Configuring Cloud-based Management
Context
In the Huawei Cloud Managed Network Solution, there are three phases from managed switch deployment to unified device management on the cloud management platform.
Procedure
- Switches change from the traditional management mode to
the cloud-based management mode and obtain the cloud management platform's
address information. This phase can be implemented through DHCP, the
registration query center, or manual configuration (using commands or web
system).
Table 5-5 Methods to obtain the switch management mode and cloud management platform's address information
Method
Configuration Procedure
Scenario
Priority
Through a DHCP server Configure option 148 ascii agilemode=agile-cloud;agilemanage-mode=ip;agilemanage-domain=ip-address;agilemanage-port=port-number on the DHCP server.
- agilemode indicates the device management mode.
- agilemanage-mode indicates whether a switch obtains the cloud management platform's URL or IP address.
- agilemanage-domain indicates the cloud management platform's URL or IP address.
- agilemanage-port indicates the port number used by the cloud management platform.
Ensure that switches are unconfigured and have no input on the console port. After these switches are connected to the network, they automatically change to the cloud-based management mode and obtain the cloud management platform's address information using DHCP. Be aware that the switch automatically restarts during mode change.
This method applies to the cloud managed networks on which devices cannot communicate with the Huawei device registration query center. The cloud management platforms of these networks are often built by enterprises. High priority. This method is preferred if switches can use multiple methods to obtain the switch management mode and cloud management platform's address information.
Through the registration query center Administrators import device information of switches, including the ESN and device type, into the cloud management platform. After the information is imported, the cloud management platform uploads the device ESNs and corresponding cloud management platform's address information to the Huawei device registration query center.
Ensure that switches are unconfigured and have no input on the console port. All the switches that are delivered most recently and support cloud-based management will have the Huawei device registration query center's URL (register.naas.huawei.com) and port number (10020) preconfigured. The switches that were delivered earlier and support cloud-based management do not have the Huawei device registration query center's URL (register.naas.huawei.com) and port number (10020) preconfigured, but can be upgraded to the latest software version to obtain default settings. After switches are connected to the network, they send requests to the registration query center, automatically change to the cloud-based management mode, and obtain the cloud management platform's address information.
If the current switch has changed to the cloud-based management mode but cannot obtain the cloud management platform's address information through DHCP and manual configuration, the switch also sends a request to the registration query center to obtain the cloud management platform's address information. In this situation, the switch does not need to be unconfigured and can have input on the serial port.
Among the switches that were delivered earlier, some devices have the cloud management platform's URL device-naas.huawei.com and port number 10020 configured before delivery. When these switches are upgraded to the latest version, the pre-configured cloud management platform's URL and port number configuration will be generated and the switches will use this configuration to register with the cloud management platform for authentication. If these switches need to obtain the new cloud management platform's URL and port number through the registration query center, run the undo cloud-mng controller ip-address or undo cloud-mng controller url command to delete this configuration.
This method applies to the cloud managed networks on which devices can communicate with the Huawei device registration query center. The cloud management platforms of these networks can be the Huawei public cloud management platform or other cloud management platforms, such as MSP-built (including enterprise-built) cloud management platforms. Low priority
Using commands Run the work-mode cloud-mng command in the user view to change the switch to the cloud-based management mode.
Run the cloud-mng controller ip-address ip-address port port-number command in the system view to configure an IP address for the cloud management platform. Alternatively, run the cloud-mng controller url url-string port port-number command in the system view to configure a URL for the cloud management platform.
A switch can have either the cloud management platform's IP address or URL configured.
If switches cannot automatically change to the cloud-based management mode and dynamically obtain the cloud management platform's address information using the preceding two methods, manually configure the cloud management platform's address information on switches using commands. Medium priority
Through the web system For details about device management mode switching, see Device Working Mode in the S2720, S5700, and S6720 V200R013C00 Web System Guide.
For details about how to obtain the cloud management platform's address information, see Controller Mgmt (Cloud Management Mode) in the S2720, S5700, and S6720 V200R013C00 Web System Guide.
If switches cannot automatically change to the cloud-based management mode and dynamically obtain the cloud management platform's address information using the preceding two methods, manually configure the cloud management platform's address information on switches through the web system. Medium priority
After switches work in cloud-based management mode,
- The switches support only some commands supported in traditional management mode. These commands are mainly used for fault location, including commands used to configure the mirroring function and packet header obtaining function. For details about these commands, see "Commands Supported in Cloud-based Management Mode" in the Licensing Requirements and Limitations for Cloud-based Management - Feature Limitations.
- The management interface of a switch will generate an IP address 192.168.1.253/24 so that you can log in to the switch through the web system, Telnet, or FTP. To log in to a switch through the web system, hold down the MODE button for 6s or longer. For details, see First Login to a Switch in the S2720, S5700, and S6720 V200R013C00 Configuration Guide - Basic Configuration.
- Switches register with the cloud management platform for
authentication and establish NETCONF transmission channels.
NETCONF transmission channels are established over the Secure Shell (SSH) protocol to ensure data transmission security. Therefore, the registration authentication process of switches is SSH-based certificate authentication. Before the authentication, the cloud management platform needs to import the ESN, device type, and CA certificate of each switch. Each switch has a local certificate and CA certificate configured before delivery.
To perform operations on the local certificate of a switch, for example, update the local certificate, you need to run commands or log in to the web system. For details about command settings, see PKI Configuration in the S2720, S5700, and S6720 V200R013C00 Configuration Guide - Security Configuration. For details about web settings, see Certificate Mgmt (Cloud Management Mode) in the S2720, S5700, and S6720 V200R013C00 Web System Guide.
- The cloud management platform manages switches.
For details about how the cloud management platform manages switches, see the documentation of the Huawei Cloud Managed Solution.