Tag Archives: Licensing

Setup Cisco CSR 1000v

Setup a Cisco CSR 1000v is not much different from i’ve explained with IOS-XRv. This product runs IOS-XE image which is great for my CCIE SP studies. I have in my lab 10 of them using 3.12S, this version has a major change regarding Licensing.

Evaluation Licenses—Cisco IOS XE 3.12S and Earlier

Prior to the Cisco IOS XE 3.13S release, the Cisco CSR 1000V came bundled with a 60-day evaluation license included with the software image, providing:

  • Premium technology package features
  • 50 Mbps maximum throughput

The license is activated by entering the license boot level command and rebooting the router.

When the 60-day evaluation license expires, the maximum throughput reverts to 2.5 Mbps and to the Standard feature set upon reload.

Evaluation Licenses—Cisco IOS XE 3.13S and Later

Beginning with the Cisco IOS XE 3.13S release, the CSR 1000V boots by default with the following features:

  • AX technology package features
  • 100 Kbps maximum throughput

Evaluation License Options

Evaluation licenses valid for 60 days are available at the Cisco licensing portal.

The evaluation license options enable test driving additional technology packages and higher throughputs. (The throughputs available through evaluation licenses are the highest supported throughput levels for the package type.)

  • IPBase Technology package, 10 Gbps
  • SEC Technology package, 5 Gbps
  • APP Technology package, 5 Gbps
  • AX Technology package, 2.5 Gbps
  • 1000 broadband sessions
  • 2 GB memory upgrade



Installation Process….

csr1000v_3 csr1000v_5 csr1000v_6 csr1000v_7

Configuration Options:

  • small—Deploy CSR with: 1 vCPU, 4 GB RAM, 3 vNICs
  • medium—Deploy CSR with: 2 vCPU, 4 GB RAM, 3 vNICs
  • large—Deploy CSR with: 4 vCPU, 4 GB RAM, 3 vNICs
  • xlarge—Deploy CSR with: 4 vCPU, 8 GB RAM, 3 vNICs


  • csr1000v_8 csr1000v_9 csr1000v_10 csr1000v_12 csr1000v_13 csr1000v_14 csr1000v_15

Warning: After deployed, you may have to edit the .vmx file since you can edit it only using vSphere Web client.


CSR-1#show version
Cisco IOS XE Software, Version 03.12.00.S – Standard Support Release
Cisco IOS Software, CSR1000V Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.4(2)S, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Wed 26-Mar-14 21:09 by mcpreCisco IOS-XE software, Copyright (c) 2005-2014 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License (“GPL”) Version 2.0. The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0. For more details, see the
documentation or “License Notice” file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.ROM: IOS-XE ROMMONCSR-1 uptime is 5 days, 22 hours, 21 minutes
Uptime for this control processor is 5 days, 22 hours, 24 minutes
System returned to ROM by reload
System image file is “bootflash:packages.conf”
Last reload reason: <NULL>This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.htmlIf you require further assistance please contact us by sending email to
License Level: limited
License Type: Default. No valid license found.
Next reload license Level: limited
cisco CSR1000V (VXE) processor with 804580K/6147K bytes of memory.
Processor board ID 97XCI7FQG1X
3 Gigabit Ethernet interfaces
32768K bytes of non-volatile configuration memory.
3145728K bytes of physical memory.
7774207K bytes of virtual hard disk at bootflash:.Configuration register is 0x2102
CSR-1#show license
Index 1 Feature: premium
Index 2 Feature: advanced
Index 3 Feature: standard
Index 4 Feature: limited
Index 5 Feature: adv_10M
Index 6 Feature: adv_25M
Index 7 Feature: adv_50M
Index 8 Feature: adv_100M
Index 9 Feature: adv_250M
Index 10 Feature: adv_500M
Index 11 Feature: adv_1G
Index 12 Feature: adv_2500M
Index 13 Feature: adv_5G
Index 14 Feature: adv_10G
Index 15 Feature: csr1kv_internal_test
Index 16 Feature: hseck9
Index 17 Feature: internal_service
Index 18 Feature: prem_10M
Index 19 Feature: prem_25M
Index 20 Feature: prem_50M
Index 21 Feature: prem_100M
Index 22 Feature: prem_250M
Index 23 Feature: prem_500M
Index 24 Feature: prem_500M_8G
Index 25 Feature: prem_1G
Index 26 Feature: prem_1G_16G
Index 27 Feature: prem_2500M
Index 28 Feature: prem_5G
Index 29 Feature: prem_10G
Index 30 Feature: prem_eval
Period left: Not Activated
License Type: Evaluation
License State: Active, Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 31 Feature: std_10M
Index 32 Feature: std_25M
Index 33 Feature: std_50M
Index 34 Feature: std_100M
Index 35 Feature: std_250M
Index 36 Feature: std_500M
Index 37 Feature: std_1G
Index 38 Feature: std_2500M
Index 39 Feature: std_5G
Index 40 Feature: std_10G
Index 41 Feature: stingray

Activate Premium License

CSR-1(config)#license boot level premium
BY ALL THE TERMS SET FORTH HEREIN.Use of this product feature requires an additional license from Cisco,
together with an additional payment. You may use this product feature
on an evaluation basis, without payment to Cisco, for 60 days. Your use
of the product, including during the 60 day evaluation period, is
subject to the Cisco end user license agreement
If you use the product feature beyond the 60 day evaluation period, you
must submit the appropriate payment to Cisco for the license. After the
60 day evaluation period, your use of the product feature will be
governed solely by the Cisco end user license agreement (link above),
together with any supplements relating to such product feature. The
above applies even if the evaluation license is not automatically
terminated and you do not receive any notice of the expiration of the
evaluation period. It is your responsibility to determine when the
evaluation period is complete and you are required to make payment to
Cisco for your use of the product feature beyond the evaluation period.Your acceptance of this agreement for the software features on one
product shall be deemed your acceptance with respect to all such
software on all Cisco products you purchase which includes the same
software. (The foregoing notwithstanding, you must purchase a license
for each software feature you use past the 60 days evaluation period,
so that if you enable a software feature on 1000 devices, you must
purchase 1000 licenses for use past the 60 day evaluation period.)Activation of the software command line interface will be evidence of
your acceptance of this agreement.ACCEPT? (yes/[no]): yes
% use ‘write’ command to make license boot config take effect on next boot

CSR-1(config)#do wr
Building configuration…
CSR-1(config)#do reload
Proceed with reload? [confirm]

After Reboot make sure license was activated

CSR-1#show license
Index 30 Feature: prem_eval
Period left: 8 weeks 3 days
Period Used: 10 minutes 42 seconds
License Type: Evaluation
License State: Active, In Use
License Count: Non-Counted
License Priority: Low

What were you looking? MPLS? OTV? VPN IPsec? LISP? Multicast? VxLAN?

Configure commands:
aaa Authentication, Authorization and Accounting.
access-list Add an access list entry
accounting Policy accounting feature
alg ALG configuration commands
alias Create command alias
alps Configure Airline Protocol Support
ancp Configure ANCP
apollo Apollo global configuration commands
appfw Configure the Application Firewall policy
appletalk Appletalk global configuration commands
arap Appletalk Remote Access Protocol
archive Archive the configuration
arp Set a static ARP entry
async-bootp Modify system bootp parameters
auto Configure Automation
banner Define a login banner
bba-group Configure BBA Group
beep Configure BEEP (Blocks Extensible Exchange Protocol)
bfd BFD configuration commands
bfd-template BFD template configuration
boot Modify system boot parameters
bridge Bridge Group.
bridge-domain Bridge-domain global configuration commands
bstun BSTUN global configuration commands
buffers Adjust system buffer pool parameters
bulkstat Bulkstat Application
busy-message Display message when connection to host fails
call Configure Call parameters
call-home Enter call-home configuration mode
cdp Global CDP configuration subcommands
cef Cisco Express Forwarding
chat-script Define a modem chat script
class-map Configure CPL Class Map
clns Global CLNS configuration subcommands
clock Configure time-of-day clock
cns CNS agents
collector Define a Collector
config-register Define the configuration register
configuration Configuration access
connect cross-connect two interfaces
control-plane Configure control plane services
cops Common Open Policy Service (COPS)
crypto Encryption module
cts Cisco Trusted Security commands
decnet Global DECnet configuration subcommands
default Set a command to its defaults
default-value Default character-bits values
define interface range macro definition
device-sensor IOS Sensor Commands
diagnostic Configure diagnostic information
dialer Dialer commands
dialer-list Create a dialer list entry
dnsix-dmdp Provide DMDP service for DNSIX
dnsix-nat Provide DNSIX service for audit trails
do-exec To run exec commands in config mode
downward-compatible-config Generate a configuration compatible with older software
eap EAP Global Configuration Commands
enable Modify enable password parameters
end Exit from configure mode
ethernet Ethernet configuration
event Event related configuration commands
exception Exception handling
exit Exit from configure mode
facility-alarm Configure facility alarms
fhrp Configure First Hop Redundancy Protocols
file Adjust file system parameters
flow Global Flow configuration subcommands
format Format the output
frame-relay global frame relay configuration commands
glbp Global GLBP configuration commands
global-address-family Enter address-family base routing topology mode
gtp Enable GTP Gn’
help Description of the interactive help system
hostname Set system’s network name
hw-module Control of individual components in the system
id-manager ID Pool Manager
ingress-class-map Ingress Classification Class-map
interface Select an interface to configure
ip Global IP configuration subcommands
ipc Configure IPC system
ipv6 Global IPv6 configuration commands
isis Global ISIS configuration subcommands
issu ISSU config commands
kerberos Configure Kerberos
key Key management
keymap Define a new keymap
kron Kron interval Facility
l2 Layer 2 configuration
l2tp Layer 2 Tunneling Protocol (L2TP) parameters
l2tp-class l2tp-class configuration
l2vpn Layer2 VPN commands
l3vpn l3vpn encapsulation ip commands
lacp LACP configuration
lat DEC Local Area Transport (LAT) transmission protocol
li-view LI View
license Configure license features
line Configure a terminal line
lldp Global LLDP configuration subcommands
lnm IBM Lan Manager
load Load Protocol
locaddr-priority-list Establish queueing priorities based on LU address
location Global location configuration commands
logging Modify message logging facilities
login Enable secure login checking
login-string Define a host-specific login string
mac Global MAC configuration subcommands
map-class Configure static map class
map-list Configure static map list
mcsa Configure mcsa
mediatrace Mediatrace Application
memory Configure memory management
menu Define a user-interface menu
metadata Metadata Application
modemcap Modem Capabilities database
monitor Monitoring different system events
mop Configure the DEC MOP Server
mpls Configure MPLS parameters
multilink PPP multilink global configuration
mvr Enable/Disable MVR on the switch
nat64 NAT64 configuration commands
ncia Native Client Interface Architecture
netbios NETBIOS access control filtering
netconf Configure NETCONF
nmsp NMSP configuration commands
no Negate a command or set its defaults
ntp Configure NTP
object-group Configure ACL Object Group
onep ONEP functionality
otv Configure OTV information
parameter-map parameter map
parser Configure parser
password Configure encryption password (key)
performance Global Performance monitor configuration
pfr Performance Routing configuration submodes
pfr-map Create pfr-map and enter pfr-map command mode
platform platform specific configuration
pnp Configure PNP
policy-map Configure Policy Map
policy-peer External Policy Delegation(EPD) peer parameters
port-channel EtherChannel configuration
ppp PPP global configuration
pppoe PPPoE global configuration
privilege Command privilege parameters
process Configure process
process-max-time Maximum time for process to run before voluntarily relinquishing processor
prompt Set system’s prompt
pseudowire-class Pseudowire-class configuration
pseudowire-static-oam Static PW OAM configuration
pseudowire-tlv Global PW TLV configuration
qos Global QoS configuration subcommands
rbe Commands for Routing RFC 1483 Ethernet encapsulated packets
redirect Configure L4 redirect parameters
redundancy Enter redundancy mode
regexp regexp commands
remote-management Enable the remote managment
resource Configure Embedded Resource Manager (ERM)
resource-group Configure Resource Group settings
resume-string Define a host-specific resume string
rif Source-route RIF cache
rlogin Rlogin configuration commands
rmon Remote Monitoring
route-map Create route-map or enter route-map command mode
route-tag Route Tag
router Enable a routing process
rsrb RSRB LSAP/DSAP filtering
sampler Define a Sampler
sap-priority-list Establish queueing priorities based on SAP and/or MAC address(es)
sasl Configure SASL
scheduler Scheduler parameters
scripting Configure options for scripting languages
security Infra Security CLIs
service Modify use of network based services
service-insertion Service Insertion mode
service-list Enter the service list
service-policy Configure service-policy
service-routing Configure service-routing
service-routing Configure service-routing
sgbp SGBP Stack Group Bidding Protocol configuration
sgcp Enable Simple Gateway Control Protocol
sgi Configure SGI
shell Configure shell command
smrp Simple Multicast Routing Protocol configuration commands
sna Network Management Physical Unit Command
snmp Modify non engine SNMP parameters
snmp-server Modify SNMP engine parameters
sntp Configure SNTP
source-bridge Source-route bridging ring groups
spanning-tree Spanning Tree Subsystem
stacks Configure stacks
standby Global HSRP configuration commands
state-machine Define a TCP dispatch state machine
static-ipfrr Config static ip fast rerouting rules
stun STUN global configuration commands
subscriber Subscriber configuration
subscriber-policy Subscriber policy
tacacs-server Modify TACACS query parameters
tarp Global TARP configuration subcommands
template Select a template to configure
terminal-queue Terminal queue commands
tftp-server Provide TFTP service for netload requests
time-range Define time range entries
tn3270 tn3270 configuration command
track Object tracking configuration commands
translate Translate global configuration commands
transport Configure transport
transport-map Configure transport map
ttycap Define a new termcap
username Establish User Name Authentication
vc-group Define a Frame Relay VC group
vines VINES global configuration commands
virtual-profile Virtual Profile configuration
virtual-service Configure virtual service
virtual-template Virtual Template configuration
vlan VLAN configuration commands
vpdn Virtual Private Dialup Network
vpdn-group VPDN group configuration
vpdn-template vpdn-template configuration
vrf VRF commands
vrrp Global VRRP configuration commands
vrrs vrrs global command
vty-async Enable virtual async line configuration
vxlan Configure VxLAN information
wsma Configure Web Services Management Agents
x25 X.25 Level 3
x29 X29 commands
xconnect Xconnect config commands
xdr Configure XDR parameters
xremote Configure XRemote
zone FW with zoning
zone-pair Zone pair command

Notas Estudo BCVRE 170-010 parte 3

Chapter 7 NAT

3 tipos de NAT:
Source NAT
Destination NAT
Bidirectional NAT – combina a source e destination NAT para translation em ambas as direções

NAT Rulebases

O NAT usa rulebases diferentes para cada tipo de NAT, as rulebases são ordenadas numericamente e quando e feito um match o vRouter termina a execução da respectiva rulebase sem analisar outras rulebases.

Cada rulebase inclui 3 parâmetros:

Filtros, identificando o tráfego a ser Nated. Caso não seja definido nenhum filtro, todo e qualquer tráfego faz match.
Post-translation address, define o IP a ser substituído quando e feito o NAT. A opção masquerade usa o address da interface outbound
A interface onde a rule e aplicada e a direção.Deve ser especificada uma interface.

Caso seja especificado um port number no filtro ou post-translation address, deve ser especificado o Layer 4 protocol (TCP,UDP,ambos)

!NAT do tráfego com origem no source address usando o endereço da interface
[email protected]# show nat source
rule 10 {
source {
outbound-interface eth1
translation {
address masquerade

!Fazer o translate de vários port numbers de um IP Publico para um IP privado
[email protected]# show nat destination
rule 10 {
destination {
port 80
inbound-interface eth1
translation {
protocol tcp
rule 20 {
destination {
port 25
inbound-interface eth1
translation {
protocol tcp
rule 30 {
destination {
port 53
inbound-interface eth1
translation {
protocol udp

[email protected]:~$ show nat source rule
Disabled rules are not shown
Codes: X – exclude rule, M – masquerade rule
rule    intf              translation
—-    —-              ———–
M10     eth1             saddr to
proto-all        sport ANY

[email protected]:~$ show nat destination rules
Disabled rules are not shown
Codes: X – exclude rule
rule    intf              translation
—-    —-              ———–
10      eth1             daddr to
proto-tcp        dport 80
20      eth1             daddr to
proto-tcp        dport 25
30      eth1             daddr to
proto-udp        dport 53

[email protected]:~$ show nat source statistics
rule   pkts    bytes   interface
—-   —-    —–   ———10     528     38349   eth1
20     0       0       eth1
30     1359K   96M     eth1

!Ver as NAT translations activas
[email protected]:~$ show nat source trans
Pre-NAT              Post-NAT             Prot  Timeout       tcp   47       udp   0       udp   49       tcp   431740       tcp   431522       udp   179       tcp   431739       tcp   431988       tcp   431928       tcp   431810       tcp   326344       udp   28       udp   54       udp   179       udp   6       tcp   431848

Exclusion Filters

Permite excluir que sejam efetuados determinados NATs, por exemplo quando existem túneis VPN

Estes filters podem ser criados usando um ! ou “bang” como NOT Operator

[email protected]# show nat destination
rule 10 {
destination {
outbound-interface eth0
rule 40 {
outbound-interface eth0
translation {
address masquerade

Chapter 8 Licensing and Upgrades

Nota:Apartir de 1 Novembro 2013 o entitlement e processo de upgrade descrito neste documento já não se encontra disponível

Para registar o softawre e necessario configurar os seguintes parametros:
• Repository username
• Repository password
• Entitlement key

!Verificar se o vRouter foi registado com o Vyatta entitlement server
show entitlement

Upgrading the vRouter

Para efetuar upgrade usar o comando upgrade system image, este automaticamente
ira efectuar download da nova versão. É necessário ter pre-configurado os username/password de acesso ao repositório, senão serão solicitados os dados durante o upgrade

A imagem do vRouter tem 2 componentes: o próprio software vRouter e os respectivos controladores do Linux (drivers,system,..)
Caso o system template tenha sofrido alterações, e necessário efetuar um upgrade manual senão o processo de upgrade continua normalmente.

O processo manual e similar ao criar uma nova VM com alguns passos adicionais:

1. Download the new template just as you did for your initial installation.
2. Copy the configuration file from your existing virtual machine. You can use SCP or FTP to copy it to an
external server, or use simple copy-paste from a console window.
3. Edit the configuration file to remove the hardware-specific settings. We’ll show you the details of what to
remove on the next screen.
4. Install a new virtual machine using the new template.
5. When your new VM has booted up, copy your edited configuration file to /config/config.boot on the new
system. This is the default configuration file for the vRouter device.
6. Reboot your new VM. When it boots, it will read the hardware values from the hypervisor software, and
pull the rest of the configuration data from the configuration file you just copied over.
7. Once your new VM is fully operational, you can cut over operations from the old VM. This cut over
represents the only downtime your network will experience during the upgrade process, and should be
almost non-disruptive depending on your hypervisor software.
You can verify the success of your device upgrade with the commands  show version and show system image


Notas Estudo BCVRE 170-010 parte 1

Notas Estudo BCVRE 170-010 parte 2

Vyatta vRouter 5400 Online Documentation

Brocade Certified vRouter Engineer 2013 (BCVRE) Exam

Voucher gratuito Brocade Certified vRouter Engineer (BCVRE) 170-010 Exam

Network Functions Virtualization

Certification Brocade Community

Certification Exam Information