Configuring Support for Remote Management by the Cisco Prime Network Services Controller

Configuring the Management Interface to Support Remote Management by the Cisco Prime Network Services Controller


Note

The Cisco Prime Network Services Controller is unsupported using Cisco IOS XE Denali 16.3.1 or later, on the Cisco CSR 1000v.

(Cisco IOS XE Denali 16.3 or earlier) You can use the Cisco Prime Network Services Controller to provision, manage and monitor the Cisco CSR 1000v. This procedure configures the Cisco CSR 1000v management interface to support remote management using the Cisco Prime Network Services Controller.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. interface mgmt-interface
  4. ip address mgmt-ipv4-addr subnet-mask
  5. no shutdown
  6. exit
  7. interface virtualportgroup virtual-port-group-number-number
  8. ip unnumbered management-interface
  9. no shutdown
  10. exit
  11. virtual-service csr_mgmt
  12. vnic gateway virtualportgroup virtual-port-group-number
  13. guest ip address remote-mgmt-ipv4-addr
  14. exit
  15. activate
  16. end
  17. ip route ip-address subnet-mask virtualportgroup virtual-port-group-number

DETAILED STEPS

  Command or Action Purpose

Step 1

enable

Example:


Router> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:


Router# configure terminal

Enters global configuration mode.

Step 3

interface mgmt-interface

Example:


Router(config)# interface gig1

Enters interface configuration mode for the management interface.

Step 4

ip address mgmt-ipv4-addr subnet-mask

Example:


Router(config-if)# ip address 172.25.29.235 255.255.255.128

Configures the IP address for the management interface.

Step 5

no shutdown

Example:


Router(config-if)# no shutdown

Enables the management interface.

Step 6

exit

Example:


Router(config-if)# exit

Exits interface configuration mode.

Step 7

interface virtualportgroup virtual-port-group-number-number

Example:


Router(config)# interface virtuaportgroup 0

Creates a virtual port group and enters virtual port group interface configuration mode.

Step 8

ip unnumbered management-interface

Example:


Router(config-if)# ip unnumbered gigabitethernet1

Enables IP processing on an interface without assigning it an explicit IP address.

Step 9

no shutdown

Example:


Router(config-if)# no shutdown

Enables the management interface.

Step 10

exit

Example:


Router(config-if)# exit

Exits virtual port group interface mode.

Step 11

virtual-service csr_mgmt

Example:


Router(config)# virtual-service csr_mgmt

Configures the csr_mgmt virtual services container and enters virtual services configuration mode.

Step 12

vnic gateway virtualportgroup virtual-port-group-number

Example:


Router(config-virt-serv)# vnic gateway virtualportgroup 0

Creates a vNIC gateway interface for the virtual services container and maps the vNIC gateway interface to the virtual port group.

Step 13

guest ip address remote-mgmt-ipv4-addr

Example:


Router(config-virt-serv-intf) guest ip address 172.25.29.236

Configures the remote-management IP address for the vNIC gateway interface for the virtual services container.

Step 14

exit

Example:


Router(config-virt-serv-intf)# exit

Exits virtual services interface configuration mode and enters virtual services configuration mode.

Step 15

activate

Example:


Router(config-virt-serv)# activate

Activates the csr_mgmt virtual services container.

Step 16

end

Example:


Router(config-virt-serv)# end

Exits virtual services configuration mode and enters global configuration mode.

Step 17

ip route ip-address subnet-mask virtualportgroup virtual-port-group-number

Example:


Router(config)# ip route 172.25.29.236 255.255.255.255 VirtualPortGroup0

Creates an IP route that maps to the virtual port group. Use the same IP address that was configured using the guest ip address command.

Enabling Remote Management by the Cisco Prime Network Services Controller Host


Note

The Cisco Prime Network Services Controller is unsupported using Cisco IOS XE Denali 16.3.1 or later, on the Cisco CSR 1000v.

The Cisco Prime Network Services Controller control point agent (CPA) is used to manage the interface between the Cisco CSR 1000v and the Cisco Prime Network Services Controller host. The Cisco Prime Network Services Controller CPA must be activated on the Cisco CSR 1000v before Cisco Prime Network Services Controller can be used to remotely manage the router.

You must use the Cisco IOS XE CLI to manually activate the Cisco Prime Network Services Controller CPA in the following situations:

  • If you did not enable Cisco Prime Network Services Controller support through bootstrap when you deployed the OVA.

  • If you are manually configuring the Cisco CSR 1000v when it is up and running.

For more information about installing the Cisco CSR 1000v by deploying the OVA, see Deploying the Cisco CSR 1000v OVA to the VM using vSphere and Deploying the Cisco CSR 1000v OVA to the VM using COT.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. remote-management
  4. pnsc host ipv4-addr local-port number shared-secret string
  5. end
  6. show remote-management status

DETAILED STEPS

  Command or Action Purpose

Step 1

enable

Example:


Router> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:


Router# configure terminal

Enters global configuration mode.

Step 3

remote-management

Example:


Router(config)# remote-management

Enters remote-management configuration mode.

Step 4

pnsc host ipv4-addr local-port number shared-secret string

Example:


Router(cfg-remote-mgmt)# pnsc host 172.25.29.234 local-port
 8443 shared-secret ********

Enables remote management by Cisco Prime Network Services Controller and sets up the access to the Cisco Prime Network Services Controller host.

  • The ipvr-address represents the IP address of the Cisco Prime Network Services Controller host.

  • The local-port is the TCP port number for receiving the HTTPS requests from Cisco Prime Network Services Controller. The valid range is from 1 to 65535. There is no default port number. The local-port number should not be the same port number configured with the ip http port command.

  • The shared-secret configured in this step should match the shared-secret configured on Cisco Prime Network Services Controller. Once configured, only the encrypted version of the shared secret is displayed.

Note 
When remote management by Cisco Prime Network Services Controller is enabled using this command, the REST API PUT, POST, and DELETE operations are disabled. However, the GET operation is still available.

Step 5

end

Example:


Router(config-remote-mgmt)# end

Exits configuration mode and enters privileged EXEC mode.

Step 6

show remote-management status

Example:


Router# show remote-management status

RESTful-API: enabled

    https port: 443

PNSC CPA: enabled

    Host 172.27.208125 port 8443 shared-secret *******

Displays the Cisco CSR 1000v remote management settings.

What to do next

Once remote management by Cisco Prime Network Services Controller is enabled, the following warning is displayed when entering the Cisco IOS XE CLI mode directly on the router:


WARNING: This device is managed by Prime Network Services Controller. RESTful API is read only. Changing configuration using CLI is not recommended.

See documentation for Cisco Prime Network Services Controller.

Disabling Remote Management by the Cisco Prime Network Services Controller Host

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. remote-management
  4. no pnsc host ipv4-addr local-port number shared-secret string
  5. end
  6. show remote-management status

DETAILED STEPS

  Command or Action Purpose

Step 1

enable

Example:


Router> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:


Router# configure terminal

Enters global configuration mode.

Step 3

remote-management

Example:


Router(config)# remote-management

Enters remote-management configuration mode.

Step 4

no pnsc host ipv4-addr local-port number shared-secret string

Example:


Router(cfg-remote-mgmt)# no pnsc host 172.25.29.234 local-port 8443 shared-secret ********

Disables remote management by Cisco Prime Network Services Controller.

Note 
When remote management by Cisco Prime Network Services Controller is disabled using this command, the REST API PUT, POST and DELETE operations are enabled.

Step 5

end

Example:


Router(cfg-remote-mgmt)# end

Exits configuration mode and enters privileged EXEC mode.

Step 6

show remote-management status

Example:


Router# show remote-management status

RESTful-API: enabled

    https port: 443

PNSC CPA: disabled

    Host 172.27.208.125 port 8443 shared-secret *******

Displays the Cisco CSR 1000v remote management settings.