Cisco IOS XE

The Problem There are cases where you need the IOS XE Guestshell to have a separate IPv4 address. A recent example for that is enrolling the router to the Webex cloud as a managed gateway. The Solution In the following steps I will show you how to configure the Azure VM for your virtualized router to make this work. Step 1 - Configure Azure There are many ways you can configure things on Azure, I’m going to show the steps on the web portal....

Introduction If you are reading this, chances are you already know what Let’s Encrypt is about. In this case you can simply skip ahead. Otherwise, in their homepage there is a pretty good description: A nonprofit Certificate Authority providing TLS certificates to 300 million websites. 300 million websites. Wow! Wouldn’t it be nice to use these certificates on your Cisco Routers? Good news! You can. The PKI and the business of buying a certificate Nowadays Public Key Infrastructure (in short PKI) is a fundamental presence behind (all?...

If you lose the password of a Catalyst 8000V or CSR1000V running on Azure, and you would like to perform a password recovery on it, this post might be for you. The Basics of Password Recovery There are useful techniques to authenticate an SSH session on a router without using a password. Yet, there are cases where we might have to use password authentication nonetheless. If the password is lost, the next step would be entering ROMmon and perform the usual configuration register change....

When commissioning a new router, you can setup your user for password-less SSH authentication. The only info you need is your public SSH key. The general server side configuration in IOS-XE is all described in the Secure Shell Configuration Guide, and there are very useful security guidelines described in this community blog post (make sure your key complies with the hardened algorithm selection though). Note: I use ECDSA keys because they are shorter, and the IOS-XE CLI appears to better “digest” them ¯\_(ツ)_/¯...