cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

3659
Views
0
Helpful
6
Replies

CSR1000v Guestshell sudo yum update -y failed

Hi Boss,

 

I am learning this Lab --IOS XE on CSR Recommended Code

I follow lab guide do it step by step.   But when I run sudo yum  update -y in the guest shell.  it doesn't work.

I suppose internet is unreachable.   I go back to IOS XE and do ping 8.8.8.8 but it is still unreachable.

 

May I know how can I could reach internet in guest shell environment which Cisco DevNet lab provide to me.?

Without internet,  I couldn't install third-part software.  I couldn't complete rest of lab.

 

thanks a lot

Jacky Zhang
Global Telecom
4 ACCEPTED SOLUTIONS

Accepted Solutions
balaji.bandi
VIP Guru

post the configuration you should have routing or bridge or NAT in place for the guest shell to reach internet.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

omz
Collaborator
Collaborator

cisco security policy - internet access is blocked from the sandboxes 

View solution in original post

is this sanbox or your equiment, if sandbox i do not have any visibility.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

bigevilbeard
Cisco Employee

The devnet sandbox's do not have open internet access due to security posture and design.

 

Hope this helps!

View solution in original post

6 REPLIES 6
balaji.bandi
VIP Guru

post the configuration you should have routing or bridge or NAT in place for the guest shell to reach internet.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi BB,

 

Please see the configuration.  

 

Thanks for your help.

 

csr1000v-1#show run

Building configuration...

 

Current configuration : 5128 bytes

!

! Last configuration change at 06:28:23 UTC Mon Dec 7 2020

!

version 16.9

service timestamps debug datetime msec

service timestamps log datetime msec

platform qfp utilization monitor load 80

no platform punt-keepalive disable-kernel-core

platform console virtual

!

hostname csr1000v-1

!

boot-start-marker

boot-end-marker

!

!

no logging console

enable secret 5 $1$20ue$uC.uSGo6nvfWs63EjjzRP.

!

no aaa new-model

!

!

!

!

!

!

!

ip domain name abc.inc

!

!

!

login on-success log

!

!

!

!

!

!

!

subscriber templating

!

!

!

!

!

multilink bundle-name authenticated

!

!

!

!

!

crypto pki trustpoint TP-self-signed-65385644

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-65385644

revocation-check none

rsakeypair TP-self-signed-65385644

!


!

license udi pid CSR1000V sn 9XWNNCFRE7U

license boot level ax

no license smart enable

diagnostic bootup level minimal

!

spanning-tree extend system-id

!

netconf-yang

!

restconf

!

username developer privilege 15 secret 5 $1$apX9$osH3JUIsEok.XVu5bKG0D0

username cisco privilege 15 secret 5 $1$3PeY$CBmJ7lqSYLpLn6uImSoMD0

username root privilege 15 secret 5 $1$F2Ov$Ax5.47hkCDThKbWt1.M4U0

!

redundancy


interface Loopback1000

description DevNet

no ip address

shutdown

!

interface Loopback1001

ip address 2.2.2.2 255.255.255.255

!

interface VirtualPortGroup0

ip address 192.168.1.1 255.255.255.0

ip nat inside

no mop enabled

no mop sysid

!

interface GigabitEthernet1

description MANAGEMENT INTERFACE - DON'T TOUCH ME

ip address 10.10.20.48 255.255.255.0

ip nat outside

negotiation auto

no mop enabled

no mop sysid

!

interface GigabitEthernet2

description Network Interface

no ip address

shutdown

negotiation auto

no mop enabled

no mop sysid

!

interface GigabitEthernet3

description Network Interface

no ip address

shutdown

negotiation auto

no mop enabled

no mop sysid

!

iox

ip nat inside source list NAT-ACL interface GigabitEthernet1 overload

ip forward-protocol nd

ip http server

ip http authentication local

ip http secure-server

ip route 0.0.0.0 0.0.0.0 GigabitEthernet1 10.10.20.254

!

ip ssh rsa keypair-name ssh-key

ip ssh version 2

ip scp server enable

!

!

ip access-list extended NAT-ACL

permit ip 192.168.1.0 0.0.0.255 any

!

!

!

!

control-plane

!

!

!

!

!

banner motd ^C

Welcome to the DevNet Sandbox for CSR1000v and IOS XE

 

The following programmability features are already enabled:

- NETCONF

- RESTCONF

 

Thanks for stopping by.

^C

!

line con 0

exec-timeout 0 0

stopbits 1

line vty 0 4

login local

transport input ssh

!

!

!

!

!

event manager applet loopback0shut

event syslog pattern "Loopback1000, changed state to down"

action 1.0 cli command "enable"

action 2.0 cli command "config ter"

action 3.0 cli command "interface loop1001"

action 4.0 cli command "ip address 2.2.2.2 255.255.255.255"

action 5.0 cli command "shut"

action 6.0 cli command "no shut"

action 7.0 cli command "end"

!

!

app-hosting appid guestshell

app-vnic gateway0 virtualportgroup 0 guest-interface 0

guest-ipaddress 192.168.1.2 netmask 255.255.255.0

name-server0 8.8.8.8

end

 

csr1000v-1#

 


csr1000v-1#show ip inter brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet1 10.10.20.48 YES NVRAM up up
GigabitEthernet2 unassigned YES NVRAM administratively down down
GigabitEthernet3 unassigned YES NVRAM administratively down down
Loopback1000 unassigned YES unset administratively down down
Loopback1001 2.2.2.2 YES manual up up
VirtualPortGroup0 192.168.1.1 YES manual up up
csr1000v-1#

 

csr1000v-1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is 10.10.20.254 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 10.10.20.254, GigabitEthernet1
2.0.0.0/32 is subnetted, 1 subnets
C 2.2.2.2 is directly connected, Loopback1001
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.10.20.0/24 is directly connected, GigabitEthernet1
L 10.10.20.48/32 is directly connected, GigabitEthernet1
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, VirtualPortGroup0
L 192.168.1.1/32 is directly connected, VirtualPortGroup0
csr1000v-1#

Jacky Zhang
Global Telecom

is this sanbox or your equiment, if sandbox i do not have any visibility.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

omz
Collaborator
Collaborator

cisco security policy - internet access is blocked from the sandboxes 

bigevilbeard
Cisco Employee

The devnet sandbox's do not have open internet access due to security posture and design.

 

Hope this helps!

I would like to say thank you all your help.

 

I will consider to build up my own lab for testing Python-onbox (access internet to install 3 party software)

Jacky Zhang
Global Telecom
Create
Recognize Your Peers
Content for Community-Ad