No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Network Management and Monitoring

CloudEngine 12800 and 12800E V200R005C10

This document describes the configurations of Network Management and Monitoring, including SNMP, RMON, LLDP, NQA, Service Diagnosis, Mirroring, Packet Capture, sFlow, and NETCONF.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring NACM

Configuring NACM

To improve NETCONF device security, configure NACM to control user permissions for performing NETCONF operations and accessing NETCONF resources.

Context

NACM is an IETF-defined flexible access control method. It allows you to define NACM rules to control specific users' permissions for performing NETCONF operations and accessing NETCONF resources.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run netconf

    The NETCON view is displayed.

  3. Run nacm

    The NACM view is displayed.

  4. Run nacm enable

    The NACM function is enabled.

    By default, the NACM function is disabled.

  5. (Option) Run read-default permit

    Users are enabled to perform query operations.

    By default, users' permission to perform query operations is disabled.

  6. (Option) Run write-default permit

    Users are enabled to perform configuration operations.

    By default, users' permission to perform configuration operations is disabled.

  7. (Option) Run execute-default permit

    Users are enabled to have the default execution permission for RPC operations.

    By default, users have the default execution permission for RPC operations.

  8. Run group-name group-name

    An NACM user group is created, and the NACM user group view is displayed.

    By default, no NACM user group is created.

  9. Run user-name user-name

    A user is specified for the NACM user group.

    By default, no NACM user is specified for an NACM user group.

  10. Run quit

    Exit the NACM user group view.

  11. Run rule-list-name rule-list-name

    An NACM rule list is created, and the NACM rule list view is displayed.

    By default, no NACM rule list is created.

  12. Run group group-name

    The NACM user group is associated with the NACM authentication rule list.

    By default, no NACM user group is associated with an NACM authentication rule list.

  13. Run rule-name rule-name action action

    A name is set for an NACM rule in the NACM rule list view.

    By default, no name is set for an NACM rule.

  14. (Option) Run description description

    A description is configured for the NACM rule.

    By default, no description is configured for an NACM rule.

  15. Run module-name module-name

    The name of a feature module is specified in the NACM rule.

    By default, the feature module name is an asterisk (*), indicating all features.

  16. Run rule-type { rpc-name rpc-name | notification-name notification-name | path path }

    A type is specified for the NACM rule.

    By default, no type is specified for an NACM rule.

  17. Run access-operation { { create | read | update | delete | exec } * | * }

    Access operations are configured.

  18. Run commit

    The configuration is committed.

Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100075344

Views: 20985

Downloads: 22

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next