ASR 9000 RSP Configuration (IOS-XR)
- Enable oneP communication. (TLS Protocol)
- Configure an IOS-XP access list.
- Configure a management interface
- Configure a public network LC interface for IKE and RSP traffic
- Configure actual and virtual interfaces for IKE, clear traffic and ICSR-SRP interfaces to VM-1 and VM-2.
- Configure Bridge-group Virtual Interfaces (BVIs) to bridge the IKE and clear traffic ports between VM-1 and VM-2.
- Configure Static Integrated Route Bridging (IRB) routes and L2 VLANs.
- Shutdown all unused ports.
<snip>
onep
transport type tls localcert onep-tp disable-remotecert-validation
virtual-service enable
virtual-service SecGW1
vnic interface TenGigE0/1/1/0
vnic interface TenGigE0/1/1/1
vnic interface TenGigE0/1/1/2
activate
virtual-service SecGW3
vnic interface TenGigE0/1/1/6
vnic interface TenGigE0/1/1/7
vnic interface TenGigE0/1/1/8
activate
virtual-service SecGW4
vnic interface TenGigE0/1/1/9
vnic interface TenGigE0/1/1/10
vnic interface TenGigE0/1/1/11
activate
virtual-service SecGW2
vnic interface TenGigE0/1/1/3
vnic interface TenGigE0/1/1/4
vnic interface TenGigE0/1/1/5
activate
crypto ca trustpoint onep-tp
crl optional
subject-name CN=ASR9K-8.cisco.com
enrollment url terminal
ipv4 access-list public
10 permit ipv4 host 55.55.33.30 any nexthop1 ipv4 34.34.34.101
20 permit ipv4 any any
interface MgmtEth0/RSP0/CPU0/0
ipv4 address 172.29.98.140 255.255.254.0
interface MgmtEth0/RSP0/CPU0/1
shutdown
interface GigabitEthernet0/1/0/0
shutdown
interface GigabitEthernet0/1/0/3
description "LC Interface to Private Network: Clear traffic"
ipv4 address 66.66.66.25 255.255.255.0
interface GigabitEthernet0/1/0/4
shutdown
...
interface GigabitEthernet0/1/0/19
shutdown
interface GigabitEthernet0/1/0/6
shutdown
interface GigabitEthernet0/1/1/0
shutdown
...
interface GigabitEthernet0/1/1/19
shutdown
interface TenGigE0/2/1/0
ipv4 address 192.168.122.1 255.255.255.0
interface TenGigE0/2/1/1
description "IKE Interface on VSM1"
l2transport
interface TenGigE0/2/1/2
description "CLEAR Interface on VSM1"
l2transport
interface TenGigE0/2/1/3
description "SRP Interface on VSM1"
ipv4 address 88.88.88.23 255.255.255.0
interface TenGigE0/2/1/4
shutdown
...
interface TenGigE0/2/1/11
shutdown
interface TenGigE0/4/1/0
ipv4 address 192.168.120.1 255.255.255.0
interface TenGigE0/4/1/1
shutdown
interface TenGigE0/4/1/1
shutdown
interface TenGigE0/4/1/2
shutdown
interface TenGigE0/4/1/3
shutdown
interface TenGigE0/4/1/4
description "IKE Interface on VSM2"
l2transport
interface TenGigE0/4/1/6
description "SRP Interface on VSM2"
ipv4 address 86.86.86.23 255.255.255.0
interface TenGigE0/4/1/7
shutdown
...
interface TenGigE0/4/1/11
shutdown
interface BVI1
description "Virtual Interface for IKE Bridge between VSM1 and VSM2 IKE ports"
ipv4 address 34.34.34.100 255.255.255.0
interface BVI2
description "Virtual Interface for CLEAR Bridge between VSM1 and VSM2 CLEAR Ports"
ipv4 address 78.78.78.100 255.255.255.0
interface preconfigure TenGigE0/0/0/0
shutdown
...
interface preconfigure TenGigE0/0/0/3
shutdown
interface preconfigure TenGigE0/2/0/0
shutdown
...
interface preconfigure TenGigE0/2/0/3
shutdown
router static
address-family ipv4 unicast
55.55.33.0/24 22.22.22.24
171.0.0.0/8 172.29.98.1
172.0.0.0/8 172.29.98.1
l2vpn
xconnect group wsg
bridge group irb
bridge-domain irb1
interface TenGigE0/2/1/1
interface TenGigE0/4/1/4
routed interface BVI1
bridge-domain irb2
interface TenGigE0/2/1/2
interface TenGigE0/4/1/5
routed interface BVI2
router hsrp
interface GigabitEthernet0/0/0/5
address-family ipv4
hsrp 3
preempt
priority 101
address 87.87.87.20
track object PrivateHsrp
track object PublicHsrp
interface GigabitEthernet0/0/0/18.1871
address-family ipv4
hsrp 3
preempt
priority 101
address 187.0.1.20
track object WsgIPsla
track object PublicHsrp
track object PrivateHsrp
ipsla
operation 200
type icmp echo
destination address 31.31.31.100
timeout 300
frequency 1
schedule operation 200
start-time now
life forever
track PublicHsrp
type line-protocol state
interface GigabitEthernet0/0/0/18
delay up 1
delay down
track PrivateHsrp
type line-protocol state
interface GigabitEthernet0/0/0/19
delay up 1
delay down