No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CX11x, CX31x, CX710 (Earlier Than V6.03), and CX91x Series Switch Modules V100R001C10 Configuration Guide 12

The documents describe the configuration of various services supported by the CX11x&CX31x&CX91x series switch modules The description covers configuration examples and function configurations.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuration Examples

Configuration Examples

The section provides an NETCONF configuration example, including networking requirements, networking diagram, configuration roadmap, and configuration procedure.

Example for Establishing Communication Between the NMS and a Device Using NETCONF

Networking Requirements

NETCONF ensures security and extensibility. When the NMS is used to manage network devices, you can use NETCONF to ensure communication between the NMS and the devices.

As shown in Figure 14-19, the NMS is deployed on the NETCONF manager that functions as the SSH client. The NETCONF agent functions as the SSH server that receives connection requests from and establishes the connection with the SSH client. SSH is a security protocol at the application layer, enhancing the reliability of NETCONF. In this networking, NETCONF is used to manage the configuration of the SSH server.

Figure 14-19 Networking diagram for establishing communication between the NMS and a device using NETCONF

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure an IP address for the management interface of the NETCONF agent so that there are reachable Layer 3 routes between the client and server.
  2. Configure virtual type terminal (VTY) user interfaces on the NETCONF agent to support SSH so that SSH users can be managed and monitored with better connection security.
  3. Deploy SSH on the NETCONF agent to improve NETCONF security.

    1. Create an SSH user.
    2. Create a local RSA key pair.
    3. Configure an authentication mode for the SSH user.
    4. Configure a service type for the SSH user.
  4. Enable NETCONF to allow the client to connect to the server.
  5. Deploy the NMS on the NETCONF manager to implement NMS-based network management on the client.
  6. Log in to the NETCONF agent using the NMS to manage the configuration remotely.

Procedure

  1. Configure an IP address for the management interface of the NETCONF agent.

    <HUAWEI> system-view
    [~HUAWEI] sysname netconf-agent
    [*HUAWEI] commit
    [~netconf-agent] interface meth 0/0/0
    [~netconf-agent-meth0/0/0] ip address 10.1.1.1 24
    [*netconf-agent-meth0/0/0] commit
    [~netconf-agent-meth0/0/0] quit

  2. Deploy SSH on the NETCONF agent.

    1. Create an SSH user.

      # Create an SSH user named Client001 and set the user password to Huawei@123.

      [*netconf-agent] ssh user client001
      [*netconf-agent] aaa
      [*netconf-agent-aaa] local-user client001 password irreversible-cipher Huawei@123
      [*netconf-agent-aaa] local-user client001 service-type ssh
      [*netconf-agent-aaa] commit
      [~netconf-agent-aaa] quit
    2. Configure an authentication mode for the SSH user.

      [~netconf-agent] ssh user client001 authentication-type password
    3. Configure a service type for the SSH user.

      [*netconf-agent] ssh user client001 service-type snetconf

  3. Enable NETCONF on the NETCONF agent.

    [*netconf-agent] snetconf server enable
    [*netconf-agent] commit

  4. Deploy the NMS on the NETCONF manager.

    For login to remote devices using the NMS, see the relevant usage guide of the NMS.

  5. Log in to the NETCONF agent from the NETCONF manager using the NMS.

    For login to remote devices using the NMS, see the relevant usage guide of the NMS.

  6. Verify the configuration.

    After the preceding configuration is complete, you can log in to the remote device using NETCONF to manage its configuration remotely.

    NOTE:

    All the following operations are performed on the NETCONF agent (SSH server).

    # Run the display ssh user-information command to view SSH user information.

    [~netconf-agent] display ssh user-information
    --------------------------------------------------------------------------------
    User Name             : client001
    Authentication-Type   : password
    User-public-key-name  : --
    Sftp-directory        : --
    Service-type          : snetconf
    --------------------------------------------------------------------------------
    Total 1, 1 printed   

    Run the display ssh server status command to view global configuration of the SSH server.

    [~netconf-agent] display ssh server status
    SSH Version                                : 2.0                                
    SSH authentication timeout (Seconds)       : 60                                 
    SSH authentication retries (Times)         : 3                                  
    SSH server key generating interval (Hours) : 0                                  
    SSH version 1.x compatibility              : Disable                            
    SSH server keepalive                       : Disable                             
    SFTP server                                : Disable                             
    STelnet server                             : Disable                             
    SNETCONF server                            : Enable                            
    SNETCONF server port(830)                  : Disable                             
    SCP server                                 : Disable                            
    SSH server DES                             : Disable                            
    SSH server port                            : 22                                 
    SSH server source address                  : 0.0.0.0  
    ACL name                                   : --                                 
    ACL number                                 : --                                 
    ACL6 name                                  : --                                 
    ACL6 number                                : --                                 

    # Run the display netconf capability command to view the capabilities that the NETCONF agent supports.

    [~netconf-agent] display netconf capability
    ----------------------------------                                              
    Capability         Scope   Version                                              
    ----------------------------------                                              
    Base               public  1.0                                                  
    Writable-Running   public  1.0                                                  
    Candidate          public  1.0                                                  
    Confirmed Commit   public  1.0                                                  
    Distinct Startup   public  1.0                                                  
    Rollback on Error  public  1.0                                                  
    Sync               private 1.0                                                  
    Sync               private 1.1                                                  
    Sync               private 1.2                                                  
    Exchange           private 1.0                                                  
    Active             private 1.0                                                  
    Action             private 1.0                                                  
    Discard Commit     private 1.0                                                  
    Execute CLI        private 1.0                                                  
    Update             private 1.0                                                  
    Commit-Description private 1.0                                                  
    Notification       public  1.0                                                  
    Interleave         public  1.0                                                  
    ---------------------------------- 

Configuration file

Configuration file of the NETCONF agent

#
sysname netconf-agent
#
snetconf server enable
ssh user client001
ssh user client001 authentication-type password
ssh user client001 service-type snetconf
#
aaa
 local-user client001 password irreversible-cipher $1a$`-]qQT.JZ($XCDcC^I.%XC%cCA$R.)N'vR(H>kY{!@:gn:\M^o($
 local-user client001 service-type ssh
 #
interface MEth0/0/0
 ip address 10.1.1.1 255.255.255.0
#
return
Translation
Download
Updated: 2019-08-09

Document ID: EDOC1000041694

Views: 58850

Downloads: 3621

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next