Cisco Systems CL-28826-01 Setting Up CNS on Cisco IOS Routers in Event-Bus Mode

2-9

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter2 Preparing Devices for Management

Setting Up AUS or Configuration Engine

Setting Up CNS on Cisco IOS Routers in Event-Bus Mode

You can configure Cisco IOS routers to use the CNS protocol to contact a Cisco Configuration Engine

for configuration and image updates. The Configuration Engine can operate in two modes, event-bus and

call-home. The following procedure describes how to configure a router to use event-bus mode. For

information on using call-home mode, see Setting Up CNS on Cisco IOS Routers in Call-Home Mode,

page 2-10.

See the Configuration Engine product documentation for more information about configuring and using

the product.

Step 1 Enter configuration mode.

router# config terminal

Step 2 Configure the hostname and domain name if the device is new.

router(config)# hostname name

hostname(config)# ip domain-name your_domain

Step 3 Specify the trusted server for the CNS agent. Enter the IP address of the trusted server.

hostname(config)# cns trusted-server all-agents ip_address

Step 4 Configure the CNS event gateway, which provides CNS event services to Cisco IOS clients. Enter the IP

address of the event gateway, and optionally the port. The default port is either 11011 (with no

encryption) or 11012 (with encryption). Include the encrypt keyword to use an SSL encrypted link to

the event gateway.

hostname(config)# cns event ip_address [encrypt] [port]

Step 5 Start the CNS configuration agent and accept a partial configuration. Include the encrypt keyword to

use an SSL encrypted link to the web server.

hostname(config)# cns config partial ip_address [encrypt]

Step 6 Set the CNS password, which must be the same password configured on the CNS gateway. For

information on how to authenticate a Cisco IOS router on a Configuration Engine, see Cisco

Configuration Engine Administrator Guide at

http://www.cisco.com/en/US/products/sw/netmgtsw/ps4617/prod_maintenance_guides_list.html.

hostname(config)# cns password password

Step 7 Enable and configure the CNS execute agent. Include the encrypt keyword to use an SSL encrypted link

to the exec server. You can specify a port number for the encrypted exchange if you do not want to use

the default port 443.

hostname(config)# cns exec [encrypt [port]]

Step 8 Exit configuration mode and return to Exec mode.

hostname(config)# exit

Step 9 Save the configuration changes.

hostname# write memory