No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eSight V300R010C00SPC200, 300, and 500 Self-Service Integration Guide 11

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Reference Information for nbi_ftp_config_eSight.xml

Reference Information for nbi_ftp_config_eSight.xml

The nbi_ftp_config_eSight.xml file is used to configure FTP server parameters required for the northbound interface.

Path

<Installation directory>/AppBase/etc/oms.nbi/nbi_ftp_config_eSight.xml

Description

Table 5-39 Configuration items in nbi_ftp_config_eSight.xml

Parameter

Description

Mandatory/Optional

Setting

Effective Mode

oms.node.nodeIP

Indicates the listened IP address.

Optional

Data type: dotted decimal notation

Value range: IP address

Default value: none

Restart

oms.node.nodeIPV6

Indicates the listened IPv6 address.

Optional

Data type: string

Value range: IPv6 address

Default value: none

Restart

oms.ftpServer.ftp.enable

Specifies whether to start the FTP server.

NOTE:

FTP is an insecure protocol. SFTP and FTPS are recommended because they are secure.

Mandatory

Data type: boolean

Values:

  • true
  • false

Default value: false

Restart

oms.ftpServer.ftp.listenerPort

Indicates the number of the listening port on the FTP server.

Mandatory

Data type: integer

Value range: 0–65535

Default value: 31921

Restart

oms.ftpServer.ftp.passivePorts

Indicates the ID of the listening port on the passive data link of the FTP server.

Configuration methods are as follows:

This parameter can be set to a single port, an open or closed range, or a combination separated by commas (,).

Example:

2300: Only port 2300 can take effect.

2300-2399: Any port ranging from 2300 to 2399 can take effect.

2300-: Ports greater than 2300 can take effect.

2300,2305,2400-: Ports 2300 and 2305, and ports greater than 2400 can take effect.

Mandatory

Data type: integer

Value range: 0–65535

Default value: 31931

Restart

oms.ftpServer.ftp.maxLinkLimit

Specifies the maximum number of user connections.

Optional

Data type: integer

Value range: 0–65535

Default value:

50

Restart

oms.ftpServer.ftp.idlTime

Specifies the idle time.

Optional

Data type: integer

Value range: 0–65535

Default value: 300

Restart

oms.ftpServer.sftp.enable

Specifies whether to start the SFTP server (FTP server with the SSH encryption mechanism).

Mandatory

Data type: boolean

Values:

  • true
  • false

Default value: false

Restart

oms.ftpServer.sftp.listenerPort

Indicates the number of the listening port on the SFTP server.

Mandatory

Data type: integer

Value range: 0–65535

Default value: 31922

Restart

oms.ftpServer.sftp.CAKeystoreFileName

Indicates the name of the SFTP server CA's key library.

NOTE:
  • The certificate file name must be a string of no more than 20 characters containing letters, digits, and underscores (_). The file name extension must be jks.
  • Set the certificate directory to a path relative to <Installation directory>/AppBase.

Mandatory

Data type: string

Value range: unrestricted

Default value: none

Restart

oms.ftpServer.sftp.CAPass

Indicates the password for the SFTP server CA's key library.

NOTE:

If the SFTP key store password is left blank, security risks will exist. Setting the password is recommended.

The key must be encrypted. The configuration is as follows:
  • In the Windows operating system, the encrypt.bat tool in "<Installation directory>/AppBase/tools/bmetool/encrypt" must be used to encrypt the key.
  • In the Linux operating system, the encrypt.sh tool in "<Installation directory>/AppBase/tools/bmetool/encrypt" must be used to encrypt the key.

Mandatory

Data type: string

Value range: unrestricted

Default value: none

Restart

oms.ftpServer.sftp.keystoreFileName

Indicates the name of the SFTP server key library.

NOTE:
  • The certificate file name must be a string of no more than 20 characters containing letters, digits, and underscores (_). The file name extension must be jks.
  • Set the certificate directory to a path relative to <Installation directory>/AppBase.

Mandatory

Data type: string

Value range: unrestricted

Default value: none

Restart

oms.ftpServer.sftp.sslPassword

Indicates the password for the SFTP server key library.

NOTE:

If the SFTP key store password is left blank, security risks will exist. Setting the password is recommended.

The key must be encrypted. The configuration is as follows:
  • In the Windows operating system, the encrypt.bat tool in "<Installation directory>/AppBase/tools/bmetool/encrypt" must be used to encrypt the key.
  • In the Linux operating system, the encrypt.sh tool in "<Installation directory>/AppBase/tools/bmetool/encrypt" must be used to encrypt the key.

Mandatory

Data type: string

Value range: unrestricted

Default value: none

Restart

oms.ftpServer.sftp.sftpMAC

Indicates the MAC algorithm allowed for the SFTP server. The values can be hmac-sha2-256, hmac-sha2-512, hmac-md5, hmac-sha1, hmac-md5-96, and hmac-sha1-96, which are separated by commas (,).

NOTE:

hmac-md5, hmac-md5-96, and hmac-sha1-96 are not recommended, because they are not secure.

Mandatory

Data type: string

Value range: hmac-sha2-256, hmac-sha2-512, hmac-md5, hmac-sha1, hmac-md5-96, and hmac-sha1-96

Default value: hmac-sha1 and hmac-sha2-256

Restart

oms.ftpServer.sftp.sftpCipher

Indicates the encryption algorithm allowed for the SFTP server. The values can be aes128-ctr, aes256-ctr, arcfour128, arcfour256, aes128-cbc, 3des-cbc, blowfish-cbc, aes192-cbc, and aes256-cbc, which are separated by commas (,).

NOTE:

aes128-cbc, 3des-cbc, blowfish-cbc, aes192-cbc, and aes256-cbc are not recommended, because they are not secure.

Mandatory

Data type: string

Value range: aes128-ctr, aes256-ctr, arcfour128, arcfour256, aes128-cbc, 3des-cbc, blowfish-cbc, aes192-cbc, and aes256-cbc

Default value: aes128-ctr

Restart

oms.ftpServer.sftp.maxLinkLimit

Specifies the maximum number of user connections.

Optional

Data type: integer

Value range: 0–65535

Default value:

50

Restart

oms.ftpServer.sftp.idlTime

Specifies the idle time.

Optional

Data type: integer

Value range: 0–65535

Default value: 300

Restart

oms.ftpServer.lock.lockTime

Indicates the time for locking a user that fails to log in to the FTP server for the specified consecutive times.

This parameter is used to lock users on a channel. For example, if a user fails to log in for to the server over FTP for the specified consecutive times, the user is locked for a duration specified by this parameter and cannot log in over FTP. However, the user can still log in over SFTP.

Mandatory

Data type: integer

Value range: 1–65535

Default value: 5

Restart

oms.ftpServer.lock.failCount

Indicates the maximum number of consecutive FTP login failures. A user will be locked when the number is reached.

This parameter is used to lock users on a channel. For example, if a user fails to log in for to the server over FTP for the consecutive times specified by this parameter, the user is locked and cannot log in over FTP. However, the user can still log in over SFTP.

After the number of specified login failures is reached:

  • If the admin user logs in to the local server, the admin user is not locked.
  • If the admin user logs in to a remote server, the admin user is locked to prevent login to the remote IP address.
  • If a non-admin user logs in to the server, the non-admin user is locked.

Mandatory

Data type: integer

Value range: 1–65535

Default value: 5

Restart

Precautions

  • Do not modify the configuration file unless necessary.
  • When configuring an admin user, you are advised to enable only the northbound FTP/SFTP server. If you enable a southbound server, it will conflict with the northbound admin user.

Configuration Example

<?xml version="1.0" encoding="UTF-8"?>
<config name="oms">
    <config name="node"> 
        <param name="nodeIP"></param>
        <param name="nodeIPV6"></param>
    </config>
    <config name="ftpServer">
        <config name="lock">
            <param name="lockTime">5</param>
            <param name="failCount">5</param>
        </config>
        <config name="ftp">
            <param name="enable">false</param>
            <param name="listenerPort">32066</param>
            <param name="passivePorts">32069,31850~31859</param>
            <param name="maxLinkLimit">50</param>
            <param name="idlTime">300</param>
        </config>
        <config name="sftp">
            <param name="enable">false</param>
            <param name="listenerPort">32067</param>
            <param name="CAKeystoreFileName">etc/certificate/application/ca/caTrustStore.jks</param>
            <param name="CAPass">@010200000000a00e2bd8758bccb07fd2782e596a7f50b2056f12f203cad7abb79ade7de579c7</param>
            <param name="keystoreFileName">etc/certificate/application/outserver/outserverKeyStore.jks</param>
            <param name="sslPassword">@010200000000a00e2bd8758bccb07fd2782e596a7f50b2056f12f203cad7abb79ade7de579c7</param>
            <param name="sftpMAC">hmac-sha1,hmac-sha2-256</param>
            <param name="sftpCipher">aes128-ctr</param>
            <param name="maxLinkLimit">50</param>
            <param name="idlTime">300</param>
        </config>
    </config>
</config>
Download
Updated: 2019-12-13

Document ID: EDOC1100044386

Views: 21499

Downloads: 93

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next