System Setup and Software Installation Guide for Cisco NCS 540 Series Routers, IOS XR Release 24.1.x, 24.2.x - Setup Cisco NCS 540 Series Routers with XR7 OS [Cisco Network Convergence System 540 Series Routers] (2024)

The following variants of Cisco NCS 540 series routers run on XR7 OS:

N540-28Z4C-SYS-A
N540-28Z4C-SYS-D
N540X-16Z4G8Q2C-A
N540X-16Z4G8Q2C-D
N540-12Z20G-SYS-A
N540-12Z20G-SYS-D
N540X-12Z16G-SYS-A
N540X-12Z16G-SYS-D
N540X-6Z18G-SYS-A
N540X-6Z18G-SYS-D
N540X-8Z16G-SYS - A
N540X-8Z16G-SYS - D
N540X-4Z14G2Q-SYS-A
N540X-4Z14G2Q-SYS-D
N540-24Q8L2DD-SYS

XR7 OS provides significant architectural enhancements to Cisco IOS XR in these areas:

Modularity: Decoupled hardware and software; disintegrated software with the flexibility to consume software packages based on requirement
Programmability: Cloud scale enhancement with model-drivel APIs at all layers
See Also
How to setup and play DCS in the Pimax Crystal OpenXR support for IL-2 and DCS for Windows Mixed Reality VR headsets Die dritte Dimension - Pimax Crystal Review - Cruiselevel Factory Reconditioned Dewalt 20V MAX XR Brushless Lithium-Ion 7-1/4 in. Cordless Circular Saw with POWER DETECT Tool Technology (Tool Only) - DCS574BR
Manageability: Simplified software management and installation that is based on Linux tools

For more information about installing the router, see Cisco NCS 540 Series Hardware Installation Guide.

This document helps you set up the Cisco NCS 540 series router. You will bring-up the router, run a health check of the system, create user profiles, and assign privileges.

Bring-up the Cisco NCS 540 Series Router

Connect to the console port on a Route Processor (RP) of the router, and power ON the router. By default, this console port connects to the XR console. If necessary, after configuration, establish subsequent connections through the management port.

The following table shows the console settings:

Table 1. Console Settings
Baud rate (in bps)	Parity	Stop bits	Data bits
115200	None	2	8

The baud rate is set by default and cannot be changed.

The router can be accessed using remote management protocols, such as SSH, Telnet, SCP and FTP. SSH is included in the software image by default, but telnet is not part of the software image. You must manually install the telnet optional package to use it.

After booting is complete, you must create a username and password. This credential is used to log on to the XR console, and get to the router prompt.

You can start or stop the console by using the following keyboard shortcuts:

To start the console, press Ctrl + q.
To stop the console, press Ctrl + s.

Note that by using Ctrl + s, the console output will be locked and you will need to initiate a Ctrl + q sequence to restore the console prompt.

The router completes the boot process using the pre-installed operating system (OS) image. If no image is available within the router, the router can be booted using iPXE boot or an external bootable USB drive.

Boot the Cisco NCS 540 Series Router Using Manual iPXE

Manually boot the router using iPXE if the router fails to boot when powered ON. An alternate method is to Boot from a USB device.

iPXE is a pre-boot execution environment in the network card of the management interfaces. It works at the system firmware (UEFI) level of the router. iPXE boot re-images the system, boots the router in case of a boot failure, or in the absence of a valid bootable partition. iPXE downloads the ISO image, installs the image, and finally bootstraps inside the new installation.

You need a server running HTTPS, HTTP, or TFTP. Bring-up the PXE prompt using the following steps:

Procedure

Step1

Power ON the router.

Step2

Press Esc or Del keys continuously (quick and repeated press and release) to pause the boot process, and get to the BIOS menu.

Step3

Select Boot Manager, and then select Built-in iPXE option.

Step4

When PXE boot starts reaching for a PXE server, press Ctrl+B keys to break into the PXE prompt.

Step5

Add the following configuration for the router. This is required for the router to connect with the external server to download, and install the image. You can use HTTP, HTTPS or TFTP server.

Example:

iPXE> ifopen net0 #Open the interface connecting outside worldiPXE> set net0/ip 10.0.0.2 #Configure the ip address of your router iPXE> set net0/gateway 10.0.0.1 #configure the GWiPXE> set net0/netmask 255.0.0.0 #Configure the NetmaskiPXE> ping 10.0.0.1 #Check you can reach GWiPXE> ping 192.0.2.0 #check you can reach to your server running tftp or http or httpsiPXE> boot http://192.0.2.0/<directory-path>540l-x64.iso #Copy the image on the http/https/tftp server in any path and then point to download the image from there.

Note

To rectify errors while typing the command, use Ctrl+H keys to delete a character.

If a PXE server is configured to run a DHCP server, it assigns an IP address to the Ethernet Management interface of the router. This provides a channel to download the image that is required to re-image a router in case of a boot failure.

Router#reload bootmedia network location allProceed with reload? [confirm]

Note

Use the force option to perform an ungraceful reload of the specified location or hardware module. When force option is used along with the all location, the chassis undergoes an ungraceful reload. Use the noprompt option to avoid the prompt to confirm the operation. The force option is not recommended, and should not be used during regular operations.

Boot the Cisco NCS 540 Series Router Using USB Drive

Boot the router using USB drive if the router fails to boot when powered ON. An alternate method is to boot the router using iPXE.

Before you begin

Have access to a USB drive with a storage capacity that is between 8GB (min) and 32 GB (max). USB 2.0 and USB 3.0 are supported.

System Setup and Software Installation Guide for Cisco NCS 540 Series Routers, IOS XR Release 24.1.x, 24.2.x - Setup Cisco NCS 540 Series Routers with XR7 OS [Cisco Network Convergence System 540 Series Routers] (1)

Caution

We recommend that you do not use Kingston USB 3.0 memory cards with 64GB storage capacity as this might cause a hardware error.

Caution

Booting your router using USB drive deletes all the configuration from the hard disk. Ensure that you take a backup of your current router configuration before proceeding with the USB boot.

Note

Use this procedure only on the active RP; the standby RP must either be powered OFF or removed from the chassis. After the active RP is installed with images from the USB drive, insert or power ON the standby RP as appropriate.

Procedure

Step1

Copy the bootable file to a USB disk.

A bootable USB drive is created by copying a compressed boot file into a USB drive. The USB drive becomes bootable after the contents of the compressed file are extracted.

Note

If you are unable to boot from a USB drive, remove and insert the drive again. If the drive is inserted correctly, and still fails to read from the USB drive, check the contents of the USB on another system.

This task can be completed using Windows, Linux, or MAC operating systems available on your local machine.

Connect the USB drive to your local machine and format it with FAT32 or MS-DOS file system using the Windows Operating System or Apple MAC Disk Utility. To check if the disk is formatted as FAT32, right click on the USB disk, and view the properties.
Copy the compressed boot file in .zip format from the image file to the USB drive. This .zip file can be downloaded from the Cisco Software Download center.
Verify that the copy operation is successful. To verify, compare the file size at source and destination. Additionally, verify the MD5 checksum value.

Extract the contents of the compressed boot file by unzipping it inside the USB drive. This converts the USB drive to a bootable drive.

Note

Extract the contents of the zipped file ("EFI" and "boot" directories) directly into the root folder of the USB drive. If the unzipping application places the extracted files in a new folder, move the "EFI" and "boot" directories to the root folder of the USB drive.

Eject the USB drive from your local machine.

Step2

Use the bootable USB drive to boot the router or upgrade its image using one of the following methods:

Note

Insert the USB drive in the USB port of the ACTIVE RP.

Boot menu

1

RJ45 Port

2

USB Type-A console cable
1. Insert the USB drive, and connect to the console.
2. Power ON the router.
3. Press Esc or Del to pause the boot process, and get the RP to the BIOS menu.
4. Select Boot Manager, and then select the USB option from the boot menu.
```
Cisco BIOS Setup Utility - Copyright (C) 2019 Cisco Systems, IncBoot OverrideUEFI: Micron_M600_MTFDDAT064MBF, Partition 4UEFI: Built-in iPXEURFI: Built-in ShellURFI: Built-in GrubUEFI: USB Flash Memory1.00, Partition 1
```
  The system boots the image from the USB drive, and installs the image onto the hard disk. The router boots from the hard disk after installation.
XR CLI
Use this method if you can access the XR prompt.
1. Insert the USB device in the active RP.
2. Access the XR prompt and run the command:
```
Router#reload bootmedia usb nopromptWelcome to GRUB!!Verifying (hd0,msdos1)/EFI/BOOT/grub.cfg...(hd0,msdos1)/EFI/BOOT/grub.cfg verified using Pkcs7 signature.Loading Kernel..Verifying (loop)/boot/bzImage...(loop)/boot/bzImage verified using attached signature.Loading initrd..Verifying (loop)/boot/initrd.img
```
  Use the force option to perform an ungraceful reload of the specified location or hardware module. When force option is used along with the all location, the chassis undergoes an ungraceful reload. Use the noprompt option to avoid the prompt to confirm the operation. The force option is not recommended, and should not be used during regular operations.
  The system boots the image from the USB and installs the image onto the hard disk. The router boots from the hard disk after installation.
Note

Execute the install commit command before proceeding to the next install iteration, while performing cyclic upgrade and downgrade tests.

Configure the Management Port on the Cisco NCS 540 Series Router

To use the management port for system management and remote communication, you must configure an IP address and a subnet mask for the Management Ethernet interface.

Before you begin

Consult your network administrator or system planner to procure IP addresses and a subnet mask for the management interface.
Physical port Ethernet 0 on RP is the management port. Ensure that the port is connected to the management network.

Procedure

Step1	Configure a VRF. Example: `Router#conf tRouter(config)#vrf <vrf-name>Router(config-vrf)#exit`
Step2	Enter interface configuration mode for the management interface of the RP. Example: `Router(config)#interface mgmtEth 0/RP0/CPU0/0`
Step3	Assign an IP address and a subnet mask to the interface. Example: `Router(config-if)#ipv4 address 10.10.10.1/8`
Step4	Configure the Management Ethernet interface under the VRF. Example: `Router(config-if)#vrf <vrf-name>`
Step5	Exit the management interface configuration mode. Example: `Router(config-if)#exit`
Step6	Assign a virtual IP address and a subnet mask to the interface. The virtual address is primarily used for out-of-band management over the Management Ethernet interface. Example: `Router(config)#ipv4 virtual address vrf <vrf-name> 10.10.10.1/8`
Step7	Place the interface in `UP` state. Example: `Router(config)#no shutdown`
Step8	Specify the IP address of the default-gateway to configure a static route; this is used for communications with devices on other networks. Example: `Router(config)#router static vrf <vrf-name> address-family ipv4 unicast 0.0.0.0/0 10.10.10.1`
Step9	Commit the configuration. Example: `Router(config)#commit`
Step10	Connect to the management port to the ethernet network. With a terminal emulation program, establish a SSH or telnet connection to the management interface port using its IP address.

Synchronize Router Clock with NTP Server

Synchronize the XR clock with that of an NTP server to avoid a deviation from true time.

NTP uses the concept of a stratum to describe how many NTP hops away a machine is from an authoritative time source. A stratum 1 time server typically has an authoritative time source (such as a radio or atomic clock, or a GPS time source) directly attached to the server. A stratum 2 time server receives its time through NTP from a stratum 1 time server, and so on.

Note

The Cisco implementation of NTP does not support stratum 1 service.

Before you begin

Configure and connect to the management port.

Procedure

Step1

Enter the XR configuration mode.

Example:

Router#configure

Step2

Synchronize the console clock with the specified sever.

Example:

Router(config)#ntp server <NTP-source-IP-address>

The NTP source IP address can either be an IPv4 or an IPv6 address. For example:

IPv4:

Router(config)#ntp server 192.0.2.0

IPv6:

Router(config)#ntp server 2001:DB8::1

Note

The NTP server can also be reachable through a VRF if the Management Ethernet interface is in a VRF.

Step3

Commit the configuration.

Example:

Router(config-ntp)#commit

Step4

Verify that the clock is synchronised with the NTP server.

Example:

Router#show ntp status Clock is synchronized, stratum 3, reference is 192.0.2.0nominal freq is 1000000000.0000 Hz, actual freq is 1000000000.0000 Hz, precision is 2**24reference time is E12B1B02.8BB13A2F (08:42:42.545 UTC Tue Sep 17 2019)clock offset is -3.194 msec, root delay is 4.949 msecroot dispersion is 105.85 msec, peer dispersion is 2.84 msecloopfilter state is 'FREQ' (Drift being measured), drift is 0.0000000000 s/ssystem poll interval is 64, last update was 124 sec agoauthenticate is disabled

Perform Preliminary Checks with Cisco NCS 540 Series Router

After successfully logging into the console, you must perform some preliminary checks to verify the correctness of the default setup. Correct any issues that arise before proceeding with further configurations.

Verify Software Version on Cisco NCS 540 Series Router

The router is shipped with the Cisco IOS XR software pre-installed. Verify that the latest version of the software is installed. If a newer version is available, perform a system upgrade. Installing the newer version of the software provides the latest feature set on the router.

You can view the overview of the running software. This includes the following information:

Image name and version
User who built the image
Time the image was built
Build workspace
Build host
ISO label

Note

If any modifications are made to the running software on the booted ISO, only the IOS XR version is displayed in the label field and not the label included in the ISO.
Copyright information
Hardware information

Display the version of the Cisco IOS XR software, and its various software components that are installed on the router.

Router#show versionCisco IOS XR Software, Version 7.0.1 LNTCopyright (c) 2013-2019 by Cisco Systems, Inc.Build Information: Built By : xyz Built On : Sat Jun 29 22:45:27 2019 Build Host : iox-lnx-064 Workspace : ../7.0.1/NCS540L/ws/ Version : 7.0.1 Label : 7.0.1cisco NCS540LSystem uptime is 41 minutes

Verify Status of Hardware Modules on Cisco NCS 540 Series Router

Hardware modules such as RPs, LCs, fan trays, and power modules are installed on the router. The firmware on various hardware components of the router must be compatible with the Cisco IOS XR image installed. Incompatibility may cause the router to malfunction. Verify that all hardware and firmware modules are installed correctly and are operational.

Before you begin

Ensure that all required hardware modules are installed on the router.

Procedure

Step1

View the status of the system.

Example:

Router#show platformNode Type State Config state---------------------------------------------------------------------------0/RP0/CPU0 N540X-16Z4G8Q2C-A(Active) IOS XR RUN NSHUT0/FT0 N540-X-BB-FAN OPERATIONAL NSHUT

Step2

View the list of hardware and firmware modules detected on the router.

Example:

Router#show hw-module fpd FPD Versions =================Location Card type HWver FPD device ATR Status Running Programd-------------------------------------------------------------------------------------0/RP0/CPU0 N540-28Z4C-SYS-A 0.1 IoFpga CURRENT 1.29 1.29 0/RP0/CPU0 N540-28Z4C-SYS-A 0.1 IoFpgaGolden B CURRENT 1.29 0/RP0/CPU0 N540-28Z4C-SYS-A 0.1 Primary-BIOS S CURRENT 1.09 1.09 0/RP0/CPU0 N540-28Z4C-SYS-A 0.1 StdbyFpga S CURRENT 0.29 0.29 0/RP0/CPU0 N540-28Z4C-SYS-A 0.1 StdbyFpgaGolden BS NEED UPGD 0.00 0/RP0/CPU0 N540-28Z4C-SYS-A 0.1 TamFw S NEED UPGD 4.09 2.04 0/RP0/CPU0 N540-28Z4C-SYS-A 0.1 TamFwGolden BS NEED UPGD 0.00

Router#show hw-module fpdFri May 28 13:53:23.325 UTC Auto-upgrade:Disabled Attribute codes: B golden, P protect, S secure FPD Versions ================= Location Card type HWver FPD device ATR Status Running Programd Reload Loc ------------------------------------------------------------------------------------------------- 0/RP0/CPU0 N540X-6Z18G-SYS-A 0.2 IoFpga CURRENT 0.13 0.13 0/RP0 0/RP0/CPU0 N540X-6Z18G-SYS-A 0.2 IoFpgaGolden B NEED UPGD 0.00 0/RP0 0/RP0/CPU0 N540X-6Z18G-SYS-A 0.2 Prim-BootLoader CURRENT 10.07 10.07 0/RP0 0/RP0/CPU0 N540X-6Z18G-SYS-A 0.2 StdbyFpga S CURRENT 0.28 0.28 0/RP0 0/RP0/CPU0 N540X-6Z18G-SYS-A 0.2 StdbyFpgaGolden BS NEED UPGD 0.25 0/RP0 0/RP0/CPU0 N540X-6Z18G-SYS-A 0.2 TamFw S CURRENT 6.05 6.05 0/RP0 0/RP0/CPU0 N540X-6Z18G-SYS-A 0.2 TamFwGolden BS CURRENT 6.05 0/RP0

From the result, verify that all hardware modules that are installed on the chassis are listed. If a module is not listed, it indicates that the module is malfunctioning, or is not installed properly. Remove and reinstall that hardware module.

In the preceding output, some of the significant fields are:

FPD Device—Name of the hardware component, such as IO FPGA, IM FPGA, or BIOS

Note

Golden FPDs are not field upgradable.

Status—Upgrade status of the firmware. The different states are:


Status	Description
CURRENT	The firmware version is the latest version.
READY	The firmware of the FPD is ready for an upgrade.
NOT READY	The firmware of the FPD is not ready for an upgrade.
NEED UPGD	A newer firmware version is available in the installed image. We recommend that you to perform an upgrade of the firmware version.
RLOAD REQ	The upgrade is complete, and the ISO image requires a reload.
UPGD DONE	The firmware upgrade is successful.
UPGD FAIL	The firmware upgrade has failed.
UPGD PREP	The FPD firmware is preparing for upgrade.
BACK IMG	The firmware is corrupt. Reinstall the firmware.
UPGD SKIP	The upgrade is skipped because the installed firmware version is higher than the one available in the image.

Running—Current version of the firmware running on the FPD
Programd—Version of the FPD programmed on the module

Step3

If necessary, upgrade the required firmware.

Example:

Router#upgrade hw-module location all fpd all

Alarms are created showing all modules that needs to be upgraded.

Active Alarms-----------------------------------------------------------------------------------------------------------------Location Severity Group Set Time Description ----------------------------------------------------------------------------------------------------------------- 0/6/CPU0 Major FPD_Infra 09/16/2019 12:34:59 UTC One Or More FPDs Need Upgrade Or Not In Current State 0/10/CPU0 Major FPD_Infra 09/16/2019 12:34:59 UTC One Or More FPDs Need Upgrade Or Not In Current State 0/RP0/CPU0 Major FPD_Infra 09/16/2019 12:34:59 UTC One Or More FPDs Need Upgrade Or Not In Current State 0/RP1/CPU0 Major FPD_Infra 09/16/2019 12:34:59 UTC One Or More FPDs Need Upgrade Or Not In Current State 0/FC0 Major FPD_Infra 09/16/2019 12:34:59 UTC One Or More FPDs Need Upgrade Or Not In Current State 0/FC1 Major FPD_Infra 09/16/2019 12:34:59 UTC One Or More FPDs Need Upgrade Or Not In Current State

Note

BIOS and IOFPGA upgrades require a power cycle of the router for the new version to take effect.

Step4

After the modules are upgraded verify the status of the modules.

Example:

Router#show hw-module fpd FPD Versions =================Location Card type HWver FPD device ATR Status Running Programd-------------------------------------------------------------------------------------0/RP0/CPU0 N540-28Z4C-SYS-A 0.1 IoFpga CURRENT 1.29 1.29 0/RP0/CPU0 N540-28Z4C-SYS-A 0.1 IoFpgaGolden B CURRENT 1.29 0/RP0/CPU0 N540-28Z4C-SYS-A 0.1 Primary-BIOS S CURRENT 1.09 1.09 0/RP0/CPU0 N540-28Z4C-SYS-A 0.1 StdbyFpga S CURRENT 0.29 0.29 0/RP0/CPU0 N540-28Z4C-SYS-A 0.1 StdbyFpgaGolden BS RLOAD REQ 0.01 0/RP0/CPU0 N540-28Z4C-SYS-A 0.1 TamFw S RLOAD REQ 2.04 2.05  0/RP0/CPU0 N540-28Z4C-SYS-A 0.1 TamFwGolden BS RLOAD REQ 0.01

The status of the upgraded nodes show that a reload is required.

Step5

Reload the individual nodes that required an upgrade.

Example:

Router#reload location <node-location>

Step6

Verify that all nodes that required an upgrade show an updated status of CURRENT with an updated FPD version.

Example:

Router#show hw-module fpd FPD Versions =================Location Card type HWver FPD device ATR Status Running Programd-------------------------------------------------------------------------------------0/RP0/CPU0 N540-28Z4C-SYS-A 0.1 IoFpga CURRENT 1.29 1.29 0/RP0/CPU0 N540-28Z4C-SYS-A 0.1 IoFpgaGolden B CURRENT 1.29 0/RP0/CPU0 N540-28Z4C-SYS-A 0.1 Primary-BIOS S CURRENT 1.09 1.09 0/RP0/CPU0 N540-28Z4C-SYS-A 0.1 StdbyFpga S CURRENT 0.29 0.29 0/RP0/CPU0 N540-28Z4C-SYS-A 0.1 StdbyFpgaGolden BS CURRENT 0.01 0/RP0/CPU0 N540-28Z4C-SYS-A 0.1 TamFw S CURRENT 2.05 2.05  0/RP0/CPU0 N540-28Z4C-SYS-A 0.1 TamFwGolden BS CURRENT 0.01

Verify Interface Status on the Cisco NCS 540 Series Router

After the router has booted, all available interfaces must be discovered by the system. If interfaces are not discovered, it might indicate a malfunction in the unit.

Procedure

View the interfaces discovered by the system.

Example:

Router#show ipv4 interfaces brief Interface IP-Address Status Protocol Vrf-Name---------------------------------------------------------------------------------HundredGigE0/0/0/0 unassigned Shutdown Down default HundredGigE0/0/0/1 unassigned Shutdown Down default HundredGigE0/0/0/2 unassigned Shutdown Down default HundredGigE0/0/0/3 unassigned Shutdown Down default HundredGigE0/0/0/4 unassigned Shutdown Down default HundredGigE0/0/0/5 unassigned Shutdown Down default HundredGigE0/0/0/6 unassigned Shutdown Down default HundredGigE0/0/0/7 unassigned Shutdown Down default ------------------------- <snip> ---------------------------------TenGigE0/0/0/18/0 unassigned Up Up default TenGigE0/0/0/18/1 unassigned Up Up default TenGigE0/0/0/18/2 unassigned Up Up default TenGigE0/0/0/18/3 unassigned Up Up default MgmtEth0/RP0/CPU0/0 10.10.10.1 Up Up default

When a router is turned ON for the first time, all interfaces are in the unassigned state. Verify that the total number of interfaces displayed in the result matches with the actual number of interfaces present on the router, and that the interfaces are created according to the type of interface modules displayed in show platform command.

Verify Node Status on Cisco NCS 540 Series Router

Each card on the router represents a node.

Procedure

Verify the operational status of the node.

Example:

Router#show platformNode Type State Config state---------------------------------------------------------------------------0/RP0/CPU0 N540X-16Z4G8Q2C-A(Active) IOS XR RUN NSHUT0/FT0 N540-X-BB-FAN OPERATIONAL NSHUT

Displays the status of nodes present in the chassis.

Verify that the software state of all RPs, LCs, and the hardware state of FCs, FTs, and power modules are listed, and their state is OPERATIONAL. This indicates that the XR console is operational on the cards.

The platform states are described in the following table:

Card Type	State	Description
All	UNKNOWN	Error – Internal card record is not available
All	IDLE	Error – Card state is not initialized
All	DISCOVERED	Card is detected
All	POWERED_ON	Card is powered on
RP, LC	BIOS_READY	Card BIOS is up
RP, LC	IMAGE_INSTALLING	Image is being downloaded or installed
RP, LC	BOOTING	Image is installed and the software is booting up
RP, LC	IOS_XR_RUN	Software is operating normally and is functional
RP, LC	IOS_XR_INITIALIZING	Software is initializing
FC, FT, PT, PM	OPERATIONAL	Card is operating normally and is functional
RP, LC, FC	RESET	Card is undergoing reset
RP, LC	REIMAGE	Card is pending reimage
RP, LC, FC	SHUTTING_DOWN	Card is shutting down as a result of a fault condition, user action or configuration
RP, LC, FC	SHUT_DOWN	Card is shutdown due to a fault condition, user action or configuration
FC	ONLINE	RP is able to access this remote card
LC	DATA_PATH_POWERED_ON	Forwarding complex is powered ON
RP (Active)	SHUTTING_REMOTE_CARDS	Active RP card is in the process of shutting down other cards as part of a chassis reset
RP (Standby), LC, FC	WAITING_FOR_CHASSIS_RESET	Card is shutdown and is waiting for the chassis to be reset
RP, LC	WDOG_STAGE1_TIMEOUT	Card CPU failed to reset the hardware watchdog
RP, LC	WDOG_STAGE2_TIMEOUT	Hardware watchdog has timed out waiting for the card CPU to reset itself
RP, LC, FC	FPD_UPGRADE	One or more FPD upgrades are in progress
FC	CARD_ACCESS_DOWN	RP is unable to access this remote card

Create Users and Assign Privileges on the Cisco NCS 540 Series Router

Users are authenticated using a username and a password. The authentication, authorization, and accounting (AAA) commands help with these services:

create users, groups, command rules, or data rules
change the disaster-recovery password

XR has its AAA separate from Linux. XR AAA is the primary AAA system. A user created through XR can log in directly to the EXEC prompt when connected to the router. A user created through Linux can connect to the router, but arrive at the bash prompt. The user must log in to XR explicitly in order to access the XR EXEC prompt.

Configure AAA authorization to restrict users from uncontrolled access. If AAA authorization is not configured, the command and data rules associated to the groups that are assigned to the user are bypassed. A user can have full read-write access to IOS XR configuration through Network Configuration Protocol (NETCONF), google-defined Remote Procedure Calls (gRPC), or any YANG-based agents. In order to avoid granting uncontrolled access, enable AAA authorization before setting up any configuration. To gain an understanding about AAA, and to explore the AAA services, see the Configuring AAA Services chapter in the System Security Configuration Guide for Cisco NCS 540 Series Routers.

Create a User Profile

Create new users and include the user in a user group with certain privileges. The router supports a maximum of 1024 user profiles.

In this task, you create a user, user1, password for this user, pw123, and assign the user to a group root-lr.

Procedure

Step1	Enter the XR configuration mode. Example: `Router#config`
Step2	Create a new user. Example: `Router(config)#username user1`
Step3	Create a password for the new user. Example: `Router(config-un)#password pw123`
Step4	Assign the user to group `root-lr`. Example: `Router(config-un)#group root-lr` All users have `read` privileges. However, users can be assigned to `root-lr` usergroup. These users inherit the `write` privileges where users can create configurations, create new users, and so on.
Step5	Commit the configuration. Example: `Router(config-un)#commit`

What to do next

With the router set up, you can manage your system, install software packages, and configure your network.

Create a User Group

Create a new user group to associate command rules and data rules with it. The command rules and data rules are enforced on all users that are part of the user group.

The router supports a maximum of 32 user groups.

In this task, you create a group name, group1, and assign a user, user1 to this group.

Before you begin

Create a user profile. See Create a User Profile.

Procedure

Step1	Enter the XR configuration mode. Example: `Router#config`
Step2	Create a new user group, `group1`. Example: `Router#(config)#group group1`
Step3	Specify the name of the user, `user1` to assign to this user group. Example: `Router#(config-GRP)#username user1` You can specify multiple user names enclosed withing double quotes. For example, users "`user1` `user2` `...`" .
Step4	Commit the configuration. Example: `Router#commit`

What to do next

With the router set up, you can manage your system, install software packages, and configure your network.

System Setup and Software Installation Guide for Cisco NCS 540 Series Routers, IOS XR Release 24.1.x, 24.2.x - Setup Cisco NCS 540 Series Routers with XR7 OS [Cisco Network Convergence System 540 Series Routers] (2024)

Bring-up the Cisco NCS 540 Series Router

Boot the Cisco NCS 540 Series Router Using Manual iPXE

Procedure

Example:

Boot the Cisco NCS 540 Series Router Using USB Drive

Before you begin

Procedure

Configure the Management Port on the Cisco NCS 540 Series Router

Before you begin

Procedure

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Synchronize Router Clock with NTP Server

Before you begin

Procedure

Example:

Example:

Example:

Example:

Perform Preliminary Checks with Cisco NCS 540 Series Router

Verify Software Version on Cisco NCS 540 Series Router

Verify Status of Hardware Modules on Cisco NCS 540 Series Router

Before you begin

Procedure

Example:

Example:

Example:

Example:

Example:

Example:

Verify Interface Status on the Cisco NCS 540 Series Router

Procedure

Example:

Verify Node Status on Cisco NCS 540 Series Router

Procedure

Example:

Create Users and Assign Privileges on the Cisco NCS 540 Series Router

Create a User Profile

Procedure

Example:

Example:

Example:

Example:

Example:

What to do next

Create a User Group

Before you begin

Procedure

Example:

Example:

Example:

Example:

What to do next

References