Configuring Externally-managed IEs and IRs using CLI - Quick Start Guide

This page serves as a quick start guide for configuring IEs and IRs using CLI. You can simply copy-paste the provided configurations to get started.

Note: To customize the configuration parameters and for more in-depth explanation of the configurations, see the following sections:

Configuring Externally-managed IEs

Prerequisite

  1. Your device must be running IOS-XE version 17.13.1 or above.
  2. Choose the interface you want the device to use for connecting to the cloud.
  3. Ensure that you have already onboarded this device on the IoT OD GUI. For details see, Add a single externally managed device.
  4. Identify the IoT cluster.
    • For US cluster: device-us.ciscoiot.com
    • For EU cluster: device-eu.ciscoiot.com

Steps to configure an un-managed IE device using cellular interface:

For IOS-XE version 17.13.1 or above

! Format/partition the SD card to create the required IOx partition in the card, if not already done. 
! This action erases all data on the card and formats/partitions the card.
format sdflash: ext4
conf t
ip name-server 208.67.222.222 208.67.220.220
vlan 4094
vtp mode transparent
name app-man-native-vlan
interface AppGigabitEthernet1/1
switchport trunk native vlan 4094
switchport mode trunk
iox
username  privilege 15 password 0 
aaa new-model
aaa authentication login default local
aaa authorization exec default local
ip http secure-server
ip http server
ip http authentication local
wsma agent exec
profile exec
wsma profile listener exec
transport http path /wsma/exec
cgna gzip
ida transport-profile wst 
callhome-url wss://device-us.ciscoiot.com/wst/cgna
active
cgna profile cg-nms-register
transport-profile wst
add-command show version | format flash:/managed/odm/cg-nms.odm
add-command show inventory | format flash:/managed/odm/cg-nms.odm
interval 3
url https://odendpoint/cgna/ios/registration
gzip
active

Configuring Externally-managed IRs

Prerequisite

  1. Your device must be running IOS-XE version 17.13.1 or above
  2. Choose the interface you want the device to use for connecting to the cloud.
  3. Ensure that you have already onboarded this device on the IoT OD GUI. For details see, To add a single externally managed device.
  4. Identify the IoT cluster.
    • For US cluster: device-us.ciscoiot.com
    • For EU cluster: device-eu.ciscoiot.com

Steps to configure an un-managed IR device using cellular interface:

For IOS-XE version 17.13.1

conf t
username  privilege 15 password 0 
!Networking configuration for IOx to be functional
ip dhcp pool ioxpool
network 192.168.16.0 255.255.255.0
default-router 192.168.16.1
dns-server 192.168.16.1 8.8.8.8
interface VirtualPortGroup0
description IOx Interface
ip address 192.168.16.1 255.255.255.0
ip nat inside
ipv6 enable
!Replace with your WAN interface for communication with OD
interface Cellular0/1/0
ip nat outside
ip access-list extended NAT_ACL
10 permit ip 192.168.16.0 0.0.0.255 any
!Replace with your WAN interface for communication with OD
route-map RM_WAN_ACL2 permit 10
match ip address NAT_ACL
match interface Cellular0/1/0
!Replace with your WAN interface for communication with OD
ip nat inside source route-map RM_WAN_ACL2 interface Cellular0/1/0 overload
iox
!Configuration to connect device to operations dashboard
aaa new-model
aaa authentication login default local
aaa authorization exec default local
ip http secure-server
ip http server
ip http authentication local
wsma agent exec
profile exec
wsma profile listener exec
transport http path /wsma/exec
cgna gzip
!For EU, use: callhome-url wss://device-eu.ciscoiot.com/wst/cgna
ida transport-profile wst 
callhome-url wss://device-us.ciscoiot.com/wst/cgna
execution-url http://192.168.16.1
remote-trustpoint iotod-cert
active
cgna profile cg-nms-register
transport-profile wst
add-command show version | format flash:/managed/odm/cg-nms.odm
add-command show inventory | format flash:/managed/odm/cg-nms.odm
interval 3
url https://localhost/cgna/ios/registration
gzip
active

! Certificate for IoT OD - Required only for devices running lower than version 17.14.1
crypto pki trustpoint iotod-cert
revocation-check none
crypto pki certificate chain iotod-cert
certificate ca 7D5B5126B476BA11DB74160BBC530DA7
30820613 308203FB A0030201 0202107D 5B5126B4 76BA11DB 74160BBC 530DA730 
0D06092A 864886F7 0D01010C 05003081 88310B30 09060355 04061302 55533113 
30110603 55040813 0A4E6577 204A6572 73657931 14301206 03550407 130B4A65 
72736579 20436974 79311E30 1C060355 040A1315 54686520 55534552 54525553 
54204E65 74776F72 6B312E30 2C060355 04031325 55534552 54727573 74205253 
41204365 72746966 69636174 696F6E20 41757468 6F726974 79301E17 0D313831 
31303230 30303030 305A170D 33303132 33313233 35393539 5A30818F 310B3009 
06035504 06130247 42311B30 19060355 04081312 47726561 74657220 4D616E63 
68657374 65723110 300E0603 55040713 0753616C 666F7264 31183016 06035504 
0A130F53 65637469 676F204C 696D6974 65643137 30350603 55040313 2E536563 
7469676F 20525341 20446F6D 61696E20 56616C69 64617469 6F6E2053 65637572 
65205365 72766572 20434130 82012230 0D06092A 864886F7 0D010101 05000382 
010F0030 82010A02 82010100 D67333D6 D73C20D0 00D21745 B8D63E07 A23FC741 
EE3230C9 B06CFDF4 9FCB1298 0F2D3F8D 4D010C82 0F177F62 2EE9B848 79FB1683 
4EADD732 2593B707 BFB9503F A94CC340 2AE939FF D981CA1F 163241DA 8026B923 
7A87201E E3FF209A 3C95446F 87750690 40B43293 16091008 233ED2DD 870F6F5D 
51146A0A 69C54F01 7269CFD3 934C6D04 A0A31B82 7EB19AB9 EDC59EC5 37789F9A 
0834FB56 2E58C409 0E06645B BC37DCF1 9F2868A8 56B092A3 5C9FBB88 98081B24 
1DAB3085 AEAFB02E 9E7A9DC1 C0421CE2 02F0EAE0 4AD2EF90 0EB4C140 16F06F85 
424A64F7 A430A0FE BF2EA327 5A8E8B58 B8ADC319 178463ED 6F56FD83 CB6034C4 
74BEE69D DBE1E4E5 CA0C5F15 02030100 01A38201 6E308201 6A301F06 03551D23 
04183016 80145379 BF5AAA2B 4ACF5480 E1D89BC0 9DF2B203 66CB301D 0603551D 
0E041604 148D8C5E C454AD8A E177E99B F99B05E1 B8018D61 E1300E06 03551D0F 
0101FF04 04030201 86301206 03551D13 0101FF04 08300601 01FF0201 00301D06 
03551D25 04163014 06082B06 01050507 03010608 2B060105 05070302 301B0603 
551D2004 14301230 06060455 1D200030 08060667 810C0102 01305006 03551D1F 
04493047 3045A043 A041863F 68747470 3A2F2F63 726C2E75 73657274 72757374 
2E636F6D 2F555345 52547275 73745253 41436572 74696669 63617469 6F6E4175 
74686F72 6974792E 63726C30 7606082B 06010505 07010104 6A306830 3F06082B 
06010505 07300286 33687474 703A2F2F 6372742E 75736572 74727573 742E636F 
6D2F5553 45525472 75737452 53414164 64547275 73744341 2E637274 30250608 
2B060105 05073001 86196874 74703A2F 2F6F6373 702E7573 65727472 7573742E 
636F6D30 0D06092A 864886F7 0D01010C 05000382 02010032 BF61BD0E 48C34FC7 
BA474DF8 9C781901 DC131D80 6FFCC370 B4529A31 339A5752 FB319E6B A4EF54AA 
898D4017 68F81110 7CD2CAB1 F15586C7 EEB33691 86F63951 BF46BF0F A0BAB4F7 
7E49C42A 36179EE4 68397AAF 944E566F B27B3BBF 0A86BDCD C5771C03 B838B1A2 
1F5F7EDB 8ADC4648 B6680ACF B2B5B4E2 34E467A9 3866095E D2B8FC9D 283A1740 
27C2724E 29FD213C 7CCF13FB 962CC531 44FD13ED D59BA969 68777CEE E1FFA4F9 
36380853 39A28434 9C19F3BE 0EACD524 37EB23A8 78D0D3E7 EF924764 623922EF 
C6F711BE 2285C666 4424268E 10328DC8 93AE079E 833E2FD9 F9F5468E 63BEC1E6 
B4DCA6CD 21A8860A 95D92E85 261AFDFC B1B65742 6D95D133 F6391406 824138F5 
8F58DC80 5BA4D57D 9578FDA7 9BFFFDC5 A869AB26 E7A7A405 875BA9B7 B8A3200B 
97A94585 DDB38BE5 89378E29 0DFC0617 F638400E 42E41206 FB7BF3C6 116862DF 
E398F413 D8154F8B B169D910 60BC642A EA31B7E4 B5A33A14 9B26E30B 7BFD028E 
B699C138 975936F6 A874A286 B65EEBC6 64EACFA0 A3F96E9E BA2D11B6 86980858 
2DC9AC25 64F25E75 B438C1AE 7F5A4683 EA51CAB6 F1991135 6BA56A7B C600B0E7 
F8BE64B2 ADC8C2F1 ACE351EA A493E079 C8E18140 C90A5BE1 123CC160 2AE397C0 
8942CA94 CF469812 69BB98D0 C2D30D72 4B476EE5 93C43228 638743E4 B0323E0A 
D34BBF23 9B142941 2B9A041F 932DF1C7 39483CAD 5A127F
quit 
end

For IOS-XE version 17.14.1

conf t

username  privilege 15 password 0 

!Networking configuration for IOx to be functional
ip dhcp pool ioxpool
network 192.168.16.0 255.255.255.0
default-router 192.168.16.1
dns-server 192.168.16.1 8.8.8.8

interface VirtualPortGroup0
description IOx Interface
ip address 192.168.16.1 255.255.255.0
ip nat inside
ipv6 enable

!Replace with your WAN interface for communication with OD
interface Cellular0/1/0
ip nat outside

ip access-list extended NAT_ACL
10 permit ip 192.168.16.0 0.0.0.255 any

!Replace with your WAN interface for communication with OD
route-map RM_WAN_ACL2 permit 10
match ip address NAT_ACL
match interface Cellular0/1/0

!Replace with your WAN interface for communication with OD
ip nat inside source route-map RM_WAN_ACL2 interface Cellular0/1/0 overload

iox

!Configuration to connect device to operations dashboard
aaa new-model
aaa authentication login default local
aaa authorization exec default local

ip http secure-server
ip http server
ip http authentication local

wsma agent exec
profile exec

wsma profile listener exec
transport http path /wsma/exec

cgna gzip
!For EU, use: callhome-url wss://device-eu.ciscoiot.com/wst/cgna
ida transport-profile wst 
callhome-url wss://device-us.ciscoiot.com/wst/cgna
active

cgna profile cg-nms-register
transport-profile wst
add-command show version | format flash:/managed/odm/cg-nms.odm
add-command show inventory | format flash:/managed/odm/cg-nms.odm
interval 3
url https://localhost/cgna/ios/registration
gzip
active