Basic Procedure
In NETCONF over SSH Callhome mode, switches proactively set up NETCONF sessions with iMaster NCE-Campus. The procedure consists of three phases.
Phase 1: Switches Obtain the NETCONF Enabling Configuration and iMaster NCE-Campus's Address Information
Switches need to have the NETCONF function enabled, and obtain the URL/IP address and port number of iMaster NCE-Campus. Then these switches are ready to communicate with iMaster NCE-Campus. Table 14-6 describes the methods for switches to enable NETCONF and obtain iMaster NCE-Campus's address information.
Method |
Description |
Scenario |
Priority |
|---|---|---|---|
Option 148 is configured on a DHCP server to contain the NETCONF enabling configuration and iMaster NCE-Campus's address information. Switches obtain the information from the DHCP server. |
This method applies to campus networks on which devices cannot communicate with the registration query center. iMaster NCE-Campus for these networks is often built by enterprises. |
High priority. This method is preferred if switches can use multiple methods to enable NETCONF and obtain iMaster NCE-Campus's address information. |
|
The DHCP server is configured with the DNS mapping between the URL and IP address of the registration query center. The switch accesses the registration query center using the registration query center URL and port number obtained through pre-configuration or software upgrade. If a switch cannot obtain the NETCONF enabling status and iMaster NCE-Campus address information through Option 148 from the DHCP server, the switch sends a query request to the registration query center to obtain the information based on its ESN. |
This method applies to campus networks on which devices can communicate with the registration query center. The management platforms for these networks can be the Huawei iMaster NCE-Campus or other management platforms, such as MSP-built and enterprise-built management platforms. |
Low priority. |
|
Using commands or the web system |
Users manually configure the iMaster NCE-Campus's address information on switches. |
If switches cannot automatically enable the NETCONF function or dynamically obtain the iMaster NCE-Campus's address information using the preceding two methods, manually enable NETCONF and configure the iMaster NCE-Campus's address information on the switches through commands or the web system. |
Medium priority. |
Phase 2: Switches Register with iMaster NCE-Campus
Before a switch registers with iMaster NCE-Campus, iMaster NCE-Campus has imported the following information about each switch: chassis ESN, device type, binding between slots and card names, and CA certificate. Each switch has a local certificate and CA certificate configured before delivery.
- The switch uses its chassis ESN to register with iMaster NCE-Campus for authentication. If iMaster NCE-Campus does not have the switch's chassis ESN, the switch cannot register with iMaster NCE-Campus.
- When an LPU finishes starting and registers with the MPU of the switch, the MPU instructs iMaster NCE-Campus to register the LPU. When the name of a card registered in a slot is consistent with the binding between the slot and card name preconfigured on iMaster NCE-Campus, the card can register with iMaster NCE-Campus. If information inconsistency occurs, the card cannot be registered.
- If the binding between a slot and a card name is not preconfigured on iMaster NCE-Campus, the card can register with iMaster NCE-Campus and the binding between the slot and the card name is fixed after the registration. iMaster NCE-Campus delivers all the preconfigurations to the switch only when all the cards preconfigured on iMaster NCE-Campus are registered.
For details about registration authentication on switches, see PKI Configuration in the S12700 and S12700E V200R019C10 Configuration Guide - Security.
- If a user configures the iMaster NCE-Campus's IP address for redirection on the GUI of iMaster NCE-Campus, the switch immediately uses this IP address to re-register with iMaster NCE-Campus.
- If a user reconfigures a management VLAN on the GUI of iMaster NCE-Campus, the switch immediately uses the new management VLAN to send a request to the DHCP server to obtain the iMaster NCE-Campus's address information and re-registers with iMaster NCE-Campus for authentication.
Phase 3: Switches Are Centrally Managed by iMaster NCE-Campus
After NETCONF transmission channels are established, iMaster NCE-Campus can manage and operate the switches. All the data exchanged between iMaster NCE-Campus and switches will be encrypted.
For details about how iMaster NCE-Campus manages switches, see the CloudCampus Solution documentation.