No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Network Management and Monitoring

CloudEngine 12800 and 12800E V200R005C10

This document describes the configurations of Network Management and Monitoring, including SNMP, RMON, LLDP, NQA, Service Diagnosis, Mirroring, Packet Capture, sFlow, and NETCONF.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Establishing Communication Between the NMS and a Device Using NETCONF

Example for Establishing Communication Between the NMS and a Device Using NETCONF

Networking Requirements

NETCONF ensures security and extensibility. When the NMS is used to manage network devices, you can use NETCONF to ensure communication between the NMS and the devices.

As shown in Figure 3-9, the NMS is deployed on the netconf_manager that functions as the SSH client. The netconf_agent functions as the SSH server that receives connection requests from and establishes the connection with the SSH client. SSH is a security protocol at the application layer, enhancing the reliability of NETCONF. In this networking, NETCONF is used to manage the configuration of the SSH server.

Figure 3-9 Networking diagram for establishing communication between the NMS and a device using NETCONF

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure an IP address for the management interface of the netconf_agent so that there are reachable Layer 3 routes between the client and server.
  2. Configure virtual type terminal (VTY) user interfaces on the netconf_agent to support SSH so that SSH users can be managed and monitored with better connection security.
  3. Deploy SSH on the netconf_agent to improve NETCONF security.

    1. Create an SSH user.
    2. Create a local RSA key pair.
    3. Configure an authentication mode for the SSH user.
    4. Configure a service type for the SSH user.
  4. Enable NETCONF to allow the client to connect to the server.
  5. Deploy the NMS on the netconf_manager to implement NMS-based network management on the client.
  6. Log in to the netconf_agent using the NMS to manage the configuration remotely.

Procedure

  1. Configure an IP address for the management interface of the netconf_agent.

    <HUAWEI> system-view
    [~HUAWEI] sysname netconf_agent
    [*HUAWEI] commit
    [~netconf_agent] interface meth 0/0/0
    [~netconf_agent-MEth0/0/0] ip address 10.1.1.1 24
    [*netconf_agent-MEth0/0/0] quit

  2. Deploy SSH on the netconf_agent.

    1. Create an SSH user.

      # Create an SSH user named Client001 and set the user password to SetUesrPasswd@123.

      [*netconf_agent] ssh user client001
      [*netconf_agent] aaa
      [*netconf_agent-aaa] local-user client001 password irreversible-cipher SetUesrPasswd@123
      [*netconf_agent-aaa] local-user client001 service-type ssh
      [*netconf_agent-aaa] local-user client001 level 3
      [*netconf_agent-aaa] commit
      [~netconf_agent-aaa] quit
    2. Configure the encryption algorithm list of the SSH server.

      [~netconf_agent] ssh server cipher 3des_cbc aes128_cbc aes128_ctr aes256_cbc aes256_ctr arcfour128 arcfour256 blowfish_cbc des_cbc
    3. Configure an authentication mode for the SSH user.

      [*netconf_agent] ssh user client001 authentication-type password
    4. Configure a service type for the SSH user.

      [*netconf_agent] ssh user client001 service-type snetconf
    NOTE:

    To ensure device security, change the password periodically.

  3. Enable NETCONF on the netconf_agent.

    [*netconf_agent] snetconf server enable
    [*netconf_agent] commit

  4. Deploy the NMS on the netconf_manager.

    For login to remote devices using the NMS, see the relevant usage guide of the NMS.

  5. Log in to the netconf_agent from the netconf_manager using the NMS.

    For login to remote devices using the NMS, see the relevant usage guide of the NMS.

  6. Verify the configuration.

    After the preceding configuration is complete, you can log in to the remote device using NETCONF to manage its configuration remotely.

    NOTE:

    All the following operations are performed on the netconf_agent (SSH server).

    # Run the display ssh user-information command to view SSH user information.

    [~netconf_agent] display ssh user-information
    --------------------------------------------------------------------------------
    User Name             : client001
    Authentication type   : password
    User public key name  : 
    User public key type  : --
    Sftp directory        : flash:
    Service type          : snetconf
    --------------------------------------------------------------------------------
    Total 1, 1 printed

    Run the display ssh server status command to view global configuration of the SSH server.

    [~netconf_agent] display ssh server status
    SSH Version                                : 2.0
    SSH authentication timeout (Seconds)       : 60
    SSH authentication retries (Times)         : 3
    SSH server key generating interval (Hours) : 0
    SSH version 1.x compatibility              : Disable
    SSH server keepalive                       : Disable
    SFTP IPv4 server                           : Disable
    SFTP IPv6 server                           : Disable
    STELNET IPv4 server                        : Disable
    STELNET IPv6 server                        : Disable
    SNETCONF IPv4 server                       : Enable
    SNETCONF IPv6 server                       : Enable
    SNETCONF IPv4 server port(830)             : Disable
    SNETCONF IPv6 server port(830)             : Disable
    SCP IPv4 server                            : Disable
    SCP IPv6 server                            : Disable
    SSH server DES                             : Disable
    SSH IPv4 server port                       : 22
    SSH IPv6 server port                       : 22
    SSH server source address                  : 0.0.0.0
    SSH ipv6 server source address             : 0::0
    SSH ipv6 server source vpnName             :
    ACL name                                   : --
    ACL number                                 : --
    ACL6 name                                  : --
    ACL6 number                                : --
    SSH server ip-block                        : Enable

    # Run the display netconf capability command to view the capabilities that the netconf_agent supports.

    [~netconf_agent] display netconf capability
    --------------------------------------------------
    Capability
    --------------------------------------------------
    urn:ietf:params:netconf:base:1.0
    urn:ietf:params:netconf:base:1.1
    urn:ietf:params:netconf:capability:writable-running:1.0
    urn:ietf:params:netconf:capability:candidate:1.0
    urn:ietf:params:netconf:capability:confirmed-commit:1.0
    urn:ietf:params:netconf:capability:confirmed-commit:1.1
    urn:ietf:params:netconf:capability:rollback-on-error:1.0
    urn:ietf:params:netconf:capability:validate:1.0
    urn:ietf:params:netconf:capability:validate:1.1
    urn:ietf:params:netconf:capability:startup:1.0
    urn:ietf:params:netconf:capability:url:1.0?scheme=file,ftp,sftp
    urn:ietf:params:netconf:capability:xpath:1.0
    urn:ietf:params:netconf:capability:notification:1.0
    urn:ietf:params:netconf:capability:interleave:1.0
    urn:ietf:params:netconf:capability:with-defaults:1.0?basic-mode=report-all&also-supported=report-all-tagged,trim
    urn:ietf:params:netconf:capability:yang-library:1.0?revision=2016-06-21&module-set=660879734
    urn:ietf:params:netconf:capability:notification:2.0
    http://www.huawei.com/netconf/capability/sync/1.0
    http://www.huawei.com/netconf/capability/sync/1.1
    http://www.huawei.com/netconf/capability/sync/1.2
    http://www.huawei.com/netconf/capability/sync/1.3
    http://www.huawei.com/netconf/capability/exchange/1.0
    http://www.huawei.com/netconf/capability/exchange/1.2
    http://www.huawei.com/netconf/capability/active/1.0
    http://www.huawei.com/netconf/capability/action/1.0
    http://www.huawei.com/netconf/capability/discard-commit/1.0
    http://www.huawei.com/netconf/capability/execute-cli/1.0
    http://www.huawei.com/netconf/capability/update/1.0
    http://www.huawei.com/netconf/capability/commit-description/1.0
    --------------------------------------------------
    # Run the display netconf session command to view the NETCONF active session between netconf_agent and netconf_manager.
    [~netconf_agent] display netconf session
    ------------------------------------------------------------------------------------------------------------------------------------
    NETCONF Session ID   : 500
    Transport            : netconf-ssh
    User Name            : client001
    Host Identifier      : 192.168.241.141
    Login Time           : 2017-10-30 20:54:42
    Input Rpc            : 0
    Input Bad Rpc        : 0
    Output Rpc Error     : 0
    Output Notification  : 0
    ------------------------------------------------------------------------------------------------------------------------------------

Configuration file

Configuration file of the netconf_agent

#
sysname netconf_agent
#
aaa
 local-user client001 password irreversible-cipher $1c$jq@D({%F%%$2_o]0cDbL0JfH-77MkA'g<A$.fCo::;5(,*&~}p($
 local-user client001 service-type ssh
 local-user client001 level 3
#
interface MEth0/0/0
 ip address 10.1.1.1 255.255.255.0
#
snetconf server enable
ssh user client001
ssh user client001 authentication-type password
ssh user client001 service-type snetconf
ssh authorization-type default aaa
#
ssh server cipher aes256_ctr aes128_ctr aes256_cbc aes128_cbc arcfour256 arcfour128 3des_cbc blowfish_cbc des_cbc
#
return
Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100075344

Views: 29827

Downloads: 29

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next