5921ESR IntroductoryLab v1

Cisco dCloud
Cisco 5921 Embedded Services Router Introductory Lab –

Installation and Basic Configuration v1 dCloud: The Cisco Demo Cloud
Last Updated: 20-NOVEMBER-2017
About This Solution

This lab features the Cisco 5921 Embedded Services Router (ESR) installed on an Ubuntu core Linux system in a command line
environment. The operating environment for most embedded applications is that of a “black box” with no displays. This lab
highlights the features of this solution, to improve familiarity with the Cisco 5921 ESR. No previous Linux experience is required,
since Router 1 and Router 2 have operational preinstalled Cisco 5921 ESRs. This lab assumes you are familiar with the basics of
the IOS command line for the Integrated Services Routers or Catalyst Switches.
This document will enhance your skills as an integrator by giving a concrete example of how to qualify a Linux embedded core
build for use with the Cisco 5921 Embedded Services Router (ESR), as well as, taking you through the configuration steps of a
Site-to Site VPN over the Cisco 5921 ESR platform.
Since the finished product may take many forms, it is helpful to see how integration partners use this solution. For more
information, please visit our virtual partner community on Cisco DevNet: Finished Products Containing the Cisco 5921 Embedded
Services Router.
About This Lab

This Cisco 5921 Embedded Services Router Lab includes:
 Scenario 1: Solution Demonstration
 Scenario 2: Configure Site-to-Site VPN
Requirements
The table below outlines the requirements for this preconfigured demonstration.
Table 1. Requirements
Required Optional
● Laptop ● Cisco AnyConnect
● Router registered and configured for Cisco dCloud
© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 19
Cisco dCloud
Topology
This content includes preconfigured users and components to illustrate the scripted scenarios and features of the solution. Most
dCloud: The Cisco Demo Cloud
components are fully configurable with predefined administrative user accounts. You can see the IP address and user account
credentials to use to access a component by clicking the component icon in the Topology menu of your active session and in the
scenario steps that require their use.
Figure 1. Topology
Table 2. Demonstration Server Information
Application Version URL Username Password
Ubuntu-32bit without ESR pre-installed (Ubuntu32raw) c5921i86-universalk9-tar.SPA.155-2.T 198.18.134.122 administrator C1sco12345
Ubuntu-32bit with ESR pre-installed (Ubuntu32R-2) c5921i86-universalk9-tar.SPA.155-2.T 198.18.134.121 administrator (Ubuntu) C1sco12345
root (ESR) cisco
Ubuntu-32bit with ESR pre-installed (Ubuntu32R-1) c5921i86-universalk9-tar.SPA.155-2.T 198.18.134.120 administrator (Ubuntu) C1sco12345
root (ESR) cisco
Active Directory (ad1) Windows Server 2008 R2 198.18.133.1 administrator C1sco12345
Workstation 1 (wkst1) Windows 7 Pro 198.18.133.36 DCLOUD\administrator C1sco12345
Cisco dCloud
Get Started
BEFORE PRESENTING
We strongly recommend that you go through this document and work with an active session before presenting in front of a live
audience. This will allow you to become familiar with the structure of the document and content.
PREPARATION IS KEY TO A SUCCESSFUL PRESENTATION.
Follow the steps to schedule a session of the content and configure your presentation environment.
1. Browse to dcloud.cisco.com, select the location closest to you, and log in with your Cisco.com credentials.
2. Register and configure your router if this is the first time you will use the router with dCloud. [Show Me How]
3. Schedule a session. [Show Me How]
4. Test your connection. [Show Me How]
5. Verify that the status of your session is Active in My Dashboard > My Sessions.
NOTE: It may take up to 10 minutes for your session to become active.
6. Click View to open the active session.
7. For best performance, connect to the workstation with Cisco AnyConnect VPN [Show Me How] and the local RDP client on
your laptop [Show Me How]
 Workstation 1: 198.18.133.36, Username: dcloud\administrator, Password: C1sco12345
NOTE: You can also connect to the workstation using the Cisco dCloud Remote Desktop client [Show Me How]. The dCloud
Remote Desktop client works best for accessing an active session with minimal interaction. However, many users experience
connection and performance issues with this method.
Cisco dCloud
Scenario 1. Solution Demonstration

This demonstration begins with two running copies on Ubuntu32w-1 and Ubuntu32w-2. You may simply log into those two routers
to try out features and test router configurations.
Steps
1. Connect to Workstation 1 and once logged into the desktop, double click to launch Multi-Tab PuTTY:
Figure 2. Multi-Tab PuTTY Icon
2. Here you will find preconfigured links to launch SSH sessions to the three Linux VMs. Double-click on these links under
Servers to connect to the corresponding VM.
NOTE: Allow the VM a minute to respond after launching a new session.
Figure 3. Pre-configured PuTTY Sessions
3. The IP addresses for the management ports of the VMs are as follows:
 Ubuntu32 NO ESR installed –198.18.134.122
 Ubuntu32 with ESR - 1 -198.18.134.120
 Ubuntu32 with ESR - 2 -198.18.134.121
Because you are connecting through AnyConnect, you may launch SSH sessions through the SSH client of your choice.
4. Connect to Ubuntu32 with ESR - 1. Double-click on the link to ESR – 1 in PuTTY and it will open up a new tab to the right
with a CLI connection to this VM. Use this method to connect to any of the VMs in this demonstration.
NOTE: CDP does not operate through the virtual switches that connect the routers in the dCloud environment.
You may begin by observing how the IOS file structure is contained within the Linux file structure from an operational perspective.
Cisco dCloud
administrator@ubuntu32:~$ sudo su
[sudo] password for administrator:
Type password C1sco12345.

root@ubuntu32:/home/administrator# cd /opt/cisco/c5921 <- This is the Linux directory where installed

root@ubuntu32:/opt/cisco/c5921# ls –al <- the 5921. Let us have a look.
total 329116
drwxr-xr-x 5 root root 4096 Sep 16 16:32 .
drwxr-xr-x 3 root root 4096 Jul 21 23:22 ..
drwxr-xr-x 2 root root 4096 Jul 21 23:28 c5921i86-universalk9-ms.155-2.T
-r-xr-xr-x 1 root root 150158796 Jul 21 23:29 c5921i86-universalk9-ms.SPA
-rw-r--r-- 1 root root 168263680 Jul 21 23:27 c5921i86-universalk9-tar.SPA.155-2.T
-rwxr-xr-x 1 root root 3266 Sep 3 21:44 c5921-swr-init.sh
drwxr-xr-x 2 root root 4096 Jul 21 23:33 .csl0
drwxr-xr-x 2 root root 4096 Jul 21 23:33 .csl1
-rw-r--r-- 1 root root 132 Sep 16 16:32 .hs_a.pri
-rw-r--r-- 1 root root 132 Sep 16 16:32 .hs_b.pri
-r-xr-xr-x 1 root root 17954572 Jul 21 23:29 libdyncs.so
-rw-r----- 1 root root 524288 Sep 16 09:57 nvram_00100
-rwxr-xr-x 1 root root 489 Sep 3 23:46 staticroutes.sh
-rwxr--r-- 1 root root 1616 Sep 3 09:44 SWROPTIONS
-rwxr--r-- 1 root root 1696 Aug 31 13:04 SWROPTIONS.save
-r-xr-xr-x 1 root root 24752 Jul 21 23:29 swr_reload
-r-xr-xr-x 1 root root 31076 Jul 21 23:29 swrvcon
root@ubuntu32:/opt/cisco/c5921# cd .csl0  The first thing we notice is that there are hidden
root@ubuntu32:/opt/cisco/c5921/.csl0# ls –al  directories that were created by the 5921 when it
total 40  first ran. This is the certificate store.
drwxr-xr-x 2 root root 4096 Jul 21 23:33 .
drwxr-xr-x 5 root root 4096 Sep 16 16:32 ..
-rw-r--r-- 1 root root 123 Aug 28 14:22 c5921.prs
-rw-r--r-- 1 root root 1052 Jul 21 23:33 lservrc.pri
-rw-r--r-- 1 root root 32 Jul 21 23:33 revocationchk.prs
-rw-r--r-- 1 root root 640 Jul 21 23:33 revocationprs.prs
-rw-r--r-- 1 root root 269 Sep 16 09:57 sa.info
-rw-r--r-- 1 root root 32 Jul 21 23:33 trailprschk.prs
-rw-r--r-- 1 root root 760 Jul 21 23:33 trailprs.prs
-rw-r--r-- 1 root root 193 Aug 28 14:22 udi_hist.pri
root@ubuntu32:/opt/cisco/c5921/.csl0# cd ..
root@ubuntu32:/opt/cisco/c5921# ./swrvcon 100  “swrvcon” is software router virtual console
c5921_ubuntu32_1>en
Password:
Password is cisco.
c5921_ubuntu32_1#dir  let us see the file structure from IOS.

Directory of unix:/
18766 -r-x 150158796 Jul 21 2015 22:29:06 -08:00 c5921i86-universalk9-ms.SPA

18774 -rw- 524288 Sep 16 2015 08:57:37 -08:00 nvram_00100
18770 -rwx 3266 Sep 3 2015 20:44:36 -08:00 c5921-swr-init.sh
265620 -rwx 489 Sep 3 2015 22:46:33 -08:00 staticroutes.sh
Cisco dCloud
18765 -rw- 168263680 Jul 21 2015 22:27:27 -08:00 c5921i86-universalk9-tar.SPA.155-2.T

141090 drwx 4096 Jul 21 2015 22:28:01 -08:00 c5921i86-universalk9-ms.155-2.T
141110 drwx 4096 Jul 21 2015 22:33:41 -08:00 .csl1
18768 -r-x 31076 Jul 21 2015 22:29:41 -08:00 swrvcon dCloud: The Cisco Demo Cloud
27 -rw- 132 Sep 16 2015 15:32:28 -08:00 .hs_a.pri
17425 -rwx 1696 Aug 31 2015 12:04:26 -08:00 SWROPTIONS.save
18769 -r-x 24752 Jul 21 2015 22:29:56 -08:00 swr_reload
141109 drwx 4096 Jul 21 2015 22:33:41 -08:00 .csl0
18767 -r-x 17954572 Jul 21 2015 22:29:18 -08:00 libdyncs.so
18771 -rwx 1616 Sep 3 2015 08:44:57 -08:00 SWROPTIONS
25 -rw- 132 Sep 16 2015 15:32:28 -08:00 .hs_b.pri
6207111168 bytes total (4141420544 bytes free)

c5921_ubuntu32_1#cd .csl0
c5921_ubuntu32_1#dir
Directory of unix:/.csl0/
141117 -rw- 32 Jul 21 2015 22:33:41 -08:00 trailprschk.prs

141124 -rw- 269 Sep 16 2015 08:57:30 -08:00 sa.info
141111 -rw- 123 Aug 28 2015 13:22:10 -08:00 c5921.prs
141123 -rw- 193 Aug 28 2015 13:22:10 -08:00 udi_hist.pri
141121 -rw- 32 Jul 21 2015 22:33:41 -08:00 revocationchk.prs
141113 -rw- 1052 Jul 21 2015 22:33:41 -08:00 lservrc.pri
141119 -rw- 640 Jul 21 2015 22:33:41 -08:00 revocationprs.prs
141115 -rw- 760 Jul 21 2015 22:33:41 -08:00 trailprs.prs
6207111168 bytes total (4141420544 bytes free)

c5921_ubuntu32_1#
NOTE: The home directory of the 5921,/opt/cisco/c5921, is the device unix: which would equate to flash: on a typical ISR. The file
nvram_00100 equates to the NVRAM device in an ISR.
5. Review some typical IOS commands.

c5921_ubuntu32_1#sh ver
Cisco IOS Software, C5921 Software (C5921_I86-UNIVERSALK9-M), Version 15.5(2)T, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Wed 25-Mar-15 15:49 by prod_rel_team
ROM: Bootstrap program is Linux
c5921_ubuntu32_1 uptime is 6 hours, 59 minutes

System returned to ROM by reload at 0
System restarted at 08:56:53 PST Wed Sep 16 2015
System image file is "unix:./c5921i86-universalk9-ms.SPA"
Last reload reason: Unknown reason
This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
Cisco dCloud
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html dCloud: The Cisco Demo Cloud
If you require further assistance please contact us by sending email to

export@cisco.com.
Cisco C5921 (Intel-x86) processor with 381079K bytes of memory.

Processor board ID 100
8 Ethernet interfaces
512K bytes of NVRAM.
License Info:
License UDI:
-------------------------------------------------
Device# PID SN
-------------------------------------------------
*0 CISCO5921-K9 91J81443B9I
Packet forwarding: Enabled

Enforced traffic rate: 50 Mbps  Take note of this value, we will be using it later.
Configuration register is 0x0
c5921_ubuntu32_1#sh ip rou  Notice that the IOS command parser behaves exactly as expected.
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Gateway of last resort is 198.18.134.120 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 198.18.134.120

10.0.0.0/32 is subnetted, 2 subnets
C 10.0.0.120 is directly connected, Loopback0
O 10.0.0.121 [110/2] via 172.23.4.2, 07:01:51, Ethernet0/3
[110/2] via 172.23.3.2, 07:01:51, Ethernet0/2
[110/2] via 172.23.2.2, 07:01:51, Ethernet0/1
[110/2] via 172.23.1.121, 07:01:51, Ethernet0/0
172.23.0.0/16 is variably subnetted, 8 subnets, 2 masks
C 172.23.1.0/24 is directly connected, Ethernet0/0
L 172.23.1.120/32 is directly connected, Ethernet0/0
Cisco dCloud

198.18.134.0/32 is subnetted, 1 subnets dCloud: The Cisco Demo Cloud
L 198.18.134.131 is directly connected, Ethernet1/0
c5921_ubuntu32_1#sh ip rou ?  including the “?”
Hostname or A.B.C.D Network to display information about or hostname
application Application routes
bgp Border Gateway Protocol (BGP)
connected Connected
dhcp Show routes added by DHCP Server or Relay
eigrp Enhanced Interior Gateway Routing Protocol (EIGRP)
isis ISO IS-IS
lisp Locator ID Separation Protocol (LISP)
list IP Access list
loops RIB routes forming loops
mobile Mobile routes
multicast Multicast global information
next-hop-override Show next-hop-overrides too
nhrp Next Hop Resolution Protocol (NHRP)
odr On Demand stub Routes
ospf Open Shortest Path First (OSPF)
ospfv3 OSPFv3
profile IP routing table profile
repair-paths Show repair paths too
rip Routing Information Protocol (RIP)
static Static routes
summary Summary of all routes
supernets-only Show supernet entries only
tag Route Tag
track-table Tracked static table
vrf Display routes from a VPN Routing/Forwarding instance
| Output modifiers
<cr>
c5921_ubuntu32_1#sh ip rou os  type the <tab> key to auto fill this command.
c5921_ubuntu32_1#sh ip rou ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Gateway of last resort is 198.18.134.120 to network 0.0.0.0
10.0.0.0/32 is subnetted, 2 subnets

O 10.0.0.121 [110/2] via 172.23.4.2, 07:04:30, Ethernet0/3
[110/2] via 172.23.3.2, 07:04:30, Ethernet0/2
[110/2] via 172.23.2.2, 07:04:30, Ethernet0/1
[110/2] via 172.23.1.121, 07:04:30, Ethernet0/0
c5921_ubuntu32_1#
Cisco dCloud
6. Compare the show running-config command with show running-config brief.
Notice how this:

crypto pki certificate chain SLA-TrustPoint dCloud: The Cisco Demo Cloud
certificate ca 01
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
D697DF7F 28
quit
license udi pid CISCO5921-K9 sn 91J81443B9I
license platform throughput level c5921-x86-level3
!
is reduced to this:
!
crypto pki certificate chain SLA-TrustPoint
certificate ca 01
license udi pid CISCO5921-K9 sn 91J81443B9I
license platform throughput level c5921-x86-level3
!
NOTE: You can also do the opposite, type show running-config all and it will display all the default settings. We will not show
that output here, but you can experiment.
7. Telnet over to the other router.

c5921_ubuntu32_1#telnet 172.23.1.121
Trying 172.23.1.121 ... Open
User Access Verification
Cisco dCloud
Password: <- This password is cisco.

c5921_ubuntu32_2>en
Password: <- This password is cisco. dCloud: The Cisco Demo Cloud
c5921_ubuntu32_2#sh ver
Cisco IOS Software, C5921 Software (C5921_I86-UNIVERSALK9-M), Version 15.5(2)T, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Wed 25-Mar-15 15:49 by prod_rel_team
ROM: Bootstrap program is Linux
c5921_ubuntu32_2 uptime is 7 hours, 24 minutes

System returned to ROM by reload at 0
System restarted at 08:54:50 PST Wed Sep 16 2015
System image file is "unix:./c5921i86-universalk9-ms.SPA"
Last reload reason: Unknown reason
This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to

export@cisco.com.
Cisco C5921 (Intel-x86) processor with 381075K bytes of memory.

Processor board ID 100
4 Ethernet interfaces
512K bytes of NVRAM.
License Info:
License UDI:
-------------------------------------------------
Device# PID SN
-------------------------------------------------
*0 CISCO5921-K9 95O9000IL4J

Enforced traffic rate: 8 Kbps  This is the permanent evaluation mode.
Configuration register is 0x0
c5921_ubuntu32_2#
Cisco dCloud
8. The following commands show the licensing options and enable the 90-day evaluation for the 50 Mbps performance level.
c5921_ubuntu32_2#show platform software license

Current enforcement forwarding rate: 8 Kbps
Unique Device Identifier: CISCO5921-K9:95O9000IL4J
License features supported:

Feature Rate Status
--------------------- --------- ------
c5921-x86-default 8 Kbps In Use
c5921-x86-evaluation 50 Mbps -  This is only used for the classic license model.
c5921-x86-level1 10 Mbps -
c5921_ubuntu32_2#
9. The Classic License model is file-based where the user installs a license key file. When a virtual machine installation is the
operating environment, only cloud based Smart Call Home Client licensing architecture is available. We will turn on level 3
after exploring the details.
c5921_ubuntu32_2#show license tech support
Cisco Smart Licensing Agent, Version 1.0.0_development
Smart Licensing Enabled: Yes
UDI:
PID:CISCO5921-K9,SN:95O9000IL4J
Compliance Status: Evaluation
Entitlement Handle: no entry found
Smart Licensing State: unidentified (2)
Licensing Certificates:
ID Cert Info:
Start Date: Not available. Expiry Date: Not available
Signing Cert Info:
Upcoming Scheduled Jobs:

Certificate Renewal: Not Available
Certificate Expiration: Not Available
Authorization Renewal: Not Available
Authorization Expiration: Not Available
Daily Job: Sep 17 16:54:59 2015 UTC (16 hours, 18 minutes, 27 seconds remaining)
Component Versions: SA:(1_0_4_throttle)1.0.15, SI:(rel20)1.0.0, CH:(rel4)1.0.13, PK:(rel16_twig)1.0.1
Other Tech Support Dump:

Grace period time remaining: Not in use
Cisco dCloud
Eval period time remaining: 90 days, 0 hours, 0 minutes, 0 seconds (Not in use)
Stored State Machine State: 2
Transport Mode: Callhome dCloud: The Cisco Demo Cloud
c5921_ubuntu32_2#
10. Notice that the clock is not running yet. Start it with the following:
c5921_ubuntu32_2#configure terminal
5921_ubuntu32_2(config)#license platform throughput level c5921-x86-level3
c5921_ubuntu32_2(config)#exit
c5921_ubuntu32_2#show platform software license
Current enforcement forwarding rate: 50 Mbps
Unique Device Identifier: CISCO5921-K9:95O9000IL4J
License features supported:

Feature Rate Status
--------------------- --------- ------
c5921-x86-default 8 Kbps -
c5921-x86-evaluation 50 Mbps -
c5921-x86-level3 50 Mbps In Use
c5921_ubuntu32_2#sh lic tech sup

Cisco Smart Licensing Agent, Version 1.0.0_development
Smart Licensing Enabled: Yes
UDI:
PID:CISCO5921-K9,SN:95O9000IL4J
Compliance Status: Evaluation
Entitlement Handle: 1
Entitlement Status: In Use
Tag: regid.2014-08.com.cisco.c5921-x86-level3,1.0_785fc8c0-0f25-4ad5-9397-770c97358bf5
Version: 1.0, Enforce Mode: Eval period
Requested Time: Wed Sep 16 16:40:10.660, Requested Count: 1
Vendor String:
Smart Licensing State: unidentified (2)
Licensing Certificates:
ID Cert Info:
Signing Cert Info:
Upcoming Scheduled Jobs:

Certificate Renewal: Not Available
Cisco dCloud
Certificate Expiration: Not Available

Authorization Renewal: Not Available
Authorization Expiration: Not Available
Daily Job: Sep 17 16:54:59 2015 UTC (16 hours, 12 minutes, 2 seconds remaining) dCloud: The Cisco Demo Cloud
Component Versions: SA:(1_0_4_throttle)1.0.15, SI:(rel20)1.0.0, CH:(rel4)1.0.13, PK:(rel16_twig)1.0.1
Other Tech Support Dump:

Grace period time remaining: Not in use
Eval period time remaining: 89 days, 23 hours, 57 minutes, 12 seconds (In use)
Stored State Machine State: 2
Transport Mode: Callhome
c5921_ubuntu32_2#
11. The 90-day evaluation clock is now counting down.
NOTE: Full entitlement has steps that will tie the license to the organization purchasing the license and the CCO ID of the
authorized administrator as well as the UDI of the product. It is beyond the scope of this demonstration. However, we have
introduced some key concepts and commands pertinent to Smart Licensing.
Cisco dCloud
12. Debug commands are also complete, as one would expect in any other IOS device. Here are an example:
c5921_ubuntu32_2#term mon
c5921_ubuntu32_2#debug ip ospf hello
OSPF hello debugging is on
c5921_ubuntu32_2#
Sep 17 01:02:07.501: OSPF-100 HELLO Et0/3: Rcv hello from 10.0.0.120 area 0 172.23.4.1
Sep 17 01:02:08.453: OSPF-100 HELLO Et0/0: Send hello to 224.0.0.5 area 0 from 172.23.1.121
c5921_ubuntu32_2#undebug all
All possible debugging has been turned off
13. Type exit in order to exit from the Telnet session:

c5921_ubuntu32_2#exit
[Connection to 172.23.1.121 closed by foreign host]
14. You should be now back to ESR - 1:

c5921_ubuntu32_1#
Cisco dCloud
Scenario 2. Configure Site-to-Site VPN

In this lab, you will implement a site-to-site VPN using the Cisco 5921 Embedded Services Router. This lab was derived from a
third party Internet based article, Configuring Site to Site IPSec VPN Tunnel Between Cisco Routers. For an in-depth technical
discussion, please visit the linked website to read the article.
Steps
1. Configure the VPN on the ESR 1, where you are currently logged in, by typing the following commands (also available in the
DevNet Community):
c5921_ubuntu32_1#
c5921_ubuntu32_1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
c5921_ubuntu32_1(config)#
crypto isakmp policy 1

encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key cisco123 address 172.23.1.121
crypto ipsec transform-set myset esp-3des esp-md5-hmac

mode tunnel
crypto map CMAP 10 ipsec-isakmp

set peer 172.23.1.121
set transform-set myset
match address VPN-TRAFFIC
interface Loopback1
description Inside interface
ip address 10.1.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface Ethernet0/0
description Outside interface
ip nat outside
no mop enabled
crypto map CMAP
shutdown
!
Cisco dCloud
shutdown
!
shutdown
router ospf 100

network 10.0.0.0 0.255.255.255 area 0
ip nat inside source list 100 interface Loopback1 overload
ip access-list extended VPN-TRAFFIC

permit ip 10.1.1.0 0.0.0.255 10.2.2.0 0.0.0.255
access-list 100 remark -=[Define NAT Service]=-

access-list 100 deny ip 10.1.1.0 0.0.0.255 10.2.2.0 0.0.0.255
access-list 100 permit ip 10.2.2.0 0.0.0.255 any
2. Connect to ESR -2. Double click on the link to Ubuntu32 with ESR-2 in MultiPUTTY and it will open up a new tab to the right
with a CLI connection to this VM. Let's configure the VPN tunnel on ESR 2, where you are currently logged in, by typing the
following commands (also available in the DevNet Community).
First, access the ESR by using the following commands:

administrator@ubuntu32:/$ sudo su
[sudo] password for administrator:
Type password C1sco12345
root@ubuntu32:/#
root@ubuntu32:/# cd /opt/cisco/c5921/
root@ubuntu32:/opt/cisco/c5921# ./swrvcon 100
c5921_ubuntu32_2>en
Password is cisco
c5921_ubuntu32_2#
c5921_ubuntu32_2#conf t
c5921_ubuntu32_2(config)#
Now, please enter the following commands in order to configure the ESR:
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key cisco123 address 172.23.1.120
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
mode tunnel
!
Cisco dCloud
!
!
crypto map CMAP 10 ipsec-isakmp
set peer 172.23.1.120 dCloud: The Cisco Demo Cloud
set transform-set myset
match address VPN-TRAFFIC
!
interface Loopback1
description Inside interface
ip address 10.2.2.2 255.255.255.0
ip nat inside
description Outside interface
ip nat outside
no mop enabled
crypto map CMAP
ip nat inside source list 100 interface Loopback1 overload
router ospf 100
network 10.0.0.0 0.255.255.255 area 0
ip access-list extended VPN-TRAFFIC

permit ip 10.2.2.0 0.0.0.255 10.1.1.0 0.0.0.255
!
!
!
access-list 100 remark -=[Define NAT Service]=-
access-list 100 deny ip 10.2.2.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 100 permit ip 10.1.1.0 0.0.0.255 any
!
3. Execute the following ping command on ESR - 2 to generate interesting packets to launch the encrypted session:
c5921_ubuntu32_2#ping 10.1.1.1 source loop 1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 10.2.2.2
..!!!
Success rate is 60 percent (3/5), round-trip min/avg/max = 1/1/2 ms
c5921_ubuntu32_2#
4. You can use the following show commands on the Ubuntu32 with ESR - 1 PuTTY console to verify your configuration:
c5921_ubuntu32_1#show crypto session
Crypto session current status
Interface: Ethernet0/0
Cisco dCloud
Session status: UP-ACTIVE

Peer: 172.23.1.121 port 500
Session ID: 0
IKEv1 SA: local 172.23.1.120/500 remote 172.23.1.121/500 Active dCloud: The Cisco Demo Cloud
IPSEC FLOW: permit ip 10.1.1.0/255.255.255.0 10.2.2.0/255.255.255.0
Active SAs: 4, origin: crypto map
c5921_ubuntu32_1#show crypto isakmp sa detail

Codes: C - IKE configuration mode, D - Dead Peer Detection
K - Keepalives, N - NAT-traversal
T - cTCP encapsulation, X - IKE Extended Authentication
psk - Preshared key, rsig - RSA signature
renc - RSA encryption
IPv4 Crypto ISAKMP SA
C-id Local Remote I-VRF Status Encr Hash Auth DH Lifetime Cap.
1001 172.23.1.120 172.23.1.121 ACTIVE aes md5 psk 2 23:08:57

Engine-id:Conn-id = SW:1
IPv6 Crypto ISAKMP SA
c5921_ubuntu32_1# show crypto ipsec sa
interface: Ethernet0/0
Crypto map tag: CMAP, local addr 172.23.1.120
protected vrf: (none)

local ident (addr/mask/prot/port): (10.1.1.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (10.2.2.0/255.255.255.0/0/0)
current_peer 172.23.1.121 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 14, #pkts decrypt: 14, #pkts verify: 14
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 172.23.1.120, remote crypto endpt.: 172.23.1.121

plaintext mtu 1390, path mtu 1500, ip mtu 1500, ip mtu idb Ethernet0/0
current outbound spi: 0x9FF24064(2683453540)
PFS (Y/N): N, DH group: none
inbound esp sas:

spi: 0x1C810439(478217273)
transform: esp-256-aes esp-sha512-hmac ,
in use settings ={Tunnel, }
conn id: 1, flow_id: SW:1, sibling_flags 80000070, crypto map: CMAP
sa timing: remaining key lifetime (k/sec): (4282818/527)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)
inbound ah sas:
spi: 0x87BD5EC6(2277334726)
Cisco dCloud
transform: ah-sha-hmac ,
sa timing: remaining key lifetime (k/sec): (4282818/527) dCloud: The Cisco Demo Cloud
inbound pcp sas:
outbound esp sas:

spi: 0x668F64B(107542091)
transform: esp-256-aes esp-sha512-hmac ,
IV size: 16 bytes
outbound ah sas:
spi: 0x9FF24064(2683453540)
transform: ah-sha-hmac ,
outbound pcp sas:
NOTE: For additional ideas or to contribute some of your own, please visit out DevNet Community called 5921 ESR Development:
https://communities.cisco.com/community/developer/networking/internet-of-things/embedded-networks/5921-esr-development.
For other router configurations to try or if you have created something interesting that you may want to share, please visit:
Contributed Sample Configurations for the 5921
If you would like to share an interesting Python application that works with the 5921, please visit:
Code Drop - 5921 Complementary Applications

5921ESR IntroductoryLab v1

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

5921ESR IntroductoryLab v1

Uploaded by

Copyright:

Available Formats

Cisco dCloud

Cisco 5921 Embedded Services Router Introductory Lab –

Last Updated: 20-NOVEMBER-2017

About This Solution

About This Lab

 Scenario 1: Solution Demonstration

 Scenario 2: Configure Site-to-Site VPN

Table 2. Demonstration Server Information

Application Version URL Username Password

Ubuntu-32bit without ESR pre-installed (Ubuntu32raw) c5921i86-universalk9-tar.SPA.155-2.T 198.18.134.122 administrator C1sco12345

Active Directory (ad1) Windows Server 2008 R2 198.18.133.1 administrator C1sco12345

Workstation 1 (wkst1) Windows 7 Pro 198.18.133.36 DCLOUD\administrator C1sco12345

PREPARATION IS KEY TO A SUCCESSFUL PRESENTATION.

3. Schedule a session. [Show Me How]

4. Test your connection. [Show Me How]

NOTE: It may take up to 10 minutes for your session to become active.

6. Click View to open the active session.

 Workstation 1: 198.18.133.36, Username: dcloud\administrator, Password: C1sco12345

Scenario 1. Solution Demonstration

Figure 2. Multi-Tab PuTTY Icon

NOTE: Allow the VM a minute to respond after launching a new session.

Figure 3. Pre-configured PuTTY Sessions

Type password C1sco12345.

root@ubuntu32:/home/administrator# cd /opt/cisco/c5921 <- This is the Linux directory where installed

c5921_ubuntu32_1#dir  let us see the file structure from IOS.

18766 -r-x 150158796 Jul 21 2015 22:29:06 -08:00 c5921i86-universalk9-ms.SPA

18765 -rw- 168263680 Jul 21 2015 22:27:27 -08:00 c5921i86-universalk9-tar.SPA.155-2.T

6207111168 bytes total (4141420544 bytes free)

141117 -rw- 32 Jul 21 2015 22:33:41 -08:00 trailprschk.prs

6207111168 bytes total (4141420544 bytes free)

5. Review some typical IOS commands.

ROM: Bootstrap program is Linux

c5921_ubuntu32_1 uptime is 6 hours, 59 minutes

This product contains cryptographic features and is subject to United

If you require further assistance please contact us by sending email to

Cisco C5921 (Intel-x86) processor with 381079K bytes of memory.

Packet forwarding: Enabled

Configuration register is 0x0

Gateway of last resort is 198.18.134.120 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 198.18.134.120

C 172.23.4.0/24 is directly connected, Ethernet0/3

Gateway of last resort is 198.18.134.120 to network 0.0.0.0

10.0.0.0/32 is subnetted, 2 subnets

6. Compare the show running-config command with show running-config brief.

Notice how this:

7. Telnet over to the other router.

User Access Verification

Password: <- This password is cisco.

ROM: Bootstrap program is Linux

c5921_ubuntu32_2 uptime is 7 hours, 24 minutes

This product contains cryptographic features and is subject to United

If you require further assistance please contact us by sending email to

Cisco C5921 (Intel-x86) processor with 381075K bytes of memory.

Packet forwarding: Enabled

Configuration register is 0x0

dCloud: The Cisco Demo Cloud

Current enforcement forwarding rate: 8 Kbps

Unique Device Identifier: CISCO5921-K9:95O9000IL4J

License features supported:

Smart Licensing Enabled: Yes

Compliance Status: Evaluation

Entitlement Handle: no entry found

Smart Licensing State: unidentified (2)