2.3.3. Day-1 configuration

Automatic Day-1 configuration

Turbo IPsec includes a Day-1 configuration mechanism that starts a DHCP client on the first interface and enables a SSH server on it, so that the user can remotely access the console.

  1. Check the VRF main state:

    vrouter> show state vrf main
    vrf main
        (...)
        interface
            physical ens3
                oper-status UP
                ipv4
                    address 10.0.2.15/24
                    ..
            (...)
        ssh-server
            port 22
            enabled true
    

Here, we see that the ens3 interface in the main VRF is configured with an IP address and that SSH is enabled. You can jump to Configuring the fast path. If the automatic Day-1 configuration doesn’t match your needs, you can perform manual Day-1 configuration:

Manual Day-1 configuration with static IP address

To configure an address on the management interface and enable SSH from the CLI, proceed as follows:

  1. Start to edit the running configuration:

    vrouter> edit running
    vrouter running config#
    
  2. Create an interface named eth0 on top of the pci-b0s3 port, in the main vrf:

    vrouter running config# vrf main interface physical eth0
    vrouter running physical eth0#! port pci-b0s3
    vrouter running physical eth0# commit
    

    Note

    use show state / network-port to see the list of available network ports with PCI ids; it can help choosing the right management port.

  3. Add an address to the management interface and apply the changes:

    vrouter running physical eth0# ipv4 address 192.168.0.2/24
    vrouter running physical eth0# commit
    
  4. Check that the system state for the new interface is correct:

    vrouter running physical eth0# show state
    physical eth0
         oper-status UP
         enabled true
         mtu 1500
         ipv4
              address 192.168.0.2/24
              (...)
         port pci-b0s3
         (...)
    
  5. Add a default route:

    vrouter running physical eth0# / vrf main routing static
    vrouter running static# ipv4-route 0.0.0.0/0 next-hop 192.168.0.1
    vrouter running static# commit
    
  6. Enable SSH server:

    vrouter running static# / vrf main ssh-server
    vrouter running ssh-server# commit
    vrouter running ssh-server# exit
    

    Now the equipement can be accessed via a remote SSH client at address 192.168.0.2.

  7. To make this configuration applied at each startup, make it the startup configuration:

    vrouter> copy running startup
    Overwrite startup configuration? [y/N] y
    

Manual Day-1 configuration with DHCP

To configure an address and default route via DHCP on the management interface and enable SSH from the CLI, proceed as follows:

  1. Start to edit the running configuration:

    vrouter> edit running
    vrouter running config#
    
  2. Create an interface named eth0 on top of the pci-b0s3 port, in the main vrf:

    vrouter running config# vrf main interface physical eth0
    vrouter running physical eth0#! port pci-b0s3
    vrouter running physical eth0# commit
    

    Note

    use show state / network-port to see the list of available network ports with PCI ids; it can help choosing the right management port.

  3. Enable DHCP on the management interface and apply the changes:

    vrouter running physical eth0# ipv4 dhcp
    vrouter running dhcp# commit
    
  4. Check that the system state for the new interface is correct:

    vrouter running physical eth0# show state
    physical eth0
        (...)
        ipv4
            dhcp
                dhcp-lease-time 7200
                enabled true
                current-lease
                    renew 3 2018/07/04 04:04:15
                    fixed-address 10.0.2.15
                    expire 3 2018/07/04 16:26:02
                    rebind 3 2018/07/04 13:26:02
                    (...)
            address 10.0.2.15/24
            (...)
        port pci-b0s3
        (...)
    
  5. Enable the SSH server:

    vrouter running physical eth0# / vrf main ssh-server
    vrouter running ssh-server# commit
    vrouter running ssh-server# exit
    

    Now the equipement can be accessed via a remote SSH client using the address acquired by DHCP (in our case 10.0.2.15).

  6. To make this configuration applied at each startup, make it the startup configuration:

    vrouter> copy running startup
    Overwrite startup configuration? [y/N] y