# Basic NSO Usage Load **blank.ssh.enabled.cfg** ``` #IOS-XE config replace flash:blank.ssh.enabled.cfg #IOS-XR configure load bootflash:blank.ssh.enabled.cfg commit replace y ``` This lab has many separate tasks. I have created expandable answers to better format the lab. Simply click the down-arrow to expand the answer block. ## Task 1. Create a new NSO instance (informational) The NSO server is reachable at 10.200.255.16. SSH to it (nso/nso). An instance called **nso-instance** is already created. This first task is informative only, and provides the steps needed to create the instance.
Task 1 Answer ``` # Find the existing package names ls nso-6.1/packages/neds # Source the ncsrc file. This configures environment variables, including adding # path variables. This also adds a PYTHONPATH variable, allowing you to use # the NSO modules for python, which we will look at later. # # Without doing this you will see the following error: # # user@ubuntu22-server:~$ ncs-setup # ncs-setup: command not found source nso-6.1/ncsrc # Create the local installation instance using ncs-setup # If needed, you can use --help ncs-setup --package nso-6.1/packages/neds/cisco-iosxr-cli-7.49 \ --package nso-6.1/packages/neds/cisco-ios-cli-6.92 \ --dest nso-instance # You should now see a dir created called nso-instance1 # This will contain the config file (nsc.conf), packages (with symlinks to the NEDS # referenced in the nsc-setup) and the ncs-cdb ls nso-instance # To start NSO, you must use the "ncs" command from the instance dir. # If you use it outside the directory it won't work. For example: # # user@ubuntu22-server:~$ ncs # Bad configuration: /home/user/nso-6.1/etc/ncs/ncs.conf:0: "./state/packages-in-use: Failed to create symlink: no such file or directory" # Daemon died status=21 cd nso-instance ncs # After a few minutes, ncs will be started. View the status using: ncs --status | head # You should see "status: started" ```
## Task 2. Add Devices Connect to NSO’s CLI. Add all 14 IOS-XE and IOS-XR devices into two separate groups (one for XE and one for XR). Use cisco/cisco for SSH authentication. Create a third group for all devices. Ensure you can connect to all devices. Sync the config from all devices to NSO. All routers have IPs in 10.254.0.<100 + R#> You will also need to add the following line to the NSO config: ``` devices global-settings ssh-algorithms public-key [ ssh-ed25519 ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 rsa-sha2-512 rsa-sha2-256 ssh-rsa ssh-dss ] ```
Task 2 Answer ``` # First connect to NSO's CLI. Use the cisco style with "-C" ncs_cli -C -u admin # Create an auth group which uses cisco/cisco conf devices authgroups group default default-map remote-name cisco default-map remote-password cisco default-map remote-secondary-password cisco commit # Add each device, below is IOS-XE devices device r1 address 10.254.0.101 authgroup default device-type cli ned-id cisco-ios-cli-6.92 device-type cli protocol ssh ssh host-key-verification none state admin-state unlocked # Add IOS-XR devices devices device xr1 address 10.254.0.111 authgroup default device-type cli ned-id cisco-iosxr-cli-7.49 device-type cli protocol ssh ssh host-key-verification none state admin-state unlocked # Add devices to the device groups devices device-group XE device-name r1 ... device-name r10 devices device-group XR device-name xr1 ... device-name xr4 devices device-group ALL device-group XE device-group XR # Connect to all devices devices device-group ALL connect # Sync the config from all devices to NSO devices device-group ALL sync-from # Check the sync state devices device-group ALL check-sync ```
## Task 3. Display router configuration Display the running config of all XE devices, limiting the output to ip addresses. Format the output in json. Do this in one line.
Task 3 Answer ``` show running-config devices device r* config interface GigabitEthernet ip address | display json ``` The running-config of a device in NSO contains the details of the connection to the device, and the full configuration of the device (after it has been synced). For example, we can see the connection details of a device using the following command: ``` admin@ncs# show running-config devices device r1 | de-select config devices device r1 address 10.254.0.101 ssh host-key-verification none authgroup test device-type cli ned-id cisco-ios-cli-6.92 device-type cli protocol ssh state admin-state unlocked ! admin@ncs# ``` The NED handles parsing the synced-from config into modeled data within NSO. This allows us to use powerful filters to extract only certain config items. For example, this shows the config of every Gig interface on router r1. ``` show running-config devices device r1 config interface GigabitEthernet ``` To see this from multiple devices, we can use a wildcard: ``` show running-config devices device * config interface GigabitEthernet ``` To format this in json, we can pipe to “display json”. Other options include “display xml” and “display restconf”. ``` admin@ncs# show running-config devices device * config interface GigabitEthernet | display json { "data": { "tailf-ncs:devices": { "device": [ { "name": "r1", "config": { "tailf-ned-cisco-ios:interface": { "GigabitEthernet": [ { "name": "1", "negotiation": { "auto": true }, "mop": { "xenabled": false, "sysid": false }, "ip": { "no-address": { "address": false } } }, { "name": "1.254", "encapsulation": { "dot1Q": { "vlan-id": 254 } }, "ip": { "address": { "primary": { "address": "10.254.0.101", "mask": "255.255.255.0" } } } }, { "name": "2", ```
## Task 4. Make changes from NSO Set Lo1 on R2 using the following settings: * description MY\_DESCRIPTION * IP address 10.0.0.2/24 Set Lo1 on R3 using the following settings: * description MY\_DESCRIPTION * IP address 10.0.0.3/24
Task 4 Answer ``` devices device r2 config interface Loopback1 description MY_DESCRIPTION ip address 10.0.0.2 255.255.255.0 devices device r3 config interface Loopback1 description MY_DESCRIPTION ip address 10.0.0.3 255.255.255.0 ``` View the staged changes: ``` top commit dry-run outformat native ``` Commit the config: ``` commit ``` R2 and R3 now have the updated config: ``` R2#show run int lo1 interface Loopback1 description MY_DESCRIPTION ip address 10.0.0.2 255.255.255.0 end R3#show run int lo1 interface Loopback1 description MY_DESCRIPTION ip address 10.0.0.3 255.255.255.0 end ```
## Task 5. Rollback changes Rollback the changes that were just made.
Task 5 Answer ``` rollback configuration ``` Check to verify what changes will be pushed to rollback to the previous config. Notice that both R2 and R3 will be rolled back at the same time. ``` admin@ncs(config)# commit dry-run outformat native native { device { name r2 data no interface Loopback1 } device { name r3 data no interface Loopback1 } } ``` Commit and verify the config is gone. ``` commit ``` ``` R2#show run int lo1 ^ % Invalid input detected at '^' marker. R3#show run int lo1 ^ % Invalid input detected at '^' marker. ```
## Task 6. Re-apply changes in two commits Re-add loopback1 to both R2 and R3, but do it in two separate commits.
Task 6 Answer ``` devices device r2 config interface Loopback1 description MY_DESCRIPTION ip address 10.0.0.2 255.255.255.0 commit ! ! devices device r3 config interface Loopback1 description MY_DESCRIPTION ip address 10.0.0.3 255.255.255.0 commit ```
## Task 7. Rollback the last two commits Rollback the last two changes
Task 7 Answer ``` # To rollback to a previous commit that was not the latest commit, # use must display a list of all commits: rollback configuration ? # Select the 2nd-to-bottom commit ID rollback configuration 10040 # Ensure that this will rollback the config as you intend commit dry-run outformat native # Commit commit ```
## Task 8. Obtain XML formatting Create a configuration change again for R2. Do not commit. Instead, obtain the XML formatting for this change.
Task 8 Answer Using **commit dry-run outformat xml** is a handy way to quickly get XML formatting for basic IOS changes. ``` devices device r2 config interface Loopback1 description MY_DESCRIPTION ip address 10.0.0.2 255.255.255.0 # Obtain XML formatting for this config top admin@ncs(config)# commit dry-run outformat xml result-xml { local-node { data r2 1 MY_DESCRIPTION
10.0.0.2
255.255.255.0
} } ```
## Task 9. Create a device config template Create a device config template that sets DNS servers on both IOS-XE and IOS-XR to 8.8.8.8, 1.1.1.1. Apply the template to all devices.
Task 9 Answer Template are very powerful in NSO, because they can handle multiple device types. The device type is automatically determined based on the configuration of the device in NSO, so you can simply apply the single template to all devices, and NSO will automatically apply the correct syntax per-device. ``` # Create template devices template DNS ned-id cisco-ios-cli-6.92 config ip name-server name-server-list 8.8.8.8 ip name-server name-server-list 1.1.1.1 top devices template DNS ned-id cisco-iosxr-cli-7.49 config domain name-server 8.8.8.8 domain name-server 1.1.1.1 # Apply template to the ALL device-group devices device-group ALL apply-template template-name DNS # Check changes commit dry-run outformat native # Apply commit ```
## Task 10. Run an operational show command from NSO Run the command “show ip int br” on all devices from NSO
Task 10 Answer ``` devices device * live-status exec show ip int br ``` The **live-status** feature in NSO allows you to grab live statistics from a device. For example, you can see a device’s IOS interface live stats using the following command: ``` admin@ncs# show devices device r1 live-status ios-stats:interfaces ADMIN TYPE NAME STATUS IP ADDRESS MAC ADDRESS ----------------------------------------------------------------- GigabitEthernet 1 up 10.0.0.15/24 c000.0100.cafe GigabitEthernet 2 up - 0c00.8dd6.1d01 GigabitEthernet 2.254 up 10.254.0.101/24 0c00.8dd6.1d01 ``` NSO also gives you the ability to run arbitrary commands by using the **exec** keyword. Using a wildcard device name allows you to easily run this command against multiple devices at once. ``` admin@ncs# devices device * live-status exec show ip int br devices device r1 live-status exec show result Any interface listed with OK? value "NO" does not have a valid configuration Interface IP-Address OK? Method Status Protocol GigabitEthernet1 10.0.0.15 YES manual up up GigabitEthernet2 unassigned NO unset up up GigabitEthernet2.254 10.254.0.101 YES manual up up R1# devices device r2 live-status exec show result Any interface listed with OK? value "NO" does not have a valid configuration Interface IP-Address OK? Method Status Protocol GigabitEthernet1 10.0.0.15 YES manual up up GigabitEthernet2 unassigned NO unset up up GigabitEthernet2.254 10.254.0.102 YES TFTP up up R2# ```
## Task 11. Compliance report Remove the DNS servers on XR1 and R1 ``` #XR1 no domain name-server 8.8.8.8 no domain name-server 1.1.1.1 #R1 no ip name-server 8.8.8.8 1.1.1.1 ``` Sync the config from all devices again on NSO. Create a compliance report on NSO that finds discrepancies in the DNS server settings among all devices. Output the results in HTML.
Task 11 Answer ``` devices device-group ALL sync-from config compliance reports report DNS-CHECK compare-template DNS ALL commit end compliance reports report DNS-CHECK run outformat html ``` NSO will give you a URL you can navigate to: ``` admin@ncs# compliance reports report DNS-CHECK run outformat html time 2023-12-16T16:46:27.115924+00:00 compliance-status violations info Checking no devices and no services location http://localhost:8080/compliance-reports/report_2023-12-16T16:46:27.115924+00:00.html ``` You can view this by browsing this URL, changing [**localhost**](http://localhost/) to 10.200.255.16. You will need to login first, using **admin/admin**.
To fix the issues, you can simply apply the template again to all devices: ``` devices device-group ALL apply-template template-name DNS ``` You can check compliance agan, and you should see no violations. Note that you did not need to sync config again after making the changes.
--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://ccie-sp.gitbook.io/ccie-spv5.1-labs/labs/nso/basic-nso-usage.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.