2.3.2. Day-1 configuration¶
Automatic Day-1 configuration¶
Turbo IPsec includes a Day-1 configuration mechanism that starts a DHCP client on the first interface and enables a SSH server on it, so that the user can remotely access the console.
Check the VRF main state:
vrouter> show state vrf main vrf main (...) interface physical ens3 oper-status UP ipv4 address 10.0.2.15/24 .. (...) ssh-server port 22 enabled true
Here, we see that the ens3
interface in the main
VRF is configured with
an IP address and that SSH is enabled. You can jump to Configuring the fast path. If the
automatic Day-1 configuration doesn’t match your needs, you can perform manual
Day-1 configuration:
Manual Day-1 configuration with static IP address¶
To configure an address on the management interface and enable SSH from the CLI, proceed as follows:
Start to edit the running configuration:
vrouter> edit running vrouter running config#
Create an interface named
eth0
on top of thepci-b0s3
port, in themain
vrf:vrouter running config# vrf main interface physical eth0 vrouter running physical eth0#! port pci-b0s3 vrouter running physical eth0# commit
Note
use
show state / network-port
to see the list of available network ports with PCI ids; it can help choosing the right management port.Add an address to the management interface and apply the changes:
vrouter running physical eth0# ipv4 address 192.168.0.2/24 vrouter running physical eth0# commit
Check that the system state for the new interface is correct:
vrouter running physical eth0# show state physical eth0 oper-status UP enabled true mtu 1500 ipv4 address 192.168.0.2/24 (...) port pci-b0s3 (...)
Add a default route:
vrouter running physical eth0# / vrf main routing static vrouter running static# ipv4-route 0.0.0.0/0 next-hop 192.168.0.1 vrouter running static# commit
Enable SSH server:
vrouter running static# / vrf main ssh-server vrouter running ssh-server# commit vrouter running ssh-server# exit
Now the equipement can be accessed via a remote SSH client at address
192.168.0.2
.To make this configuration applied at each startup, make it the
startup
configuration:vrouter> copy running startup Overwrite startup configuration? [y/N] y
Manual Day-1 configuration with DHCP¶
To configure an address and default route via DHCP on the management interface and enable SSH from the CLI, proceed as follows:
Start to edit the running configuration:
vrouter> edit running vrouter running config#
Create an interface named
eth0
on top of thepci-b0s3
port, in themain
vrf:vrouter running config# vrf main interface physical eth0 vrouter running physical eth0#! port pci-b0s3 vrouter running physical eth0# commit
Note
use
show state / network-port
to see the list of available network ports with PCI ids; it can help choosing the right management port.Enable DHCP on the management interface and apply the changes:
vrouter running physical eth0# ipv4 dhcp vrouter running dhcp# commit
Check that the system state for the new interface is correct:
vrouter running physical eth0# show state physical eth0 (...) ipv4 dhcp dhcp-lease-time 7200 enabled true current-lease renew 3 2018/07/04 04:04:15 fixed-address 10.0.2.15 expire 3 2018/07/04 16:26:02 rebind 3 2018/07/04 13:26:02 (...) address 10.0.2.15/24 (...) port pci-b0s3 (...)
Enable the SSH server:
vrouter running physical eth0# / vrf main ssh-server vrouter running ssh-server# commit vrouter running ssh-server# exit
Now the equipement can be accessed via a remote SSH client using the address acquired by DHCP (in our case
10.0.2.15
).To make this configuration applied at each startup, make it the
startup
configuration:vrouter> copy running startup Overwrite startup configuration? [y/N] y