aaa authentication login mgmt local
aaa authorization commands 1 mgmt local
aaa authorization exec mgmt local
ip ssh port 2000 rotary 1
username mgmt view mgmt password 7 1511021F0725
parser view mgmt
secret 5 $1$GSuD$6sZiw9tIUMLSN2GckpN8eO
commands exec include all show
I am trying to convert this IOS-XE config into IOS XR but rotary command is not supported in XR.
is there any way to achieve the same goal ?
one user will be locally authenticated and others will get authenticated by TACACS.
line vty 5
access-class TELNET in
password 7 0822455D0A16
authorization commands 1 mgmt
authorization exec mgmt
login authentication mgmt
transport input telnet ssh
transport output telnet ssh
... View more
I am looking for customer scenario and gold configuration where ASR9K is connected to DWDM in WAN PHY mode. WAN mode knobs are needed to avoid ASR9k interface flap during DWDM optical link switchover. Problem Description: Currently the customer is using 8*10G ports on ASR9K in LAN PHY mode. PCS errors and local faults are seen on ASR9K. ASR9K upon receiving these errors goes for a protocol down status on the interface on which the error is received and debugs shows that there are no knobs available to set the threshold of PCS errors in LAN PHY mode. Topology: ASR9K (LAN or WAN Mode) ---------DWDM -------------(3 parallel links)--------------------DWDM--------- (LAN or WAN mode) ASR9K Information needed: The LAN PHY mode doesn’t offer any kind of tweaking mechanism based on errors being received and shuts down the interface. It was suggested that customer should tries to use the ASR9K in WAN PhY or OTN mode where knobs can be applied to set threshold for errors on an interface, beyond which the interface will show a protocol down status. If there any way to set the threshold or count local fault on interface instead of flapping the interface. Alcatel & Huwaie does support this feature to count the error while optical link switch over.
... View more
We are trying to transport LLDP over PW and CE devices can not see the LLDP neighbors one CE. Can anyone confirm ASR9K transport LLDP over PW as I did not find LLDP specific information on CCO and its not working ?? www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k_r4-1/interfaces/configuration/guide/hc41asr9kbook/hc41ethi.html We could only see STP neighbor with this setup but not LLDP Topology : CE(LLDP Enabled) ------- ASR903 (PW End A)---------MPLS-------------ASR9K( PW End B)----- CE( LLDP Enabled) IF we move the link from ASR9K to ASR903 , LLDP & STP neighbors can be seen on CE. ASR9K Configuration : RP/0/RSP0/CPU0:ASR9K#sh running-config int gig 0/5/1/1 Tue Mar 24 00:56:23.707 IST interface GigabitEthernet0/5/1/1 mtu 9216 speed 1000 load-interval 30 ! RP/0/RSP0/CPU0:ASR9K#sh running-config int gig 0/5/1/1.100 Tue Mar 24 00:56:31.582 IST interface GigabitEthernet0/5/1/1.4002 l2transport encapsulation dot1q 100 rewrite ingress tag pop 1 symmetric l2protocol cpsv tunnel ! l2vpn logging pseudowire ! xconnect group ABC_xconnect p2p ABC interface gig 0/5/1/1.100 neighbor ipv4 192.168.54.11 pw-id 1001 ASR903 Configuration S2BLRACPTNXXXACR007#sh run int gig 0/3/4 Building configuration... Current configuration : 342 bytes ! interface GigabitEthernet0/3/4 mtu 9202 no ip address negotiation auto no keepalive service instance 1 ethernet encapsulation default l2protocol tunnel stp lldp xconnect 192.168.53.65 1001 encapsulation mpls ! end
... View more