09-14-2017 01:25 PM - edited 03-08-2019 12:02 PM
Hi
I am looking for the basic steps to configure the management port on an ASR 1001. What I am trying to do is connect the management port from my ASR 1001 to an Dell 4820T switch port, and be able to access the ASR 1001 from the switch.
Solved! Go to Solution.
09-14-2017 02:25 PM
Hello,
On the ASR 1001:
Router#config t
Router(config)#interface gigabitethernet0
Router(config-if)#ip address A.B.C.D A.B.C.D
ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0 "Dell 4820T IP address "
Ont the Dell 4820T you can config on Interface vlan with the same IP range you configured on gigabitethernet0 of ASR 1001.
Prepare one port on Dell 4820T and put it on the vlan you just created.
Connect both switchs.
Config you machine on the same IP range.
plug you machine on the same vlan you created on Dell.
Access ASR 1001 using gigabitethernet0 IP address.
Hope that help.
09-14-2017 05:08 PM - edited 09-14-2017 05:10 PM
Router(config)# transport-map type persistent ssh sshhandler
Router(config-tmap)# connection wait allow interruptible
Router(config-tmap)# rsa keypair-name sshkeys
Router(config-tmap)# authentication-retries 1
Router(config-tmap)# transport interface gigabitethernet 0
Router(config-tmap)# exit
Router(config)# transport type persistent ssh input sshhandler
Or with telnet:
Router(config)# transport-map type persistent telnet telnethandler
Router(config-tmap)# connection wait allow interruptible
Router(config-tmap)# transport interface gigabitethernet 0
Router(config-tmap)# exit
Router(config)# transport type persistent telnet input telnethandler
09-14-2017 02:15 PM
Hello,
the management port is GigabitEthernet0. You can assign an IP address to that interface, however, keep in mind that it is put in its own VRF, Mgmt-intf.
Check the below document for reference:
09-14-2017 02:25 PM
Hello,
On the ASR 1001:
Router#config t
Router(config)#interface gigabitethernet0
Router(config-if)#ip address A.B.C.D A.B.C.D
ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0 "Dell 4820T IP address "
Ont the Dell 4820T you can config on Interface vlan with the same IP range you configured on gigabitethernet0 of ASR 1001.
Prepare one port on Dell 4820T and put it on the vlan you just created.
Connect both switchs.
Config you machine on the same IP range.
plug you machine on the same vlan you created on Dell.
Access ASR 1001 using gigabitethernet0 IP address.
Hope that help.
09-14-2017 02:44 PM
Thanks , I will give this a try
09-14-2017 04:03 PM
That works now, however I can not telnet to the ASR. Should I be able to telnet to ASR once Management Port has been configure?
Here is my VTY Line Setup:
line con 0
privilege level 15
logging synchronous level 2 limit 20
stopbits 1
line aux 0
no exec
stopbits 1
line vty 0
access-class 8 in vrf-also
exec-timeout 40 0
privilege level 15
password 7 107A243D41433F2E38360A
no activation-character
logging synchronous level 2 limit 20
no exec
transport preferred none
transport input all
stopbits 1
line vty 1
access-class 8 in vrf-also
exec-timeout 40 0
privilege level 15
password 7 107A243D41433F2E38360A
logging synchronous level 2 limit 20
no exec
transport input all
line vty 2 4
access-class 8 in vrf-also
exec-timeout 40 0
privilege level 15
password 7 107A243D41433F2E38360A
logging synchronous level 2 limit 20
transport input all
line vty 5 15
access-class 8 in vrf-also
password 7 107A243D41433F2E38360A
transport input all
09-14-2017 04:58 PM
You should SSH instead. Telnet is not safe.
ip domain-name domainname.com
username USERNAME password PASSWORD
crypto key generate rsa
line vty 0 15
login local
transport input all
09-14-2017 05:02 PM
I would like to do SSH however, I do not have the crypto command in my IOS
09-14-2017 05:08 PM - edited 09-14-2017 05:10 PM
Router(config)# transport-map type persistent ssh sshhandler
Router(config-tmap)# connection wait allow interruptible
Router(config-tmap)# rsa keypair-name sshkeys
Router(config-tmap)# authentication-retries 1
Router(config-tmap)# transport interface gigabitethernet 0
Router(config-tmap)# exit
Router(config)# transport type persistent ssh input sshhandler
Or with telnet:
Router(config)# transport-map type persistent telnet telnethandler
Router(config-tmap)# connection wait allow interruptible
Router(config-tmap)# transport interface gigabitethernet 0
Router(config-tmap)# exit
Router(config)# transport type persistent telnet input telnethandler
11-27-2018 11:54 PM - edited 11-27-2018 11:57 PM
Hi Flavio
transport-map doesn't restrict SSH connection to an interface, the feature itself doesn't seem very helpful.
such a pitty that MPP with "control-plane host" feature does not exist anymore in IOS-XE (this was good to have the possibility to limit SSH connection to a single port) !
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide