Table Of Contents
Cisco ASR 1000 Embedded Services Processor 10G Non Crypto Capable New Feature
First Published: September 26, 2008Last Updated: September 26, 2008
The Cisco ASR 1000 Embedded Services Processor 10G Non Crypto Capable new feature includes:
•Embedded Services Processor (ESP) in which all encryption chips have been removed
•Encryption software is removed from the Cisco IOS XE Route Processor software subpackage.
Finding Feature Information in This Module
Your Cisco IOS software release may not support all of the features documented in this module. To reach links to specific feature documentation in this module and to see a list of the releases in which each feature is supported, use the "Feature Information for the Cisco ASR 1000 ESP 10G Non Crypto Capable New Feature" section.
Finding Support Information for Platforms and Cisco IOS and Catalyst OS Software Images
Use Cisco Feature Navigator to find information about platform support and Cisco IOS and Catalyst OS software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Restrictions for Cisco ASR 1000 ESP 10G Non Crypto Capable New Feature
You cannot load Cisco IOS XE software images or subpackages which contain encryption software, onto a Cisco ASR 1000 Series Router that contains the non crypto enabled ESP board (ASR1000-ESP10-N). As soon as the combination of an encryption-enabled Cisco IOS XE image and encryption-disabled ESP is detected—on bootup, online removal or insertion, or during an install—a message is emitted:ESP[0|1] does not support strong cryptography. Chassis will reload.
The Route Processor (RP) then reloads the chassis and reboots continuously.
To troubleshoot this problem, follow these steps:
Step 1 Enable ROM Monitor (ROMmon) mode by entering the reload command.
Step 2 Press the Break key during the first 60 seconds while the system is booting.
Step 3 Force the system to remain in ROMmon mode, waiting for manual bootup, by entering the command: confreg 0x0.
Step 4 Load the latest Cisco IOS XE image that is compatible with the ASR1000-ESP10-N ESP board.
Compatible subpackages include
–Cisco ASR1000 Series RP1 IP BASE W/O CRYPTO
–Cisco ASR1000 Series RP1 ADVANCED IP SERVICES W/O CRYPTO
–Cisco ASR1000 Series RP1 ADVANCED ENTERPRISE SERVICES W/O CRYPTO
Step 5 Remove the forced manual boot mode by entering the command: confreg config register setting, where config register setting is the default for the user system, often 0x2102.
Step 6 Reboot the system.
Information About Cisco ASR 1000 ESP 10G Non Crypto Capable New Feature
For those users who are under export or import restrictions for strong encryption services products, the Cisco ASR 1000 ESP board (ASR1000-ESP10-N) without encryption is provided. This unrestricted product format, in which all encryption chips have been removed, can be provided in the Cisco ASR 1002, 1004, and 1006 Series Routers. Additionally, a Cisco IOS XE 2.2 image for this ESP is available that does not contain encryption software. Therefore, any Cisco ASR 1000 Series Router which contains the ASR1000-ESP10-N ESP board does not provide Secure Shell (SSH), Transport Layer Security (TLS), Secure Socket Layer (SSL), or IP Security (IPSec) encryption processes. All other functionality found in the Cisco ASR 1000 Series Routers remains the same.
The benefits of Cisco ASR 1000 ESP 10G Non Crypto Capable new feature are:
•Fully unrestricted network product that meets US export restrictions and any foreign security import restrictions.
•Users can obtain encryption processes of their own choosing.
Checking the ESP Board
You can verify the part number of your ASR 1000 Series Router ESP board in two ways:
•Look for the ASR1000-ESP10-N part number on the board itself, or
•Enter the show platform command as shown below:Router# show platformChassis type: ASR1006Slot Type State Insert time (ago)--------- ------------------- --------------------- -----------------0 ASR1000-SIP10 ok 00:03:060/0 SPA-5X1GE-V2 ok 00:01:350/1 SPA-8X1FE-TX-V2 ok 00:01:350/2 SPA-2XCT3/DS0 ok 00:01:351 ASR1000-SIP10 ok 00:03:061/0 SPA-2XOC3-POS ok 00:01:351/1 SPA-8XCHT1/E1 ok 00:01:351/2 SPA-2XT3/E3 ok 00:01:35R0 ASR1000-RP1 ok, active 00:03:06F0 ASR1000-ESP10-N ok, active 00:03:06P0 ASR1006-PWR-AC ok 00:02:06P1 ASR1006-FAN ok 00:02:06Slot CPLD Version Firmware Version--------- ------------------- ---------------------------------------0 06120701 12.2(33r)XNB1 06120701 12.2(33r)XNBR0 07082312 12.2(33r)XNBF0 07051680 12.2(33r)XNB
The following sections provide references related to the Cisco ASR 1000 ESP 10G Non Crypto Capable New Feature.
Related Topic Document Title
Cisco ASR 1000 Series Routers software configuration information.
Cisco ASR 1000 Series Aggregation Services Routers Software Configuration Guide at http://www.cisco.com/en/US/docs/routers/asr1000/configuration/guide/chassis/asrswcfg.html
Cisco ASR 1000 Series Routers hardware installation information.
Cisco ASR 1000 Series Aggregation Services Routers Hardware Installation and Initial Configuration Guide at http://www.cisco.com/en/US/docs/routers/asr1000/install/guide/chassis/asr1000hig.html
System message information for Cisco IOS XE software.
System Messages for Cisco IOS XE at http://www.cisco.com/en/US/products/ps9343/products_system_message_guides_list.html
Cisco IOS XE software configuration information.
Cisco IOS XE Configuration Guides at http://www.cisco.com/en/US/products/ps9587/products_installation_and_configuration_guides_list.html
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature
Feature Information for the Cisco ASR 1000 ESP 10G Non Crypto Capable New Feature
Table 1 lists the release history for this feature.
Not all commands may be available in your Cisco IOS software release. For release information about a specific command, see the command reference documentation.
Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS and Catalyst OS software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Note Table 1 lists only the Cisco IOS software release that introduced support for a given feature in a given Cisco IOS software release. Unless noted otherwise, subsequent releases of that Cisco IOS software release also support that feature.
CCVP, the Cisco logo, and Welcome to the Human Network are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, LightStream, Linksys, MeetingPlace, MGX, Networkers, Networking Academy, Network Registrar, PIX, ProConnect, ScriptShare, SMARTnet, StackWise, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0711R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2008 Cisco Systems, Inc. All rights reserved.