Table Of Contents
Getting Started
Setting Up The Service Module
Verifying Router and Service Module Compatibility
Compatibility between Router and NME/AIM2 Service Module
Compatibility between Router and ISM/SM Service Module
Installing the Router and Service Module
Verifying Service Module Installation
Hardware Requirements
Software Requirements
Cisco IOS Software
Cisco AXP Software
Basic Safeguards for Securing AXP Router/Blade
Cisco AXP Command Modes
Entering the Command Environment
Exiting the Command Environment
Configuring the Cisco AXP Service Module Interface
Configuration Tasks
Opening and Closing a Service Module Session
Getting Started
This chapter contains the following sections:
•
Setting Up The Service Module
•Cisco AXP Command Modes
•Configuring the Cisco AXP Service Module Interface
Setting Up The Service Module
To set up the service module:
•Verifying Router and Service Module Compatibility
•Installing the Router and Service Module
•Hardware Requirements
•Software Requirements
•Basic Safeguards for Securing AXP Router/Blade
Verifying Router and Service Module Compatibility
For information on router and service module installation, refer to the hardware documentation under the support section at www.cisco.com/go/axp. The compatibility between routers and Cisco AXP service modules are shown in the following sections:
•Compatibility between Router and NME/AIM2 Service Module
•Compatibility between Router and ISM/SM Service Module
Compatibility between Router and NME/AIM2 Service Module
The compatibility between routers and Network Module (NME) or Advanced Integration Module (AIM2) service modules is shown in Table 1.
Table 1 Cisco AXP Routers and Service Module Compatibility (NME/AIM2)
Router
|
NME-APPRE-
302-K9
(1GHz CPU, 512 MB)
|
NME-APPRE-
502-K9
(1GHz 1GB)
|
NME-APPRE-
522-K9
(1.4GHz CPU, 2GB)
|
AIM2-APPRE-
104-K9
(600MHz CPU, 512 MB)
|
891, 892
|
—
|
—
|
—
|
1.5
|
1841
|
—
|
—
|
—
|
1.5
|
1941
|
—
|
—
|
—
|
—
|
2801
|
—
|
—
|
—
|
1.5
|
2811
|
1.0, 1.1, 1.5
|
1.1, 1.5
|
—
|
1.5
|
2821
|
1.0, 1.1, 1.5
|
1,1, 1.5
|
—
|
1.5
|
2851
|
1.0, 1.1, 1.5
|
1.1, 1.5
|
—
|
1.5
|
2901
|
—
|
—
|
—
|
—
|
2911
|
—
|
—
|
—
|
—
|
2921
|
—
|
—
|
—
|
—
|
2951
|
—
|
—
|
—
|
—
|
3825
|
1.0, 1.1, 1.5
|
1.1, 1.5
|
1.0, 1.1, 1.5
|
1.5
|
3845
|
1.0, 1.1, 1.5
|
1,1, 1.5
|
1.0, 1.1, 1.5
|
1.5
|
3925
|
—
|
—
|
—
|
—
|
3945
|
—
|
—
|
—
|
—
|
Compatibility between Router and ISM/SM Service Module
The compatibility between routers and Integrated Service Module (ISM) or Service Module (SM) service modules is shown in Table 2.
Table 2 Cisco AXP Routers and Service Module Compatibility (ISM/SM)
Router
|
ISM-SRE-300-K9
(1.066 GHz, 512MB, 4GB eUSB)
|
SM-SRE-700-K9 (1.86GHz CPU, 4GB)
|
SM-SRE-710-K9 (1.86GHz CPU, 4GB)
|
SM-SRE-900-K9 (1.86GHz dual core CPU, 4GB)
|
SM-SRE-910-K9 (1.86GHz dual core CPU, 4GB)
|
891, 892
|
—
|
—
|
—
|
—
|
—
|
1841
|
—
|
—
|
—
|
—
|
—
|
1941
|
1.5
|
—
|
—
|
—
|
—
|
2801
|
—
|
—
|
—
|
—
|
—
|
2811
|
—
|
—
|
—
|
—
|
—
|
2821
|
—
|
—
|
—
|
—
|
—
|
2851
|
—
|
—
|
—
|
—
|
—
|
2901
|
1.5
|
—
|
—
|
—
|
—
|
2911
|
1.5
|
1.5.2
|
1.6.2
|
1.5.2
|
1.6.2
|
2921
|
1.5
|
1.5.2
|
1.6.2
|
1.5.2
|
1.6.2
|
2951
|
1.5
|
1.5.2
|
1.6.2
|
1.5.2
|
1.6.2
|
3825
|
—
|
—
|
—
|
—
|
—
|
3845
|
—
|
—
|
—
|
—
|
—
|
3925
|
1.5
|
1.5.2
|
1.6.2
|
1.5.2
|
1.6.2
|
3945
|
1.5
|
1.5.2
|
1.6.2
|
1.5.2
|
1.6.2
|
Installing the Router and Service Module
Refer to the router and service module hardware installation documents. See "Platform-Specific Documents" in the relevant Release Notes for Cisco AXP.
Verifying Service Module Installation
Once the service module is physically installed and the Cisco router is loaded with a compatible IOS image and is powered back on, proceed with the following steps to ensure that the service module is correctly detected by the ISR.
To verify service module detection by the Cisco router:
Step 1 The first step is to verify that the ISR detects the presence of the newly installed service module.
On the router, enter enable mode and use the following Cisco IOS command to display the field-replaceable unit (FRU) reported by Cisco IOS:
Router#show diag | include FRU
Product (FRU) Number : CISCO2811
Product (FRU) Number : NME-APPRE-302-K9
Step 2 Use the show hardware command to verify that the router recognizes the service module.
Hardware Requirements
For supported hardware, refer to Release Notes for Cisco AXP.
Software Requirements
Cisco IOS Software
For information on the supported Cisco IOS software and for information on where to download a Cisco IOS software image, refer to the "System Requirements" section of Release Notes for Cisco AXP.
Cisco AXP Software
To download the Cisco AXP software, perform the following steps:
Prerequisites
•IP address or name of the FTP server where the Cisco AXP package file will be stored
•Verify that the FTP server is accessible
Step 1 Download the Cisco AXP files. For information on where to download software product files and software development files, refer to Release Notes for Cisco AXP.
Note If you choose to use a file extractor tool designed for Windows, such as WinZip, you must disable CR/LF conversion of tar files. (For example, in WinZip 9.0, select Configuration > Miscellaneous and uncheck "TAR file smart CR/LF conversion".)
Step 2 Copy the files to the FTP server. All files to be installed must reside in the same directory. To install the Cisco AXP files, see the "Installing and Upgrading Software" section on page 66.
Application Software Versions
Each application has a version number, which is used by the Installer when resolving dependencies between subsystems. The system only considers the first two digits of the version number for checking dependencies. For versions with the first two matching digits such as 1.1.5 and 1.1.1, the higher release version is backward compatible with the earlier release.
Basic Safeguards for Securing AXP Router/Blade
To improve the security of your system, we suggest the following actions:
•Protect the telneting to router IP addresses with a username and password. Common username and password pairs such as cisco, cisco should be avoided.
•Assign privilege levels (0-15) to limit the actions that users with access to routers are allowed to perform. Privilege level 0 is most restrictive, and level 15 is least restrictive. Following this safeguard ensures that users attempting a privileged command-line interface (CLI) operation need to go through #enable mode and password authorization.
•Configure a sysadmin username and password when enabling Secure Shell (SSH) access. (Refer to the "Configuring Password Protection" section on page 18 and "Configuring the SSH Server" section on page 19). Remote access to Service Modules via SSH is disabled by default. Also consider encrypting the sysadmin password.
Cisco AXP Command Modes
This section includes the procedures listed below for entering and exiting the command environment, where Cisco AXP software configuration commands are executed.
•Entering the Command Environment
•Exiting the Command Environment
EXEC and Configuration Modes
The Cisco AXP software command modes, EXEC, and configuration, operate similarly to the EXEC and configuration modes for Cisco IOS software CLI commands.
Interface Types
In the following command configurations, the interface is usually described as "integrated-service-engine" —this applies for the NME type of module interface. If you are using a different type of service module, you must substitute the relevant interface name from the following list:
•Integrated-Service-Engine: NME module interface
•internal-Service-Module: AIM2 module interface
•ISM: ISM module interface
•SM: SM module interface
Ctrl+S and Ctrl+Q Keyboard Shortcuts
After entering a command, the following two keyboard shortcuts may be used:
Ctrl+S—halts the currently executing command. This shortcut is useful to suspend text that is scrolling on the screen.
Ctrl+Q—resumes the execution of the command.
Note You could press Ctrl+S accidentally and then assume that the system is hanging/suspended. If you think that this may have occurred, then press Ctrl+Q to attempt to resume the execution of the current command.
Entering the Command Environment
To enter the command environment after the Cisco AXP software is installed and active, perform the following steps.
Prerequisites
The following information is required to enter the command environment:
•IP address of the Cisco ISR router that contains the Cisco AXP service module
•Username and password to log in to the router
•Slot number of the module
SUMMARY STEPS
1. Open a Telnet session.
2. telnet ip-address
3. Enter the user ID and password of the router.
4. service-module integrated-service-engine slot/port session
5. (Optional) enable
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
Open a Telnet session.
|
Opens a session using a DOS window, SSH software, or a software emulation tool such as Reflection.
|
Step 2
|
Example:
C:\>telnet 172.16.231.195
|
Specifies the IP address of the router.
|
Step 3
|
Enter the user ID and password of the router.
|
Provides authentication.
|
Step 4
|
service-module integrated-service-engine
slot/port session
Example:
Router# service-module integrated-service-engine
1/0 session
|
Enters the Cisco AXP software command environment using the module located in slot and port. The prompt changes to "se" with the IP address of the service module.
Note "integrated-service-engine" is the interface name for NME service modules. Refer to the "Interface Types" section for the possible interface names.
If the message
"Trying ip-address slot/port ...
Connection refused by remote host"
appears, enter the command
service-module integrated-service-engine
slot/port session clear
and try Step 4 again.
|
Step 5
|
Example:
|
Enters privileged EXEC mode on the host router. Enter your password if prompted.
|
Exiting the Command Environment
To exit the Cisco AXP software command environment and return to the router command environment, perform the following steps.
SUMMARY STEPS
Return to the Cisco AXP software EXEC mode.
1. exit.
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 6
|
Example:
|
Returns to the router command environment.
|
Configuring the Cisco AXP Service Module Interface
This section describes general interface configuration between the Cisco integrated service routers and Cisco AXP service modules.
For configuring the interface of a Cisco Internal Service Module Service Ready Engine (ISM-SRE), refer to Cisco SRE Service Module Configuration and Installation Guide. For information on other service modules, refer to Release Notes for Cisco AXP.
The host router and service module use the following interfaces for internal and external communication (see Figure 1):
•Internal Interface (eth0)
–This is an internal interface that is between the router and the service module. Use this connection to exchange traffic between the network interface and the router.
–For example, the console connection to the service module is connected through this interface.
–On the router side, this interface is described as service interface engine x/0 (where x is the service module slot in which the service module is inserted).
–On the service module side (Linux), this internal interface is designated as eth0.
•External Interface (eth1)
–This an external ethernet interface giving speeds of Fast (100 Mb/s) or Gigabit (1000 Mb/s). The physical interface is an RJ-45 connector.
–On the service module side, this external interface is designated as eth1.
Note The external interface is not visible from the router side and can only be configured and used from the service module.
•Multi-Gigabit Ethernet (MGF) Interface
–This is an extra physical ethernet interface that connects to the backplane switch of the Cisco ISR.
–On the service module side, this external interface is designated as mgf0. For further information, refer to the "Multi-Gigabit Ethernet Fabric Interface" section on page 79.
Figure 1 Router and Service Module Interfaces
| |
On This Hardware Interface...
|
Configure These Settings...
|
Using This Configuration Interface
|
1
|
Router interface to external link (FastEthernet slot/0)
|
Standard router settings
|
Cisco IOS software CLI on the router
|
2
|
Router interface to module (Integrated-service-engine slot/0)
|
Module's IP address and default gateway router
|
3
|
Module interface to router (eth0)
|
All other module and Cisco AXP software application settings
|
Cisco AXP software GUI or SSH interface
|
4
|
Module interface to external link (eth1)
|
Support for data requests and transfers from outside sources
|
Configuration Tasks
Steps 1 to 3 open the host-router CLI and access the router's interface to the module.
Steps 4 to 9 configure the interface.
SUMMARY STEPS
From the Router CLI
1. enable
2. configure terminal
3. interface integrated-service-engine slot/0
4. ip address router-side-ip-address subnet-mask
or
ip unnumbered type number
5. service-module ip address module-side-ip-address subnet-mask
6. service-module ip default-gateway gateway-ip-address
7. end
8. copy running-config startup-config
9. show running-config
DETAILED STEPS
| |
Command or Action
|
Purpose
|
| |
From the Host-Router CLI
|
Step 1
|
enable
Example:
Router> enable
|
Enters privileged EXEC mode on the host router. Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode on the host router.
|
Step 3
|
interface integrated-service-engine slot/0
Example:
Router(config)# interface
integrated-service-engine 1/0
|
Enters interface configuration mode for the slot and port where the service module resides.
•slot—Specifies the service module slot.
Note "integrated-service-engine" is the interface name for NME service modules. Refer to the "Interface Types" section for the possible interface names.
|
Step 4
|
ip address router-side-ip-address subnet-mask
or
ip unnumbered type number
Example:
Router(config-if)# ip address 10.0.0.20
255.255.255.0
or
Router(config-if)# ip unnumbered eth0/0
|
Specifies the IP address on the router side.
•router-side-ip-address subnet-mask—IP address and subnet mask for the interface.
The ip unnumbered command enables IP processing on an interface without assigning an explicit IP address to the interface.
•type—Type of interface on which the router has an assigned IP address. The interface cannot be another unnumbered interface. Example: "eth" or "mgf".
•number—Number of the interface on which the router has an assigned IP address. The interface cannot be another unnumbered interface. Example: "0/0" (slot and port number).
For more information on the IP unnumbered command, see:
Understanding and Configuring the IP Unnumbered Command.
|
Step 5
|
service-module ip address
module-side-ip-address subnet-mask
Example:
Router(config-if)# service-module ip address
172.0.0.20 255.255.255.0
|
Specifies the IP address for the module interface to the router.
•module-side-ip-address—IP address for the interface
•subnet-mask—Subnet mask to append to the IP address; must be in the same subnet as the host router
|
Step 6
|
service-module ip default-gateway
gateway-ip-address
Example:
Router(config-if)# service-module ip
default-gateway 127.0.0.1
|
Specifies the IP address for the default gateway router for the module. The argument is as follows:
•gateway-ip-address—IP address for the gateway router
|
Step 7
|
end
Example:
Router(config-if)# exit
|
Returns to global configuration mode on the host router.
|
Step 8
|
copy running-config startup-config
Example:
Router# copy running-config startup-config
|
Saves the router's new running configuration.
|
Step 9
|
show running-config
Example:
Router# show running-config
|
Displays the router's running configuration so that you can verify address configurations.
|
Opening and Closing a Service Module Session
To open and close a session on the service module, perform the following steps.
Note•Before you install your application software, opening a session brings up the bootloader. After you install the software, opening a session brings up the application.
•You can conduct only one session at a time.
•Steps 1 to 3: open the host-router CLI and access the module. Steps 4 to 5: configure the module. Step 6: return to the host-router CLI.
SUMMARY STEPS
From the Host-Router CLI
1. enable
2. service-module integrated-service-engine slot/0 status
3. service-module integrated-service-engine slot/0 session
From the Service-Module Interface
4. Enter the required configuration or EXEC commands on the service module.
5. exit
6. Control-Shift-6 x
From the Host-Router CLI
7. service-module integrated-service-engine slot/0 session clear
DETAILED STEPS
| |
Command or Action
|
Purpose
|
| |
From the Host-Router CLI
|
Step 1
|
enable
Example:
Router> enable
|
Enters privileged EXEC mode on the host router. Enter your password if prompted.
|
Step 2
|
service-module integrated-service-engine slot/0
status
Example:
Router# service-module
integrated-service-engine 1/0 status
|
Displays the status of the specified module, so that you can ensure that the module is running (that is, in the steady state).
|
Step 3
|
service-module integrated-service-engine slot/0
session
Example:
Router# service-module
integrated-service-engine 1/0 session
Trying 10.10.10.1, 2065 ... Open
|
Begins a service-module session on the specified module. Do one of the following:
•To interrupt the autoboot sequence and access the bootloader, quickly type ***.
•To start a configuration session, press Enter.
|
| |
From the Service-Module Interface
|
Step 4
|
Enter the required configuration or EXEC commands on the service module.
|
|
Step 5
|
exit
|
Exit global configuration mode. (Optional) Save your new configuration with the copy running-config startup-config command. Note: You do not use the enable command and the prompt does not change from #.
|
Step 6
|
Press Control-Shift-6 x.
|
Suspends the service-module session and returns to the router CLI. Alternatively, type the exit command to return to the router CLI.
Note The service-module session stays up until you clear it in the next step. While it remains up, you can return to it from the router CLI by pressing Enter.
|
| |
From the Host-Router CLI
|
Step 7
|
service-module integrated-service-engine slot/0
session clear
Example:
Router# service-module
integrated-service-engine 1/0 session clear
|
Clears the service-module session for the specified module. When prompted to confirm this command, press Enter.
|
Feedback
