Get to Know Cisco 8000 Series Routers

Cisco 8000 series routers converge the service provider routing and massively scalable data centers (MSDC) switching portfolio. The routers run on XR 7 OS. The XR 7 OS provides significant architectural enhancements to Cisco IOS XR in these areas:

  • Modularity: Decoupled hardware and software; modularized software with the flexibility to consume software packages based on requirement.

  • Programmability: Model-driven APIs at all layers.

  • Manageability: Simplified software management and installation based on Linux tools.

Baseboard Management Controller

Cisco 8000 series routers support Baseboard Management Controller (BMC) in the Route Processor (RP). BMC is a specialized service processor that communicates with the system through an independent ethernet connection. BMC operates in two modes:
  • Lights-on mode: In this mode, RP CPU, which is independent and in parallel to BMC, is booted up. This mode provices access to remote console, ethernet management port, supervisory and environmetal device.

  • Lights-out mode: In this mode, RP CPU is not booted up. This mode provides access to ethernet management port, troubleshooting and recovery, boot parameters for BIOS, supervisory and environmental device.

For information about how to configure the IP address for BMC, see Configure IP Address for Ethernet Port on BMC.

This article helps you set up your Cisco 8000 series router. You will bring the router up, run a system health check, create user profiles, and assign user privileges.

Bring-up the Cisco 8000 Series Router

Connect to the console port on a Route Processor (RP) of the new router, and power ON the router. By default, this console port connects to the XR console. If necessary, after configuration, establish subsequent connections through the management port.

The following table shows the console settings:

Table 1. Console Settings

Baud rate (in bps)

Parity

Stop bits

Data bits

115200

None

2

8

The baud rate is set by default and cannot be changed.

The router can be accessed using remote management protocols, such as SSH, Telnet, SCP and FTP. SSH is included in the software image by default, but telnet is not part of the software image. You must manually install the telnet optional package to use it.

Figure 1. Ports of the Route Processor

1

Console RS-232 Serial Port RJ45

5

SyncE BITS/DTI/J.211

2

USB Port Type-A (2 ports). Port A gets detected ahead of Port B

Top: Port B

Bottom: Port A

6

G.703 Time-of-Day (TOD)

3

Control Plane Expansion SFP/SFP+ port

7

Mini coaxial connector for 10 MHz, input, and output

4

Top: Management Ethernet (10/100/1000-Mbps) RJ-45 (Copper) port LAN shared between x86 (XR) and ARM11 (BMC)

Bottom: IEEE 1588 Precision Time Protocol (PTP)

8

Mini coaxial connector for 1 PPS, input, and output

After booting is complete, you must create a username and password. This credential is used to log on to the XR console, and get to the router prompt.

The router completes the boot process using the pre-installed operating system (OS) image. If no image is available within the router, the router can be booted using iPXE boot or an external bootable USB drive.

Boot the Cisco 8000 Series Router Using iPXE

Boot the router using iPXE if the router fails to boot when powered ON. An alternate method is to Boot from a USB device.

iPXE is a pre-boot execution environment in the network card of the management interfaces. It works at the system firmware (UEFI) level of the router. iPXE boot re-images the system, boots the router in case of a boot failure, or in the absence of a valid bootable partition. iPXE downloads the ISO image, installs the image, and finally bootstraps inside the new installation.

iPXE acts as a bootloader. It provides the flexibility to choose the image that the system boots. The image is based on the Platform Identifier (PID), the serial number, or the management mac-address. iPXE is defined in the DHCP server configuration file.

You need a server running HTTPS, HTTP, or TFTP. Bring-up the PXE prompt using the following steps:

Procedure


Step 1

Power ON the router.

Step 2

Press Esc or Del keys continuously (quick and repeated press and release) to pause the boot process, and get the RP to the BIOS menu.

Step 3

Select Built-in iPXE option.

Step 4

When PXE boot starts reaching for a PXE server, press Ctrl+B keys to break into the PXE prompt.

Step 5

Add the following configuration for the router. This is required for the router to connect with the external server to download, and install the image. You can use HTTP, HTTPS or TFTP server.

Example:


iPXE> ifopen net0                    #Open the interface connecting outside world
iPXE> set net0/ip 10.0.0.2           #Configure the ip address of your router                                                        
iPXE> set net0/gateway 10.0.0.1      #configure the GW
iPXE> set net0/netmask 255.0.0.0     #Configure the Netmask
iPXE> ping 10.0.0.1                  #Check you can reach GW
iPXE> ping 192.0.2.0                 #check you can reach to your server running tftp or http or https
iPXE> boot http://192.0.2.0/<directory-path>8000-x64.iso    #Copy the image on the http/https/tftp server in any path and then point to download the image from there. 
Note 

To rectify errors while typing the command, use Ctrl+H keys to delete a character.

If a PXE server is configured to run a DHCP server, it assigns an IP address to the Ethernet Management interface of the router. This provides a channel to download the image that is required to re-image a router in case of a boot failure.

Router#reload bootmedia network location all
Proceed with reload? [confirm]
iPXE> boot http://<server-address>/<directory-path-to-iso>/8000-x64.iso   # The protocol could be http/https or tftp based on PXE server config
http://<server-address>/<directory-path-to-iso>/8000-x64.iso... 50%

Boot the Cisco 8000 Series Router Using USB Drive

Boot the router using USB drive if the router fails to boot when powered ON. An alternate method is to boot the router using iPXE.

Before you begin

Have access to a USB drive with a storage capacity that is between 8GB (min) and 32 GB (max). USB 2.0 and USB 3.0 are supported.

Procedure


Step 1

Copy the bootable file to a USB disk.

A bootable USB drive is created by copying a compressed boot file into a USB drive. The USB drive becomes bootable after the contents of the compressed file are extracted.

Note 

If you are unable to boot from a USB drive, remove and insert the drive again. If the drive is inserted correctly, and still fails to read from the USB drive, check the contents of the USB on another system.

This task can be completed using Windows, Linux, or MAC operating systems available on your local machine.

  1. Connect the USB drive to your local machine and format it with FAT32 or MS-DOS file system using the Windows Operating System or Apple MAC Disk Utility. To check if the disk is formatted as FAT32, right click on the USB disk, and view the properties.

  2. Copy the compressed boot file in .zip format from the image file to the USB drive. This .zip file can be downloaded from the Cisco Software Download center.

  3. Verify that the copy operation is successful. To verify, compare the file size at source and destination. Additionally, verify the MD5 checksum value.

  4. Extract the contents of the compressed boot file by unzipping it inside the USB drive. This converts the USB drive to a bootable drive.

    Note 
    Extract the contents of the zipped file ("EFI" and "boot" directories) directly into the root folder of the USB drive. If the unzipping application places the extracted files in a new folder, move the "EFI" and "boot" directories to the root folder of the USB drive.
  5. Eject the USB drive from your local machine.

Step 2

Use the bootable USB drive to boot the router or upgrade its image using one of the following methods:

Note 

Insert the USB drive in the USB port of the ACTIVE RP.

  • Boot menu
    1. Insert the USB drive, and connect to the console.

    2. Power ON the router.

    3. Press Esc or Del to pause the boot process, and get the RP to the BIOS menu.

    4. Select the USB option from the boot menu.

      Cisco BIOS Setup Utility - Copyright (C) 2019 Cisco Systems, Inc
      
      Boot Override
      UEFI: Micron_M600_MTFDDAT064MBF, Partition 4
      UEFI: Built-in iPXE
      URFI: Built-in Shell
      URFI: Built-in Grub
      UEFI: USB Flash Memory1.00, Partition 1
      The RP boots the image from the USB drive, and installs the image onto the hard disk. The router boots from the hard disk after installation.
  • XR CLI
    Use this method if you can access the XR prompt.
    Note 

    The RP has two USB ports. If there is only one USB drive with a bootable image, insert it into any of the two USB ports. If there are two USB drives but only one has a bootable image, the choice of the USB port is negligent. However, if two USB drives are inserted simultaneously and both have a bootable image, the image in the lower USB port takes precedence.

    1. Insert the USB device in the active RP.

    2. Access the XR prompt and run the command:
      Router# reload bootmedia usb location all noprompt
      
      Welcome to GRUB!!
      Verifying (hd0,msdos1)/EFI/BOOT/grub.cfg...
      (hd0,msdos1)/EFI/BOOT/grub.cfg verified using Pkcs7 signature.
      Loading Kernel..
      Verifying (loop)/boot/bzImage...
      (loop)/boot/bzImage verified using attached signature.
      Loading initrd..
      Verifying (loop)/boot/initrd.img
      The RP boots the image from the USB and installs the image onto the hard disk. The router boots from the hard disk after installation.

Configure the Management Port on the Cisco 8000 Series Router

To use the management port for system management and remote communication, you must configure an IP address and a subnet mask for the Management Ethernet interface.


Note

We recommend that you use a Virtual Private Network (VPN) routing and the forwarding (VRF) on the Management Ethernet interface.


Before you begin

  • Consult your network administrator or system planner to procure IP addresses and a subnet mask for the management interface.

  • Physical port Ethernet 0 on RP is the management port. Ensure that the port is connected to the management network.

Procedure


Step 1

Configure a VRF.

Example:

Router#conf t
Router(config)#vrf <vrf-name>
Router(config-vrf)#exit
Step 2

Enter interface configuration mode for the management interface of the primary RP.

Example:

Router(config)#interface mgmtEth 0/RP0/CPU0/0
Step 3

Configure the Management Ethernet interface under the VRF.

Example:

Router(config-if)#vrf <vrf-name>
Step 4

Assign an IP address and a subnet mask to the interface.

Example:

Router(config-if)#ipv4 address 10.1.1.1/8 255.255.0.0
Step 5

Assign a virtual IP address and a subnet mask to the interface. The virtual address is primarily used for out-of-band management over the Management Ethernet interface.

Example:

Router(config-if)#ipv4 virtual address vrf <vrf-name> 10.10.10.1/24
Step 6

Place the interface in UP state.

Example:

Router(config-if)#no shutdown
Step 7

Exit the management interface configuration mode.

Example:

Router(config-if)#exit
Step 8

Specify the IP address of the default-gateway to configure a static route; this is used for communications with devices on other networks.

Example:

Router(config)#router static vrf <vrf-name> address-family ipv4 unicast 0.0.0.0/0 10.10.10.1/24
Step 9

Commit the configuration.

Example:

Router(config)#commit
Step 10

Connect to the management port to the ethernet network. With a terminal emulation program, establish a SSH or telnet connection to the management interface port using its IP address.


Configure IP Address for Ethernet Port on BMC

Baseboard Management Controller (BMC) is a component in the Route Processor (RP) that monitors bootup status and the health of hardware components using sensors. It communicates with the system through an independent connection. The independent connection is through a dedicated ethernet connection between the host and BMC. BMC also has an ethernet interface for connections external to the router. You can establish communication with this interface using REST or SSH services.

You can configure static IP or use DHCP for automatic IP assignment by DHCP server. For static IP assignment, connect to BMC console.

Note

The Management Ethernet port is shared between XR and BMC. However, the IP address of BMC must be different from the XR interface, but in the same range.


To establish communication over ethernet (external to BMC and XR), configure static IP address on ethernet port 0 (eth0). IPv4 and IPv6 static IP addresses can be assigned. Modify the template in /etc/systemd/network/00-bmc-eth0.network with appropriate static IP address and gateway information. To modify the file, you must have root user privileges. Once modified, the system assigns the same IP address on eth0 ethernet device across BMC reloads.

Procedure


Step 1

Switch to BMC console from the XR console.

Example:

Router#[ctrl] o
Phosphor OpenBMC (Phosphor OpenBMC Project Reference Distro) 0.1.0 ttyS4
Step 2

Set up a root username and password for BMC.

Example:

login: root
You are required to change your password immediately (administrator enforced)
New password: 
Retype new password: 
Step 3

Check that the BMC configuration file is available. If the file is unavailabke, then create one in the following template.

Example:

root:~# cat /etc/systemd/network/00-bmc-eth0.network
[Match]
Name=eth0
[Network]
DHCP=ipv4
LinkLocalAddressing=fallback
[DHCP]
ClientIdentifier=mac

# For static ip addresses replace above two sections with the following section
#[Network]
#Address=a.b.c.d/xy
#Gateway=a.b.p.q
Step 4

Modify the file using Vi text editor. Configure BMC with the network address and the gateway information.

Example:

vi /etc/systemd/network/00-bmc-eth0.network
Step 5

Save the file.

Step 6

View the content of the modified file.

Example:

root:~# cat /etc/systemd/network/00-bmc-eth0.network
[Match]
Name=eth0
#[Network]
#DHCP=ipv4
#LinkLocalAddressing=fallback
#[DHCP]
#ClientIdentifier=mac

# For static ip addresses replace above two sections with the following section
[Network]
Address=192.168.0.2/24
Gateway=192.168.0.1
Step 7

Reboot BMC using reboot Linux command for the configuration to take effect.

Step 8

After BMC reboots, verify that the static IP is present for Ethernet 0 device in BMC.

Example:


root:~# ifconfig eth0
Link encap:Ethernet  HWaddr 00:59:DC:16:A6:2E  
inet addr:192.168.0.2  Bcast:192.168.0.1  Mask:255.255.0.0
inet6 addr: 2001:DB8:FFFF:FFFF:FFFF:FFFE:FFFF:FFFF Scope:Link
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
RX packets:1086 errors:0 dropped:0 overruns:0 frame:0
TX packets:205 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000 
RX bytes:185996 (181.6 KiB)  TX bytes:22383 (21.8 KiB)
Interrupt:20
Step 9

Verify connectivity to the external server.

Example:

root:~# ping -c 5 192.168.2.10 
PING 192.168.2.10 (192.168.2.10): 56 data bytes
64 bytes from 192.168.2.10: seq=0 ttl=64 time=1.381 ms
64 bytes from 192.168.2.10: seq=1 ttl=64 time=0.881 ms
64 bytes from 192.168.2.10: seq=2 ttl=64 time=0.855 ms
64 bytes from 192.168.2.10: seq=3 ttl=64 time=0.865 ms
64 bytes from 192.168.2.10: seq=4 ttl=64 time=0.953 ms

--- 192.168.2.10 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 0.855/0.987/1.381 ms
Note 

You can use Intelligent Platform Management Interface (IPMI) and REST interfaces to manage out-of-band BMC information.

For information about structure and usage examples for the REST interface, see OpenBMC REST API and OpenBMC REST cheat sheet.

By default, IPMI capability is disabled. For IPMI to function, you must enable netipmi using the following command:
netipmi_config.sh -s 1
For example, the following ipmi command displays sensors using BMC IP address:
root:~# ipmitool -H 192.0.2.0 -I lanplus -P 0penBmc sensor list
IBV             | 1031.000 | Volts | ok | 8917.000 | 9112.000 | 9307.000 | 1130.000 | 1171.000 | 11972.000 
VP1P2_CPU_C     | 1230.000 | Volts | ok | 1134.000 | 1158.000 | 1182.000 | 1256.000 | 1280.000 | 1304.000  
VP1P05_CPU      | 1060.000 | Volts | ok | 976.000  | 996.000  | 1018.000 | 1080.000 | 1102.000 | 1122.000  
VP0P6_VTT_MEM_C | 614.000  | Volts | ok | 558.000  | 570.000  | 582.000  | 618.000  | 630.000  | 642.000   
VP1P2_MGTAVTT   | 1210.000 | Volts | ok | 1092.000 | 1116.000 | 1140.000 | 1260.000 | 1284.000 | 1308.000  
VP1P0_MGTAVCC   | 1006.000 | Volts | ok | 910.000  | 930.000  | 950.000  | 1050.000 | 1070.000 | 1090.000  
VP3P3_OCXO      | 3339.000 | Volts | ok | 3003.000 | 3069.000 | 3135.000 | 3465.000 | 3531.000 | 3597.000  
P3_3V           | 3342.000 | Volts | ok | 3003.000 | 3069.000 | 3135.000 | 3465.000 | 3531.000 | 3597.000  
P2_5V           | 2528.000 | Volts | ok | 2273.000 | 2324.000 | 2375.000 | 2624.000 | 2675.000 | 2723.000  
VP1P8_OCXO      | 1814.000 | Volts | ok | 1638.000 | 1674.000 | 1710.000 | 1890.000 | 1926.000 | 1962.000  
P1_8V           | 1820.000 | Volts | ok | 1638.000 | 1674.000 | 1710.000 | 1890.000 | 1926.000 | 1962.000
-------------------------    snipped   --------------------------
To disable netipmi, use the command:
root:~# netipmi_config.sh -s 0

Synchronize Router Clock with NTP Server

Synchronize the XR clock with that of an NTP server to avoid a deviation from true time. BMC is also synchronised with XR through a local NTP connection.

NTP uses the concept of a stratum to describe how many NTP hops away a machine is from an authoritative time source. A stratum 1 time server typically has an authoritative time source (such as a radio or atomic clock, or a GPS time source) directly attached to the server. A stratum 2 time server receives its time through NTP from a stratum 1 time server, and so on.

Note

The Cisco implementation of NTP does not support stratum 1 service.


Before you begin

Configure and connect to the management port.

Procedure


Step 1

Enter the XR configuration mode.

Example:

Router#configure
Step 2

Synchronize the console clock with the specified sever.

Example:

Router(config)#ntp server <NTP-source-IP-address>

The NTP source IP address can either be an IPv4 or an IPv6 address. For example:

IPv4:
Router(config)#ntp server 192.0.2.0
IPv6:
Router(config)#ntp server 2001:DB8::1
Note 

The NTP server can also be reachable through a VRF if the Management Ethernet interface is in a VRF.

Step 3

Commit the configuration.

Example:

Router(config-ntp)#commit
Step 4

Verify that the clock is synchronised with the NTP server.

Example:

Router#show ntp status 
Clock is synchronized, stratum 3, reference is 192.0.2.0
nominal freq is 1000000000.0000 Hz, actual freq is 1000000000.0000 Hz, precision is 2**24
reference time is E12B1B02.8BB13A2F (08:42:42.545 UTC Tue Sep 17 2019)
clock offset is -3.194 msec, root delay is 4.949 msec
root dispersion is 105.85 msec, peer dispersion is 2.84 msec
loopfilter state is 'FREQ' (Drift being measured), drift is 0.0000000000 s/s
system poll interval is 64, last update was 124 sec ago
authenticate is disabled

Perform Preliminary Checks with Cisco 8000 Series Router

After successfully logging into the console, you must perform some preliminary checks to verify the correctness of the default setup. Correct any issues that arise before proceeding with further configurations.

Verify Software Version on Cisco 8000 Series Router

The router is shipped with the Cisco IOS XR software pre-installed. Verify that the latest version of the software is installed. If a newer version is available, perform a system upgrade. Installing the newer version of the software provides the latest feature set on the router.

You can view the overview of the running software. This includes the following information:

  • Package name and version
  • User who built the package
  • Time the package was built
  • Build workspace
  • Build host
  • ISO label:
    • Label is present if GISO boots using PXE boot

    • Label is present if GISO is installed using install replace method

    • Label reverts to default (only release version) if there is any change since the image with the label was installed.

  • Copyright information
  • Hardware information

Display the version of the Cisco IOS XR software, and its various software components that are installed on the router.


Router#show version
Cisco IOS XR Software, Version 7.0.11 LNT
Copyright (c) 2013-2019 by Cisco Systems, Inc.

Build Information:
 Built By     : xyz
 Built On     : Sat Jun 29 22:45:27 2019
 Build Host   : iox-lnx-064
 Workspace    : ../7.0.11/8000/ws/
 Version      : 7.0.11
 Label        : 7.0.11

cisco 8000
System uptime is 41 minutes

Verify the result to ascertain whether a system upgrade or the installation of an additional package is required. For more information about installing packages, see the Software Installation Guide for Cisco 8000 Series Routers.

Verify Status of Hardware Modules on Cisco 8000 Series Router

Multiple hardware modules such as RPs, LCs, fan trays, and so on, are installed on the router. The firmware on various hardware components of the router must be compatible with the Cisco IOS XR image installed. Incompatibility may cause the router to malfunction. Verify that all hardware and firmware modules are installed correctly and are operational.

Before you begin

Ensure that all required hardware modules are installed on the router.

Procedure


Step 1

View the status of the system.

Example:

Router#show platform
Node              Type                   State                  Config state
--------------------------------------------------------------------------------
0/RP0/CPU0        8201-SYS(Active)       IOS XR RUN              NSHUT
0/RP0/BMC0        8201-SYS               OPERATIONAL             NSHUT
0/PM0             PSU2KW-ACPE            OPERATIONAL             NSHUT
0/PM1             PSU2KW-ACPE            OPERATIONAL             NSHUT
0/FT0             FAN-1RU-PE             OPERATIONAL             NSHUT
0/FT1             FAN-1RU-PE             OPERATIONAL             NSHUT
0/FT2             FAN-1RU-PE             OPERATIONAL             NSHUT
0/FT3             FAN-1RU-PE             OPERATIONAL             NSHUT
0/FT4             FAN-1RU-PE             OPERATIONAL             NSHUT
Step 2

View the list of hardware and firmware modules detected on the router.

Example:

Router#show hw-module fpd
                                                                      FPD Versions
                                                                      =================
Location       Card type   HWver    FPD device        ATR  Status     Running   Programd
-------------------------------------------------------------------------------------------
0/RP0/CPU0     8800-RP     0.51     Bios              S    CURRENT    1.15      1.15
0/RP0/CPU0     8800-RP     0.51     BiosGolden        BS   CURRENT    1.15
0/RP0/CPU0     8800-RP     0.51     BmcFitPrimary     S    NEED UPGD  0.240     0.240
0/RP0/CPU0     8800-RP     0.51     BmcFpga           S    NEED UPGD  0.18      0.18
0/RP0/CPU0     8800-RP     0.51     BmcFpgaGolden     BS   CURRENT    0.19
0/RP0/CPU0     8800-RP     0.51     BmcTamFw          S    CURRENT    5.05      5.05
0/RP0/CPU0     8800-RP     0.51     BmcTamFwGolden    BS   CURRENT    5.05
0/RP0/CPU0     8800-RP     0.51     BmcUbootPrimary   S    CURRENT    0.15      0.15
0/RP0/CPU0     8800-RP     0.51     EthSwitch              CURRENT    0.07      0.07
0/RP0/CPU0     8800-RP     0.51     EthSwitchGolden   BP   CURRENT    0.07
0/RP0/CPU0     8800-RP     0.51     TimingFpga             CURRENT    0.11      0.11
0/RP0/CPU0     8800-RP     0.51     TimingFpgaGolden  B    CURRENT    0.11
0/RP0/CPU0     8800-RP     0.51     x86Fpga           S    NEED UPGD  0.23      0.23
0/RP0/CPU0     8800-RP     0.51     x86FpgaGolden     BS   CURRENT    0.24
0/RP0/CPU0     8800-RP     0.51     x86TamFw          S    CURRENT    5.05      5.05
0/RP0/CPU0     8800-RP     0.51     x86TamFwGolden    BS   CURRENT    5.05

From the result, verify that all hardware modules that are installed on the chassis are listed. If a module is not listed, it indicates that the module is malfunctioning, or is not installed properly. Remove and reinstall that hardware module.

In the preceding output, some of the significant fields are:

  • FPD Device—Name of the hardware component, such as IO FPGA, IM FPGA, or BIOS

  • Status—Upgrade status of the firmware. The different states are:

    Status

    Description

    CURRENT

    The firmware version is the latest version.

    READY

    The firmware of the FPD is ready for an upgrade.

    NOT READY

    The firmware of the FPD is not ready for an upgrade.

    NEED UPGD

    A newer firmware version is available in the installed image. We recommend that you to perform an upgrade of the firmware version.

    RLOAD REQ

    The upgrade is complete, and the ISO image requires a reload.

    UPGD DONE

    The firmware upgrade is successful.

    UPGD FAIL

    The firmware upgrade has failed.

    BACK IMG

    The firmware is corrupt. Reinstall the firmware.

    UPGD SKIP

    The upgrade is skipped because the installed firmware version is higher than the one available in the image.

  • Running—Current version of the firmware running on the FPD

  • Programd—Version of the FPD programmed on the module

Step 3

If necessary, upgrade the required firmware. You can selectively update individual FPDs, or update all of them at once.

Example:

Router#upgrade hw-module location all fpd all
Alarms are created showing all modules that needs to be upgraded.

Active Alarms
-----------------------------------------------------------------------------------------------------------------
Location    Severity   Group      Set Time                  Description 
----------------------------------------------------------------------------------------------------------------- 
0/6/CPU0     Major     FPD_Infra  09/16/2019 12:34:59 UTC   One Or More FPDs Need Upgrade Or Not In Current State 
0/10/CPU0    Major     FPD_Infra  09/16/2019 12:34:59 UTC   One Or More FPDs Need Upgrade Or Not In Current State 
0/RP0/CPU0   Major     FPD_Infra  09/16/2019 12:34:59 UTC   One Or More FPDs Need Upgrade Or Not In Current State 
0/RP1/CPU0   Major     FPD_Infra  09/16/2019 12:34:59 UTC   One Or More FPDs Need Upgrade Or Not In Current State 
0/FC0        Major     FPD_Infra  09/16/2019 12:34:59 UTC   One Or More FPDs Need Upgrade Or Not In Current State 
0/FC1        Major     FPD_Infra  09/16/2019 12:34:59 UTC   One Or More FPDs Need Upgrade Or Not In Current State 
Note 

BIOS and IOFPGA upgrades require a power cycle of the router for the new version to take effect.

Step 4

After the modules are upgraded verify the status of the modules.

Example:

Router#show hw-module fpd
                                                                      FPD Versions
                                                                      =================
Location       Card type   HWver    FPD device        ATR  Status     Running   Programd
-------------------------------------------------------------------------------------------
0/RP0/CPU0     8800-RP     0.51     Bios              S    CURRENT    1.15      1.15
0/RP0/CPU0     8800-RP     0.51     BiosGolden        BS   CURRENT    1.15
0/RP0/CPU0     8800-RP     0.51     BmcFitPrimary     S    RLOAD REQ  0.240     0.241
0/RP0/CPU0     8800-RP     0.51     BmcFpga           S    RLOAD REQ  0.18      0.19
0/RP0/CPU0     8800-RP     0.51     BmcFpgaGolden     BS   CURRENT    0.19
0/RP0/CPU0     8800-RP     0.51     BmcTamFw          S    CURRENT    5.05      5.05
0/RP0/CPU0     8800-RP     0.51     BmcTamFwGolden    BS   CURRENT    5.05
0/RP0/CPU0     8800-RP     0.51     BmcUbootPrimary   S    CURRENT    0.15      0.15
0/RP0/CPU0     8800-RP     0.51     EthSwitch              CURRENT    0.07      0.07
0/RP0/CPU0     8800-RP     0.51     EthSwitchGolden   BP   CURRENT    0.07
0/RP0/CPU0     8800-RP     0.51     TimingFpga             CURRENT    0.11      0.11
0/RP0/CPU0     8800-RP     0.51     TimingFpgaGolden  B    CURRENT    0.11
0/RP0/CPU0     8800-RP     0.51     x86Fpga           S    RLOAD REQ  0.23      0.24
0/RP0/CPU0     8800-RP     0.51     x86FpgaGolden     BS   CURRENT    0.24
0/RP0/CPU0     8800-RP     0.51     x86TamFw          S    CURRENT    5.05      5.05
0/RP0/CPU0     8800-RP     0.51     x86TamFwGolden    BS   CURRENT    5.05

The status of the upgraded nodes show that a reload is required.

Step 5

Reload the individual nodes that required an upgrade.

Example:

Router#reload location <node-location>
Step 6

Verify that all nodes that required an upgrade show an updated status of CURRENT with an updated FPD version.

Example:

Router#show hw-module fpd
                                                                      FPD Versions
                                                                      =================
Location       Card type   HWver    FPD device        ATR  Status     Running   Programd
-------------------------------------------------------------------------------------------
0/RP0/CPU0     8800-RP     0.51     Bios              S    CURRENT    1.15      1.15
0/RP0/CPU0     8800-RP     0.51     BiosGolden        BS   CURRENT    1.15
0/RP0/CPU0     8800-RP     0.51     BmcFitPrimary     S    CURRENT  0.241     0.241
0/RP0/CPU0     8800-RP     0.51     BmcFpga           S    CURRENT  0.19      0.19
0/RP0/CPU0     8800-RP     0.51     BmcFpgaGolden     BS   CURRENT    0.19
0/RP0/CPU0     8800-RP     0.51     BmcTamFw          S    CURRENT    5.05      5.05
0/RP0/CPU0     8800-RP     0.51     BmcTamFwGolden    BS   CURRENT    5.05
0/RP0/CPU0     8800-RP     0.51     BmcUbootPrimary   S    CURRENT    0.15      0.15
0/RP0/CPU0     8800-RP     0.51     EthSwitch              CURRENT    0.07      0.07
0/RP0/CPU0     8800-RP     0.51     EthSwitchGolden   BP   CURRENT    0.07
0/RP0/CPU0     8800-RP     0.51     TimingFpga             CURRENT    0.11      0.11
0/RP0/CPU0     8800-RP     0.51     TimingFpgaGolden  B    CURRENT    0.11
0/RP0/CPU0     8800-RP     0.51     x86Fpga           S    RLOAD REQ  0.24      0.24
0/RP0/CPU0     8800-RP     0.51     x86FpgaGolden     BS   CURRENT    0.24
0/RP0/CPU0     8800-RP     0.51     x86TamFw          S    CURRENT    5.05      5.05
0/RP0/CPU0     8800-RP     0.51     x86TamFwGolden    BS   CURRENT    5.05

Verify Interface Status on Cisco 8000 Series Router

After the router has booted, all available interfaces must be discovered by the system. If interfaces are not discovered, it might indicate a malfunction in the unit.

Procedure


View the interfaces discovered by the system.

Example:

Router#show ipv4 interfaces brief 
Interface                      IP-Address      Status          Protocol Vrf-Name
---------------------------------------------------------------------------------
MgmtEth0/RP0/CPU0/0            10.10.10.1      Up              Up       default 
PTP0/RP0/CPU0/0                unassigned      Shutdown        Down     default 
HundredGigE0/0/0/0             unassigned      Shutdown        Down     default 
HundredGigE0/0/0/1             unassigned      Shutdown        Down     default 
HundredGigE0/0/0/2             unassigned      Shutdown        Down     default 
HundredGigE0/0/0/3             unassigned      Shutdown        Down     default 
HundredGigE0/0/0/4             unassigned      Shutdown        Down     default 
HundredGigE0/0/0/5             unassigned      Shutdown        Down     default 
HundredGigE0/0/0/6             unassigned      Shutdown        Down     default 
HundredGigE0/0/0/7             unassigned      Shutdown        Down     default 
HundredGigE0/0/0/8             unassigned      Shutdown        Down     default 
HundredGigE0/0/0/9             unassigned      Shutdown        Down     default 
HundredGigE0/0/0/10            unassigned      Shutdown        Down     default 
------------------------- <snip> ---------------------------------
HundredGigE0/0/0/46            unassigned      Shutdown        Down     default
HundredGigE0/0/0/47            unassigned      Shutdown        Down     default
MgmtEth0/RP1/CPU0/0            10.10.10.1      Up              Up       default
PTP0/RP1/CPU0/0                unassigned      Shutdown        Down     default

When a router is turned ON for the first time, all interfaces are in the unassigned state. Verify that the total number of interfaces displayed in the result matches with the actual number of interfaces present on the router, and that the interfaces are created according to the type of linecards displayed in show platform command.


Verify Node Status on Cisco 8000 Series Router

Each card on the router represents a node.

Procedure


Verify the operational status of the node.

Example:

Router#show platform
Node              Type                     State                    Config state
--------------------------------------------------------------------------------
0/RP0/CPU0        8800-RP(Active)          IOS XR RUN               NSHUT
0/RP0/BMC0        8800-RP                  OPERATIONAL              NSHUT
0/RP1/CPU0        8800-RP(Standby)         IOS XR RUN               NSHUT
0/RP1/BMC0        8800-RP                  OPERATIONAL              NSHUT
0/0/CPU0          8800-LC                  IOS XR RUN               NSHUT
0/11/CPU0         8800-LC                  IOS XR RUN               NSHUT
0/FC0             8812-FC                  OPERATIONAL              NSHUT
0/FC3             8812-FC                  OPERATIONAL              NSHUT
0/FT0             8812-FAN                 OPERATIONAL              NSHUT
0/FT1             8812-FAN                 OPERATIONAL              NSHUT
0/FT2             8812-FAN                 OPERATIONAL              NSHUT
0/FT3             8812-FAN                 OPERATIONAL              NSHUT
0/PT0             FAM7000-ACHV-TRAY        OPERATIONAL              NSHUT

Displays the status of nodes present in the chassis.

Note 

RP and LC are CPU-based cards.

Verify that the state of all RPs and LCs is IOS XR RUN. This indicates that XR is operational, and that the state of FCs, FTs, PTs and PMs is OPERATIONAL.

The platform states are described in the following table:

Card Type

Show Platform State

Description

All

UNKNOWN

Error – Internal card record is not available

All

IDLE

Error – Card state machine is not initialized

All

DISCOVERED

Card has been detected

All

POWERED_ON

Card is powered on

RP, LC

BIOS_READY

Card BIOS has booted

RP, LC

IMAGE_INSTALLING

Image is being downloaded or installed

RP, LC

BOOTING

Image has been installed and the software is booting

RP, LC

IOS_XR_RUN

Software is operating normally and is fully functional

RP, LC

IOS_XR_INITIALIZING

Software is initializing

FC, FT, PT, PM

OPERATIONAL

Card is operating normally and is fully functional

RP, LC, FC

RESET

Card is undergoing reset

RP, LC

REIMAGE

Card is pending reimage

RP, LC, FC

SHUTTING_DOWN

Card is shutting down as a result of a fault-condition, user action, or configuration

RP, LC, FC

SHUT_DOWN

Card has been shut down as a result of a fault-condition, user action, or configuration

FC

ONLINE

The RP is able to access this remote card

LC

DATA_PATH_POWERED_ON

Forwarding complex is powered on

LC

DATA_PATH_POWERED_OFF

Forwarding complex is powered off

RP, LC, FC

PLATFORM_INITIALIZED

Card IDPROM information has been read

All

CARD_FAILED

Card is in a failed state

RP, LC

KERNEL_DUMP_IN_PROGRESS

A kernel crash has been detected and the kernel core is being collected

RP (Active)

SHUTTING_REMOTE_CARDS

Active RP card is in the process of shutting down other cards as part of a chassis reset

RP (Standby), LC, FC

WAITING_FOR_CHASSIS_RESET

Card has been shut down and is waiting for the chassis to be reset

RP, LC

WDOG_STAGE1_TIMEOUT

Card CPU failed to reset the hardware watchdog

RP, LC

WDOG_STAGE2_TIMEOUT

Hardware watchdog has timed out waiting for the card CPU to reset itself.

FC

CARD_ACCESS_DOWN

The RP is not able to access this remote card


Create Users and Assign Privileges on Cisco 8000 Series Router

Users are authenticated using a username and a password. The authentication, authorization, and accounting (AAA) commands help with these services:
  • create users, groups, command rules, or data rules

  • change the disaster-recovery password

XR has its AAA separate from Linux. XR AAA is the primary AAA system. A user created through XR can log in directly to the EXEC prompt when connected to the router. A user created through Linux can connect to the router, but arrive at the bash prompt. The user must log in to XR explicitly in order to access the XR EXEC prompt.

Configure AAA authorization to restrict users from uncontrolled access. If AAA authorization is not configured, the command and data rules associated to the groups that are assigned to the user are bypassed. A user can have full read-write access to IOS XR configuration through Network Configuration Protocol (NETCONF), google-defined Remote Procedure Calls (gRPC), or any YANG-based agents. In order to avoid granting uncontrolled access, enable AAA authorization before setting up any configuration. To gain an understanding about AAA, and to explore the AAA services, see the Configuring AAA Services chapter in the System Security Configuration Guide for Cisco 8000 Series Routers.

Create a User Profile

Create new users and include the user in a user group with certain privileges. The router supports a maximum of 1024 user profiles.

In this task, you create a user, user1, password for this user, pw123, and assign the user to a group root-lr.

Procedure


Step 1

Enter the XR configuration mode.

Example:

Router#config
Step 2

Create a new user.

Example:

Router(config)#username user1
Step 3

Create a password for the new user.

Example:

Router(config-un)#password pw123
Step 4

Assign the user to group root-lr.

Example:

Router(config-un)#group root-lr

All users have read privileges. However, users can be assigned to root-lr usergroup. These users inherit the write privileges where users can create configurations, create new users and so on.

Step 5

Commit the configuration.

Example:

Router(config-un)#commit

If you are logging into BMC, use the root credentials that you created when configuring BMC. See Configure IP Address for Ethernet Port on BMC. After the user is created, you can use SSH sessions to connect to BMC.


What to do next

With the router set up, you can manage your system, install software packages, and configure your network.

Create a User Group

Create a new user group to associate command rules and data rules with it. The command rules and data rules are enforced on all users that are part of the user group.

The router supports a maximum of 32 user groups.

In this task, you create a group name, group1, and assign a user, user1 to this group.

Before you begin

Create a user profile. See Create a User Profile.

Procedure


Step 1

Enter the XR configuration mode.

Example:

Router#config
Step 2

Create a new user group, group1.

Example:

Router#(config)#group group1
Step 3

Specify the name of the user, user1 to assign to this user group.

Example:

Router#(config-GRP)#username user1

You can specify multiple user names enclosed withing double quotes. For example, users "user1 user2 ..." .

Step 4

Commit the configuration.

Example:

Router#commit

What to do next

With the router set up, you can manage your system, install software packages, and configure your network.