Table Of Contents
Cisco Application eXtension Platform 1.1 User Guide
Contents
Overview
Initial System Setup
Supported Hardware
Software Requirements
Cisco IOS Software Release
Cisco AXP Software
Cisco AXP Command Modes
Entering the Command Environment
Exiting the Command Environment
Configuring the Cisco AXP Service Module Interface
Configuration Tasks
Opening and Closing a Service Module Session
Setting Resource Limits
Swap Space and Memory Allocation
Installing and Upgrading Software
Types of Cisco AXP Installation and Upgrade Commands
Cisco AXP Upgrade and Downgrade Scenarios
Clean Software Installation
Clean Software Installation including FTP Server Configuration
Add-on Software Installation
Upgrading Software
Downgrading Software
Installing Software using a Helper Image
Removing Software
Uninstalling Software
Secure Shell Access to the Service Module
Configuring Password Protection
Configuring the SSH Server
Verifying the SSH Server
Configuring the Syslog Server
Verifying the Syslog Server
Configuring the Application Service Environment
Starting or Stopping the Application Service
Configuring External Network Interfaces
Attaching a Networking Device to the Application Environment
Detaching a Networking Device from the Application Environment
Configuring a Virtual Interface
Configuring a VLAN Interface
Configuring the NTP Server Source
Time Zone Selection on the Cisco AXP Service Module
Verifying NTP Server Configuration
Configuring the Hostname
Configuring the Application Domain
DNS Address
Domain Name
Configuring Console Access
Configuring IP Static Routes
Source-based IP Routing
Access Control List
Verifying Access Control Lists
Configuring Source Based Routing
Source Based Routing Example
Remote Serial Device Configuration
Verifying Remote Serial Devices
Remote Serial Device Configuration Example
Packet Analysis
Configuring Router IP Traffic Export
Enabling Interface Monitoring
Logging
Configuring Log File Size Limits
Configuring Remote Logging
Configuring System Log Levels
Configuring Resource Utilization Limits
Flexible Resource Allocation
Resource Limits Exceeded after Downgrade
Reloading the Service Module and Virtual Instance
Verifying Resource Utilization Limits
SSH Access to a Virtual Instance
SSH Controlled Access
Configuring SSH Tunneling
Configuring Shell Access in a Virtual Instance
Synchronizing Files
Prerequisites
Synchronization Example
CLI Plug-in Invocation
EXEC Mode
Configuration Mode
Cisco IOS Service API Configuration
Verifying and Clearing Cisco IOS API Records
Cisco IOS Event Registration
Registering an Event using the Event Configuration File
Registering an Event using the Cisco AXP Service Module
Verifying Registered Events
Cisco IOS Event Notification
Using CLI to Trigger an EEM API Event
Using CLI to Trigger a Syslog Event
Troubleshooting a Cisco EEM API Configuration Event
Modifying an Event
Application Status Monitor
Configuring the Application Status Monitor Interval and Recovery Threshold
Verifying the Application Status Monitor Output
Verifying and Troubleshooting
Viewing Log and Core Files
Clearing Log and Core Files
Copying Files
Syslog Server Logs
Viewing the Application Status Monitor
Viewing the Application State
Viewing Processes
Verifying Swap Space Support
SSH Server Status
Viewing Statistics
Viewing Application Data
Viewing Running Configuration
Verifying Resource Utilization Limits
show resource limits (Cisco AXP EXEC Mode)
show resource limits (Cisco AXP application service EXEC mode)
Viewing a List of Installed Applications
Resetting the Examples Application Environment
Uninstalling an Application Package
Common Troubleshooting Commands
Verifying and Troubleshooting System Status
Logging and Tracing Options
Configuring the Bootloader
Appendix- Port Usage
Cisco AXP Open Source Licenses
Additional References
Cisco Application eXtension Platform 1.1 User Guide
Revised: 8/25/08, OL-14815-01
This guide describes the commands and tasks for installing and configuring the
Cisco Application eXtension Platform (AXP) on Cisco's Integrated Service Routers. For more information on Cisco AXP, go to www.cisco.com/go/axp
For a list of features added in the latest Cisco AXP release, refer to the following document:
Cisco AXP Feature and Release History.
To create third party applications for Cisco AXP, see the Cisco AXP Developer Guide.
Use this guide to:
•
Set up the router and the service module.
•Configure the service module interface.
•Configure the application environment on the service module.
•Troubleshoot the application environment.
Contents
This guide consists of the following sections:
•Overview
•Initial System Setup
–Supported Hardware
–Software Requirements
–Cisco AXP Command Modes
–Configuring the Cisco AXP Service Module Interface
–Installing and Upgrading Software
–Secure Shell Access to the Service Module
–Configuring the Syslog Server
–Verifying the Syslog Server
•Configuring the Application Service Environment
–Starting or Stopping the Application Service
–Configuring External Network Interfaces
–Configuring the NTP Server Source
–Configuring the Hostname
–Configuring the Application Domain
–Configuring Console Access
–Configuring IP Static Routes
–Source-based IP Routing
–Remote Serial Device Configuration
–Packet Analysis
–Logging
–Configuring Resource Utilization Limits
–SSH Access to a Virtual Instance
–Synchronizing Files
–CLI Plug-in Invocation
–Cisco IOS Service API Configuration
–Cisco IOS Event Registration
–Cisco IOS Event Notification
•Application Status Monitor
•Verifying and Troubleshooting
–Viewing Log and Core Files
–Clearing Log and Core Files
–Copying Files
–Syslog Server Logs
–Viewing the Application Status Monitor
–Viewing the Application State
–Viewing Processes
–SSH Server Status
–Viewing Statistics
–Viewing Statistics
–Viewing Application Data
–Viewing Running Configuration
–Verifying Resource Utilization Limits
–Viewing a List of Installed Applications
–Resetting the Examples Application Environment
–Uninstalling an Application Package
–Common Troubleshooting Commands
–Verifying and Troubleshooting System Status
–Logging and Tracing Options
•Configuring the Bootloader
•Additional References
•Additional References
Overview
The Cisco Integrated Services Router (Cisco ISR) is an integrated system within a single chassis. The Cisco ISR ties together and runs multiple value-added services such as voice, layer 2 switching, security and application acceleration. In addition, integrated services can be hosted within Cisco OS software or decoupled and hosted on modular application service modules.
The Cisco ISR allows for blade hardware plug-in network modules. These application service modules enhance the functionality, intelligence and flexibility of the router. The Cisco Application eXtension Platform (Cisco AXP) provides the tools required by third party developers to integrate their applications on Cisco ISRs.
Cisco AXP allows third parties such as system integrators, managed service providers, and large enterprise customers to extend the functionality of Cisco ISRs by providing their own value-added integrated services. On the application service module, Cisco AXP hosts applications in a separate runtime environment with dedicated resources. In addition, Cisco AXP provides Application Programming Interfaces (APIs) so that functions such as packet analysis, event notification, and network management can be utilized by hosted applications.
Cisco AXP consists of the facilities and frameworks to host applications, and service APIs for integrating applications into the network.
Cisco AXP provides the following features:
•Ability to modify the Cisco IOS software configuration and obtain the status of Cisco IOS software features via the provided API.
•Embedded Linux environment supporting the execution of applications written in the following programming languages: Java, C (native), Perl (interpreted), Python (interpreted), and Bash (interpreted). Native and interpreted applications written in other programming languages can be integrated by the application vendor if the vendor uses additional support libraries and interpreters.
•Integration of virtual devices.
The Cisco IOS auxiliary serial port can be virtualized, appearing as a local device in the Cisco AXP OS. The application controls external peripherals attached to the auxiliary serial port of the router without special knowledge of where the device is located.
•Predictable and constant set of application resources.
These resources (including CPU, memory, and disk) are segmented, which ensures that the application and router features work independently, and without interference.
•Protection of the router and applications from rogue applications.
If an application crashes, this incident does not affect the router or other applications, because of the installed application being placed in its own virtual instance.
•Protection against running unauthorized software.
Only Cisco certified parties can install software on Cisco AXP.
•Robust debugging and troubleshooting facilities.
•Support of event notification.
An application can receive the status of the Cisco ISR and take appropriate action.
Note For a more detailed overview of Cisco AXP, see the Cisco AXP Developer Guide.
Initial System Setup
To set up your router and Cisco AXP service module:
1. Verify that the service module SKU matches the Cisco ISR and install the router and service module. Refer to the "Supported Hardware" section.
2. Download the applicable Cisco IOS software image and Cisco AXP files and configure the router. Refer to the "Software Requirements" section.
3. Review the Cisco AXP command environment. Refer to the "Cisco AXP Command Modes" section.
4. Configure the Cisco AXP service module interface. Refer to the "Configuring the Cisco AXP Service Module Interface" section.
5. Install and upgrade Cisco AXP software. Refer to the "Installing and Upgrading Software" section.
6. Check resource limits. Refer to the "Setting Resource Limits" section
7. Configure secure shell (SSH) access. Refer to the "Secure Shell Access to the Service Module" section.
8. Configure the syslog server. Refer to the "Configuring the Syslog Server" section and "Verifying the Syslog Server" section.
Supported Hardware
For information on router and service module installation, refer to the hardware documentation under the support section at www.cisco.com/go/axp
Cisco Platforms
|
Cisco AXP Service Module SKU
|
Processor/Memory
|
Hard Disk
|
Compact Flash
|
Cisco 1841
Cisco 2801
Cisco 2811
Cisco 2821
Cisco 2851
Cisco 3825
Cisco 3845
|
AIM-APPRE-102-K9
|
300 MHz/256 MB
|
—
|
1 GB
|
Cisco 2811
Cisco 2821
Cisco 2851
Cisco 3825
Cisco 3845
|
NME-APPRE-302-K9
|
1.0 GHz/512 MB
|
80 GB
|
—
|
Cisco 2811
Cisco 2821
Cisco 2851
Cisco 3825
Cisco 3845
|
NME-APPRE-502-K9
|
1.0 GHz/1.0 GB
|
120 GB
|
—
|
Cisco 3825
Cisco 3845
|
NME-APPRE-522-K9
|
1.4 GHz/2.0 GB
|
160 GB
|
—
|
Software Requirements
Download the applicable Cisco IOS software image and Cisco AXP package files. Refer to Installing and Upgrading Software for downloading and installing Cisco AXP software.
Cisco IOS Software Release
The following Cisco IOS releases are applicable to the routers used with Cisco AXP.
•12.4(15)T3: IP-based crypto image including the following image packs:
–IP-Base
–IP-Voice
–Adv-Security
–Adv-Enterprise
For the event trigger API the following image packs are supported:
–IP-Voice
–Adv-Security
–Adv-Enterprise
Download the image from:
http://www.cisco.com/public/sw-center/
Cisco AXP Software
For information on the latest Cisco AXP release files, refer to the Cisco AXP Release Notes listed under the support section at www.cisco.com/go/axp.
Refer to the "Installing and Upgrading Software" section for installing and upgrading Cisco AXP software.
Prerequisites
•IP address or name of the FTP server that will store the Cisco AXP package file.
•Verify that the FTP server is accessible
SUMMARY STEPS
1. Download the Cisco AXP files.
Note If you choose to use a file extractor tool designed for Windows, such as WinZip, you must disable CR/LF conversion of tar files. (For example, in WinZip 9.0 select Configuration > Miscellaneous and uncheck "TAR file smart CR/LF conversion".)
2. Copy the files to the FTP server. All files to be installed must reside in the same directory.
To install the Cisco AXP files, see the "Installing and Upgrading Software" section.
Application Software Versions
Each application has a version number, which is used by the Installer when resolving dependencies between subsystems. The system only considers the first two digits of the version number for checking dependencies.
The first digit is treated as a major version number and the second is treated as a minor version number. For example:
Version 1.2.3.4 has a major number of 1 and minor number of 2.
Version 5.6 has a major number of 5 and minor number of 6.
Version 1.2.3 is considered the same as Version 1.2 or Version 1.2.3.4 because both the major and minor numbers match.
Cisco AXP Command Modes
This section includes the procedures listed below for entering and exiting the command environment, where Cisco AXP software configuration commands are executed.
•Entering the Command Environment
•Exiting the Command Environment
EXEC and Configuration Modes
The Cisco AXP software command modes, EXEC and configuration, operate similarly to the EXEC and configuration modes for Cisco IOS software CLI commands.
Entering the Command Environment
To enter the command environment after the Cisco AXP software is installed and active, perform the following steps.
Prerequisites
The following information is required to enter the command environment:
•IP address of the Cisco ISR router that contains the Cisco AXP service module
•Username and password to log in to the router
•Slot number of the module
SUMMARY STEPS
1. Open a Telnet session.
2. telnet ip-address
3. Enter the user ID and password of the router.
4. service-module service-engine slot/port session
5. (Optional) enable
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
Open a Telnet session.
|
Use a DOS window, a secure shell, or a software emulation tool such as Reflection.
|
Step 2
|
Example:
C:\>telnet 172.16.231.195
|
Specifies the IP address of the router.
|
Step 3
|
|
Enter your username and password for the router.
|
Step 4
|
service-module integrated-service-engine
slot/port session
Example:
Router# service-module integrated-service-engine
1/0 session
|
Enters the Cisco AXP software command environment using the module located in slot and port. The prompt changes to "se" with the IP address of the service module.
If the message,
"Trying ip-address slot/port ...
Connection refused by remote host"
appears, enter the command
service-module integrated-service-engine
slot/port session clear
and try Step 4 again.
|
Exiting the Command Environment
To exit the Cisco AXP software command environment and return to the router command environment, perform the following steps.
SUMMARY STEPS
Return to the Cisco AXP software EXEC mode.
1. exit.
DETAILED STEPS
| |
Command or Action
|
Purpose
|
|
|
Return to the Cisco AXP software EXEC mode.
|
|
Step 5
|
Example:
|
Returns to the router command environment.
|
Configuring the Cisco AXP Service Module Interface
The host router and service module use two main interfaces for internal and external communication (see Figure 1).
•Internal Interface (eth0)
–This interface is internal, between the router and the service module. Use this connection to exchange traffic between the network interface and the router.
–For example, the console connection to the service module is connected through this interface.
–On the router side, this interface is described as service interface engine x/0 (where x is the service module slot in which the service module is inserted).
–On the service module side (Linux), this internal interface is designated as eth0.
•External Interface (eth1)
–This an external interface, and it varies between a Fast (100 Mb/s) or Gigabit (1000 Mb/s) ethernet and is available through an RJ-45 connector.
–On the service module side, this external interface is designated as eth1.
Note The external interface is not visible from the router side and can only be configured and used from the service module.
Figure 1 Router and Service Module Interfaces
| |
On This Hardware Interface...
|
Configure These Settings...
|
Using This Configuration Interface
|
1
|
Router interface to external link (FastEthernet slot/0)
|
Standard router settings
|
Cisco IOS software CLI on the router.
|
2
|
Router interface to module (Integrated-service-engine slot/0)
|
Module's IP address and default gateway router
|
3
|
Module interface to router (eth0)
|
All other module and Cisco AXP software application settings
|
Cisco AXP software GUI, or SSH interface.
|
4
|
Module interface to external link (eth1)
|
Support for data requests and transfers from outside sources
|
Configuration Tasks
Steps 1 to 3 open the host-router CLI and access the router's interface to the module.
Steps 4 to 9 configure the interface.
SUMMARY STEPS
From the Router CLI
1. enable
2. configure terminal
3. interface integrated-service-engine slot/0
4. ip address router-side-ip-address subnet-mask
or
ip unnumbered type number
5. service-module ip address module-side-ip-address subnet-mask
6. service-module ip default-gateway gateway-ip-address
7. end
8. copy running-config startup-config
9. show running-config
DETAILED STEPS
| |
Command or Action
|
Purpose
|
| |
From the Host-Router CLI
|
Step 1
|
enable
Example:
Router> enable
|
Enters privileged EXEC mode on the host router. Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode on the host router.
|
Step 3
|
interface integrated-service-engine slot/0
Example:
Router(config)# interface
integrated-service-engine 1/0
|
Enters interface configuration mode for the slot and port where the service module resides.
•slot—Specifies the service module slot.
|
Step 4
|
ip address router-side-ip-address subnet-mask
or
ip unnumbered type number
Example:
Router(config-if)# ip address 10.0.0.20
255.255.255.0
or
Router(config-if)# ip unnumbered
GigabitEthernet 0/0
|
The ip address command specifies the IP address on the router side.
•router-side-ip-address subnet-mask—IP address and subnet mask for the interface.
The ip unnumbered command enables IP processing on an interface without assigning an explicit IP address to the interface.
•type—Type of interface on which the router has an assigned IP address. The interface cannot be another unnumbered interface.
•number— Number of the interface on which the router has an assigned IP address. The interface cannot be another unnumbered interface.
For more information on the IP unnumbered command, see:
Understanding and Configuring the IP Unnumbered Command.
|
Step 5
|
service-module ip address
module-side-ip-address subnet-mask
Example:
Router(config-if)# service-module ip address
172.0.0.20 255.255.255.0
|
Specifies the IP address for the module interface to the router.
•module-side-ip-address—IP address for the interface
•subnet-mask—Subnet mask to append to the IP address; must be in the same subnet as the host router
|
Step 6
|
service-module ip default-gateway
gateway-ip-address
Example:
Router(config-if)# service-module ip
default-gateway 10.0.0.40
|
Specifies the IP address for the default gateway router for the module. The argument is as follows:
•gateway-ip-address—IP address for the gateway router
|
Step 7
|
end
Example:
Router(config-if)# exit
|
Returns to global configuration mode on the host router.
|
Step 8
|
copy running-config startup-config
Example:
Router# copy running-config startup-config
|
Saves the router's new running configuration.
|
Step 9
|
show running-config
Example:
Router# show running-config
|
Displays the router's running configuration, so that you can verify address configurations.
|
Opening and Closing a Service Module Session
To open and close a session on the service module, perform the following steps.
Note•Before you install your application software, opening a session brings up the bootloader. After you install the software, opening a session brings up the application.
•You can conduct only one session at a time.
•Steps 1 to 3: open the host-router CLI and access the module. Steps 4 to 5: configure the module. Step 6: return to the host-router CLI.
SUMMARY STEPS
From the Host-Router CLI
1. enable
2. service-module integrated-service-engine slot/0 status
3. service-module integrated-service-engine slot/0 session
From the Service-Module Interface
4. Enter configuration commands
5. Control-Shift-6 x
From the Host-Router CLI
6. service-module integrated-service-engine slot/0 session clear
DETAILED STEPS
| |
Command or Action
|
Purpose
|
| |
From the Host-Router CLI
|
Step 1
|
enable
Example:
Router> enable
|
Enters privileged EXEC mode on the host router. Enter your password if prompted.
|
Step 2
|
service-module integrated-service-engine slot/0
status
Example:
Router# service-module
integrated-service-engine 1/0 status
|
Displays the status of the specified module, so that you can ensure that the module is running (that is, in the steady state).
|
Step 3
|
service-module integrated-service-engine slot/0
session
Example:
Router# service-module
integrated-service-engine 1/0 session
Trying 10.10.10.1, 2065 ... Open
|
Begins a service-module session on the specified module. Do one of the following:
•To interrupt the autoboot sequence and access the bootloader, quickly type ***.
•To start a configuration session, press Enter.
|
| |
From the Service-Module Interface
|
Step 4
|
.Example (Software installation):
SE-Module> software install add url Url
|
Enter configuration commands on the module as needed.
•Bootloader command choices include boot, config, exit, help, ping, reboot, show, and verify.
–To configure the bootloader after setting up the router, see the "Configuring the Bootloader" section.
•To install the application software:
Use the software install add url command. See the "Installing and Upgrading Software" section for details.
•Configuration command choices are similar to those that are available on the router. Access global configuration mode by using the configure terminal command.
•Enter configuration commands.
•Exit global configuration mode with the exit command and save your new configuration with the copy running-config startup-config command. Notice that you do not use the enable command and the prompt does not change from >.
|
Step 5
|
Press Control-Shift-6 x.
|
Suspends the service-module session and returns to the router CLI. Alternatively, type the exit command to return to the router CLI.
Note The service-module session stays up until you clear it in the next step. While it remains up, you can return to it from the router CLI by pressing Enter.
|
| |
From the Host-Router CLI
|
Step 6
|
service-module integrated-service-engine slot/0
session clear
Example:
Router# service-module
integrated-service-engine 1/0 session clear
|
Clears the service-module session for the specified module. When prompted to confirm this command, press Enter.
|
Setting Resource Limits
Cisco AXP provides a predictable and constant set of resources such as CPU, memory, and disk space, which are segmented to allow an application to run on the Cisco AXP service module without affecting the performance of other router features. You can specify CPU, memory, and disk space limit (specified in MB), using the CLI with administrator privileges.
For information on the CPU index for Cisco AXP service modules, refer to the following section in the Cisco AXP Developer Guide:
Dedicated Application Resources
To configure resource limits, refer to the "Configuring Resource Utilization Limits" section in this guide.
Swap Space and Memory Allocation
Swap space support allows processes or portions of processes to move between physical memory and disk. This frees up space in physical memory and allows more processes to run simultaneously.
Swap space is available for applications developed using Cisco AXP version 1.1 or later versions.
Swap space support is available on all NME based modules: NME-APPRE-302-K9, NME-APPRE-502-K9, and NME-APPRE-522-K9. Swap space is not available on modules with the AIM form factor: AIM-APPRE-102-K9.
For information on enabling swap space and memory allocation for developing applications, refer to the Swap Space and Memory Allocation section in the Cisco AXP Developer Guide.
Verifying Swap Space Support
Refer to the "Verifying Swap Space Support" section.
Installing and Upgrading Software
Download the gzipped tar file for the appropriate platform to ensure all platform and package files required for installation are availalble.
During a clean or upgrade installation of the platform files, the following three installation files must exist in the same directory:
•axp-k9.<platform>.<version>.pkg
•axp-k9.<platform>.<version>.prt1
•axp-installer-k9.<platform>.<version>.prt1
This section consists of:
•Types of Cisco AXP Installation and Upgrade Commands
•Cisco AXP Upgrade and Downgrade Scenarios
•Clean Software Installation
•Clean Software Installation including FTP Server Configuration
•Add-on Software Installation
•Upgrading Software
•Downgrading Software
•Installing Software using a Helper Image
•Removing Software
•Uninstalling Software
Types of Cisco AXP Installation and Upgrade Commands
This section provides a summary of the Cisco AXP 1.1 installation and upgrade commands.
Clean Software Installation
Using the software install clean command clears the startup configuration to the factory default setting. All previous configuration settings are erased.
The Cisco AXP AIM or NME host OS software must be downloaded to an FTP server before installation.
Use the software install clean command to install:
•Cisco host OS
•An application package + Cisco AXP host OS , or
•An application package + Cisco AXP add-on packages + Cisco AXP host OS.
Add-on Software Installation
Use the software install add command to install :
•An application package , or
•An application package + Cisco AXP add-on packages, or
•Cisco AXP add-on packages
Upgrading Software
Use the software install upgrade command to upgrade:
•An application package + Cisco AXP host OS , or
•An application package + Cisco AXP add-on packages + Cisco AXP host OS, or
•An application package, or
•Cisco AXP add-on packages, or
•Cisco AXP host OS
Downgrading Software
Use the software install upgrade command to downgrade to a lower release.
Note The software install downgrade command is not supported.
Installing Software using a Helper Image
Use the axp-helper-k9.<aim/nme>.<release-number> rescue helper image file to aid software installation of the Cisco AXP host OS files on an AIM or NME service module when necessary. Installing software using the helper image overwrites all previously existing data on the service module.
Cisco AXP Upgrade and Downgrade Scenarios
This section describes the various types of upgrades and downgrades that are supported on Cisco AXP.
Cisco AXP software files described in these scenarios are:
•Cisco AXP host OS—Cisco AXP AIM or NME platform files.
•Cisco AXP add-on packages—Cisco AXP infrastructure add-on packages.
•App V1—application package version 1
App V2—application package version 2
These are third party application packages.
Upgrade Scenarios
Table 1-1 lists the upgrade scenarios supported on Cisco AXP.
Table 1-1 Cisco AXP upgrade scenarios
Current Software Versions on Service Module
|
New Software Versions on Service Module
|
Description
|
Cisco AXP 1.0 host OS
|
Cisco AXP 1.0 host OS + App V1
|
Use the software install add command to add App V1 where:
Package file — App V1.
Refer to Add-on Software Installation.
|
Cisco AXP 1.0 host OS
|
Cisco AXP 1.1 host OS
|
Use the software install upgrade command to upgrade the Cisco AXP 1.0 host OS to Cisco AXP 1.1 where:
Package file— Cisco AXP 1.1 host OS.
Refer to Upgrading Software
|
Cisco AXP 1.0 host OS
|
Cisco AXP 1.0 host OS + Cisco AXP 1.0 add-on package + App V1
Note
App V1 has a dependency on Cisco AXP 1.0 add-on packages.
|
Use the software install add command where:
Package file— bundle containing Cisco AXP add-on 1.0 package + App V1.
Refer to Add-on Software Installation.
|
Cisco AXP 1.0 host OS + App V1
|
Cisco AXP 1.0 host OS + Cisco AXP add-on 1.0 package + App V2
Note
App V2 has a dependency on Cisco AXP 1.0 add-on packages.
|
Use the software install upgrade command where:
•Package file— bundle containing Cisco AXP 1.0 host OS + Cisco AXP add-on 1.0+App V2
or
•Package file— bundle containing Cisco AXP add-on package 1.0 + App V2.
Refer to Upgrading Software.
|
Cisco AXP 1.0 host OS + App V1
|
Cisco AXP 1.1 host OS + App V2
|
Use the software install upgrade command where:
Package file— bundle containing Cisco AXP 1.1 host OS + App V2.
Refer to Upgrading Software
|
Cisco AXP 1.0 host OS + App V1
|
Cisco AXP 1.1 host OS + App V1
|
1. Use the software install upgrade command , where:
Package file— Cisco AXP 1.1 host OS.
or
Package file— bundle containing Cisco AXP 1.1 host OS + App V1.
Refer to Upgrading Software
|
AXP 1.0 host OS +
Cisco AXP 1.0 add-on package + App V1
Note
App V1 has a dependency on Cisco AXP 1.0 add-on packages .
|
AXP 1.1 host OS + Cisco AXP 1.0 add-on package +App V1
|
Use the software install upgrade command to upgrade the Cisco AXP host OS from 1.0 to 1.1, where:
Package file— Cisco AXP 1.1 host OS.
Refer to Upgrading Software.
|
AXP 1.0 host OS +
Cisco AXP 1.0 add-on package + App V1
Note
App V1 has a dependency on Cisco AXP 1.0 add-on packages .
|
AXP 1.1 host OS + Cisco AXP 1.1 add-on package + App V1
Note
App V1 has a dependency on Cisco AXP 1.1 add-on packages.
|
Use the software install upgrade command to:
•Upgrade Cisco AXP host OS from 1.0 to 1.1, and
•Upgrade the Cisco AXP add-on package from 1.0 to 1.1
where:
Package file—bundle containing Cisco AXP 1.1 host OS + Cisco AXP 1.1 add-on package + App V1.
Refer to Upgrading Software
|
AXP 1.0 host OS +
Cisco AXP 1.0 add-on package +App V1
Note
App V1 has a dependency on Cisco AXP 1.0 add-on packages
|
AXP 1.0.6 host OS + Cisco AXP 1.0.6 add-on package +App V1
Note
App V1 has a dependency on Cisco AXP 1.0.6 add-on packages
|
Use the software install upgrade command:
Package file—bundle containing Cisco AXP 1.0.6 host OS + Cisco AXP1.0.6 addon package +App V1.
Refer to Upgrading Software
|
AXP 1.0 host OS +
Cisco AXP 1.0 add-on package +App V1
Note
App V1 has a dependency on Cisco AXP 1.0 add-on packages.
|
AXP 1.1 host OS + Cisco AXP 1.1 add-on package +App V2
Note
App V2 has a dependency on Cisco AXP 1.1 add-on packages.
|
To upgrade
i) Cisco AXP host OS from 1.0 to 1.1, and
ii) Cisco AXP add-on package from 1.0 to 1.1, and
iii) App V1 to App V2:
•software install upgrade command where:
Package file—bundle containing Cisco AXP 1.1 host OS + Cisco AXP 1.1 add-on package + App V2.
Refer to Upgrading Software
|
Downgrade Scenarios
Resource Limits Exceeded after Downgrade
The following scenario may occur after downgrading an application on Cisco AXP.
If the current software on the service module is App V2 with Cisco AXP host OS 1.1.1, and a downgrade is performed to a lower version of Cisco AXP host OS (for example, 1.0.6) using App V1, the files for App V2 may still be present on the application service module.
The presence of two versions of the application may cause resource limits to be exceeded. Error messages may be displayed when trying to run App V1 (referenced as APP1 in the error message) on Cisco AXP host OS (1.0.6):
localhost err_handler: invalid parameters: 'space_used' is larger than 'space_total'.
localhost err_handler: Failed to start vserver 'APP1'.
Table 1-2 lists the downgrade scenarios supported on Cisco AXP.
Note Use the software install upgrade command for downgrading software.
Table 1-2 Cisco AXP downgrade scenarios
Current Software Versions on Service Module
|
New Software Versions on Service Module
|
Description
|
Cisco AXP 1.1 host OS +
Cisco AXP 1.1 add-on package +App V2
Note App V2 has a dependency on Cisco AXP 1.1 add-on packages
|
Cisco AXP 1.0 host OS +
Cisco AXP 1.0 add-on package +App V1
Note App V1 has a dependency on e Cisco AXP 1.0 add-on packages.
|
Use the software install upgrade command to downgrade:
•Cisco AXP host OS from 1.1 to 1.0
•Cisco AXP add-on package from 1.1 to 1.0, and
•App V2 to App V1
where:
Package file— bundle containing of Cisco AXP 1.0 host OS + Cisco AXP 1.0 add-on package + App V1.
All application packages must have the same UUID.
Refer to Upgrading Software
|
Cisco AXP 1.0 host OS +
Cisco AXP 1.0.5 add-on package + App V1
Note App V1 has a dependency on Cisco AXP 1.0.5 add-on packages.
|
Cisco AXP 1.0 host OS +
Cisco AXP 1.0 add-on package + App V1
Note App V1 has a dependency on Cisco AXP 1.0 add-on packages.
|
Use the software install upgrade command to downgrade the Cisco AXP add-on package from 1.0.5 to 1.0
where:
•Package file— Cisco AXP 1.0 add-on package
or
•Package file—bundle containing Cisco AXP 1.0 add-on package + App V1
All application packages must have the same UUID.
Refer to Upgrading Software
|
Cisco AXP 1.1 host OS +
Cisco AXP 1.1 add-on package + App V1.
Note App V1 has a dependency on Cisco AXP 1.1 add-on packages.
|
Cisco AXP 1.0 host OS +
Cisco AXP 1.0 add-on package + App V1
Note App V1 has a dependency onthe Cisco AXP 1.0 add-on packages.
|
Use the software install upgrade command to downgrade:
•Cisco AXP host OS 1.1 to 1.0 and
•Cisco AXP add-on package from 1.1 to 1.0:
where:
Package file—bundle containing Cisco AXP 1.0 host OS + Cisco AXP 1.0 add-on package + App V1.
Refer to Upgrading Software.
|
Cisco AXP 1.1 host OS +
Cisco AXP 1.0 add-on package + App V1.
Note App V1 has a dependency on Cisco AXP 1.0 add-on packages.
|
Cisco AXP 1.0 host OS +
Cisco AXP 1.0 add-on package + App V1.
Note App V1 has a dependency on Cisco AXP 1.0 add-on packages.
|
Use the software install upgrade command to downgrade Cisco AXP host OS from 1.1 to 1.0 :
where:
•Package file— Cisco AXP 1.0 host OS.
or
•Package file—bundle containing Cisco AXP 1.0 host OS + Cisco AXP 1.0 add-on package + App V1.
Refer to Upgrading Software
|
Cisco AXP 1.1 host OS +
Cisco AXP 1.1 add-on package + App V2
Note App V2 has a dependency on Cisco AXP 1.1 add-on packages.
|
Cisco AXP 1.0 host OS.
|
To downgrade from Cisco AXP host OS 1.1 to 1.0, and uninstall Cisco AXP add-on package 1.1 and application package App V2:
1. software uninstall uid1 uid2
where uid1 is the UID of Cisco AXP 1.1 add-on package, and uid2 is the UID of App V2.
Refer to Uninstalling Software
2. software install upgrade
where:
Package file— Cisco AXP 1.0 host OS.
Refer to Upgrading Software
|
Cisco AXP 1.1 host OS +
Cisco AXP 1.0 add-on package + App V1.
Note App V1 has a dependency on Cisco AXP 1.0 add-on packages.
|
Cisco AXP 1.0 host OS.
|
To uninstall Cisco AXP add-on package 1.0 and App V1:
•software uninstall uid1 uid2
where uid1 is the UID of Cisco AXP 1.0 add-on package, and uid2 is the UID of App V1.
Refer to Uninstalling Software
|
Cisco AXP 1.0 host OS +
Cisco AXP 1.0 add-on package.
|
Cisco AXP 1.0 host OS.
|
To uninstall Cisco AXP add-on package 1.0:
•software uninstall uid1
where uid1 is the UID of Cisco AXP 1.0 add-on package.
Refer to Uninstalling Software
|
Cisco AXP 1.1 host OS + App V2.
|
Cisco AXP 1.0 host OS.
|
To uninstall App V2:
1. Use the software uninstall uid1 command where uid1 is the UID of App V2.
2. Use the software install upgrade command to downgrade Cisco AXP host OS from 1.1 to 1.0
Refer to Uninstalling Software and Upgrading Software.
|
Cisco AXP 1.0 host OS +
App V1.
|
Cisco AXP 1.0 host OS.
|
To uninstall App V1:
•software uninstall uid1
where uid1 consists of App V1.
Refer to Uninstalling Software
|
Cisco AXP 1.1 host OS +
App V2
|
Cisco AXP 1.0 host OS +
App V1.
|
To downgrade Cisco AXP host OS from 1.1 to 1.0 and replaceApp V2 with App V1:
•software install upgrade
where
Package file—bundle containing Cisco AXP 1.0 host OS + App V1.
Refer to Upgrading Software
|
Cisco AXP 1.1 host OS +
App V1.
|
Cisco AXP 1.0 host OS +
App V1.
|
Use the software install upgrade command to downgrade the Cisco AXP host OS from 1.1 to 1.0:
where:
•Package file— Cisco AXP 1.0 host OS.
or
•Package file—bundle containing Cisco AXP 1.0 host OS + App V1.
Refer to Upgrading Software
|
Cisco AXP 1.0 host OS +
Cisco AXP 1.0 add-on package + App V2 .
Note App V2 has a dependency on Cisco AXP 1.0 add-on packages.
|
Cisco AXP 1.0 host OS +
App V1.
|
To downgrade from App V2 to App V1:
1. software install upgrade
where:
Package file— bundle containing Cisco AXP 1.0 host OS + App V1.
Refer to Upgrading Software
2. Use the software uninstall command to uninstall the Cisco AXP add-on package.
Refer to Uninstalling Software
|
Clean Software Installation
The Cisco AXP AIM or NME software must be downloaded to an FTP server before installation. If you need to configure the FTP server, refer to the "Clean Software Installation including FTP Server Configuration" section.
Note Using the software install clean command clears the startup configuration to the factory default setting. All previous configuration settings are erased.
Prerequisites
Before you install the package, you need:
•FTP server user ID/username
•FTP server password
SUMMARY STEPS
1. software install clean {package-filename.pkg | url ftp://ftp-server-ip-address/package-filename.pkg}[username username password password]
2. exit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
software install clean {package-filename.pkg |
url
ftp://ftp-server-ip-address/package-filename.pk
g}[username username password password]
Example:
SE-module> software install clean url
ftp://10.10.1.5/.../.../packagename.pkg
username johndoe password johndoe123
|
Installs the Cisco AXP host OS (platform) file that was downloaded on the FTP server.
package-filename— A single file or a bundle of files.
ftp-server-ip-address— FTP server address where the
package is located.
package-filename— Cisco AXP package file name
username—FTP server ID/username
password—FTP server password
Note:
If an error displaying a mismatched sum occurs during installation, use the software remove all command to remove all residual files, and reinstall the files using the software install clean command. Refer to Removing Software.
|
Step 2
|
exit
|
Exits EXEC mode.
|
Clean Software Installation including FTP Server Configuration
To configure the FTP server and install software, perform the following steps.
Prerequisites
Before you install the package, you need:
•FTP server user username
•FTP server password
SUMMARY STEPS
1. configure terminal
2. software download server url ftp-url[/ dir] username username password password
3. end
4. copy running-config startup-config
5. software install clean package-filename
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
configure terminal
|
Enters configuration mode.
|
Step 2
|
software download server url ftp-url[/dir]
username username password password
SE-Module(config)> software download server url
ftp://10.10.1.5/.../.../packagename.pkg
username johndoe password johndoe123
|
Configures the FTP server address.
ftp url— FTP server address where the package will be downloaded.
/dir— (optional) FTP directory on the server
username—FTP server ID/username
password—FTP server password
|
Step 3
|
end
|
Exits configuration mode.
|
Step 4
|
copy running-config startup-config
|
Saves configuration for the download server.
|
Step 5
|
software install clean url package-filename
SE-module> software install clean
packagename.pkg
|
Installs the Cisco AXP file that was downloaded on the FTP server.
package-filename— Cisco AXP package filename
|
Add-on Software Installation
SUMMARY STEPS
1. Open a Service Module Session. See the "Opening and Closing a Service Module Session" section.
2. From the Service Module Interface: software install add {package-filename.pkg | url ftp://ftp-server-ip-address/package-filename.pkg}[username username password password]
3. exit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
software install add {package-filename.pkg |
url
ftp://ftp-server-ip-address/package-filename.pk
g}[username username password password]
Example:
SE-Module> software install add url
ftp://10.10.1.5/pkgname.1.0.pkg
|
ftp-server-address— FTP server address where the
package is located.
package-filename— A single package or a bundle of packages.
username—FTP server ID/username
password—FTP server password
|
Step 2
|
exit
|
Exits EXEC mode.
|
Upgrading Software
Before upgrading Cisco AXP software:
•The upgrade package must have the same name as the package being upgraded.
•The upgrade package must have the same uuid as the package being upgraded
•The upgrade package must have a different version than the package being upgraded.
After upgrading, during system startup, the saved startup configuration is restored.
SUMMARY STEPS
1. Copy the installer payload file to the same FTP directory as the Cisco AXP file.
2. software install upgrade { package-filename.pkg | url ftp://ftp-server-ip-address/package-filename.pkg}[username username password password]
3. exit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
Copy the installer payload file to the same FTP directory as the Cisco AXP package.
|
Copy the installer payload file (axp-installer.k9.<nme/aim.release-number>.prt1) to the same FTP directory as the Cisco AXP file.
The FTP directory contains a file such as axp-k9.nme.1.0.x.pkg and a corresponding payload file axp-k9.nme.1.0.x.prt1 with other add-on packages.
|
Step 2
|
software install upgrade { package-filename.pkg
| url
ftp://ftp-server-ip-addr/package-fileame.pkg}
Example:
SE-Module> software install upgrade url
ftp://10.10.1.5/pkgname.1.0.pkg
|
Installs the upgraded Cisco AXP file.
package-filename— A single package or a bundle of packages.
Using this command restores saved configurations. When a new software release is installed over an existing one, the old installer from the previous release is first upgraded via the package, axp-installer-k9.<nme/aim.1.0.x>.<1.0.x>.prt1, and then the new image is installed.
|
Step 3
|
exit
|
Exits EXEC mode.
|
Downgrading Software
The software install downgrade command is not supported.
To downgrade Cisco AXP software to a lower release, use the same command for upgrading software:
software install upgrade.
Installing Software using a Helper Image
If the service module does not boot up with the regular image you can install software using a helper image. To use the boot helper to reboot with a helper image, perform the following steps.
Note•Configure the router before setting up the bootloader. The service module will not connect to the external network if the router is not configured correctly. If you have not configured the bootloader, see the "Configuring the Bootloader" section.
•Using the helper image for installation clears the startup configuration to the factory default settings. All previous configuration settings are erased.
Step 1 Enter the following commands from the router CLI:
a. service-module Service-Engine 1/0 reset (wait about 10 seconds after using this command).
b. service-module Service-Engine 1/0 session (repeat this command if the first try fails).
Step 2 Wait for the following prompt: Please enter *** to change boot configuration.
a. Enter "***" to drop the service module into the bootloader.
Step 3 Enter the config command to configure the bootloader:
SE- boot-loader> config
a. Enter these parameters:
IP address—Service module IP address as configured on the host router
Subnet mask—Service module subnet mask as configured on the host router
TFTP server—IP address of the TFTP server with the helper image
Gateway—Gateway address as configured in the host router
Note For the Default Helper-file name, if you are pasting in the name, do not paste any extra whitespaces (newline, tabs) into the name. If whitespaces are included, they will also be present in the image name that is requested from the TFTP server.
Default Helper-file—name of the helper image.
Ethernet interface—internal
Note The internal interface is facing the router. The external interface may or may not be present on the service module.
External interface media—copper
Default Boot—disk
Default bootloader—secondary
Note Always use the secondary bootloader; the primary bootloader is only for backup.
Step 4 Enter the show config command from the bootloader to verify that there are no empty values. (Check for any null/empty values as these may cause problems with the network boot sequence.)
SE- boot-loader> show config
Note Before entering the boot helper (in step 5), do the following:
•Check that the IP address you entered in step 3 is the IP address of the service module as configured on the host router.
•Check that the TFTP server you entered in step 3 has connectivity to the service module. For example:
SE- boot-loader> ping TFTP-server-address
Step 5 To enter the boot helper, type: boot helper
The helper image starts and the following text appears:
Welcome to Cisco Systems Service Engine Helper Software
Please select from the following
(Type '?' at any time for help)
Select 1 Install software:
Step 6 Enter the following parameters:
Package Name—Cisco AXP package name
Server URL—FTP server location for the Cisco AXP package
Username—FTP username
Password—FTP password
Step 7 Enter y (yes) to clear disk contents.
After installation, the blade reboots with the new image.
Troubleshooting the Boot Helper File
Use a workstation to download the boot helper file from the TFTP server. This verifies that the TFTP server is running, the requested helper file exists, and there are no file access errors. File access errors are not displayed in boot helper.
Removing Software
To remove software, use the software uninstall command in Cisco AXP EXEC mode.
SUMMARY STEPS
1. software remove
2. exit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
software remove
{all|downgradefiles|downloadfiles
Example:
SE-module> software uninstall
|
Removes software files during a clean installation, upgrade, or downgrade.
all—Removes all files
downgradefiles—Removes all files that have been downgraded.
downloadfiles—Removes all files that have been downloaded.
|
Step 2
|
exit
|
Exits Cisco AXP EXEC mode.
|
Uninstalling Software
To uninstall software, use the software uninstall command in Cisco AXP EXEC mode.
SUMMARY STEPS
1. software uninstall
2. exit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
software uninstall uid-list
Example:
SE-module> software uninstall
|
Uninstalls the Cisco AXP package files.
uid-list—List of unique identifiers(UID) of sub-systems to be uninstalled
|
Step 2
|
exit
|
Exits Cisco AXP EXEC mode.
|
Secure Shell Access to the Service Module
For direct secure shell (SSH) access to the Cisco AXP CLI, a user must first session into the service module and configure it.
This initial configuration gives users direct SSH access to the Cisco AXP CLI and also allows them to perform remote configurations without constantly accessing the router and sessioning into the service module.
Cisco AXP provides secure shell (SSH) access to the CLI through a default user that acts like a system administrator. The password for the default system administrator must be configured by the user through the CLI, before SSH access to the Cisco AXP CLI. This password must be at least five characters.
If service password encryption is enabled, the system encrypts the clear text password that is entered and saves it in the encrypted format in the configuration file. If the user prefers a clear text password, service password-encryption is disabled by entering the no form of the command.
This command directs the system to encrypt the password using a system provided two-character salt string. With this service enabled, a clear text password string is encrypted and displayed as a level 7 password string.
Cisco AXP also provides commands for SSH tunneling. These commands are documented in the "SSH Access to a Virtual Instance" section.
This section contains the following tasks:
•Configuring Password Protection
•Configuring the SSH Server
•Verifying the SSH Server
Configuring Password Protection
To session into the service module for direct SSH access to the Cisco AXP CLI and to configure the password, perform the following steps.
1. Session into the service module and configure the password.
2. service password-encryption password encrypts the clear text password that is entered and saves it in the encrypted format in the configuration file.
SUMMARY STEPS
1. configure terminal
2. service password-encryption
or,
no service password-encryption
3. username sysadmin password clear-password-string
or,
username sysadmin password 0 clear-password-string
or,
username sysadmin password 7 hashed-password-string
4. exit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
configure terminal
|
Enters global configuration mode.
|
Step 2
|
service password-encryption
|
Encrypts the clear text password using a system provided two-character salt string. The password is saved in the encrypted format in the configuration file.
A clear text password string is encrypted and displayed as a level 7 password string.
|
|
|
no service password-encryption
|
To keep the clear text password, then disable the service password-encryption command with the no prefix.
|
Step 3
|
username sysadmin password
clear-password-string
|
You can use either one of these three commands:
Specifies a non encrypted (cleartext) user password.
|
|
|
username sysadmin password 0
clear-password-string
|
Specifies a non encrypted password.
|
|
|
username sysadmin password 7
hashed-password-string
|
Specifies a hidden password.
|
Step 4
|
exit
|
Exits configuration mode.
|
Configuring the SSH Server
To configure SSH access to the CLI server allowing remote access to the Cisco AXP service module, perform the following steps.
SUMMARY STEPS
1. configure terminal
2. ip ssh server
3. ip ssh interface interface
4. exit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
configure terminal
|
Enters global configuration mode.
|
Step 2
|
ip ssh server
|
Enables the SSH service (starts the sshd daemon). Default SSH service is enabled.
If the sshd daemon is running when you configure the no form of the command: the sshd daemon stops, the existing SSH session remains alive, and no new SSH sessions are accepted.
|
Step 3
|
ip ssh interface interface
|
Specifies the interface on which sshd should listen for an incoming connection.
If you do not use this command, sshd listens on all interfaces.
If sshd is configured to listen to a specific network interface, an IP address change for that interface prevents SSHD from accepting a connection on that modified interface.
You must restart sshd or the Cisco AXP service module to re-establish SSH service.
|
Step 4
|
exit
|
Exits global configuration mode.
|
Verifying the SSH Server
To verify the SSH service is running, perform the following steps.
SUMMARY STEPS
1. show processes
2. show processes memory
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
show processes
|
View the state of the SSHD process. For this command and other diagnostic commands see Table 9.
|
Step 2
|
show processes memory
|
In EXEC mode, display the information of the sshd process when it is running.
|
Configuring the Syslog Server
Configuration of a syslog server allows the Cisco AXP service module to collect log messages from other physical and virtual devices on the network. The syslog server binds to an interface to accept log messages from any source on the network.
A user can enable or disable the syslog server on the Cisco AXP service module, and can specify the maximum log file size limits that can occupy the local file system space.
Because the syslog server cannot be configured to filter logs based on facility or priority, all log messages must be filtered before they are sent to the syslog server.
Log files generated by the syslog server reside in the /var/remote_log directory, and the log file is named remote_messages.log. Rotated log files are appended with a number, such as remote_messages.log.1, with the higher numbers designating older files. The oldest log file is deleted during a file rotation.
SUMMARY STEPS
1. configure terminal
2. syslog-server
3. syslog-server limit file-rotation size [file-size num]
4. syslog-server limit file-size size [ file-rotation num ]
5. exit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
configure terminal
|
Enters configuration mode.
|
Step 2
|
|
Enables or disables the syslog server.
The syslog server is disabled by default.
If the server is enabled, the Cisco AXP service module is used as a syslog server to receive all the log files from external devices.
A error message:
ERROR - system does not have enough
disk space
appears if:
•The system has less than 80G disk storage,
or,
•Available disk space does not satisfy the current limits set by file size, and the number of files.
Resolve error by either unloading applications to free disk space, or by changing limits.
If this error occurs you cannot enable the syslog server.
|
Step 3
|
syslog-server limit file-rotation size [file-size num]
|
Sets syslog server limits.
file-rotation-—Defines the number of log files to be rotated. The range is 1 to 40 and the default is 10.
file-size—Defines the maximum size (in MB) of each log file. The range is 1 to 1000 MB and the default is 20 MB.
Setting the file rotation configuration lower than the current settings causes extra log files to be deleted.
Example
If the current file rotation value is 5 and the new file rotation value is 2, log files 3 to 5 are deleted.
A message,
WARNING - setting the new
file-rotation value to 2 from the old
value of 5 caused extra log files to
be removed
notifies the user if they have specified a new file rotation value that is lower than the current file rotation value.
Error messages:
Error Message System does not have
enough disk space.
This error occurs if the available system disk space is not enough to satisfy the new configured limits.
The file rotation and file size error messages appear if you enter an invalid value for a configuration. For example if you enter 80001 as the file-size or 99 as the file-rotation.
The invalid values are rejected and the original limit values remain effective.
Error Message File-rotation is out of
range (1-10).
Error Message File-size is out of range
(1-80000).
|
Step 4
|
syslog-server limit file-size size [file-rotation num]
|
Sets syslog server limits.
file-rotation-—Defines the number of log files to be rotated. The range is 1-40 and the default is 10.
file-size— Defines the maximum size (in MB) of each log file. The range is 1-1000 MB and the default is 20 MB.
Setting the file rotation configuration lower than the current settings causes extra log files to be deleted.
Example
If the current file rotation value is 5 and the new file rotation value is 2, log files 3 to 5 will be deleted.
A message,
WARNING - setting the new
file-rotation value to 2 from the old
value of 5 caused extra log files to
be removed
notifies the user if they have specified a new file rotation value that is lower than the current file rotation value.
Error messages:
Error Message System does not have
enough disk space.
This error arises if the available system disk space is not enough to satisfy the new configured limits.
The file rotation and file size error messages are displayed if an invalid value is entered for a configuration. For example if you enter 80001 as the file-size or 99 as the file-rotation.
The invalid values are rejected and the original limit values remain effective.
Error Message File-rotation is out of
range (1-10).
Error Message File-size is out of range
(1-80000).
|
Step 5
|
exit
|
Exits configuration mode.
|
Verifying the Syslog Server
To verify the Syslog server status, perform the following step.
SUMMARY STEPS
1. show syslog-server
DETAILED STEPS
Configuring the Application Service Environment
The core and add-on packages must be installed before proceeding with the configuration tasks in this section.
This section consists of the following tasks:
•Starting or Stopping the Application Service
•Configuring External Network Interfaces
•Configuring the NTP Server Source
•Configuring the Hostname
•Configuring the Application Domain
•Configuring Console Access
•Configuring IP Static Routes
•Source-based IP Routing
•Remote Serial Device Configuration
•Packet Analysis
•Logging
•Configuring Resource Utilization Limits
•SSH Access to a Virtual Instance
•Synchronizing Files
•Synchronizing Files
•CLI Plug-in Invocation
•Cisco IOS Service API Configuration
•Cisco IOS Event Notification
Starting or Stopping the Application Service
SUMMARY STEPS
1. configure terminal
2. app-service application-name
3. no shutdown
4. end
5. show state (Optional)
6. exit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
configure terminal
|
Enters global configuration mode.
|
Step 2
|
app-service application-name
|
Enters application service mode.
|
Step 3
|
no shutdown
|
Starts or stops the specified application service.
shutdown gracefully shuts down the application service and changes the application service state to offline after successfully completing configuration tasks.
|
Step 4
|
end
|
Exits configuration mode.
|
Step 5
|
show state
|
(Optional) View the application service status in EXEC mode.
|
Step 6
|
end
|
Exits EXEC mode.
|
Configuring External Network Interfaces
Each application service environment is configured by default with access to the eth0 network interface, and the loopback interface which automatically binds into the application environment.
Use the bind interface command to bind one or more active network interfaces to the application service environment. A network interface may be shared between application service environments.
Ensure that your configuration settings do not allow more than one application service environment to compete for the same port on the same networking device.
You can configure physical ethernet interfaces on the Cisco AXP service module through the CLI.
Derived network interfaces (such as subinterfaces and VLAN interfaces) must be activated before they are added to the list of available network interfaces.
Activation depends on the type of derived network interface. All physical and derived network interfaces have associated configuration commands to adjust IP and firewall settings.
Note The configuration of an IP address cannot be changed for an RBCP controlled physical device—these settings are configured on the Cisco ISR.
VLAN and Virtual Interfaces
Virtual and VLAN interfaces can only be created on configured and nonvirtual interfaces. An appropriate route must be setup on the Cisco IOS software side to direct traffic to the new network.
Table 3 shows an example of VLAN and virtual interface naming differences between Cisco IOS and Cisco AXP( Linux).
Table 3 Differences between VLAN and Virtual Interface Names
Interface
|
Cisco IOS
|
Cisco AXP
|
VLAN
|
interface Integrated-Service-Engine 1/0.1
ip address 172.23.101.1 255.255.255.0
|
eth<#>.<#>
Example—eth0.10 where 10 is the VLAN ID tag used to send traffic.
|
Virtual
|
interface Integrated-Service-Engine 1/0.1
ip address 172.23.101.1 255.255.255.0
|
eth<#>:<#>
Example—eth0:10 where 10 is a locally significant number to distinguish within the service module.
|
This section contains the following tasks:
•Attaching a Networking Device to the Application Environment
•Detaching a Networking Device from the Application Environment
•Configuring a Virtual Interface
•Configuring a VLAN Interface
Attaching a Networking Device to the Application Environment
To attach a networking device to/from the application environment, perform the following steps.
SUMMARY STEPS
1. configure terminal
2. interface device-name
3. ip address ip address network-mask
4. end
5. app-service application-name
6. bind interface network-interface-name
7. end
8. app-service application-name
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
configure terminal
|
Enters global configuration mode.
|
Step 2
|
interface device-name
|
Configures the network interfaces.
device-name—Ethernet device name.
For example, the device name can be eth0 or eth1 for a built-in physical interface, eth0:1 for a virtual interface, or eth0.1 for a VLAN interface.
You can configure the virtual or VLAN interfaces only if these interfaces are not bound to the virtual hosting environment.
If the interfaces are bound, an error message with the specific device name appears.
For example, in the case of the interface eth0.1 the following error message appears:
Error Message eth0.1 still bound to hosting
environment(s), unbind first.
Do not remove a built-in physical interface. Upon removal, an error message appears:
Error Message Can not remove the built-in
interface eth0/1.
|
Step 3
|
ip address ip-address network-mask
|
Configures the IP address and network mask for the specified network interface.
Changing the IP address for a bound interface results in a message warning the user that the application is bound to the interface.
To remove the old IP configuration, reset the virtual instance.
|
Step 4
|
exit
|
Exits interface configuration mode.
|
Step 5
|
app-service application-name
|
Enters application service configuration mode.
|
Step 6
|
bind interface network-interface-name
|
Attaches or detaches a networking device to or from the application environment.
network-interface-name—Interface name defined in the host, for example, the Ethernet device-name defined in the interface command.
The interface is immediately available to the virtual instance with the execution of a new bind command.
Note This command modifies configuration entries in the /etc/hosts file for ipaddr and hostname mapping.
ipaddr in the /etc/hosts file is modified when the command is issued. Only the first interface binding is used. Since eth0 is the default to be bound for each virtual instance, ipaddr is normally eth0.
|
Step 7
|
end
|
Ends configuration mode.
|
Step 8
|
app-service application-name
|
Enters application service mode.
|
Detaching a Networking Device from the Application Environment
To remove a networking device to/from the application environment, perform the following steps.
SUMMARY STEPS
1. configure terminal
2. app-service application-name
3. no bind interface network-interface-name
4. end
5. app-service application-name
6. reset
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
configure terminal
|
Enters global configuration mode.
|
Step 2
|
app-service application-name
|
Enters application service configuration mode.
|
Step 3
|
no bind interface network-interface-name
|
Detaches a networking device from the application environment.
network-interface-name—Interface name defined in the host, for example, the Ethernet device-name defined in the interface command.
Detaching an interface binding displays the following warning messages,
WARNING!!! Reset the hosting environment
WARNING!!! For binding to be removed
and requires a virtual instance to restart.
Note The networking device is only detached after the final reset command.
|
Step 4
|
end
|
Ends configuration mode.
|
Step 5
|
app-service application-name
|
Enters application service mode.
|
Step 6
|
reset
|
Resets the hosting environment.
|
Configuring a Virtual Interface
To configure a virtual interface, perform the following steps.
SUMMARY STEPS
1. configure terminal
2. interface eth0:x
3. ip address ip-address
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
configure terminal
|
Enters global configuration mode.
|
Step 2
|
interface eth0:x
|
Configures the virtual interface. Enters interface sub mode.
x—Interface number.
Note The colon (":") indicates this is a virtual interface.
|
Step 3
|
ip address ip-address
|
Configures the IP address.
|
Configuring a VLAN Interface
VLAN needs to be configured on the router and Cisco AXP sides. In the configuration for the router configuration in step 3 below, the dot "." in "port.x" indicates a sub interface. Refer to Table 3 for virtual and VLAN naming differences.
Note Configuring a VLAN interface is not supported on Cisco AXP AIM service modules.
To configure an appropriate route for the Cisco IOS software to set up traffic to the VLAN interface, it is necessary to configure the interface to DOT1Q mode.
DOT1Q mode only affects traffic that flows through this interface; it does not inject the VLAN tag for end-to-end traffic. If no native VLAN is configured on an interface, Cisco IOS by default makes encapsulation 1 DOT 1Q the default native VLAN.
On the Cisco AXP service module, VLAN ID 1 is always the native interface.
Note It is not possible to ping the Cisco AXP service module from the router when using encapsulation 1 on the router, with a subinterface on the service module that has a matching native VLAN ID of 1 (eth0.1).
Recommendation
Try using a VLAN ID greater than 1 if it is not necessary to use VLAN ID 1 in your network. If you must use VLAN ID 1, add a native command to another DOT1Q interface and then use VLAN ID 1 as shown in the "VLAN Configuration Example" section.
To configure a VLAN interface, perform the following steps.
SUMMARY STEPS
1. On the router side:
configure terminal
ip routing
interface Integrated-Service-Engine slot/port.x
encapsulation dot1q vlanid
ip address ip-address
2. On the Cisco AXP Service Module:
configure terminal
interface ethport.x
ip address ip-address
DETAILED STEPS
| |
Command or Action
|
Purpose
|
|
|
On the router side:
|
|
Step 1
|
configure terminal
|
Enters configuration mode.
|
|
|
ip routing
|
Enables IP routing on the router.
|
|
|
interface integrated-service-engine slot/port.x
|
Enters interface sub mode.
x—Interface number.
Note Use a value of x greater than 1.
|
|
|
encapsulation dot 1Q vlanid
|
Defines the encapsulation format as IEEE 802.1Q (dot1q), and specifies the VLAN identifier.
vlanid—VLAN identifier.
|
|
|
|
Configures the IP address for the interface.
|
|
|
On the Cisco AXP service module:
|
|
Step 2
|
configure terminal
|
Enters configuration mode.
|
|
|
interface ethport.x
|
Enters interface sub mode.
x—VLAN id.
|
|
|
ip address ip-address
|
Configures IP address.
|
VLAN Configuration Example
On the router:
interface Integrated-Service-Engine 1/0.1 <----- 1/0.1 for VLAN interface
encapsulation dot1Q 10 <----------------------dot1Q encap for VLAN
ip address 209.165.201.1 255.255.255.224
interface Integrated-Service-Engine 1/0.2
ip address 209.165.202.1 255.255.255.224
On the Cisco AXP Module:
Interface eth0.10 <-------------------eth0.10 is VLAN interface syntax. 10 is the VLAN ID.
ip address 209.165.201.2 255.255.255.224
ip address 209.165.202.2 255.255.255.224
Configuring the NTP Server Source
To have a consistent set of time stamps required for logs and development authorization between the router and the AXP service module, an administrator must configure the Cisco AXP service module to receive its NTP clock source from the router.
For Cisco AXP 1.0.5 and higher releases, the service module can immediately synchronize with the router. For this synchronization, the router must be set as the master NTP server using the ntp master command.
The ntp master command sets the router as the master source for providing clock synchronization, using its own system clock as the source for itself and the Cisco AXP service module.
However, in many cases, the router can also use another trusted NTP server as its source. Use the ntp server command to set an external server as the source for clock synchronization.
Note The time zone setting is not automatically passed from the NTP master to the client, if they are set in different time zones.
For additional documentation on NTP, refer to the following link on Cisco.com:
Network Time Protocol
SUMMARY STEPS
Step 1 On the router:
a. Configure the ISR as an NTP master server.
configure terminal
ntp master
b. (Optional) ntp server {hostname|ip-address}[prefer]
This step is optional, but recommended. Use this command to set an external server as the source for providing clock synchronization.
c. Configure the correct time zone on the router.
clock timezone zone
copy running-config startup-config
exit
Step 2 On the Cisco AXP service module:
a. Configure the Cisco AXP service module's NTP server to point to the source router providing the clock synchronization.
configure terminal
ntp server router-ip address
end
write memory or copy running-config startup-config
b. Configure the time zone on the Cisco AXP service module to be the same as the source router time zone. Reload the module for the new time zone to take effect.
configure terminal
clock timezone
end
write memory or copy running-config startup-config
reload
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
Configure the following commands on the router:
|
|
|
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
|
|
ntp master
|
Configures the router to use its own Network Time Protocol (NTP) master clock to synchronize with peers when an external NTP source is unavailable.
|
|
|
(Optional) ntp server
{hostname|ip-address}[prefer]
|
(Optional) This command is optional, but recommended. Use this command to set an external server as the source for clock synchronization.
hostname | ip-address— The hostname or IP address of the external server providing the clock synchronization.
(Optional) prefer—Marks the server as preferred.
|
|
|
|
Sets the time zone on the source router providing clock synchronization.
|
|
|
|
Exits configuration mode
|
|
|
copy running-config startup-config
Router# copy running-config startup-config
|
Copies the configuration changes to the startup configuration.
|
Step 2
|
Configure the following commands on the Cisco AXP service module:
|
|
|
|
configure terminal
Example:
SE-Module> config t
|
Enters configuration mode.
|
|
|
ntp server source-router-ip address
|
Configures the Network Time Protocol (NTP) server to keep the system time in synchronization with the NTP server.
source-router-ip address—IP address of the source server providing the clock synchronization.
|
|
|
|
Exits configuration mode.
|
|
|
copy running-config startup-config
|
(Cisco AXP EXEC mode) Writes the running configuration to the startup configuration.
|
|
|
|
Enters configuration mode.
|
|
|
|
Sets the time zone on the service module.
Note To directly configure the time zone for UTC in Cisco AXP 1.1, use the clock timezone UTC command. For Cisco AXP releases prior to 1.1, use clock timezone Etc/UTC.
If you do not know your time zone, irrespective of the Cisco AXP version being used on the service module, click <Enter> and a series of menus will guide you through the time zone selection.
Press ctrl-c at any time to exit this menu.
Bash Shell
To select the time zone in the Bash shell, use the tzselect command and click <Enter> for a series of menus to guide you through your selection.
|
|
|
|
Exits configuration mode.
|
|
|
copy running-config startup-config
|
(Cisco AXP EXEC mode) Saves the running configuration to the startup configuration.
|
|
|
|
Allows the time zone to take effect.
|
Time Zone Selection on the Cisco AXP Service Module
Here is an example of time zone selection on the Cisco AXP service module using the interactive menu. Press ctrl-c at any time to exit this menu:
Enter configuration commands, one per line. End with CNTL/Z.
se-10-0-0-0(config)> clock timezone
Press ctrl-c at any time to exit this menu
Please identify a location so that time zone rules can be set correctly.
Please select a continent or ocean.
1) Africa 4) Arctic Ocean 7) Australia 10) Pacific Ocean
2) Americas 5) Asia 8) Europe
3) Antarctica 6) Atlantic Ocean 9) Indian Ocean
2) Antigua & Barbuda 28) Jamaica
3) Argentina 29) Martinique
5) Bahamas 31) Montserrat
6) Barbados 32) Netherlands Antilles
11) Cayman Islands 37) Puerto Rico
12) Chile 38) St Barthelemy
13) Colombia 39) St Kitts & Nevis
14) Costa Rica 40) St Lucia
15) Cuba 41) St Martin (French part)
16) Dominica 42) St Pierre & Miquelon
17) Dominican Republic 43) St Vincent
19) El Salvador 45) Trinidad & Tobago
20) French Guiana 46) Turks & Caicos Is
21) Greenland 47) United States
23) Guadeloupe 49) Venezuela
24) Guatemala 50) Virgin Islands (UK)
25) Guyana 51) Virgin Islands (US)
Please select one of the following time zone regions.
2) Eastern Time - Michigan - most locations
3) Eastern Time - Kentucky - Louisville area
4) Eastern Time - Kentucky - Wayne County
5) Eastern Time - Indiana - most locations
6) Eastern Time - Indiana - Daviess, Dubois, Knox & Martin Counties
7) Eastern Time - Indiana - Starke County
8) Eastern Time - Indiana - Pulaski County
9) Eastern Time - Indiana - Crawford County
10) Eastern Time - Indiana - Switzerland County
12) Central Time - Indiana - Perry County
13) Central Time - Indiana - Pike County
14) Central Time - Michigan - Dickinson, Gogebic, Iron & Menominee Counties
15) Central Time - North Dakota - Oliver County
16) Central Time - North Dakota - Morton County (except Mandan area)
18) Mountain Time - south Idaho & east Oregon
19) Mountain Time - Navajo
20) Mountain Standard Time - Arizona
23) Alaska Time - Alaska panhandle
24) Alaska Time - Alaska panhandle neck
25) Alaska Time - west Alaska
The following information has been given:
Therefore TZ='America/Los_Angeles' will be used.
Is the above information OK?
Verifying NTP Server Configuration
Use the show clock detail command to verify the clock settings on the router and the AXP service module.
SUMMARY STEPS
1. On the router:
show clock detail
2. On the AXP service module:
show clock detail
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
On the router:
|
|
|
|
show clock detail
Example:
Router# show clock detail
00:24:02.669 UTC Sat Oct 27 2007
Time source is NTP
|
Displays clock settings on the router.
|
Step 2
|
On the AXP service module:
|
|
|
|
show clock detail
Example:
se-Module> show clock detail
16:43:30.616 PDT Fri Oct 26 2007
time zone:
America/Los_Angeles
clock state: unsync
delta from reference (microsec): 0
estimated error (microsec): 16
time resolution (microsec): 1
clock interrupt period (microsec): 10000
time of day (sec): 1193442210
time of day (microsec): 619436
|
Displays clock settings on the AXP service module.
|
Configuring the Hostname
Configure the hostname for the application using the commands shown below.
SUMMARY STEPS
1. configure terminal
2. app-service application-name
3. hostname hostname
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
configure terminal
|
Enters global configuration mode.
|
Step 2
|
app-service application-name
|
Enters application service mode.
|
Step 3
|
hostname hostname
|
Configures the hostname for the application.
The hostname is limited to 32 characters.
If you enter more than 32 characters an error message appears:
Error Message hostname size greater than 32
Note If hostname is not configured, the default hostname on the host side is used.
This command modifies configuration directives in /etc/hosts and updates the hostname of the hostname-ip mapping entry.
If the file does not exist, the command creates the /etc/hosts file, and adds an entry into the file.
If the file exists, (for example, if an application package has already bundled its own /etc/hosts file), the new entries are appended to the existing entries and the original entries remain intact.
The ipaddr in the /etc/hosts file is modified when you use the bind interface command. The first interface binding is used.
The ipaddr is usually eth0 because eth0 is the default, and is bound to each virtual instance.
Example:
10.0.0.1 localhost.localdomain localhost ##
added by cli
ipaddr hostname.domain hostname ## added by
cli
|
Configuring the Application Domain
Using the ip name-server and ip domain-name commands in the host populates the /etc/resolv.conf file in each installed virtual instance. Using these commands to change the configuration in the host results in the /etc/resolv.conf file being updated.
When these commands are used to configure a new name-server and domain-name for a virtual instance (in app-service mode), the /etc/resolv.conf file in that virtual instance is overridden with the new server name and domain name.
The /etc/resolv.conf file in that virtual instance reverts back to the host configuration whenever the virtual instance does not have a name-server or domain-name configured.
Configuring the name-server and domain-server in a virtual instance always takes precedence over configuration in the host.
DNS Address
To configure the address of the domain name server (DNS) for the application, perform the following steps.
SUMMARY STEPS
1. configure terminal
2. app-service application-name
3. ip name-server ip-address
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
configure terminal
|
Enters global configuration mode.
|
Step 2
|
app-service application-name
|
Enters application service mode.
|
Step 3
|
ip name-server ip-address
|
•ip-address: IP address of the DNS.
•Configures the IP address of the domain name server (DNS) for the application.
•A maximum of two DNS servers can be defined.
In a Linux environment, the /etc/resolv.conf file typically contains the IP addresses of name servers (DNS name resolvers) that attempt to translate names into addresses for any node available on the network.
This command creates the /etc/resolv.conf file and adds the name-server entries in it if the file does not exist.
If an application package has already bundled its own /etc/resolv.conf file, the new entries are appended to the existing ones and will leave the original ones intact.
Example:
search localdomain ## added by cli
domain localdomain ## added by cli
nameserver x.x.x.x ## added by cli
|
Domain Name
To configure the domain name for the application, perform the following steps.
SUMMARY STEPS
1. configure terminal
2. app-service application-name
3. ip domain-name domain name
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
configure terminal
|
Enters global configuration mode.
|
Step 2
|
app-service application-name
|
Enters application service mode.
|
Step 3
|
ip domain-name domain name
|
Configures the domain name for the application.
The domain-name is limited to 64 characters.
If more than sixty four characters are entered, the following error message is displayed:
Error Message domain size greater than 64
Default: The domain name is not configured.
This command modifies configuration directives in /etc/hosts and /etc/resolv.conf files where the domain name is relevant.
This command also modifies the search list for hostname lookup and domain directives for local domain name in /etc/resolv.conf file.
For /etc/hosts file, it updates the domain name of the hostname-ip mapping entry.
Example:
search cisco.com ## added by cli
domain cisco.com ## added by cli
nameserver x.x.x.x ## added by cli
10.100.50.10 appre.cisco.com appre
|
Configuring Console Access
Use the connect console command to access the guest OS shell. To enable the connect console command, first obtain console access using the postinstall script. Refer to the section, Obtaining Console Access for the Application in the Cisco Application eXtension Platform Developer Guide.
To configure console access, perform the following steps.
SUMMARY STEPS
1. app-service application-name
2. connect console
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
app-service application-name
|
Enters application service mode.
|
Step 2
|
connect console
|
Allows a third party to integrate their own application commands to the console shell.
On initiating the command, /bin/console executes.
The third party application must provide its own console file in binary or as a script (telnet to their CLI), to cross connect to their CLI shell.
If the application does not provide a console file, the following message appears:
Error Message Unable to start console
|
Configuring IP Static Routes
Cisco AXP uses statically configured routes to route traffic to a specific interface. The destination network prefix, network prefix mask and the gateway address are in IPV4 dotted notation (xx.xx.xx.xx).
You can specify multiple route lines in a configuration and use the show ip route command to display the configured routes saved in the database. Some routes are added by default when configuring the interface. The default route for eth0 is configured through the Cisco IOS software CLI.
SUMMARY STEPS
1. configure terminal
2. interface device-name
3. ip route destination-network-prefix network-prefix-mask gateway
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
configure terminal
|
Enters global configuration mode.
|
Step 2
|
interface device-name
|
Configures the network interfaces
|
Step 3
|
ip route destination-network-prefix
network-prefix-mask gateway-address
|
Configures the IP route.
destination-network-prefix— IP route prefix for the destination
network-prefix-mask— Prefix mask for the destination
gateway-address—IP address of the gateway.
|
Source-based IP Routing
Source-based IP routing, also known as static route configuration, is necessary for application initiated data transfer, such as client applications, and is used to determine an outbound interface when multiple interfaces are bound to an application instance.
Source-based routing is implemented for server applications to route response packets back through the incoming interface, and it is independent of the destination address.
Consider traffic entering the Cisco AXP service module through an ethernet interface, for example eth0.20, from an external IP address X. When the Cisco AXP application generates a reply, the system now contains a packet with source IP address, which is the address for eth0.20, and the destination IP address X.
If source-based routing is not applied, this packet is sent to a default route through eth0. Source based routing routes traffic based on the source IP address and sends it through the originating interface, which in our example above, is eth0.20.
Note For the Cisco AXP network configuration, the destination interface to which you send the response packet is the same as the incoming interface.
If an application specifies the source IP address when a socket is opened, it will use source-based routing to select the interface to send traffic.
Access Control List
Configuring an access control list (ACL) on the Cisco AXP platform is similar to configuring an ACL on Cisco IOS software.
Packet filtering helps control packet movement through the network by helping to limit network traffic and restrict network use by certain users or devices. Use ACLs to permit or deny packets from crossing specified interfaces.
Using the ip access-list standard command enables standard ACL configuration mode (config-std-nacl). You can then configure the permit command in ACL sub-mode (config-std-nacl) to set up the standard IP access list.
Note In Cisco AXP 1.0.1, you can specify only one IP address in the access control list.
SUMMARY STEPS
1. configure terminal
2. ip access-list standard {acl-name | acl-num}
3. [line-num] permit {source-ip [wildcard]| host source-ip | any}[log]
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
configure terminal
SE-Module> configure terminal
|
Enters global configuration mode.
|
Step 2
|
ip access-list standard {acl-name | acl-num}
Example:
se_module (config)> ip access-list standard
test
|
Enables standard ACL configuration mode (config-std-nacl). This command enters standard ACL configuration mode in which all subsequent commands apply to the current standard access list.
acl-name—Access list to which all commands entered from ACL configuration mode apply, using an alphanumeric string of up to 30 characters, beginning with a letter.
acl-num— Access list to which all commands entered from access list configuration mode apply, using a numeric identifier. For standard access lists, the valid range is
1 to 99.
|
Step 3
|
[line-num] permit {source-ip [wildcard]| host
source-ip|any}[log]
se-Module (confg-std-nacl)> permit 155.168.10.0
any
|
Adds a line to a standard access-list that specifies the type of packets to be permitted for further processing.
The permit command is used in standard ACL configuration mode (config-std-nacl).
line-num— Entry at a specific line number in the access list.
permit—Allows packets that match the specified conditions to be processed.
source-ip—Source IP address. Number of the network or host from which the packet is being sent, specified as a 32-bit quantity in 4-part dotted-decimal format (for example, 0.0.0.0).
wildcard—(Optional) Portions of the preceding IP address to match, expressed using 4-digit, dotted-decimal notation. Bits to match are identified by a digital value of 0; bits to ignore are identified by a 1.
For standard IP ACLs, the wildcard parameter of the ip access-list command is always optional. If the host keyword is specified for a standard IP ACL, then the wildcard parameter is not allowed.
host— Matches the next IP address.
any—Matches any IP address.
log—(Optional) Sends a logging message to the console about the packet matching the entry.
The message includes the access list number, whether the packet was permitted or denied, the source address, and the number of packets.
The message is generated for the first packet that matches the entry, and then repeats at 5-minute intervals, including the number of packets permitted or denied in the previous 5-minute interval.
|
Verifying Access Control Lists
To use the show ip access-list command in Cisco AXP EXEC mode to view the access control lists configured on the platform, perform the following step.
SUMMARY STEPS
1. show ip access-list [<1-99> | <name> ][ interface intf ] [details]
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
show ip access-list [<1-99>|<name> ][ interface
<intf>][details]
SE-Module>show ip access-list
|
List the rule set of an access-list specified by number or name. It also lists the access-list associated with a specific interface.
If a name or number of the interface is not entered, the command lists the entire rule-set of all the access lists configured in the system.
1-99—Access list number
name—Access list name
intf—Interface name.
details—The raw iptable format of display will be used to display the chain created by the ACL list.
|
Configuring Source Based Routing
Route Map Policy
Configure only one route-map set because only one set is applied under the ip local policy command. Do not apply the second set to the CLI even if the second set is not used.
set 2:<-------Do not apply
Note In the steps below, the command interface Integrated-Service-Engine 1/0.1 is not permitted if the AIM service module is being used. Creation of a subinterface on the AIM service module interface is not supported.
SUMMARY STEPS
1. Configure the following Cisco IOS commands on the router. Configuration steps here include configuring the routing/forwarding (VRF) tables. For more information on VRF-Lite, refer to Configuring VRF-Lite.
configure terminal
ip vrf vrf-name
rd ip-address
route-target export ip-address
route-target import ip-address
interface GigabitEthernet0/1
ip address ip-address network-mask
duplex auto
speed auto
ip vrf forwarding vrf-name
interface Integrated-Service-Engine 1/0
ip unnumbered GigabitEthernet0/0
service-module ip address ip-address network-mask
service-module ip default-gateway ip-address
no keepalive
interface Integrated-Service-Engine 1/0.1
encapsulation dot 1q vlan-id
ip address ip-address network-mask
ip vrf forwarding vrf-name
exit
2. Configure the following AXP commands on the service module:
a. Create a connected route for the route table:
configure terminal
interface device-name
ip address ip-address network-mask
ip route table table-num
exit
b. Set up an access list to match the source address of eth0.x (Standard access list permit statement matches default source address)
ip access-list standard {acl-name | acl-num}
[line-num] permit {source-ip [wildcard]| host source-ip|any}[log]
exit
c. Create a route map policy to associate source address matching.
route-map name number
match ip address {acl-num | acl-name }
set route table table-num
exit
ip local policy route-map map-tag
ip route table num dest-prefix net-mask default-gw
ip route table num dest-prefix net-mask blackhole
exit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
Configure the following Cisco IOS commands on the router (Includes configuring routing/forwarding tables for VRF):
|
|
|
|
configure terminal
Router# configure terminal
|
Enters global configuration mode.
|
|
|
ip vrf vrf-name
|
Configures a VRF routing table and enters VRF configuration mode.
vrf-name— Name assigned to a VRF.
|
|
|
rd route-distinguisher
Router(config-vrf)# rd 200.7.7.1:10
|
Adds an 8-byte value to an IPv4 prefix to create a VPN IPv4 prefix.
|
|
|
route-target export ip-address
|
Exports routing information from the target VPN extended community.
|
|
|
route-target import ip-address
|
Imports routing information from the target VPN extended community.
|
|
|
exit
|
Exits VRF configuration mode.
|
|
|
interface GigabitEthernet 0/1
|
Selects an interface to configure and enters interface configuration mode.
|
|
|
ip address ip-address network-mask
|
Selects the IP address.
|
|
|
duplex auto
|
Configures the duplex operation on an interface.
auto—Specifies the autonegotiation capability. The interface automatically operates at half or full duplex, depending on:
–Environmental factors, such as the type of media.
–Transmission speeds for the peer routers, hubs, and switches used in the network configuration.
|
|
|
speed auto
|
Configures the speed for a Fast Ethernet interface.
auto—Turns on the Fast Ethernet autonegotiation capability.
The interface automatically operates at 10 or 100 Mbps depending on:
–Environmental factors, such as the type of media.
–Transmission speeds for the peer routers, hubs, and switches used in the network configuration.
|
|
|
ip vrf forwarding vrf-name
|
Associates a VRF with an interface or subinterface.
vrf-name—Name assigned to a VRF.
|
|
|
interface Integrated-Service-Engine 1/0
|
Selects an interface to configure and enters interface configuration mode.
|
|
|
ip unnumbered GigabitEthernet0/0
|
The ip unnumbered command enables IP processing on an interface without assigning an explicit IP address to the interface.
|
|
|
service-module ip address ip-address
network-mask
|
Specifies the IP address for the module interface to the router.
|
|
|
service-module ip default-gateway ip-address
|
Specifies the IP address for the default gateway router for the module.
|
|
|
no keepalive
|
Disables the ability to send keepalive packets.
|
|
|
interface integrated-service-engine 1/0.1
Example:
Router(config)# interface
integrated-service-engine 1/0.1
|
Enters sub-interface mode.
|
|
|
encapsulation dot 1q vlan-id
Router(config-subif)# encapsulation dot 1q 10
|
Configures the subinterface as a VLAN subinterface.
dot1q—defines the encapsulation format as IEEE 802.1Q VLAN.
vlanid—number that identifies the VLAN. The router applies the service policy of the physical interface to all of the individual VLANs configured on the interface.
|
|
|
ip address ip-address network-mask
Router(config-subif)# ip address 209.165.201.1
255.255.255.224
|
Sets the IP address of the interface.
|
|
|
ip vrf forwarding vrf-name
Router(config-subif)# ip vrf forwarding red
|
Configures the VRF forwarding table.
vrf-name—VRF table name.
|
|
|
end
|
Exits configuration mode.
|
Step 2
|
Configure the following Cisco AXP commands on the service module:
|
|
|
|
configure terminal
se-Module>config t
|
Enters global configuration mode.
|
|
|
interface device-name
se-Module(config-interface)>
|
Enters interface mode and configures the network interfaces.
device-name— Ethernet device name
For example, the device name can be eth0 or eth1 for a built-in physical interface, eth0:1 for a virtual interface, or eth0.1 for a VLAN interface.
•You can configure the virtual or VLAN interfaces only if these interfaces are not bound to the virtual hosting environment.
|
|
|
ip address ip-address network-mask
|
Sets the IP address.
|
|
|
|
Sets up the connected route.
table-num— Select a route table number from 1 to 100.
|
|
|
|
Exits interface mode.
|
|
|
ip access-list standard {acl-name | acl-num}
se_Module(config t)> ip access-list standard
|
Enables standard ACL configuration mode (config-std-nacl). This command enters standard ACL configuration mode in which all subsequent commands apply to the current standard access list.
acl-name—Access list to which all commands entered from ACL configuration mode apply. using an alphanumeric string of up to 30 characters, beginning with a letter.
acl-num— Access list to which all commands entered from access list configuration mode apply, using a numeric identifier. For standard access lists, the valid range is
1 to 99.
You can set further options under standard ACL configuration mode (config-std-nacl) as shown in the remaining steps.
|
|
|
[line-num] permit {source-ip [wildcard]| host
source-ip|any}[log]
se-Module(config-std-nacl)>permit
|
Configured in access-list configuration mode.
Adds a line to a standard access-list that specifies the type of packets to be permitted for further processing.
Use the permit command in standard ACL configuration mode (config-std-nacl).
line-num (optional)— Entry at a specific line number in the access list.
permit—Allows packets that match the specified conditions to be processed.
source-ip—Source IP address. The number of the network or host from which the packet is being sent, specified as a 32-bit quantity in 4-part dotted-decimal format (for example, 0.0.0.0).
wildcard—(Optional) Portions of the preceding IP address to match, expressed using 4-digit, dotted-decimal notation. Bits to match are identified by a digital value of 0; bits to ignore are identified by a 1.
Note For standard IP ACLs, the wildcard parameter of the ip access-list command is always optional. If the host keyword is specified for a standard IP ACL, then the wildcard parameter is not allowed.
host— Matches the following IP address.
any—Matches any IP address.
log—(Optional) Sends a logging message to the console about the packet matching the entry.
The message includes the access list number, whether the packet was permitted or denied, the source address, and the number of packets.
The message is generated for the first packet that matches the entry, and then repeats at 5-minute intervals, including the number of packets permitted or denied in the previous 5-minute interval.
|
|
|
|
Exits access list configuration mode.
|
|
|
se-Module(config t)> route-map
|
Enters route map configuration mode. The route map is used to match source filtering with a specific routing table.
map-tag—Select a name for the route map.
number—Select a route map number from 1 to 100.
|
|
|
match ip address {acl-num|acl-name }
se-Module(config-route-map)>match
|
Matches the IP address for the route map using either the number or the name of the access control list.
acl-num—Access control list number.
acl-name—Name of the access control list.
|
|
|
set route table table-num
se-Module(config-route-map)>set
|
Sets the route table.
table-num— Same table number as in the ip route table command.
|
|
|
|
Exits route-map subcommand mode.
|
|
|
ip local policy route-map map-tag
se-Module(config)> ip local policy route-map
|
Identifies a route map to use for policy routing.
map-tag—Name must match the map-tag in the route-map command.
|
|
|
ip route table table-num dest-prefix net-mask
default-gw
se-Module(config)> ip route table
|
Sets the route table for a specific destination prefix and default gateway.
table-num—Same table number as in the ip route table command.
dest-prefix—Destination prefix
net-mask—Network mask
default-gw—Default gateway
|
|
|
ip route table table-num dest-prefix net-mask
blackhole
se-Module(config)> ip route table
|
able-num—Same table number as in the ip route table command.
dest-prefix—Destination prefix
net-mask—Network mask
default-gw—Default gateway
blackhole—Sets a blackhole route for dropping packets.
|
|
|
exit
|
Exits global configuration mode.
|
Source Based Routing Example
Source Based IP Routing
ip route table 10 <-- sets up the connected route for table 10
ip address 209.165.201.1 255.255.255.224
ip address 11.11.10.2 255.255.255.0
ip access-list standard 100
permit 10.7.8.9 <-- Source address that will be used for source based routing
ip access-list standard 200
ip route table 10 0.0.0.0 0.0.0.0 10.7.8.10 <--- defines the default route in table 10
ip route table 20 0.0.0.0 0.0.0.0 11.11.10.3
match ip addr 100 <--- defines source based routing address and routing table.
ip local policy route-map CLASSIFY
VRF Configuration
In this example, the VRF is named red, and dot1Q encapsulation is used with ID tag 10 to relay VRF traffic from the router to the service module.
route-target export 192.0.2.0:10
route-target import 192.0.2.0:10
interface GigabitEthernet0/1
ip address 10.7.7.7 255.255.255.0
interface Integrated-Service-Engine1/0
ip unnumbered GigabitEthernet0/0
service-module ip address 209.165.201.1 255.255.255.224
service-module ip default-gateway 209.165.201.2
interface Integrated-Service-Engine1/0.1
ip address 10.7.8.8 255.255.255.0
Remote Serial Device Configuration
Cisco AXP supports external device connections through Cisco IOS software host serial ports. The virtual serial device on the local Cisco AXP platform interacts with external Cisco IOS software serial devices.
Remote serial device configuration on the Cisco AXP service module is dependent on the Cisco AXP vserial device add-on package which is of the type: axp-vserial.<platform>.<version>.pkg.
This add-on package enables an application running on the service module to access external Cisco IOS serial devices connected to the serial port of a Cisco IOS router. For example, applications can support peripherals that connect to serial ports such as GPS locators.
Note A maximum of 16 serial devices, including the AUX line, are supported by the virtual serial device package.
Cisco AXP currently supports the following asynchronous interfaces:
•HWIC-4T
•HWIC-4A/S
•HWIC-8A/S-232
•HWIC-8A
•HWIC-16A
Table 4 Cisco AXP Asynchronous Support
Specification
|
HWIC-4T
|
HWIC-4A/S
|
HWIC-8A/S-232
|
HWIC-8A
|
HWIC-16A
|
Asynchronous support
|
Y
|
Y
|
Y
|
Y
|
Y
|
Asynchronous maximum speed (per port)
|
230.4 Kbps
|
230.4 Kbps
|
230.4 Kbps
|
230.4 Kbps
|
230.4 Kbps
|
Bisync support
|
N
|
N
|
N
|
N
|
N
|
Serial protocols
|
EIA-232
|
EIA-232
|
EIA-232
|
EIA-232
|
EIA-232
|
Lead manipulation
|
Y
|
Y
|
Y
|
Y
|
Y
|
Network clock synchronization
|
Y
|
Y
|
Y
|
N
|
N
|
The Cisco IOS router's auxiliary serial ports are virtualized and appear in the Cisco AXP OS as local devices. External devices connected to the Cisco IOS router appear as standard local devices such as "/dev/tty1" or "/dev/tty2" to Linux applications hosted on application service modules.
Third party applications can therefore control external peripherals attached to the router's auxiliary serial port without special knowledge of the location of the devices. Applications can open/close/read/write to the peripherals using standard Linux System calls such as: open("/dev/vtty1"), and read( ).
When the virtual serial device opens, a reverse telnet session is established, connecting to the Cisco IOS software host line interfaces. All serial data transfer is carried through this reverse telnet session.
Note Reverse telnet works only with line interfaces, and with serial interfaces that are configured in async mode. Reverse telnet does not work if serial interfaces are configured in synchronous mode.
Linux applications use the virtual device driver to control and receive signal state notifications on all async RS232 leads. A fixed TCP port is assigned to each of the TTY and AUX lines, and to the serial interfaces in ASYNC mode, when reverse telnet is implemented in Cisco IOS software.
The following are the vserial APIs available on AXP side:
•show device serial —Lists all the serial devices accessible from AXP
•bind serial name —Available inside the application's context and is used to bind a particular serial device to an application.
In Cisco AXP 1.1 release, vserial supports only the following subset of the twelve options specified in RFC 2217 protocol:
•SET-BAUDRATE
•SET-DATASIZE
•SET-PARITY
•SET-STOPSIZE
•SET-CONTROL
•NOTIFY-LINESTATE
•NOTIFY-MODEMSTATE
For more information on RFC 2217, refer to:
Telnet Com Port Control Option document RFC 2217)
The port-index and the TCP port for various interfaces are pre-defined in Cisco IOS software, and are shown in Table 5.
Table 5 Cisco IOS Software Line Numbers and Port Values
Interface Name
|
Port Index
|
TCP Port
|
Console
|
0
|
Cannot be used.
|
tty1
|
1
|
6001
|
tty2
|
2
|
6002
|
...
|
...
|
...
|
ttyn
|
n
|
600n
|
AUX
|
n+1
|
600(n+1)
|
vtty1
|
n+2
|
600(n+2)
|
...
|
...
|
...
|
Serial interface in ASYNC mode
|
Platform dependent
|
Platform dependent
|
PREREQUISITE TASKS
•The vserial add-on package (for example, axp-vserial.aim.1.0.5.pkg and axp-vserial.aim.1.0.5.prt1) must be first installed, followed by an installation of the third party application before commencing with the following configuration. For a list of software packages for the latest Cisco AXP 1.0.x release, refer to the Cisco AXP Release Notes.
SUMMARY STEPS
1. On the router:
a. Configure NETCONF over BEEP:
configure terminal
sasl profile profile-name
mechanism profile-mechanism
exit
netconf max-sessions session-number
netconf beep listener [port-number] [acl access-list-number] [sasl sasl-profile]
b. Configure the serial interface in async mode.
interface serial slot/module/port
physical-layer async
no ip address
line line-num
no exec
transport input telnet
speed baud-rate
c. Configure lines for reverse telnet and aysnchronous interface with stop bits and parity.
interface async slot/module/port
no ip address
encapsulation slip
line line-number
no exec
transport preferred none
transport input all
transport output all
stopbits number
parity value
speed baud-rate
2. On the Cisco AXP service module:
a. Configure NETCONF over BEEP
netconf max-sessions session-number
netconf beep initiator router-IP-address port-number
b. Bind the interface and serial devices.
config t
app-service serialapp
bind interface
bind serial
end
app-service serialapp
reset
end
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
On the router:
|
|
a.
|
Configure NETCONF over BEEP
|
|
|
|
|
Enters configuration mode.
|
|
|
sasl profile profile-name
|
Sets the SASL profile.
|
|
|
Router(config-sasl-profile)# mechanism
profile-mechanism
|
Configures the SASL profile mechanism
|
|
|
|
Exit SASL profile mode.
|
|
|
netconf max-sessions session-number
|
Specifies the maximum number of concurrent NETCONF sessions.
num—maximum number of sessions.
|
|
|
netconf beep listener [port-number] [acl
access-list-number] [sasl sasl-profile]
|
Specifies BEEP as the transport protocol for NETCONF and configures a peer as the BEEP listener.
|
b.
|
Configure the serial interface in async mode:
|
|
|
|
|
Enters configuration mode
|
|
|
interface serial slot/subslot/port
|
Defines the interface serial parameters.
|
|
|
|
Configures the interface for async communication.
|
|
|
|
No ip address is set.
|
|
|
|
Configures the console terminal line and enters line configuration sub-mode.
line-num— Line number
|
|
|
|
Turns off the EXEC process for the specified line in the line command.
|
|
|
|
Defines the protocols for connection to a specific line of the router.
telnet—Specifies all types of incoming TCP/IP connections
|
|
|
|
Sets the transmit and receive speeds
|
|
|
|
Exits line configuration sub-mode.
|
|
|
|
Exits configuration mode.
|
c.
|
Configure lines for reverse telnet and asynchronous
interface with stop bits and parity:
|
|
|
|
interface async slot/subslot/port
|
Defines the interface asynchronous parameters.
|
|
|
|
IP address is not set
|
|
|
|
Configures slip encapsulation
|
|
|
|
Configures the console terminal line and enters line configuration sub-mode.
line-num— Line number
|
|
|
|
Turns off the EXEC process for the specified line in the line command.
|
|
|
|
Specifies the transport protocol that the Cisco IOS software uses if the user does not specify one when initiating a connection.
none— Prevents any protocol selection on the line. The system normally assumes that any unrecognized command is a hostname. If the protocol is set to none, the system no longer makes that assumption. No connection is attempted if the command is not recognized.
|
|
|
|
Defines the protocols for connection to a specific line of the router.
all—Selects all protocols.
|
|
|
|
Defines the protocols for connection to a specific line of the router.
all—Selects all protocols.
|
|
|
|
Sets the number of stop bits transmitted per byte.
number— Number of stop bits.
|
|
|
|
Sets terminal parity
|
|
|
|
Sets the transmit and receive speeds
|
|
|
|
Exits line configuration sub-mode.
|
|
|
|
Exits configuration mode.
|
Step 2
|
On the Cisco AXP Service Module:
|
|
a.
|
Configure NETCONF over BEEP
|
|
|
|
netconf max-sessions session-number
|
Specifies the maximum number of concurrent NETCONF sessions allowed.
|
|
|
netconf beep initiator router-IP-address
port-number
|
Specifies BEEP as the transport protocol for NETCONF sessions and configures a peer as the BEEP initiator.
|
b.
|
Bind the interface and serial devices:
|
|
|
|
|
Enters configuration mode.
|
|
|
|
Enters application service mode.
serialapp—Serial device application name inside the third party application.
|
|
|
bind interface network-interface-name
|
Attaches the networking device to or from the virtual environment.
|
|
|
bind serial device-id [device-id-on-hosting
environment]
bind serial vtty000 modem
|
Binds the serial device, which is connected to the Cisco IOS software side, inside the virtual environment.
If the bind command is successful a device node /dev/modem is created in the application's virtual instance and the user can access the device as any other regular device
device-id— Device ID of the serial device connected to the Cisco IOS software side. Use the show device serial command to view device ID.
device-id-on-hosting-environment—(Optional) Designates a name that is different from the device ID (device-id) inside the hosting environment.
|
|
|
end
|
Exits application service mode.
|
|
|
app-service serialapp
|
Enters application service mode.
serialapp— Serial device application name inside the third party application.
|
|
|
reset
|
Resets the application service environment.
|
|
|
end
|
Exits application service mode.
|
Verifying Remote Serial Devices
Use the show line command on the router to obtain the IOS serial device configuration, and then use the show device serial command on the Cisco AXP service module to view all the remote serial devices.
SUMMARY STEPS
1. On the router
show line
2. On the service module
show device serial
3. (Optional) show processes | include beep
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
show line
Esample:
router#show line
|
Displays the Cisco IOS serial device configuration. The line numbers displayed in the output are the same as the port index.
|
Step 2
|
show device serial
se-Module> show device serial
|
Displays all the remote serial devices detected by the service module.
|
Step 3
|
(Optional) show processes | include beep
|
(Optional) Displays processes running with NETCONF over BEEP. Use this command if the show device serial command in step 2 does not show any remote serial devices. (Alternative command: show processes | include NETCONF).
|
Verifying Remote Serial Device: Example
Tty Line Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int
* 0 0 CTY - - - - - 2 0 0/0 -
1 1 AUX 9600/9600 - - - - - 2 0 0/0 -
0/0/0 2 TTY 9600/9600 - - - - - 0 0 0/0 Se0/0/0
0/0/1 3 TTY 9600/9600 - - - - - 0 0 0/0 Se0/0/1
* 66 66 TTY 9600/9600 - - - - - 2 0 0/0 -
514 514 VTY - - - - 23 0 0 0/0 -
515 515 VTY - - - - 23 0 0 0/0 -
516 516 VTY - - - - 23 0 0 0/0 -
In the show device serial command output shown below, the Line Type, Line No. and Interface Name fields are mapped to the output of the show line command. The Assigned To field is set by the bind command and shows the specific application to which the remote serial device is attached.
Note show device serial lists a maximum of 16 serial devices (including the AUX line).
se-Module> show device serial
Device Name TTY No. Line No. Line Type Intf Name Assigned To
vtty000 0/0/0 2 TTY Se0/0/0 serialapp
vtty001 0/0/1 3 TTY Se0/0/1 -
Remote Serial Device Configuration Example
On the router:
interface Serial0/0/0 <-- If the physical device is connected to serial 0/0/0
interface
physical-layer async <-- AXP only supports async communication
For start-stop synchronous communication, low level asynchronous configuration is
under the line sub-mode.
router(config)#line 0/0/0 0/0/7
router(config-line)#? <--------------- Enters line sub-mode.
On the router, Cisco IOS asynchronous serial configuration with stopbits and parity:
Configure NETCONF over BEEP
netconf beep listener 1000 sasl profile1
On the Cisco AXP service module:
bind serial vtty000 modem <-- bind vtty000 serial device to application with a
user-defined name "modem"
If the bind command is successful a device node /dev/modem is created in the
application's virtual instance and the user can access the device as any other regular
device
Configure NETCONF over BEEP
netconf beep initiator 1.100.40.221 1000
Packet Analysis
You can use either network analysis monitoring, or router IP traffic (RITE) features for monitoring packets on the Cisco AXP platform. Both features are very similar to the features available on Cisco IOS software platforms.
Use packet monitoring when there is only one application service module installed in the router.
Depending on your application, and the traffic analysis required for that application, these suggestions may help you choose appropriate features for your application:
•If your application requires monitoring router-generated packets, (unsupported for RITE) or for a quick start, see the "Enabling Interface Monitoring" section.
•Otherwise, if you need more granular control on your exported traffic see the "Configuring Router IP Traffic Export" section.
Note Both features can be configured at the same time, however, we do not recommend simultaneous feature configuration. Each feature performs its own duplication, resulting in receipt of duplicated packets if both features are configured at the same time.
For more information on these features, see Cisco Branch Routers Series Network Analysis Module and RITE documents on cisco.com. Also see the "Additional References" section.
Configuring Router IP Traffic Export
The advantages of using RITE include:
•Lightweight export
•Can capture incoming or bidirectional traffic
•Allows user to configure access control lists (ACLs)
•Allows user to configure sampling rate
To configure RITE, perform the following configuration steps on the router side.
SUMMARY STEPS
1. Create an RITE capture profile on the ISR:
configure terminal
ip traffic-export profile profile-name
interface Integrated-Service-Engine slot/0
bidirectional
mac-address H.H.H
2. Configure RITE export parameters on the ISR:
incoming {access-list {standard | extended | named} | sample one-in-every packet-number}
outgoing {access-list {standard | extended | named} | sample one-in-every packet-number}
exit
3. Apply the profile to an interface:
interface GigabitEthernet
description string
ip traffic-export apply profile-name
duplex auto
speed auto
no keepalive
end
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 2
|
ip traffic-export profile profile-name
Example:
Router(config)# ip traffic-export profile
rite-bi
|
Creates or edits an IP traffic export profile, enables the profile on an ingress interface, and enters RITE configuration mode.
|
Step 3
|
interface Integrated-Service-Engine slot /0
Example:
Router(config-rite)# interface
Integrated-Service-Engine 1/0
|
Enters interface configuration mode for the slot and port where the service module resides.
•slot—Specifies the service module slot.
|
Step 4
|
bidirectional
Example:
Router(config-rite)# bidirectional
|
Exports incoming and outgoing IP traffic on the monitored interface.
Note If this command is not enabled, only incoming traffic is exported.
|
Step 5
|
mac-address H.H.H
Example:
Router(config-rite)# mac-address
|
Specifies the 48-bit address of the destination host that is receiving the exported traffic.
Since the service module is set to route packets by default, configuring a valid MAC address causes the routing stack of the service module to route the traffic, resulting in duplicated packets being routed.
To avoid this scenario, consider configuring an invalid MAC address which is different from the MAC address of the service module.
Since the service module configuration is in promiscuous mode, an invalid MAC address will also work, allowing traffic to reach the service module without being routed.
|
Step 6
|
incoming {access-list {standard|extended|
named}|sample one-in-every packet-number}
|
(Optional) Configures filtering for incoming traffic.
Note After you create a profile with the ip traffic-export apply command, this functionality is enabled by default.
|
Step 7
|
outgoing {access-list {standard|extended|
named}|sample one-in-every packet-number}
|
Configures filtering for outgoing export traffic.
•If you use this command, you must also use the bidirectional command, which enables outgoing traffic to be exported.
•Only routed traffic (such as pass through traffic) is exported. Traffic that originates from the network device is not exported.
|
Step 8
|
exit
|
(Optional) Exits RITE configuration mode.
|
Step 9
|
interface type number
Example:
Router(config)# intrerface GigabitEthernet 0/0
|
Selects an interface to configure and enters interface configuration mode.
type—Type of interface to be configured. For example, GigabitEthernet.
number—Module and port number.
|
Step 10
|
description string
|
Adds a description to an interface configuration.
string—Clue to help you remember what is attached to this interface. This string is limited to 238 characters.
|
Step 11
|
ip traffic-export apply profile-name
Example:
Router(config-if)# ip traffic-export apply
corp1
|
Creates or edits an IP traffic export profile, enables the profile on an ingress interface, and enters RITE configuration mode.
|
Step 12
|
duplex auto
|
(Optional) Configures the duplex operation on an interface.
auto—Specifies the autonegotiation capability. The interface automatically operates at half or full duplex, depending on:
•Environmental factors, such as the type of media.
•Transmission speeds for the peer routers, hubs, and switches used in the network configuration.
|
Step 13
|
speed auto
|
(Optional) Configures the speed for a Fast Ethernet interface.
auto—Turns on the Fast Ethernet autonegotiation capability.
The interface automatically operates at 10 or 100 Mbps depending on:
•Environmental factors, such as the type of media.
•Transmission speeds for the peer routers, hubs, and switches used in the network configuration.
|
Step 14
|
no keepalive
|
Disables the ability to send keepalive packets.
|
Step 15
|
end
|
Exits interface mode.
|
Enabling Interface Monitoring
Interface monitoring on the Cisco AXP platform is very similar to packet monitoring in a Cisco IOS software environment.
To enable the Interface Monitoring Feature on a Cisco AXP service module interface, use the analysis-module monitoring command in interface configuration mode.
Note Interface monitoring is not available for applications running on an AIM service module.
To enable interface monitoring, perform the following steps on the router side.
SUMMARY STEPS
1. configure terminal
2. interface type number
3. description string
4. ip address ip-address network-mask
5. duplex auto
6. speed auto
7. analysis-module monitoring
8. no keepalive
9. end
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
configure terminal
Example:
router# configure terminal
|
Enters global configuration mode.
|
Step 2
|
interface type number
Example: interface GigabitEthernet0/0
|
Selects an interface to configure and enters interface configuration mode.
type— Type of interface to be configured. For example GigabitEthernet.
number— Module and port number.
|
Step 3
|
description string
Example:description
$ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0
|
Adds a description to an interface configuration.
string—Clue to help you remember what is attached to this interface. This string is limited to 238 characters.
|
Step 4
|
ip address ip-address network-mask
|
Configures the IP address and network mask for the specified network interface.
|
Step 5
|
duplex auto
|
(Optional) Configures the duplex operation on an interface.
auto—Specifies the autonegotiation capability. The interface automatically operates at half or full duplex, depending on:
•Environmental factors, such as the type of media.
•Transmission speeds for the peer routers, hubs, and switches used in the network configuration.
|
Step 6
|
speed auto
|
(Optional) Configures the speed for a Fast Ethernet interface.
auto—Turns on the Fast Ethernet autonegotiation capability.
The interface automatically operates at 10 or 100 Mbps depending on:
•Environmental factors, such as the type of media.
•Transmission speeds for the peer routers, hubs, and switches used in the network configuration.
|
Step 7
|
analysis-module monitoring
|
Enables packet monitoring on an interface.
|
Step 8
|
no keepalive
|
Disables the ability to send keepalive packets.
|
Step 9
|
end
|
Exits interface mode.
|
Logging
This section consists of:
•Configuring Log File Size Limits
•Configuring Remote Logging
•Configuring System Log Levels
Configuring Log File Size Limits
To configure the log file size, perform the following steps.
SUMMARY STEPS
1. configure terminal
2. app-service application-name
3. limit log-file size megabytes
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
configure terminal
|
Enters global configuration mode.
|
Step 2
|
app-service application-name
|
Enters application service mode.
|
Step 3
|
limit log-file size megabytes
|
•Sets the size of the log file /var/log/messages.log. Each virtual instance writes a syslog to its own file /var/log/messages.log.
•Once this file reaches the limit specified by this command, its contents are moved to a backup log file messages.log.prev and a new messages.log file is started.
The range is 0-40 MB with a default size of 5 MB for two files.
•When the log file size reaches its limit, messages are moved to an alternate file messages.log.prev.
•megabytes—The range of the log file size from
0-40 MB.
•When the value is out of range, the following message appears:
%Invalid input detected at `^' marker
•If the log file size limits are not set (no limit log-file size), the size reverts to the default value of 5 MB.
•If the log file size is set to 0 MB, a minimum file size of 10 KB is set.
To view log files under the /var/log directory, use the show log name command in the "Viewing Log and Core Files" section.
|
Configuring Remote Logging
To configure remote logging, perform the following steps.
SUMMARY STEPS
1. configure terminal
2. interface device-name
3. no shutdown
4. ip address ip address network-mask
5. end
6. app-service application-name
7. log server address hostname
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
configure terminal
|
Enters global configuration mode.
|
Step 2
|
interface device-name
|
Configures the network interfaces.
|
Step 3
|
no shutdown
|
Starts the specified application service.
|
Step 4
|
ip address ip-address network-mask
|
Configures the IP address and network mask for the specified network interface.
|
Step 5
|
end
|
Exits interface configuration mode.
|
Step 6
|
app-service application-name
|
Enters application service mode.
|
Step 7
|
log server address hostname
|
Enables remote logging and configures the remote logging server.
Application syslog messages are sent to the specified log server.
The hostname can be an IP address or hostname.
When you enter an invalid IP address such as 0.0.0.0, the following error message appears:
Error Message 0.0.0.0 is an invalid Host IP
address
|
Configuring System Log Levels
SUMMARY STEPS
1. configure terminal
2. app-service application-name
3. log level levels
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
configure terminal
|
Enters global configuration mode.
|
Step 2
|
app-service application-name
|
Enters application service mode.
|
Step 3
|
log level levels
Example:
SE-Module(config-app-service)> log level info
|
Configures the system log level.
Applicable levels are:
info— Events with LOG_INFO and higher severity are logged, including all messages described in notice.
warn (Default)—Events with LOG_WARNING and higher severity are logged, including all error messages described in err.
err—Events with LOG_ERR and higher severity are logged, including LOG_EMERG, LOG_ALERT, and LOG_CRIT.
notice —Events with LOG_NOTICE and higher severity are logged, including all messages described in warn.
debug—Events with LOG_DEBUG and higher severity are logged, including all messages described in info.
|
Configuring Resource Utilization Limits
Cisco AXP 1.1 provides the flexible resource allocation feature as part of the resource management system. It provides developers the flexibility to package an application without completely determining the hardware's capability to support that application.
Use the limit memory utilization command to set memory limits. To set CPU and disk limits, use the limit cpu utilization and limit disk utilization commands.
Flexible Resource Allocation
Flexible resource allocation grants extra CPU, memory and disk resources to an application if these resources are available, and allows these non-allocated resources to be shared between all virtual instances.
Flexible resource allocation is disabled by default. If it is not enabled, an application is installed only if resource limits are set before packaging the application.
Users can manually override any resource limits on a given application by using the resource limits CLI. If you override resource limits for an application, then flexible resource allocation cannot be applied to that application.
Flexible resource allocation occurs after these events:
•Installing an add-on package
•Upgrading an existing package
•Uninstalling an installed package
•Changing resource limits using the CLI
Resource Limits Exceeded after Downgrade
The following scenario may occur after downgrading an application on Cisco AXP.
If the current software on the service module is App V2 with Cisco AXP host OS 1.1.1, and a downgrade is performed to a lower version of Cisco AXP host OS (for example, 1.0.6) using App V1, the files for App V2 may still be present on the application service module.
The presence of two versions of the application may cause resource limits to be exceeded. Error messages may be displayed when trying to run App V1 (referenced as APP1 in the error message) on Cisco AXP host OS (1.0.6):
localhost err_handler: invalid parameters: 'space_used' is larger than 'space_total'.
localhost err_handler: Failed to start vserver 'APP1'.
Reloading the Service Module and Virtual Instance
The new resource limits become effective only after executing the reload or reload apps command.
•The reload command applies the new resource limits and reboots the Cisco AXP service module.
•The reload apps command can reload the virtual instance and apply the new resource limits without rebooting the service module.
SUMMARY STEPS
1. config t
2. app-service application-name
3. limit disk utilization Megabytes
limit cpu utilization index
limit memory utilization Megabytes
4. end
5. write memory
6. reload
or
reload apps
7. exit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
config t
|
Enters Cisco AXP configuration mode.
|
Step 2
|
app-service application-name
|
Enters application service mode.
|
Step 3
|
limit memory utilization megabytes
|
Modifies the memory limits.
|
|
|
limit disk utilization Megabytes
|
This command modifies the disk utilization setup during installation.
Megabytes— 1 to 100000 MB
The disk utilization range varies between the minimum limit specifed by the package to the maximum limit available by the system.
|
|
|
limit cpu utilization index
|
Modifies the CPU utilization limit during application installation.
index—Platform CPU index.
The platform CPU index is relative to a value of 10000 that is assigned to a configuration of a 1.0 GHz Celeron M CPU on the application runtime engine of network module NME_APPRE_302-K9.
For example, the platform CPU index for the blade AIM_APPRE is 3000.
The CPU utilization range varies between the minimum limit specified by the package to the maximum available by the system.
|
Step 4
|
end
|
Exits Cisco AXP configuration mode.
|
Step 5
|
write memory
|
Saves the new configured limit settings, rebalancing the resources.
|
Step 6
|
reload
or
reload apps
|
reload— New resource limits become effective after rebooting the service module.
reload apps —New resource limits become effective without rebooting the service module.
|
Step 7
|
exit
|
Exits Cisco AXP EXEC mode.
|
Verifying Resource Utilization Limits
Refer to the "Verifying Resource Utilization Limits" section.
SSH Access to a Virtual Instance
Secure Shell (SSH) Protocol tunneling is a secure and effective solution for network users and administrators. SSH tunneling, also known as SSH port forwarding, is the process of forwarding selected TCP ports through an authenticated and encrypted tunnel.
The tunnel_root SSH user allows full access to the guest OS shell; the tunnel_user SSH user allows only controlled access.
SSH access may be selected through tunnel_root and tunnel_user if an application depends on an axp-app-dev package, such as axp-app-dev.aim.1.0.5.pkg.
Only tunnel_user can be selected if an application depends on an axp-app-ssh package, such as axp-ssh-4.6p1-k9.nme.1.0.5.pkg.
This section consists of the following tasks:
•SSH Controlled Access
•Configuring SSH Tunneling
•Configuring Shell Access in a Virtual Instance
For direct access to the Cisco AXP CLI, see the "Secure Shell Access to the Service Module" section.
SSH Controlled Access
To allow controlled access to your guest OS thorugh tunnel_user, perform these tasks:
1. You must include a script in your package with this name and directory: /usr/ssh/home/tunnel_user_startup.sh
2. This script is invoked when tunnel_user logs in.
If you do not include a script, the original script allows the tunnel_user to first log in, and then automatically logs the user out after displaying the welcome message.
Configuring SSH Tunneling
To configure SSH tunneling, perform the following steps.
SUMMARY STEPS
1. configure terminal
2. ip ssh server [ port-num ]
3. ip ssh username [tunnel_root | tunnel_user] password clear-password-string
4. ip ssh username [tunnel_root | tunnel_user] password0 clear-password-string
5. ip ssh username [tunnel_root | tunnel_user] password7 hashed-password-string
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
configure terminal
|
Enters global configuration mode.
|
Step 2
|
ip ssh server [ port-num ]
|
Starts or stops the SSH server on the specified port number. Port number range is 1-65535.
Default port number is 22.
Error messages:
Error Message Port is in use, please use another
port.
This error occurs if the system cannot start the SSH server because the port is being used. Change the port number and restart.
Error Message Invalid port number, range is
1-65535
This error occurs if you use an invalid port number for the configuration.
|
Step 3
|
ip ssh username [tunnel_root | tunnel_user]
password clear-password-string
|
Specifies a non encrypted (cleartext) user password.
tunnel_root—Allows an SSH user with shell access to the application environment.
tunnel_user—Allows an SSH user shell access to the application environment through a startup script that is implemented by the third party developer.
The startup script decides on the level of access a user can have to perform specific operations.
|
Step 4
|
ip ssh username [tunnel_root | tunnel_user]
password 0 clear-password-string
|
Specifies a non encrypted password.
|
Step 5
|
ip ssh username [tunnel_root | tunnel_user]
password 7 hashed-password-string
|
Specifies a hidden password.
|
Configuring Shell Access in a Virtual Instance
To configure the SSH server for shell access in a virtual instance, perform the following steps.
Step 1 Install app_debug.pkg and bind the interface to ensure SSH connection.
SE-Module# configure terminal
config# app-service app-name
config-app-name# bind interface eth0
Step 2 Activate tunnel_root in the ip ssh username [tunnel_root | tunnel_user] password command by setting a password.
SE-Module# configure terminal
config# app-service app-name
config-myapp# ip ssh username tunnel_root password clear-password-string
Step 3 Enable the SSH server.
SE-Module# configure terminal
config# app-service app-name
config-app-name# ip ssh server
Step 4 Verify status of the SSH server.
SE-Module# app-service app-name
app-name# show ssh-server
Example:
Step 5 You can now connect to the SSH server inside the virtual instance. By default, the SSH server port is 2022.
a. If you connect using tunnel_root as the SSH user, you have direct shell access after you log in with your password.
Note Use tunnel_root only in the development environment, for example when debugging.
workstation-shell# ssh tunnel_root@myblade -p 2022
tunnel_root@myblade's password:
b. If you connect using tunnel_user as the SSH user, the startup script in the third party application determines the type of access for a tunnel user.
Note Use tunnel_user only in the production environment.
In the example below, the startup script /usr/ssh/home/tunnel_user_app_startup.sh does not allow a tunnel user to access the shell inside the virtual instance.
An interactive message appears after you log in with your password.
workstation-shell# ssh tunnel_user@myblade -p 2022
tunnel_user@myblade's password:
=====Start of message from the Cisco AXP Application SSH Support=====
Tunnel User (tunnel_user) has logged in successfully
Application specific Tunnel User startup script will be invoked (if exists)
=====End of message from the Cisco AXP Application SSH Support=======
Please enter 1 to do a 'pwd', or 2 to do a 'ls'
tunnel_user_app_startup.sh tunnel_user_startup.sh
tunnel_user_app_startup.sh.sample
Connection to myblade closed.
Synchronizing Files
Cisco AXP provides developers with a data synchronization feature that allows them to synchronize files from a virtual instance to their workstation. The sync file url command synchronizes data from the virtual instance to the workstation using the rsync utility. The synchronization feature uses the rsync utility to exclude hard-linked files from the synchronization process.
Hard-linked files from the Guest-OS and other add-on files are excluded from synchronization since they are not packaged in an application. If an application requires a hard-linked file on the Cisco AXP service module to be overwritten with a file from a developer's workstation, it is necessary to first log into the Linux session in the virtual instance and remove the hard-linked file's protection.
If a file (or its directory) is deleted from one location and is used as the source of a synchronization operation, the file (or its directory) on the other location will not be automatically deleted. It must be manually deleted.
For example, if /work/helloworld-app-content/etc/mtab is deleted from the workstation repository and sync file url command is invoked with the in keyword, the file on the Cisco AXP service module will not be automatically deleted.
Files that are not protected (not hard-linked from the Guest-OS or add-on files), will be synchronized out of the Cisco AXP service module for that virtual instance. These files include:
•All files added by the developer
•Temporary files used by run-time Linux
•Basic directory structures
The synchronization feature depends on:
•Guest-OS and add-on files hard-linked (UNIX file system link) in the virtual instance.
•rsync utility
Prerequisites
The following tasks must be performed before synchronizing files.
Workstation
On the workstation, the rsync utility is installed by default with the recommended Redhat platform. Cisco AXP invokes rsync remotely using SSH.
For the rsync utility to be initiated from the service module, the following tasks must be performed:
1. sshd must be running on the workstation
2. The workstation must be connected through the network from the router.
3. The developer must have a valid account on the workstation.
4. A directory must be available to contain the synchronization process content.
5. The ~/.ssh folder must have read, write and executable permissions for the owner.
Application
The application (empty application for starting developing) must be dependent on the application debug package to provide access to the Linux shell and rsync utility.
Since rsync requires network connectivity, the application must be configured to bind an interface.
Service Module
On the service module:
•Configure the bind interface command to connect the installed application to the workstation. Refer to the "Configuring External Network Interfaces" section.
•Configure SSH authentication keys to allow rsync session initiations without having to provide a password for each session. This configuration is required only once.
SUMMARY STEPS
1. app-service application-name
2. sync file url rsync:host_url direction [in|out] username username
3. exit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
app-service application-name
|
Enters application service mode.
|
Step 2
|
sync file url rsync:host_url direction [in|out]
username username
|
Wraps the rsync command. Before invoking the rsync utility, the command first identifies the files that can or should be synchronized.
This identification process avoids synchronizing files that were hard-linked in the virtual instance, such as files from the Guest OS or other add-on files.
rsync— Defines the rsync protocol
host_url— Host URL
direction—Direction of synchronizing the files:
in—Content from the workstation is used as the master file.
out—Content from the service module is used as the master file.
username—Username used for authentication to the remote host (developer's workstation).
|
Step 3
|
exit
|
Exits application service mode.
|
Synchronization Example
This example assumes that the prerequisite tasks have been performed and the application is installed and configured on the Cisco AXP service module.
Setup
•Workstation (rsync repository) address: 192.168.1.4
•Username used by the developer on the workstation: john
•Empty application name: helloworld
•Cisco ISR prompt:
•Cisco AXP service module prompt:
•Workstation's folder to be used as a repository: /work/helloworld-app-content
Configuring SSH Authentication Keys
Configure the SSH authentication keys to establish trust between the service module and the workstation before using the sync file url command.
SUMMARY STEPS
1. Access a Linux shell session on the service module's application
2. Generate a key for the service module
3. Load the service module's public key to the workstation
4. Verify setup
Step 1 Setup a Linux session on the service module. Use the linux shell and connect console commands to access the guest OS shell. You can obtain console access for your application by using a debug package as a dependency, or by using a postinstall script.
a. To enable the linux shell command, first obtain console access using a debug package as a dependency. Refer to the section, Obtaining Console Access for the Application in the Cisco Application eXtension Platform Developer Guide.
b. To enable the connect console command, first obtain console access using the postinstall script. Refer to the section, Obtaining Console Access for the Application in the Cisco Application eXtension Platform Developer Guide.
appre> app-service helloworld
appre>(exec-helloworld)> linux shell
Step 2 Generate keys.
Use ssh-keygen to generate keys for the network-module.
Do not provide a passphrase. Save the generated keys under /root/.ssh/id_rsa since ssh will be looking for it.
bash-2.05b# ssh-keygen -t rsa
a. Generate the public/private RSA key pair. You will enter information in interactive mode.
Enter the file in which you want to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in id_rsa.
Your public key has been saved in id_rsa.pub.
The key fingerprint is:
d:31:68:8a:54:94:ee:9c:ba:14:79:41:53:ef:ac:ec root@appre
Step 3 Upload the service module's public key to the workstation to ensure that the service module's public key is known by the workstation. A simple way to upload the public key is to use the scp utility.
bash-2.05b# scp /root/.ssh/id_rsa.pub john@192.168.1.4:.ssh/authorized_keys2
Note john is the username or account on the workstation. We will use the same username to invoke the rsync command.
Step 4 Verify setup.
We can verify the setup of the authentication key by launching a simple SSH session from the service module to the workstation.
bash-2.05b# ssh john@192.168.1.4
You should not be prompted for a password for this command and should get a SSH session right away. If you do not initiate a SSH session immediately verify that:
•The right key has been uploaded. The key must be uploaded on the same machine to which you are initiating ssh during the verification step.
•The username is the same.
•The scp operation destination does not contain any typographical errors.
Step 5 Use the sync file url command
Perform data synchronization between the service module application files and the workstation repository. The first time you synchronize, it is recommended that you synchronize out (service module to the workstation) so that the base directory layout is exported.
Synchronizing out for the first time also makes it easier to add files to the structure.
In this example, we invoke the rsync command from the application context from the CLI prompt:
appre> app-service helloworld
appre(exec-helloworld)> sync file url rsync://192.168.1.4/work/helloworld-app-content
direction out username john
Using this command exports the data to the workstation 192.168.1.4 and places all the data of the application, which resides on the service module, under the workstation's directory /work/helloworld-app-content.
The username john is used as credential for the connection.
The exported data must contain the following:
•Basic directory structure
•Temp files that were used in the virtual instance such has /tmp/*, /var/log/*, /var/lock/*
•Original files that were originally packaged in the application
At this point, files can be added and modified in the workstation repository and be synchronized back in, using the same command but using in instead of out as direction.
CLI Plug-in Invocation
The Cisco AXP CLI plug-in distribution service supports CLI plug-in actions in C, Java, and shell scripts.
Developers must implement APIs using the signatures provided in of the Cisco AXP Developer Guide and compile the APIs into application C libraries or Java classes. The CLI plug-in distribution service invokes these APIs when a user enters a command referring to one of these action classes.
EXEC Mode
Invoke an EXEC CLI plug-in as follows:
SUMMARY STEPS
1. app-service application-name
2. Enter the CLI plug-in as defined by the third party application.
3. exit
DETAILED STEPS
