CGE SDK Starter Kit: Connect to CG-REDI

Document created by mathaker on Aug 22, 2014Last modified by mathaker on Sep 18, 2014
Version 2Show Document
  • View in full screen mode

After your starter kit prototype boards have formed WPAN adjacencies with your CGR 1000 as outlined here, follow these next steps to obtain IP addresses for them from Cisco's hosted head end for CGE developers and to move forward with end-to-end communications with your starter kit.

Step 1 Assemble the end-to-end starter kit topology

By following the steps outlined on this web page, you will be assembling the network topology depicted below. This topology is explained in more detail on this web page: Starter Kit

 

Step 2 Connect your CGR to the Internet

 

Requirements:

For CG-OS:

  1. You will need a static IPv4 address (may be granted by DHCP, but the address leased must not change).
  2. This IPv4 address must be globally routable and not behind a NAT/PAT device.
  3. Your company firewall needs to allow incoming IPSec negotiation and traffic. A complete list of ports and protocols required to pass through the firewall is listed here: CG-REDI Protocols and Ports

For IOS:

  1. For CGR1000 series routers with IOS, obtain an IPv4 address that can reach Internet destinations, specifically CGR should still be able to reach the CG-REDI Head-End Router (cgredi-her1.cisco.com or 173.36.209.70). IPv4 address does not need to be globally routable. The CGR can be configured to be in a private address space behind a NAT router including Port Address Translations (PAT).
  2. Your company firewall needs to allow incoming IPSec negotiation and traffic. A complete list of ports and protocols required to pass through the firewall is listed here: CG-REDI Protocols and Ports

What you must do:

  1. Arrange for the above requirements to be met.  You may need to consult your company's IT department.
  2. Connect your CGR to the Internet using one of these interfaces
    1. Cellular 3/1
    2. Ethernet 2/1 through Ethernet 2/6 on CG-OS, OR
    3. GigabitEthernet 2/1-2 or FastEthernet2/3-6 on IOS

Step 3 Configure your CGR

After accomplishing the above, you must next configure your CGR so that Cisco may have remote access to it to complete the remaining configuration needed for it to connect to CG-REDI.  Please do the following:

  1. Connect to the CGR's console interface using a PC and the blue serial cable provided with your CGR.
  2. Configure the interface to the Internet:

For CG-OS:

CommandExplanation
conf termEnter configuration mode
username admin password cisco123Create the "admin" user and password
line vtyEnable remote login
exec-timeout 0disble remote login timeout
interface eth2/1Begin configuring the interface for connection with ISP.  If you connected another ethernet interface please substitute it's name in this command.
ip address 172.27.170.127/24Set I/F IPv4 address. Substitute IPv4 address here with global static Internet routable IPv4 address assigned by ISP.
no shutdownEnable interface
exitExit interface configuration
ip route 0.0.0.0/0 172.27.170.1Set default route.  Substitute the gateway address from your ISP.
exitExit configuration
copy running startupSave Config in Flash memory -- This may be deferred till all the configs have been tested.

For IOS:

CommandExplanation
enableEnter privilege execution mode
conf termEnter configuration mode
enable password cisco123create enable password
username admin password cisco123Create the "admin" user and password
crypto key generate rsa modulus 1024 label SSHCreate RSA keys for SSH
ip ssh rsa keypair-name SSHAssociate the RSA keys with SSH
ip ssh version 2Enable SSH version 2
line vty 0 4Enable remote login
transport input ssh telnetEnable SSH access on the lines
exec-timeout 0disble remote login timeout
interface GigabitEthernet2/1Begin configuring the interface for connection with ISP.  If you connected another ethernet interface please substitute it's name in this command.
no switchportConvert interface to Layer 3
ip address 172.27.170.127 255.255.255.0Set I/F IPv4 address. Substitute IPv4 address and mask here with IPv4 address (global static or private)
no shutdownEnable interface
exitExit interface configuration
ip route 0.0.0.0 0.0.0.0 172.27.170.1Set default route.  Substitute the gateway address.
exitExit configuration
copy running startupSave Config in Flash memory -- This may be deferred till all the configs have been tested.
  1. Test the CGR's Internet connectivity by "Ping"ing the CGR at the global static IP address from another computer.  If not successful, please contact your IT department for help.
  2. Test the remote access to the CGR by using ssh to login to it over the Internet using the "admin" user and password you configured above.  If not successful, please verify with IT whether inbound TCP traffic with destination port 22 is allowed for SSH access. For complete list of ports and protocols required for CG-REDI connection, refer: CG-REDI Protocols and Ports
  3. If the above step is successful, please contact us.  We will need to add additional configurations to your CGR before you can proceed further!  We will add these configurations by remotely connecting to your CGR from Cisco using SSH.  Please send us the IP address and the ssh login and password.  The configurations we add will establish a secure tunnel to our CG-REDI head end over the interface you have just configured.

Step 4 Verify DHCP address grant

  1. Please power cycle the endpoints.
  2. Wait up to 30 minutes.
  3. Check to see if the endpoints have IPv6 addresses:
    1. At the console, type: "show rpl dag 1 atable"
    2. You should see something like this:
FAR-1240-CDN1-AS2# show rpl dag 1 atable
-------------------------------- RPL TREE TABLE --------------------------------
NODE_IPADDR                             NEXTHOP_IP                              LAST_HEARD
2001:db8:3:5:1:3b0b:28:3b               2001:db8:3:5::                          21:17:00
2001:db8:3:5:1:3b0b:2e:37               2001:db8:3:5::                          21:14:18
2001:db8:3:5:1:3b0b:41:36               2001:db8:3:5::                          21:26:11
2001:db8:3:5:1:3b0c:39:26               2001:db8:3:5:1:3b0b:41:36               21:20:05
2001:db8:35:5000::1/128                 2001:db8:3:5:1:3b0b:2e:37               21:14:18   #
2001:db8:35:5000::2/128                 2001:db8:3:5:1:3b0b:28:3b               21:17:00   #
2001:db8:35:5000::3/128                 2001:db8:3:5:1:3b0b:41:36               21:26:11   #
2001:db8:35:5000::4/128                 2001:db8:3:5:1:3b0c:39:26               21:20:05   #
Number of Entries in RPL TREE TABLE: 8 (external 4)
This example shows 4 endpoints with unicast IP addresses as well as delegated prefixes. Congratulations!  Your endpoints have successfully connected with the Cisco CG-REDI head end.

Step 5 Connect your PC to CG-REDI using Cisco AnyConnect VPN

  1. Contact us to obtain a username and password for connecting to the CG-REDI infrastructure using Cisco AnyConnect VPN client.
  2. Follow the instructions given here to connect your PC to CG-REDI: SSL VPN connection to CG-REDI.  NOTE: the "Application Server" referred to in the these instructions will be your PC for this step.

Step 6 Test IP connectivity from your PC to your endpoints via CG-REDI

After establishing the Cisco AnyConnect VPN connection from your PC to CG-REDI (see above step), you should be able to ping your endpoints from your PC using their IPv6 address, which can be found as shown in step 3 above.  The syntax of the ping command will depend on your PC environment -- Windows, Mac OS, Linux.

Step 7 Connect to your CG-NMS

Next, you must configure and manage your endpoints using the Cisco Connected Grid Network management System (CG-NMS).

If you have come this far, we will have created your company's instance of the CG-NMS in CG-REDI.  Please contact us for your CG-NMS credentials.  To connect to that CG-NMS and its web GUI interface, see instructions here: CG-NMS Access using Clientless SSL VPN

Finally, once you have successfully connected to the CG-NMS with your web browser, here are the instructions on how to configure and manage your endpoints in CG-NMS:  CG-NMS

Attachments

    Outcomes