.
Data Item (Plain Text and XML) Description (Plain Text and XML) Call-Home Message Tag (XML Only)
Chassis hardware version Hardware version of chassis CallHome/Device/Cisco_Chassis/
HardwareVersion
Supervisor module software Top-level software version CallHome/Device/Cisco_Chassis/
version AdditionalInformation/AD@name=
“SoftwareVersion”
FRU name Name of the affected FRU CallHome/Device/Cisco_Chassis/
generating the event message Cisco_Card/Model
FRU s/n Serial number of FRU CallHome/Device/Cisco_Chassis/
Cisco_Card/SerialNumber
FRU part number Part number of FRU CallHome/Device/Cisco_Chassis/
Cisco_Card/PartNumber
FRU slot Slot number of FRU CallHome/Device/Cisco_Chassis/
Cisco_Card/LocationWithinContainer
FRU hardware version Hardware version of FRU CallHome/Device/Cisco_Chassis/
CiscoCard/HardwareVersion
FRU software version Software version(s) running on CallHome/Device/Cisco_Chassis
FRU /Cisco_Card/SoftwareIdentity/
VersionString
Site ID :
Server ID : ISR4451-X/K9@C@FTX1830AKF9
Event Description : *Aug 13 21:41:35.835: %CLEAR-5-COUNTERS: Clear counter on all interfaces
by console
System Name : Router
Contact Email : admin@yourdomain.com
Contact Phone :
Street Address :
Affected Chassis : ISR4451-X/K9
Affected Chassis Serial Number : FTX1830AKF9
Affected Chassis Part No : 800-36894-03
Affected Chassis Hardware Version : 1.0
Supervisor Software Version : 15.4(20140812:034256)
Command Output Name : show logging
Attachment Type : command output
MIME Type : text/plain
Command Output Text : show logging
Syslog logging: enabled (0 messages dropped, 4 messages rate-limited, 0 flushes, 0 overruns,
xml disabled, filtering disabled)
NAME: "Power Supply Module 0", DESCR: "450W AC Power Supply for Cisco ISR4450, ISR4350"
PID: PWR-4450-AC , VID: V01, SN: DCA1822X0G4
NAME: "NIM subslot 0/0", DESCR: "Front Panel 4 ports Gigabitethernet Module"
PID: ISR4451-X-4x1GE , VID: V01, SN: JAB092709EL
Router#
NAME: "Power Supply Module 0", DESCR: "450W AC Power Supply for Cisco ISR4450, ISR4350"
PID: PWR-4450-AC , VID: V01, SN: DCA1822X0G4
NAME: "NIM subslot 0/0", DESCR: "Front Panel 4 ports Gigabitethernet Module"
PID: ISR4451-X-4x1GE , VID: V01, SN: JAB092709EL
Router#]]></aml-block:Data>
</aml-block:Attachment>
</aml-block:Attachments>
</aml-block:Block>
</soap-env:Body>
</soap-env:Envelope>
Additional References
The following sections provide references related to the Call Home feature.
Related Documents
Technical Assistance
Description Link
The Cisco Support website provides extensive online http://www.cisco.com/techsupport
resources, including documentation and tools for
troubleshooting and resolving technical issues with
Cisco products and technologies.
To receive security and technical information about
your products, you can subscribe to various services,
such as the Product Alert Tool (accessed from Field
Notices), the Cisco Technical Services Newsletter,
and Really Simple Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website
requires a Cisco.com user ID and password.
Modules Supported
For information about the interfaces and modules supported by the Cisco ISR 4400 series and Cisco ISR 4300
series routers, see http://www.cisco.com/c/en/us/products/routers/4000-series-integrated-services-routers-isr/
relevant-interfaces-and-modules.html.
Cisco 4-Port and 8-Port Layer 2 Gigabit EtherSwitch Network Interface Module
The Cisco 4-Port and 8-Port Layer 2 Gigabit EtherSwitch Network Interface Module (NIM) integrates the
Layer 2 features and provides a 1-Gbps connection to the multigigabit fabric (MGF) for intermodule
communication. For more information on configuring the Cisco 4-Port and 8-Port Layer 2 Gigabit EtherSwitch
NIM, see http://www.cisco.com/c/en/us/td/docs/routers/access/interfaces/NIM/software/configuration/guide/
4_8PortGENIM.html.
Note When ISR-WAAS is operational, do not perform online insertion or replacement (OIR) of NIM-SSD and
NIM-HDD.
For more information on the hardware characteristics of the SSD/HDD Carrier Card NIM, see the Hardware
Installation Guide for the Cisco 4000 Series Integrated Services Routers.
For more information on deactivating or reactivating a SSD/HDD Carrier Card NIM, see Deactivating and
Reactivating an SSD/HDD Carrier Card NIM, on page 255.
Note For a Cisco SSD carrier card NIM or Cisco HDD carrier card NIM, only slot 0 and one of the subslots 1, 2,
or 3 must be used.
The following example shows how to upgrade a Micron P400m disk to firmware revision 200 using the
upgrade hw-programmable module filename bootflash:filename slot/sub-slot command:
Router# upgrade hw-programmable module filename bootflash:nim_ssd_Micr nP400m_E200.bin
Info: Trying to upgrade Module in 0/3 with nim_ssd_MicronP400m_E200.bin
Info: Current NIM-SSD disk config.
Info: Disk1: rev: 0200 model: MicronP400m-MTFDDAK200MAN
Info: Disk2: rev: 0200 model: MicronP400m-MTFDDAK200MAN
/dev/sde:
fwdownload: xfer_mode=3 min=1 max=255 size=512
............................................................................................................
Done.
/dev/sdf:
fwdownload: xfer_mode=3 min=1 max=255 size=512
.............................................................................................................
Done.
Info: Performing post upgrade check ......
Info: Upgrade to Firmware version E200 on disk1 successful.
Info: Upgrade to Firmware version E200 on disk2 successful.
Info: Current NIM-SSD disk config.
Info: Disk1: rev: E200 model: MicronP400m
Error Monitoring
The drives in the Cisco SDD/HDD Carrier Card NIM are monitored for SMART errors. If a SMART error
occurs, a Cisco IOS error message is displayed, as shown in the following example:
%IOSXE-5-PLATFORM:logger: INFO:/dev/sde:SMART error present:please do
'more bootflash:/tracelogs/smart_errors.log'.
You can find additional information in the error log at: bootflash:/tracelogs/smart_errors.log
Note Cisco 4221 ISR does not support 2GE-CU-SFP Network Interface Module.
• The following example shows how to exit a session from the router, by pressing Ctrl-A followed by
Ctrl-Q on your keyboard:
type ^a^q
picocom v1.4
port is : /dev/ttyDASH2
flowcontrol : none
baudrate is : 9600
parity is : none
databits are : 8
escape is : C-a
noinit is : no
noreset is : no
nolock is : yes
send_cmd is : ascii_xfr -s -v -l10
receive_cmd is : rz -vv
Note When ISR-WAAS is operational, do not perform online insertion or replacement (OIR).
Deactivating a Module
A module can be removed from the router without first being deactivated. However, we recommend that you
perform a graceful deactivation (or graceful power down) of the module before removing it. To perform a
graceful deactivation, use the hw-module subslot slot/subslot stop command in EXEC mode.
Note When you are preparing for an OIR of a module, it is not necessary to independently shut down each of the
interfaces before deactivating the module. The hw-module subslot slot/subslot stop command in EXEC mode
automatically stops traffic on the interfaces and deactivates them along with the module in preparation for
OIR. Similarly, you do not have to independently restart any of the interfaces on a module after OIR.
The following example shows how to use the show facility-alarm status command to verify if any critical
alarm is generated when a module is removed from the system:
Router# show facility-alarm status
System Totals Critical: 5 Major: 1 Minor: 0
Note A critical alarm (Active Card Removed OIR Alarm) is generated even if a module is removed after performing
graceful deactivation.
To deactivate a module and all of its interfaces before removing the module, use one of the following commands
in global configuration mode.
Procedure
Step 2 hw-module subslot slot/subslot [reload | stop | start] Deactivates the module in the specified slot and subslot,
where:
Example:
Router# hw-module subslot 0/2 stop • slot—Specifies the chassis slot number where the
module is installed.
• subslot—Specifies the subslot number of the chassis
where the module is installed.
• reload—Stops and restarts the specified module.
• stop—Removes all interfaces from the module and
the module is powered off.
• start—Powers on the module similar to a physically
inserted module in the specified slot. The module
firmware reboots and the entire module initialization
sequence is executed in the IOSd and Input/Output
Module daemon (IOMd) processes.
Caution Deactivation of an SSD/HDD Carrier Card NIM may cause loss of data.
Procedure
Step 2 no activate Shuts down the kWAAS instance on your router. kWAAS
services remain installed. The service will have to be
Example:
reactivated after the HDD/SSD NIM (module) is restarted.
Router(config-virt-serv)# no activate
Step 3 hw-module subslot slot/subslot [reload | stop | start] Deactivates or reactivates the module in the specified slot
and subslot.
Example:
Router# hw-module subslot 0/2 stop • slot—The chassis slot number where the module is
Proceed with stop of module? [confirm] installed.
Router#
*Mar 6 15:13:23.997: %SPA_OIR-6-OFFLINECARD: SPA • subslot—The subslot number of the chassis where the
(NIM-SSD) offline in subslot 0/2 module is installed.
...
• reload—Deactivates and reactivates (stops and
restarts) the specified module.
• stop—Removes all interfaces from the module and
the module is powered off.
• start—Powers on the module similar to a physically
inserted module in the specified slot. The module
firmware reboots and the entire module initialization
sequence is executed in the IOSd and IOMd processes.
Step 4 Wait for the EN (Enable) LED to turn off, and then remove
the SSD/HDD Carrier Card NIM.
Reactivating a Module
If, after deactivating a module using the hw-module subslot slot/subslot stop command, you want to reactivate
it without performing an OIR, use one of the following commands (in privileged EXEC mode):
• hw-module subslot slot/subslot start
• hw-module subslot slot/subslot reload
2. To verify activation and proper operation of a module, enter the show hw-module subslot all oir command
and observe "ok" in the Operational Status field as shown in the following example:
Router# show hw-module subslot all oir
Port block masks: rows=from port, columns=to port, u=unknown unicast, m=unknown multicast,
b=broadcast, A=all
CP FFP 1/0/1 1/0/0 2/0/1 2/0/0 0/1/1 0/1/0 0/2/1 0/2/0 0/3/1
0/3/0 0/4/1 0/4/0 drops
-------------------------------------------------------------------------------------------------------------
CP - A um um um um um um um um um
um um um 1
FFP A - - - - - - - - - -
- - - 0
1/0/1 um umb - umb umb umb umb umb umb umb umb
umb umb umb 0
1/0/0 um umb umb - umb umb umb umb umb umb umb
umb umb umb 6
2/0/1 um umb umb umb - umb umb umb umb umb umb
umb umb umb 0
2/0/0 um umb umb umb umb - umb umb umb umb umb
umb umb umb 6
0/1/1 um umb umb umb umb umb - umb umb umb umb
umb umb umb 0
0/1/0 um umb umb umb umb umb umb - umb umb umb
umb umb umb 0
0/2/1 um umb umb umb umb umb umb umb - umb umb
umb umb umb 0
0/2/0 um umb umb umb umb umb umb umb umb - umb
umb umb umb 0
0/3/1 um umb umb umb umb umb umb umb umb umb -
umb umb umb 0
0/3/0 um umb umb umb umb umb umb umb umb umb umb
- umb umb 0
0/4/1 um umb umb umb umb umb umb umb umb umb umb
umb - umb 0
0/4/0 um umb umb umb umb umb umb umb umb umb umb
umb umb - 0
Port VLAN membership: [untagged vlan] U=untagged T=tagged <VLAN range begin>-<VLAN range
end>
128~255 0 0
256~511 0 0
512~1023 0 0
1024~1518 0 0
1519~2047 0 0
2048~4095 0 0
4096~9216 0 0
9217~16383 0 0
Max 0 0
Good 0 0
CoS 0 0 0
CoS 1 0 0
CoS 2 0 0
CoS 3 0 0
CoS 4 0 0
CoS 5 0 0
CoS 6 0 0
CoS 7 0 0
Unicast 0 0
Multicast 0 0
Broadcast 0 0
Control 0
Errored
FCS 0 0
Undersize 0
Ether len 0
Fragment 0 0
Jabber 0
MTU ck, good 0
MTU ck, bad 0
Tx underflow 0
err symbol 0
frame err 0
junk 0
Drops
CoS 0 0 0
CoS 1 0 0
CoS 2 0 0
CoS 3 0 0
CoS 4 0 0
CoS 5 0 0
CoS 6 0 0
CoS 7 0 0
STP 0
backpress 0
congest 0 0
purge/cell 0
no destination 0
Pause PFC 0 0
CoS 0 0
CoS 1 0
CoS 2 0
CoS 3 0
CoS 4 0
CoS 5 0
CoS 6 0
CoS 7 0
You are not required to perform any configuration tasks on the backplane switch; all the configurations are
performed from the module, which may or may not lead to changes on the backplane switch. For more
information on installing an adapter, see the Hardware Installation Guide for the Cisco ISR 4000 Series
Integrated Services Routers.
Note Layer 2 protocols, such as the IEEE 802.1D Spanning Tree Protocol (STP), are not supported in the backplane
Ethernet switch.
0 2 GE0 0 0 0 0
0 3 GE1 0 0 0 0
0 3 GE0 0 0 0 0
0 4 GE1 0 0 0 0
0 4 GE0 0 0 0 0
0 0 FFP 0 0 0 0
0 0 FFP 0 0 0 0
Router# show platform hardware backplaneswitch-manager rp active subslot 1/0 GE0 statistics
Broadcom 1G port(e.g: NIM, ESM, CP) status:
Rx pkts Rx Bytes Tx Pkts Tx Bytes
-----------------------------------------------------------------------------------------
All 6306 407477 6241 9360934
=64 6237 72
65~127 66 3
128~255 0 0
256~511 1 3
512~1023 2 0
1024~1518 0 6163
1519~2047 0 0
2048~4095 0 0
4096~9216 0 0
Good 6306 6241
CoS 0 6171 9356426
CoS 1 0 0
CoS 2 0 0
CoS 3 0 0
CoS 4 0 0
CoS 5 0 0
CoS 6 70 4508
CoS 7 0 0
Unicast 6294 6241
Multicast 6 0
Broadcast 6 0
Control 0 0
VLAN 0 0
Errored
FCS 0 0
Runts 0 0
Undersize 0
Ether len 0
Fragment 0 0
Jabber 0 0
MTU 0
Drops
CoS 0 0 0
CoS 1 0 0
CoS 2 0 0
CoS 3 0 0
CoS 4 0 0
CoS 5 0 0
CoS 6 0 0
CoS 7 0 0
STP 0
backpress 0
congest 0 0
purge/cell 0
no destination 65
Pause 0 0
NAME: "Power Supply Module 1", DESCR: "Cisco 4451-X ISR 450W AC Power Supply"
PID: XXX-XXXX-XX , VID: XXX, SN: DCA1623X05N
NAME: "NIM subslot 0/1", DESCR: " NIM-1MFT-T1/E1 - T1/E1 Serial Module"
PID: NIM-1MFT-T1/E1 , VID: V01, SN: FOC16254E71
NAME: "subslot 0/1 db module 0", DESCR: "PVDM4-TDM-280 Voice DSP Module"
PID: PVDM4-TDM-280 , VID: V01, SN: FOC16290GRT
NAME: "NIM subslot 0/0", DESCR: "Front Panel 4 ports Gigabitethernet Module"
PID: ISR4451-X-4x1GE , VID: V01, SN: JAB092709EL
NAME: "SM subslot 2/0", DESCR: "SM-X-1T3/E3 - Clear T3/E3 Serial Module"
PID: SM-1T3/E3 , VID: V01, SN: FOC15495HSE
Note Cisco ISR 4321 does not display the serial numbers of power supply and fan tray with the show inventory
command.
• show platform
• show platform software backplaneswitch-manager RP [active [detail]]
• show platform hardware backplaneswitch-manager RPactive CP statistics
• show platform hardware backplaneswitch-manager RP active summary
• show platform hardware backplaneswitch-manager [R0 [status] | RP]
• show diag all eeprom details
show platform
Router# show platform
Chassis type: ISR4451/K9
Field Description
Insert Time Time since the module has been up and running
------------------------------------------------------------------------------------------
0 0 CP 242 0 0 0
1 0 GE1 0 0 0 0
1 0 GE0 0 0 0 0
2 0 GE1 0 0 0 0
2 0 GE0 0 0 0 0
0 1 GE1 0 0 0 0
0 1 GE0 0 0 0 0
0 2 GE1 0 0 0 0
0 2 GE0 0 0 0 0
0 3 GE1 0 0 0 0
0 3 GE0 0 0 0 0
0 4 GE1 0 0 0 0
0 4 GE0 0 0 0 0
0 0 FFP 0 0 0 0
CP FFP 1/0/1 1/0/0 2/0/1 2/0/0 0/1/1 0/1/0 0/2/1 0/2/0 0/3/1 0/3/0
0/4/1 0/4/0 drops
-------------------------------------------------------------------------------------------------------------
CP - A um um um um um um um um um um
um um 1
FFP A - - - - - - - - - - -
- - 0
1/0/1 um umb - umb umb umb umb umb umb umb umb umb
umb umb 0
1/0/0 um umb umb - umb umb umb umb umb umb umb umb
umb umb 6
2/0/1 um umb umb umb - umb umb umb umb umb umb umb
umb umb 0
2/0/0 um umb umb umb umb - umb umb umb umb umb umb
umb umb 6
0/1/1 um umb umb umb umb umb - umb umb umb umb umb
umb umb 0
0/1/0 um umb umb umb umb umb umb - umb umb umb umb
umb umb 0
0/2/1 um umb umb umb umb umb umb umb - umb umb umb
umb umb 0
0/2/0 um umb umb umb umb umb umb umb umb - umb umb
umb umb 0
0/3/1 um umb umb umb umb umb umb umb umb umb - umb
umb umb 0
0/3/0 um umb umb umb umb umb umb umb umb umb umb -
umb umb 0
0/4/1 um umb umb umb umb umb umb umb umb umb umb umb
- umb 0
0/4/0 um umb umb umb umb umb umb umb umb umb umb umb
umb - 0
Port VLAN membership: [untagged vlan] U=untagged T=tagged <VLAN range begin>-<VLAN range
end>
EEPROM version : 4
Compatible Type : 0xFF
PCB Serial Number : FOC15520B7L
Controller Type : 1902
EEPROM version 4 :
Compatible Type :
0xFF
Controller Type :
1509
Unknown Field (type 00DF):
1.85.1.236.1
Deviation Number 0 :
PCB Serial Number :
DCA1547X037
RMA Test History 00:
RMA Number :
0-0-0-0
RMA History 00:
Version Identifier (VID) :
XXX
Product Identifier (PID) :
XXX-XXXX-XX
CLEI Code :
0000000000
Environment Monitor Data :
41 01 C2 42 00 05 F8 00
50 01 F4 1B 58 03 E8 1F
4A 05 DC 21 34 07 D0 21
FC 09 C4 22 60 0B B8 22
92 0D AC 22 D8 0F A0 22
F8 11 94 22 F6 13 88 23
3C 15 7C 23 28 17 70 23
00 19 64 22 D8 1B 58 22
C4 1D 4C 22 BA 1F 40 22
A6 21 34 22 9C 23 28 22
92 25 1C 22 88 27 10 22
60
Board Revision : P0
Power/Fan Module P1 EEPROM data is not initialized
EEPROM version : 4
Compatible Type : 0xFF
PCB Serial Number : FOC15520B7L
Controller Type : 1902
Hardware Revision : 1.0
PCB Part Number : 73-13854-02
Top Assy. Part Number : 800-36894-01
Board Revision : 05
Deviation Number : 123968
Fab Version : 02
Product Identifier (PID) : ISR4451/K9
Version Identifier (VID) : V01
CLEI Code : TDBTDBTDBT
Processor type : D0
Chassis Serial Number : FGL1601129D
Chassis MAC Address : 30f7.0d53.c7e0
EEPROM version : 4
Compatible Type : 0xFF
Controller Type : 3567
Hardware Revision : 4.1
PCB Part Number : 73-12387-01
MAC Address block size : 15
Chassis MAC Address : aabb.ccdd.eeff
Product Identifier (PID) : ISR4451-FP
Version Identifier (VID) : V00
PCB Serial Number : FP123456789
Asset ID :
Slot 0 EEPROM data:
EEPROM version : 4
Compatible Type : 0xFF
Controller Type : 1612
Hardware Revision : 4.1
PCB Part Number : 73-12387-01
MAC Address block size : 15
Chassis MAC Address : aabb.ccdd.eeff
Product Identifier (PID) : ISR4451-NGSM
Version Identifier (VID) : V00
PCB Serial Number : NGSM1234567
Asset ID :
Slot 1 EEPROM data:
EEPROM version : 4
Compatible Type : 0xFF
Controller Type : 1612
Hardware Revision : 4.1
PCB Part Number : 73-12387-01
MAC Address block size : 15
Chassis MAC Address : aabb.ccdd.eeff
Product Identifier (PID) : ISR4451-NGSM
Version Identifier (VID) : V00
PCB Serial Number : NGSM1234567
Asset ID :
Slot 2 EEPROM data:
EEPROM version : 4
Compatible Type : 0xFF
Controller Type : 1612
Hardware Revision : 4.1
PCB Part Number : 73-12387-01
MAC Address block size : 15
Chassis MAC Address : aabb.ccdd.eeff
Product Identifier (PID) : ISR4451-NGSM
Version Identifier (VID) : V00
PCB Serial Number : NGSM1234567
Asset ID :
SPA EEPROM data for subslot 0/0:
EEPROM version : 5
Compatible Type : 0xFF
Controller Type : 1902
Hardware Revision : 2.2
Boot Timeout : 400 msecs
PCB Serial Number : JAB092709EL
Configuration Examples
This section provides examples of deactivating and activating modules.
Enabling Auto-Detect
When the media-type is not configured, the Auto-Detect feature is enabled by default. The Auto-Detect feature
automatically detects the media that is connected and links up. If both the media are connected, whichever
media comes up first is linked. By default, the media-type on FPGE ports is set to auto-select. User can
overwrite the media-type configuration to either RJ-45 or SFP using the media-type rj45/sfp command under
the FPGE interface. The media type configuration also falls back to “Auto-select” mode when the no
media-type command is configured. You can use the no media-type command in interface configuration
mode to enable the Auto-Detect feature.
Configuring Auto-Detect
The Auto-Detect feature is enabled by default on the Front Panel Gige Ports. It is enabled by either configuring
"media-type auto-select" or "no media-type". To configure the Auto-Detect, perform these steps:
SUMMARY STEPS
1. configure terminal
2. interface gigabitethernet {slot | bay| port}
3. media-type auto-select
4. End
DETAILED STEPS
Step 2 interface gigabitethernet {slot | bay| port} Enters interface configuration mode.
Example:
Router(config)# interface gigabitethernet slot/port
Examples
The following example shows the default configuration and the show running configuration does
not show any media type when the no media-type is selected.
Router(config)# show running interface gigabitethernet 0/0/0
Building configuration...
SUMMARY STEPS
1. configure terminal
2. interface gigabitethernet {slot | port}
3. media-type rj45 autofailover
4. End
DETAILED STEPS
Step 3 media-type rj45 autofailover Configures the port with rj45 as the primary media for
automatic failover.
Example:
Router(config-if)# media-type rj45 autofailover
Examples
The following example shows the primary configuration.
Router(config)# show running interface gigabitethernet 0/0/0
Building configuration...
IPv6 addresses commonly contain successive hexadecimal fields of zeros. Two colons (::) may be used to
compress successive hexadecimal fields of zeros at the beginning, middle, or end of an IPv6 address (the
colons represent successive hexadecimal fields of zeros). The table below lists compressed IPv6 address
formats.
An IPv6 address prefix, in the format ipv6-prefix/prefix-length, can be used to represent bit-wise contiguous
blocks of the entire address space. The ipv6-prefix must be in the form documented in RFC 2373 where the
address is specified in hexadecimal using 16-bit values between colons. The prefix length is a decimal value
that indicates how many of the high-order contiguous bits of the address comprise the prefix (the network
portion of the address). For example, 2001:cdba::3257:9652 /64 is a valid IPv6 prefix.
Link-Lock Address
A link-local address is an IPv6 unicast address that can be automatically configured on any interface using
the link-local prefix FE80::/10 (1111 1110 10) and the interface identifier in the modified EUI-64 format. An
link-local address is automatically configured on the cellular interface when an IPv6 address is enabled.
After the data call is established, the link-local address on the celluar interface is updated with the host generated
link-local address that consists of the link-local prefix FF80::/10 (1111 1110 10) and the auto-generated
interface identifier from the USB hardware address. The figure below shows the structure of a link-local
address.
Global Address
A global IPv6 unicast address is defined by a global routing prefix, a subnet ID, and an interface ID. The
routing prefix is obtained from the PGW. The Interface Identifier is automatically generated from the USB
hardware address using the interface identifier in the modified EUI-64 format. The USB hardware address
changes after the router reloads.
SUMMARY STEPS
1. configure terminal
2. interface Cellular {type|number}
3. ip address negotiated
4. encapsulation slip
5. load-intervalseonds
6. dialer in-band
7. dialer idle-timeout seonds
8. dialer string string
9. dialer-groupgroup-number
10. no peer default ip address
11. ipv6 address autoconfig
12. async mode interactive
13. routing dynamic
14. dialer-listdialer-groupprotocolprotocol-name {permit |deny|list |access-list-number
| access-group }
15. ipv6 route ipv6-prefix/prefix-length 128
16. End
DETAILED STEPS
Step 3 ip address negotiated Specifies that the IP address for a particular interface is
dynamically obtained.
Example:
Router(config-if)# ipv6 address negotiated
Step 5 load-intervalseonds Specifies the length of time for which data is used to
compute load statistics.
Example:
Router(config-if)# load-interval 30
Step 6 dialer in-band Enables DDR and configures the specified serial interface
to use in-band dialing.
Example:
Router(config-if)# dialer in-band
Step 7 dialer idle-timeout seonds Specifies the dialer idle timeout period.
Example:
Router(config-if)# dialer idle-timeout 0
Step 9 dialer-groupgroup-number Specifies the number of the dialer access group to which
the specific interface belongs.
Example:
Router(config-if)# dialer-group 1
Step 10 no peer default ip address Removes the default address from your configuration.
Example:
Router(config-if)# no peer default ip address
Step 11 ipv6 address autoconfig Enables automatic configuration of IPv6 addresses using
stateless autoconfiguration on an interface and enables
Example:
IPv6 processing on the interface.
Router(config-if)# ipv6 address autoconfig
Step 14 dialer-listdialer-groupprotocolprotocol-name {permit Defines a dial-on-demand routing (DDR) dialer list for
|deny|list |access-list-number | dialing by protocol or by a combination of a protocol and
access-group } a previously defined access list.
Example:
Router(config)# dialer-list 1 protocol ipv6 permit
Examples
The following example shows the Cellular IPv6 configuration .
Router(config)# interface Cellular0/0/0
ip address negotiated
encapsulation slip
load-interval 30
dialer in-band
dialer idle-timeout 0
dialer string lte
dialer-group 1
no peer default ip address
ipv6 address autoconfig
async mode interactive
routing dynamic
!
interface Cellular0/1/0
ip address negotiated
encapsulation slip
load-interval 30
dialer in-band
dialer idle-timeout 0
dialer string lte
dialer-group 1
no peer default ip address
ipv6 address autoconfig
async mode interactive
routing dynamic
Call Waiting
With the Call Waiting feature, you can receive a second call while you are on the phone attending to another
call. When you receive a second call, you hear a call-waiting tone (a tone with a 300 ms duration). Caller ID
appears on phones that support caller ID. You can use hookflash to answer a waiting call and place the
previously active call on hold. By using hookflash, you can toggle between the active and a call that is on
hold. If the Call Waiting feature is disabled, and you hang up the current call, the second call will hear a busy
tone. For more information on Call Waiting, see http://www.cisco.com/c/en/us/td/docs/ios/voice/sip/
configuration/guide/15_0/sip_15_0_book/sip_cg-hookflash.html#wp999028
Call Transfers
Call transfers are when active calls are put on hold while a second call is established between two users. After
you establish the second call and terminate the active call, the call on hold will hear a ringback. The Call
Transfer feature supports all three types of call transfers—blind, semi-attended, and attended. For more
information on Call Transfers, see the http://www.cisco.com/c/en/us/td/docs/ios/voice/sip/configuration/guide/
15_0/sip_15_0_book/sip_cg-hookflash.html#wp999084
E1 R2 Signaling Configuration
To configure the E1 R2, perform these steps:
SUMMARY STEPS
1. Set up the controller E1 that connects to the private automatic branch exchange (PBX) or switch.
2. For E1 framing, choose either CRC or non-CRC
3. For E1 linecoding, choose either HDB3 or AMI.
4. For the E1 clock source, choose either internal or line. Note that different PBXs have different requirements
on the clock source.
5. Configure line signaling.
6. Configure interregister signaling.
7. Customize the configuration with the cas-custom command.
DETAILED STEPS
Step 1 Set up the controller E1 that connects to the private automatic branch exchange (PBX) or switch.
Ensure that the framing and linecoding of the E1 are properly set.
...
The Cisco implementation of R2 signaling has Dialed Number Identification Service (DNIS) support enabled by default.
If you enable the Automatic Number Identification (ANI) option, the collection of DNIS information is still performed.
Specification of the ANI option does not disable DNIS collection. DNIS is the number that is called and ANI is the
number of the caller. For example, if you configure a router called A to call a router called B, then the DNIS number is
assigned to router B and the ANI number is assigned to router A. ANI is similar to caller ID.
voice-port 0/2/0:1
!
dial-peer voice 200 pots
destination-pattern 43200
direct-inward-dial
port 0/2/0:1
R2 Configurations
The configurations have been modified in order to show only the information that this document
discusses.
Configured for R2 Digital Non-Compelled
hostname eefje
!
controller E1 0
clock source line primary
dso-group 1 timeslots 1-15 type r2-digital r2-non-compelled
cas-custom 1
!
voice-port 0:1
cptone BE
cptone
.
!
dial-peer voice 123 pots
destination-pattern 123
direct-inward-dial
port 0:1
prefix 123
!
dial-peer voice 567 voip
destination-pattern 567
session target ipv4:10.0.0.2
!
voice-port 0:1
cptone BE
cptone
.
This example shows the output for the debug vpm sig command.
Exception Logging: size (4096 bytes) Count and timestamp logging messages: disabled
Persistent logging: disabledNo active filter modules.
Trap logging: level informational, 172 message lines logged
Logging Source-Interface:
VRF Name:Log Buffer (4096 bytes):0): DSX (E1 0/2/0:0): STATE: R2_IN_COLLECT_DNIS R2 Got
Event 1
*Jan 29 21:32:22.258:r2_reg_generate_digits(0/2/0:1(1)): Tx digit '1'
*Jan 29 21:32:22.369: htsp_digit_ready(0/2/0:1(1)): Rx digit='#'
*Jan 29 21:32:22.369: R2 Incoming Voice(0/0): DSX (E1 0/2/0:0):STATE: R2_IN_COLLECT_DNIS
R2 Got Event R2_TONE_OFF
*Jan 29 21:32:22.369: r2_reg_generate_digits(0/2/0:1(1)): Tx digit '#'
*Jan 29 21:32:22.569: htsp_dialing_done(0/2/0:1(1))
*Jan 29 21:32:25.258: R2 Incoming Voice(0/0): DSX (E1 0/2/0:0):STATE: R2_IN_COLLECT_DNIS
R2 Got Event R2_TONE_TIMER
*Jan 29 21:32:25.258: r2_reg_generate_digits(0/2/0:1(1)): Tx digit '3#'
*Jan 29 21:32:25.520: htsp_digit_ready_up(0/2/0:1(1)): Rx digit='1'
*Jan 29 21:32:25.520: R2 Incoming Voice(0/0): DSX (E1 0/2/0:0): STATE: R2_IN_CATEGORY R2
Got Event 1
*Jan 29 21:32:25.520: Enter r2_comp_category
*Jan 29 21:32:25.520: R2 Event : 1
*Jan 29 21:32:25.520: ####### collect_call_enable = 0
*Jan 29 21:32:25.520: ######## Not Sending B7 ##################
*Jan 29 21:32:25.520: r2_reg_event_proc(0/2/0:1(1)) ADDR_INFO_COLLECTED (DNIS=39001,
ANI=39700)
*Jan 29 21:32:25.520: r2_reg_process_event: [0/2/0:1(1), R2_REG_COLLECTING,
E_R2_REG_ADDR_COLLECTED(89)]
*Jan 29 21:32:25.520: r2_reg_ic_addr_collected(0/2/0:1(1))htsp_switch_ind
*Jan 29 21:32:25.521: htsp_process_event: [0/2/0:1(1), R2_Q421_IC_WAIT_ANSWER,
E_HTSP_SETUP_ACK]
*Jan 29 21:32:25.521: r2_q421_ic_setup_ack(0/2/0:1(1)) E_HTSP_SETUP_ACK
*Jan 29 21:32:25.521: r2_reg_switch(0/2/0:1(1))
*Jan 29 21:32:25.521: r2_reg_process_event: [0/2/0:1(1), R2_REG_WAIT_FOR_SWITCH,
E_R2_REG_SWITCH(96)]
*Jan 29 21:32:25.521: r2_reg_ic_switched(0/2/0:1(1))
*Jan 29 21:32:25.522: htsp_process_event: [0/2/0:1(1), R2_Q421_IC_WAIT_ANSWER,
E_HTSP_PROCEEDING]
*Jan 29 21:32:25.530:htsp_call_bridged invoked
*Jan 29 21:32:25.530: r2_reg_event_proc(0/2/0:1(1)) ALERTING RECEIVED
*Jan 29 21:32:25.530: R2 Incoming Voice(0/0): DSX (E1 0/2/0:0): STATE: R2_IN_WAIT_REMOTE_ALERT
R2 Got Event R2_ALERTING
*Jan 29 21:32:25.530:rx R2_ALERTING in r2_comp_wait_remote_alert
*Jan 29 21:32:25.530: r2_reg_generate_digits(0/2/0:1(1)): Tx digit '1'htsp_alert_notify
This example shows the output for the debug vtsp all command.
Event=E_DSM_CC_CAPS_ACK
*Jan 29 21:56:34.691: //213/85E8EDFC81D1/VTSP:(0/2/0:1):0:1:1/vtsp_dsm_peer_event_cb:
Event=E_DSM_CC_CAPS_ACK
*Jan 29 21:56:34.692: //213/85E8EDFC81D1/VTSP:(0/2/0:1):0:1:1/vtsp_dsm_feature_notify_cb:
Feature ID=0, Feature Status=1
*Jan 29 21:56:34.692: //213/85E8EDFC81D1/VTSP:(0/2/0:1):0:1:1/vtsp_dsm_reactivate_ringback:
*Jan 29 21:56:34.692:
//213/85E8EDFC81D1/VTSP:(0/2/0:1):0:1:1/vtsp_dsm_reactivate_ringback:exit@1299
*Jan 29 21:56:34.693: //213/85E8EDFC81D1/VTSP:(0/2/0:1):0:1:1/vtsp_dsm_feature_notify_cb:
Feature ID=0, Feature Status=1
*Jan 29 21:56:34.693: //213/85E8EDFC81D1/VTSP:(0/2/0:1):0:1:1/vtsp_dsm_reactivate_ringback:
*Jan 29 21:56:34.693:
//213/85E8EDFC81D1/VTSP:(0/2/0:1):0:1:1/vtsp_dsm_reactivate_ringback:exit@1299
*Jan 29 21:56:34.693: //213/85E8EDFC81D1/VTSP:(0/2/0:1):0:1:1/vtsp_dsm_feature_notify_cb:
Feature ID=0, Feature Status=1
*Jan 29 21:56:34.693: //213/85E8EDFC81D1/VTSP:(0/2/0:1):0:1:1/vtsp_dsm_reactivate_ringback:
*Jan 29 21:56:34.693:
//213/85E8EDFC81D1/VTSP:(0/2/0:1):0:1:1/vtsp_dsm_reactivate_ringback:exit@1299
*Jan 29 21:56:58.140: //213/85E8EDFC81D1/VTSP:(0/2/0:1):0:1:1/vtsp_call_connect: Connected
Name
*Jan 29 21:56:58.140: //213/85E8EDFC81D1/VTSP:(0/2/0:1):0:1:1/vtsp_call_connect: Connected
Number 39701
*Jan 29 21:56:58.140: //213/85E8EDFC81D1/VTSP:(0/2/0:1):0:1:1/vtsp_call_connect: Connected
oct3a 30
*Jan 29 21:56:58.140: //213/85E8EDFC81D1/VTSP:(0/2/0:1):0:1:1/vtsp_process_event:
[state:S_ALERTING, event:E_CC_CONNECT]
*Jan 29 21:56:58.140: //213/85E8EDFC81D1/VTSP:(0/2/0:1):0:1:1/act_alert_connect: Progress
Indication=2
*Jan 29 21:56:58.140: //213/85E8EDFC81D1/VTSP:(0/2/0:1):0:1:1/vtsp_ring_noan_timer_stop:
Timer Stop Time=80499620
*Jan 29 21:56:58.142: //213/85E8EDFC81D1/VTSP:(0/2/0:1):0:1:1/vtsp_process_event:
[state:S_CONNECT, event:E_CC_SERVICE_MSG]
*Jan 29 21:56:58.142: //213/85E8EDFC81D1/VTSP:(0/2/0:1):0:1:1/act_service_msg_down:
*Jan 29 21:56:58.142: //213/85E8EDFC81D1/VTSP:(0/2/0:1):0:1:1/vtsp_timer_stop: Timer
Stop Time=80499620
*Jan 29 21:56:58.144: //213/85E8EDFC81D1/VTSP:(0/2/0:1):0:1:1/vtsp_dsm_fpi_event_cb:
Event=E_DSMP_FPI_ENABLE_TDM_RTCP
• The Digital T1/E1 Packet Voice Trunk Network Module can have one or two slots for voice/WAN
Interface Network Modules (NIMs); NIM supports one to eight ports. Only the dual-mode (voice/WAN)
multiple trunk cards are supported in the digital E1 packet voice trunk network module, not older VICs.
• Drop-and-Insert capability is supported only between two ports on the same multiple card.
SUMMARY STEPS
1. configure terminal {ip-address | interface-type interface-number [ip-address]}
2. voice-card slot/subslot
3. controller T1/E1 slot/subslot/port
4. framing {sf | esf }
5. linecode {b8zs | ami}
6. ds0-group ds0-group-notimeslots timeslot-list type{e&m-fgd | fgd-eana}
7. no shutdown
8. exit
DETAILED STEPS
Step 2 voice-card slot/subslot Enters voice card interface configuration mode and specify
the slot location by using a value from 0 to 5, depending
Example:
upon your router.
Router(config)# voice-card slot/subslot
Step 3 controller T1/E1 slot/subslot/port Enters controller configuration mode for the T1 controller
at the specified slot/port location. Valid values for slot and
Example:
port are 0 and 1.
Router(config)# controller T1 slot/subslot/port
Step 4 framing {sf | esf } Sets the framing according to your service provider's
instructions. Choose Extended Superframe (ESF) format
Example:
or Superframe (SF) format.
Router(config)# framing {sf | esf}
Step 5 linecode {b8zs | ami} Sets the line encoding according to your service provider's
instructions. Bipolar-8 zero substitution (B8ZS) encodes a
sequence of eight zeros in a unique binary sequence to detect
line coding violations. Alternate mark inversion (AMI)
represents zeros using a 01 during each bit cell, and ones
are represented by 11 or 00, alternately, during each bit cell.
AMI requires that the sending device maintain ones density.
Step 6 ds0-group ds0-group-notimeslots timeslot-list Defines the T1 channels for use by compressed voice calls
type{e&m-fgd | fgd-eana} as well as the signaling method the router uses to connect
to the PBX or CO. ds0-group-no is a value from 0 to 23
that identifies the DS0 group. Note The ds0-group command
automatically creates a logical voice port that is numbered
as follows: slot/port:ds0-group-no. Although only one voice
port is created, applicable calls are routed to any channel
in the group. timeslot-list is a single number, numbers
separated by commas, or a pair of numbers separated by a
hyphen to indicate a range of timeslots. For T1, allowable
values are from 1 to 24. To map individual DS0 timeslots,
define additional groups. The system maps additional voice
ports for each defined group. The signaling method selection
for type depends on the connection that you are making.
The e&m-fgd setting allows E&M interface connections
for PBX trunk lines (tie lines) and telephone equipment to
use feature group D switched-access service. The fgd-eana
setting supports the exchange access North American
(EANA) signaling.
Step 8 exit Exits controller configuration mode. Skip the next step if
you are not setting up Drop and Insert .
Multicast Music-on-Hold
The Music-on-Hold (MOH) feature enables you to subscribe to a music streaming service when you are using
a Cisco IOS MGCP voice gateway. Music streams from an MOH server to the voice interfaces of on-net and
off-net callers that have been placed on hold. Cisco Communications Manager supports the capability to place
callers on hold with music supplied from a streaming multicast MOH server.
By means of a preconfigured multicast address on the Cisco Unified Communications Manager or gateway,
the gateway can "listen" for Real-Time Transport Protocol (RTP) packets that are broadcast from a default
router in the network and can relay the packets to designated voice interfaces in the network. You can initiate
the call on hold. However, you cannot initiate music on hold on a MGCP controlled analog phone. Whenever
a called party places a calling party on hold, Cisco Communications Manager requests the MOH server to
stream RTP packets to the "on-hold" interface through the preconfigured multicast address. In this way, RTP
packets are relayed to appropriately configured voice interfaces that have been placed on hold. When you
configure a multicast address on a gateway, the gateway sends an Internet Gateway Management Protocol
(IGMP) "join" message to the default router, indicating to the default router that the gateway is ready to receive
RTP multicast packets.
Multiple MOH servers can be present in the same network, but each server must have a different Class D IP
address, and the address must be configured in Cisco Communications Manager and the MGCP voice gateways.
For more information on configuring MOH, see the http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/voice/
cminterop/configuration/15-0m/vc-15-0m-book/
vc-ucm-mgcp-gw.html#GUID-A3461142-2F05-4420-AEE6-032FCA3B7952
Note Cisco Unified Communications Manager (CUCM) Version 14SU2 has been enhanced to support Secured
SCCP gateways with the Subject Name field (CN Name) with or without colons, for example, AA:22:BB:44:55
or AA22BB4455.
CUCM checks the CN field of the incoming certificate from the SCCP Gateway and verifies it against the
DeviceName configured in CUCM for this gateway. DeviceName contains MAC address of the gateway.
CUCM converts the MAC address in the DeviceName to MAC address with colons (for example:
AA:22:BB:44:55) and validates with the CN name in the Gateway's certificate. Therefore, CUCM mandates
Gateway to use MAC address with colons for the CN field in the certificate, that is, subject name.
Due to new guidelines from Defense Information Systems Agency (DISA), it is a requirement not to use
colons for the subject name field CN. For example, AA22BB4455.
If the handshaking is completed successfully, a REGISTER message is sent to Cisco Unified Communications
Manager through the secure tunnel. If handshaking fails and a retry is needed, a new process is initiated.
Cipher Suites
For SCCP-based signaling, TLS_RSA_WITH_AES_128_CBC_SHA cipher suite is supported.
From Cisco IOS XE Cupertino 17.7.1a, the following NGE cipher suites are also supported:
• ECDHE-RSA-AES128-GCM-SHA256
• ECDHE-RSA-AES256-GCM-SHA384
These cipher suites enable secure voice signaling for both the STCAPP analog phone and the SCCP DSPFarm
conferencing service. The cipher suite selection is negotiated between gateway and CUCM.
The following prerequisites are applicable for using NGE cipher suites:
• Configure TLS 1.2. For more information, see Configuring TLS version for STC application, on page
294.
• Use CUCM Release 14.1 SU1 or later, and Voice Gateways or platforms that support TLS 1.2.
• From the CUCM Web UI, navigate to Cipher Management and set the CIPHER switch as NGE. For
more information, see Cipher Management.
For more information about verifying cipher suites, see Verifying TLS Version and Cipher Suites, on page
294.
For the SRTP-encrypted media, you can use higher-grade cipher suites - AEAD-AES-128-GCM or
AEAD-AES-256-GCM. The selection of these cipher suites is automatically negotiated between GW and
CUCM for both secure analog voice and hardware conference bridge voice media. Authenticated Encryption
with Associated Data (AEAD) ciphers simultaneously provide confidentiality, integrity, and authenticity,
without built-in SHA algorithms to validate message integrity.
Supported Platforms
The TLS 1.2 support on the SCCP Gateways feature is supported on the following platforms:
• Cisco 4321 Integrated Services Router
• Cisco 4331 Integrated Services Router
• Cisco 4351 Integrated Services Router
• Cisco 4431 Integrated Services Router
• Cisco 4451-X Integrated Services Router
• Cisco 4461 Integrated Services Router
• Cisco Catalyst 8200 and 8300 Series Edge Platforms
• Cisco VG400, VG420, and VG450 Analog Voice Gateways
Note The stcapp security tls command sets the TLS version to v.1.0, v1.1, or v1.2 only. If not configured explicitly,
TLS v1.0 is selected by default.
Note Note: The tls command can be configured only in security mode.
Perform the following task to verify the sRTP cipher suite for the DSPfarm connection:
# show sccp connection detail
Additional References
Cisco IOS Voice Gateways Configuration Guide Supplementary Services Features for FXS Ports on
Cisco IOS Voice Gateways Configuration Guide
Table 29: Feature Information for TLS 1.2 support on SCCP Gateways
TLS 1.2 support on SCCP Cisco IOS XE Fuji 16.7.1 The TLS 1.2 support on SCCP
Gateways Gateways feature details the
configuration of TLS 1.2 on SCCP
protocol for DSP farm including
CFB, MTP, and STCAPP.
The following commands were
introduced: stcapp security
tls-version, tls-version.
Support for NGE Cipher Suites Cisco IOS XE Cupertino 17.7.1a This feature supports NGE cipher
suites for secure voice signaling
and secure media. These cipher
suites are applicable for both the
STCAPP analog phone and the
SCCP DSPFarm conferencing
service.
Router# reload
Proceed with reload? [confirm]
Sep 13 18:08:36.311 R0/0: %PMAN-5-EXITACTION: Process manager is exiting: process exit
with reload chassis code
Key Sectors:(Primary,GOOD),(Backup,GOOD),(Revocation,GOOD)
Size of Primary = 2288 Backup = 2288 Revocation = 300
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
Router> enable
Router# dir bootflash:
Directory of bootflash:/
isr4400-firmware_ucse.BLD_MCP_DEV_LATEST_20120910_000023.SSA.pkg
--More-- 454274 -rw- 10540 Sep 13 2012 18:46:05 +00:00
isr4400-packages-universalk9.BLD_MCP_DEV_LATEST_20120910_000023.conf
454282 -rw- 27218680 Sep 13 2012 18:46:06 +00:00
isr4400-rpaccess.BLD_MCP_DEV_LATEST_20120910_000023.SSA.pkg
454283 -rw- 78938264 Sep 13 2012 18:46:06 +00:00
isr4400-rpbase.BLD_MCP_DEV_LATEST_20120910_000023.SSA.pkg
454284 -rw- 45177592 Sep 13 2012 18:46:06 +00:00
isr4400-rpcontrol.BLD_MCP_DEV_LATEST_20120910_000023.SSA.pkg
454285 -rw- 114662144 Sep 13 2012 18:46:16 +00:00
isr4400-rpios-universalk9.BLD_MCP_DEV_LATEST_20120910_000023.SSA.pkg
454286 -rw- 26360568 Sep 13 2012 18:46:19 +00:00
isr4400-sipbase.BLD_MCP_DEV_LATEST_20120910_000023.SSA.pkg
454287 -rw- 13091576 Sep 13 2012 18:46:21 +00:00
isr4400-sipspa.BLD_MCP_DEV_LATEST_20120910_000023.SSA.pkg
454275 -rw- 11349 Sep 13 2012 18:46:21 +00:00 packages.conf
Subpackage Description
RPBase Provides the operating system software for the Route Processor. This is the only
bootable package.
RPControl Controls the control plane processes that act as the interface between the Cisco IOS
process and the rest of the platform.
RPAccess Exports processing of restricted components, such as Secure Socket Layer (SSL),
Secure Shell (SSH), and other security features.
RPIOS Provides the Cisco IOS kernel, where Cisco IOS XE features are stored and run.
Each consolidated package has a different version of RPIOS.
ESPBase Provides the Embedded Services Processor (ESP) operating system and control
processes, and ESP software.
Firmware Firmware subpackage. The name of the subpackage includes the module type, which
either refers to a Network Information Module (NIM) or Cisco Enhanced Service
Module.
The following example shows how to configure the router to boot using subpackages:
The dir bootflash: command confirms that all subpackages and the provisioning file are in the same file
system, as shown in the following example:
Router# dir bootflash:
Directory of bootflash:/
Key Sectors:(Primary,GOOD),(Backup,GOOD),(Revocation,GOOD)
Size of Primary = 2288 Backup = 2288 Revocation = 300
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
Router>
Router> en
Router# show version
Cisco IOS XE Software, Version BLD_V154_3_S_XE313_THROTTLE_LATEST_20140527_070027-ext
Cisco IOS Software, ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Experimental Version
15.4(20140527:095327)
[v154_3_s_xe313_throttle-BLD-BLD_V154_3_S_XE313_THROTTLE_LATEST_20140527_070027-ios 156]
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
isr4400-firmware_dsp_sp2700.BLD_MCP_DEV_LATEST_20120910_000023.SSA.pkg
454278 -rw- 371440 Sep 13 2012 18:46:05 +00:00
isr4400-firmware_fpge.BLD_MCP_DEV_LATEST_20120910_000023.SSA.pkg
454279 -rw- 8080112 Sep 13 2012 18:46:05 +00:00
isr4400-firmware_nim_t1e1.BLD_MCP_DEV_LATEST_20120910_000023.SSA.pkg
454280 -rw- 9331440 Sep 13 2012 18:46:06 +00:00
isr4400-firmware_sm_1t3e3.BLD_MCP_DEV_LATEST_20120910_000023.SSA.pkg
454281 -rw- 379632 Sep 13 2012 18:46:06 +00:00
isr4400-firmware_ucse.BLD_MCP_DEV_LATEST_20120910_000023.SSA.pkg
--More-- 454274 -rw- 10540 Sep 13 2012 18:46:05 +00:00
isr4400-packages-universalk9.BLD_MCP_DEV_LATEST_20120910_000023.conf
454282 -rw- 27218680 Sep 13 2012 18:46:06 +00:00
isr4400-rpaccess.BLD_MCP_DEV_LATEST_20120910_000023.SSA.pkg
454283 -rw- 78938264 Sep 13 2012 18:46:06 +00:00
isr4400-rpbase.BLD_MCP_DEV_LATEST_20120910_000023.SSA.pkg
454284 -rw- 45177592 Sep 13 2012 18:46:06 +00:00
isr4400-rpcontrol.BLD_MCP_DEV_LATEST_20120910_000023.SSA.pkg
454285 -rw- 114662144 Sep 13 2012 18:46:16 +00:00
isr4400-rpios-universalk9.BLD_MCP_DEV_LATEST_20120910_000023.SSA.pkg
454286 -rw- 26360568 Sep 13 2012 18:46:19 +00:00
isr4400-sipbase.BLD_MCP_DEV_LATEST_20120910_000023.SSA.pkg
454287 -rw- 13091576 Sep 13 2012 18:46:21 +00:00
isr4400-sipspa.BLD_MCP_DEV_LATEST_20120910_000023.SSA.pkg
454275 -rw- 11349 Sep 13 2012 18:46:21 +00:00 packages.conf
No files in directory
Verifier Information
Verifier Name : rp_base
Verifier Version : BLD_MCP_DEV_LATEST_20130114_162711
PACKAGE isr4400-rpcontrol.BLD_MCP_DEV_LATEST_20130114_162711.SSA.pkg
----------------------------------------------------------------------
Image type : Special
Signer Information
Common Name : CiscoSystems
Organization Unit : IOS-XE
Organization Name : CiscoSystems
Certificate Serial Number : 50F48DA3
Hash Algorithm : SHA512
Signature Algorithm : 2048-bit RSA
Key Version : A
Verifier Information
Verifier Name : rp_base
Verifier Version : BLD_MCP_DEV_LATEST_20130114_162711
PACKAGE isr4400-rpios-universalk9.BLD_MCP_DEV_LATEST_20130114_162711.SSA.pkg
------------------------------------------------------------------------------
Image type : Special
Signer Information
Common Name : CiscoSystems
Organization Unit : IOS-XE
Organization Name : CiscoSystems
Certificate Serial Number : 50F48E98
Hash Algorithm : SHA512
Signature Algorithm : 2048-bit RSA
Key Version : A
Verifier Information
Verifier Name : rp_base
Verifier Version : BLD_MCP_DEV_LATEST_20130114_162711
PACKAGE isr4400-rpaccess.BLD_MCP_DEV_LATEST_20130114_162711.SSA.pkg
---------------------------------------------------------------------
Image type : Special
Signer Information
Common Name : CiscoSystems
Organization Unit : IOS-XE
Organization Name : CiscoSystems
Certificate Serial Number : 50F48DB4
Hash Algorithm : SHA512
Signature Algorithm : 2048-bit RSA
Key Version : A
Verifier Information
Verifier Name : rp_base
Verifier Version : BLD_MCP_DEV_LATEST_20130114_162711
PACKAGE isr4400-firmware_dsp_sp2700.BLD_MCP_DEV_LATEST_20130114_162711.SSA.pkg
--------------------------------------------------------------------------------
Image type : Special
Signer Information
Common Name : CiscoSystems
Organization Unit : IOS-XE
Organization Name : CiscoSystems
Certificate Serial Number : 50F48DBE
Verifier Information
Verifier Name : rp_base
Verifier Version : BLD_MCP_DEV_LATEST_20130114_162711
PACKAGE isr4400-firmware_sm_1t3e3.BLD_MCP_DEV_LATEST_20130114_162711.SSA.pkg
------------------------------------------------------------------------------
Image type : Special
Signer Information
Common Name : CiscoSystems
Organization Unit : IOS-XE
Organization Name : CiscoSystems
Certificate Serial Number : 50F48DC7
Hash Algorithm : SHA512
Signature Algorithm : 2048-bit RSA
Key Version : A
Verifier Information
Verifier Name : rp_base
Verifier Version : BLD_MCP_DEV_LATEST_20130114_162711
PACKAGE isr4400-firmware_nim_t1e1.BLD_MCP_DEV_LATEST_20130114_162711.SSA.pkg
--------------------------------------------------------------------------------
Image type : Special
Signer Information
Common Name : CiscoSystems
Organization Unit : IOS-XE
Organization Name : CiscoSystems
Certificate Serial Number : 50F48D74
Hash Algorithm : SHA512
Signature Algorithm : 2048-bit RSA
Key Version : A
Verifier Information
Verifier Name : rp_base
Verifier Version : BLD_MCP_DEV_LATEST_20130114_162711
PACKAGE isr4400-espbase.BLD_MCP_DEV_LATEST_20130114_162711.SSA.pkg
--------------------------------------------------------------------
Image type : Special
Signer Information
Common Name : CiscoSystems
Organization Unit : IOS-XE
Organization Name : CiscoSystems
Certificate Serial Number : 50F48D64
Hash Algorithm : SHA512
Signature Algorithm : 2048-bit RSA
Key Version : A
Verifier Information
Verifier Name : rp_base
Verifier Version : BLD_MCP_DEV_LATEST_20130114_162711
PACKAGE isr4400-sipbase.BLD_MCP_DEV_LATEST_20130114_162711.SSA.pkg
--------------------------------------------------------------------
Image type : Special
Signer Information
Common Name : CiscoSystems
Organization Unit : IOS-XE
Organization Name : CiscoSystems
Certificate Serial Number : 50F48D94
Verifier Information
Verifier Name : rp_base
Verifier Version : BLD_MCP_DEV_LATEST_20130114_162711
PACKAGE isr4400-sipspa.BLD_MCP_DEV_LATEST_20130114_162711.SSA.pkg
-------------------------------------------------------------------
Image type : Special
Signer Information
Common Name : CiscoSystems
Organization Unit : IOS-XE
Organization Name : CiscoSystems
Certificate Serial Number : 50F48D7F
Hash Algorithm : SHA512
Signature Algorithm : 2048-bit RSA
Key Version : A
Verifier Information
Verifier Name : rp_base
Verifier Version : BLD_MCP_DEV_LATEST_20130114_162711
SYSTEM IMAGE
------------
Image type : Special
Signer Information
Common Name : CiscoSystems
Organization Unit : IOS-XE
Organization Name : CiscoSystems
Certificate Serial Number : 50F48F33
Hash Algorithm : SHA512
Signature Algorithm : 2048-bit RSA
Key Version : A
Verifier Information
Verifier Name : ROMMON
Verifier Version : System Bootstrap, Version 12.2(20121015:145923
ROMMON
------
Image type : Special
Signer Information
Common Name : CiscoSystems
Organization Unit : IOS-XE
Organization Name : CiscoSystems
Certificate Serial Number : 50801108
Hash Algorithm : SHA512
Signature Algorithm : 2048-bit RSA
Key Version : A
Verifier Information
Verifier Name : ROMMON
Verifier Version : System Bootstrap, Version 12.2(20121015:145923
Microloader
-----------
Image type : Release
Signer Information
Common Name : CiscoSystems
Organization Name : CiscoSystems
Certificate Serial Number : bace997bdd9882f8569e5b599328a448
Hash Algorithm : HMAC-SHA256
Verifier Information
Verifier Name : Hardware Anchor