SupportDocumentationSwitchesCampus SwitchS1700&S2700Reference GuidesCommand Reference

S300, S500, S2700, S5700, and S6700 V200R022C10 Command Reference

NETCONF Configuration Commands

NETCONF Configuration Commands

Command Support

NETCONF Mode

Product Model

NETCONF over SSH Callhome

S5720I-SI, S5720-LI, S2730S-S, S5735-L-I, S5735-L1,S300, S5735-L, S5735S-L, S5735S-L1, S5735S-L-M, S5720S-LI, S500, S5735-S, S5735S-S, S5735-S-I, S5735S-H, S5736-S, S5731-H, S5731S-H, S5732-H, S5731-S, S5731S-S, S6730-S, S6730S-S, S6735-S, S6720-EI, S6720S-EI, S6730-H, S6730S-H

NETCONF over SSH

All models

ap manage-mode force-tradition

Function

The ap manage-mode force-tradition command sets the AP management mode to the local AC mode.

The undo ap manage-mode force-tradition command sets the AP management mode to the same as that on the switch. That is, if the NETCONF mode is enabled on the switch, the AP is managed by iMaster NCE-Campus; if the NETCONF mode is disabled on the switch, the AP is locally managed by the switch.

By default, the AP management mode is the same as that on the switch.

Format

ap manage-mode force-tradition

undo ap manage-mode force-tradition

Parameters

None

Views

NETCONF view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After NETCONF is enabled on a switch (with the native AC function enabled), Fit APs are managed by iMaster NCE-Campus by default. AP entries delivered by iMaster NCE-Campus take effect, and cloud management license resources are consumed. Additionally, the switch no longer supports the commands listed in Table 16-86. To locally manage APs (using local AP entries and local license resources), run the ap manage-mode force-tradition command to set the AP management mode to the local AC mode. Then, the commands become available on the switch.

Precautions

When a Fit AP is managed by iMaster NCE-Campus, running the ap manage-mode force-tradition command on the switch will disconnect the Fit AP from iMaster NCE-Campus. In this case, deleting the entry of this AP on iMaster NCE-Campus will delete the corresponding AP entry on the switch synchronously. To enable the AP to go online on the switch, you need to manually confirm the AP by running the ap-confirm { all | mac ap-mac | sn ap-sn } command on the switch.

Table 16-86 Commands that are not supported by the switch in NETCONF mode

Command

Function Description

ap auth-mode { mac-auth | no-auth | sn-auth }

undo ap auth-mode

Configures the AP authentication mode.

For a switch in NETCONF mode, the AP authentication mode is SN authentication.

ap blacklist mac ap-mac1 [ to ap-mac2 ]

undo ap blacklist { mac ap-mac1 [ to ap-mac2 ] | all }

Adds APs to an AP blacklist, or deletes APs from an AP blacklist.

ap modify ap-id mac ap-mac

Modifies the MAC address of an AP.

ap whitelist { mac ap-mac1 [ to ap-mac2 ] | sn ap-sn1 [ to ap-sn2 ] }

undo ap whitelist { mac { ap-mac1 [ to ap-mac2 ] | all } | sn { ap-sn1 [ to ap-sn2 ] | all } }

Adds APs to an AP whitelist, or deletes APs from an AP whitelist.

ap-confirm { all | mac ap-mac | sn ap-sn }

Confirms unauthorized APs and allows them to go online.

ap-name ap-name

Configures an AP name.

ap-rename { ap-name name | ap-mac ap-mac-address | ap-id ap-id } new-name ap-new-name

Changes the name of an AP.

Example

# Set the AP management mode to the local AC mode.

<HUAWEI> system-view
[HUAWEI] netconf
[HUAWEI-netconf] ap manage-mode force-tradition

assign arp netconf number

Function

The assign arp netconf number command sets the number of ARP entries reserved for NETCONF.

The undo assign arp netconf number command restores the default setting.

By default, no ARP entry is reserved for NETCONF.

Format

assign arp netconf number number-value

undo assign arp netconf number

Parameters

Parameter Description Value

number-value

Specifies the number of ARP entries reserved for NETCONF.

The value is an integer in the range from 0 to 2000.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

If ARP entries are used up by due to forged packet attacks, the switch cannot communicate with the NMS. To prevent this situation, you can set the number of ARP entries reserved for NETCONF communication between the switch and NMS. When the number of remaining ARP entries on a device is less than or equal to the number of ARP entries reserved for NETCONF, only ARP entries in the NETCONF scenario can be delivered.

Precautions

  • When you run the management-vlan command in the NETCONF view to configure a management VLAN of a switch, the switch automatically delivers the assign arp netconf number command to set the number of ARP entries reserved for NETCONF to 200. If you then run the undo management-vlan command, the switch automatically delivers the undo assign arp netconf number command to restore the default setting.
  • When you run the source ip command in the NETCONF view to configure a VLANIF interface for the switch to communicate with the NMS, the switch automatically delivers the assign arp netconf number command to set the number of ARP entries reserved for NETCONF to 200. If you then run the undo source ip command, the switch automatically delivers the undo assign arp netconf number command to restore the default setting.
  • After you run this command to manually configure the number of ARP entries reserved for NETCONF and then run the management-vlan or source ip command, the system will not automatically deliver the configuration of the number of reserved ARP entries. If you run this command to set the number of ARP entries reserved for NETCONF to 200 and then run the undo management-vlan or undo source ip command, the switch automatically delivers the undo assign arp netconf number command to restore the default setting; if you run this command to set the number of ARP entries reserved for NETCONF to another value and then run the undo management-vlan or undo source ip command, the system will not deliver the undo assign arp netconf number command to restore the default setting.

Example

# Set the number of ARP entries reserved for NETCONF to 1000.

<HUAWEI> system-view
[HUAWEI] assign arp netconf number 1000

backup ip address (callhome template view)

Function

The backup ip address command configures the IPv4 address and port number of a standby NMS that communicates with a switch through NETCONF.

The undo backup ip command deletes the IPv4 address and port number of a standby NMS that communicates with a switch through NETCONF.

By default, no standby NMS's IPv4 address and port number are configured for communicating with a switch through NETCONF.

Format

backup ip address ip-address port port-number

undo backup ip address

Parameters

Parameter Description Value

ip-address

Specifies the IPv4 address of the standby NMS.

The value is in dotted decimal notation.

port port-number

Specifies the port number of the standby NMS.

The value is an integer in the range from 1 to 65535.

Views

Callhome template view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

In a disaster recovery scenario, you can run the backup ip address command to configure the IPv4 address and port number of the standby NMS that communicates with a switch through NETCONF. If the active NMS breaks down or is disconnected, services can be automatically switched to the standby NMS, ensuring service continuity.

Precautions

Assume that a switch has registered with one copy of iMaster NCE-Campus and gone online. If the switch needs to register with another copy of iMaster NCE-Campus, clear the switch configuration, run the reset netconf db-configuration command to clear database information from the switch, and restart the switch as prompted.

Example

# Set the IP address and port number of the standby NMS that communicates with the switch through NETCONF to 10.1.2.1 and 830, respectively.

<HUAWEI> system-view
[HUAWEI] netconf
[HUAWEI-netconf] callhome Test123
[HUAWEI-netconf-callhome-Test123] backup ip address 10.1.2.1 port 830

bootstrap

Function

The bootstrap command configures information about the primary Bootstrap server.

The undo bootstrap command deletes information about the primary Bootstrap server.

Format

bootstrap { ip-address ip-address | domain domain } port port-number voucher-type { esn | ip-or-domain } always-trust

undo bootstrap

Parameters

Parameter

Description

Value

ip-address ip-address

Specifies the Bootstrap server IP address, which is the southbound IP address of iMaster NCE-Campus.

The value is in dotted decimal notation.

domain domain

Specifies the Bootstrap server domain name, which is the southbound domain name of iMaster NCE-Campus.

The value is a string of 3 to 128 characters.

port port-number

Specifies the port number of a Bootstrap server.

The value is an integer in the range from 1 to 65535. Currently, the value is fixed at 30217.

voucher-type esn

Specifies that the voucher type is the device ESN.

-

voucher-type ip-or-domain

Specifies that the voucher type is the Bootstrap server address.

-

always-trust

Specifies that the voucher returned by the Bootstrap server is trusted by default.

-

Views

NETCONF view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When a switch registers with the iMaster NCE-Campus, the switch needs to obtain Lite CA information from a Bootstrap server to authenticate iMaster NCE-Campus. In this scenario, you need to run the bootstrap command to configure information about the Bootstrap server.

Example

# Configure Bootstrap server information. Assume that the southbound IP address of iMaster NCE-Campus is 1.1.1.1.

<HUAWEI> system-view
[HUAWEI] netconf
[HUAWEI-netconf] bootstrap ip-address 1.1.1.1 port 30217 voucher-type ip-or-domain always-trust

backup bootstrap

Function

The backup bootstrap command configures information about the backup Bootstrap server.

The undo backup bootstrap command deletes information about the backup Bootstrap server.

Format

backup bootstrap { ip-address ip-address | domain domain } port port-number voucher-type { esn | ip-or-domain } always-trust

undo backup bootstrap

Parameters

Parameter

Description

Value

ip-address ip-address

Specifies the Bootstrap server IP address, which is the secondary southbound IP address of iMaster NCE-Campus.

The value is in dotted decimal notation.

domain domain

Specifies the Bootstrap server domain name, which is the secondary southbound domain name of iMaster NCE-Campus.

The value is a string of 3 to 128 characters.

port port-number

Specifies the port number of a Bootstrap server.

The value is an integer in the range from 1 to 65535. Currently, the value is fixed at 30217.

voucher-type esn

Specifies that the voucher type is the device ESN.

-

voucher-type ip-or-domain

Specifies that the voucher type is the Bootstrap server address.

-

always-trust

Specifies that the voucher returned by the Bootstrap server is trusted by default.

-

Views

NETCONF view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

In a disaster recovery scenario, you can run the backup bootstrap command to configure information about the standby Bootstrap server. If the primary Bootstrap server breaks down or is disconnected, services are automatically switched to the backup Bootstrap server, ensuring service continuity.

Example

# Configure standby Bootstrap server information. Assume that the secondary southbound IP address of iMaster NCE-Campus is 1.1.2.1.

<HUAWEI> system-view
[HUAWEI] netconf
[HUAWEI-netconf] backup bootstrap ip-address 1.1.2.1 port 30217 voucher-type ip-or-domain always-trust

callhome

Function

The callhome command creates a callhome template and enters the callhome template view.

The undo callhome command deletes a callhome template.

By default, there is no callhome template on a switch.

Format

callhome callhome-name

undo callhome callhome-name

Parameters

Parameter Description Value

callhome-name

Specifies the name of a callhome template.

The value is a string of 1 to 31 case-sensitive characters excluding spaces. If the string is enclosed in double quotation marks ("), the string can contain spaces.

Views

NETCONF view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

If iMaster NCE-Campus needs to configure and manage a switch in NETCONF over SSH Callhome mode, you must run the callhome command to create a callhome template so that the switch can proactively set up a NETCONF connection with iMaster NCE-Campus.

Follow-up Procedure

Run the ip address command in the callhome template view to configure the IPv4 address and port number for the NMS.

Precautions

Only one callhome template can be created on a switch. Before creating a new callhome template, delete the existing one by running the undo callhome callhome-name command. After the command is run, communication between the switch and NMS is interrupted.

Example

# Create the callhome template Test123 and display the callhome template view.

<HUAWEI> system-view
[HUAWEI] netconf
[HUAWEI-netconf] callhome Test123
[HUAWEI-netconf-callhome-Test123]

card register-permit

Function

The card register-permit command configures a slot-to-card name mapping.

The undo card register-permit command disables the slot-to-card name mapping.

By default, the name of the card that can be installed in a specific slot is not specified. That is, any card can be installed in the slot.

Format

card register-permit card-id card-id card-name card-name

undo card register-permit card-id card-id

Parameters

Parameter Description Value

card-id card-id

Specifies the slot ID of a card.

The value is in the format of Slot ID/CARD+Card slot ID and is case-insensitive, for example, 1/CARD1.

The slot ID is in the range 0 to 8 and the card slot ID is in the range 1 to 4.

card-name card-name

Specifies the name of a card.

The value is a string of 1 to 32 characters.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

In NETCONF over SSH Callhome mode, you need to specify the name of the card that can be installed in a specific slot on iMaster NCE-Campus before registering the switch with iMaster NCE-Campus. The switch can register with iMaster NCE-Campus successfully only when the required cards are installed in their corresponding slots. If the name of the card installed in a specific slot is inconsistent with that configured on iMaster NCE-Campus, the switch will set this card to the PowerOff state.

In NETCONF over SSH mode, after enabling the NETCONF function on the switch, run the card register-permit command to specify the name of the card that can be installed in a specific slot. If the name of the card installed in a specific slot is inconsistent with the configured one, the switch will set this card to the PowerOff state. When the NETCONF function is disabled, the slot-to-card name mappings will be automatically cleared.

Example

# Specify the name of the card that can be installed on card slot 1 of the switch in slot 1 after the NETCONF function is enabled on the switch.

<HUAWEI> system-view
[HUAWEI] card register-permit card-id 1/card1 card-name ES5D21Q02Q00

certificate identity

Function

The certificate identity command configures a unique common name (CN) for the iMaster NCE-Campus's certificate, which will be used for certificate uniqueness verification.

The undo certificate identity command cancels the CN configuration for the iMaster NCE-Campus's certificate.

By default, no CN is configured for the iMaster NCE-Campus's certificate; that is, the switch does not verify the CN of the iMaster NCE-Campus's certificate.

Format

certificate identity common-name

undo certificate identity

Parameters

Parameter Description Value

common-name

Specifies a unique CN for the iMaster NCE-Campus's certificate.

The value can be either of the following:

  • A string of 1 to 64 case-insensitive characters in cleartext, with spaces not supported
  • A string of 48 to 108 characters in ciphertext

Views

NETCONF view

Default Level

3: Management level

Usage Guidelines

When a switch registers with iMaster NCE-Campus for authentication, bidirectional certificate authentication is performed over an SSH channel established between them to ensure secure data transmission. However, if an attacker obtains the iMaster NCE-Campus's certificate and pretends to be iMaster NCE-Campus to communicate with the switch, the switch cannot identify this forged iMaster NCE-Campus, posing security risks.

To address this issue, you can run the certificate identity command on the switch to specify the CN of the iMaster NCE-Campus's certificate for certificate uniqueness verification. When the switch registers with iMaster NCE-Campus again, it compares the CN in the iMaster NCE-Campus's certificate with the locally configured one, and goes online only when the CNs are the same.

Example

# Configure a CN for the iMaster NCE-Campus's certificate on the switch.

<HUAWEI> system-view
[HUAWEI] netconf
[HUAWEI-netconf] certificate identity device-naas.huawei.com

controller backup ip-address

Function

The controller backup ip-address command configures an IP address of the standby iMaster NCE-Campus.

The undo controller backup ip-address command deletes the IP address of the standby iMaster NCE-Campus.

By default, no IP address of the standby iMaster NCE-Campus is configured.

Format

controller backup ip-address ip-address port port-number

undo controller backup ip-address

Parameters

Parameter Description Value

ip-address

Specifies the IP address of the standby iMaster NCE-Campus.

The value is in dotted decimal notation.

port port-number

Specifies a port number.

The value is an integer in the range from 1 to 65535.

Views

NETCONF view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

The switch needs to register with iMaster NCE-Campus for authentication in NETCONF over SSH Callhome mode. Before registration authentication, the switch needs to obtain the IP address of iMaster NCE-Campus for communication with iMaster NCE-Campus. The switch can obtain the IP address of iMaster NCE-Campus through DHCP or the registration query center, or you can configure an IP address for iMaster NCE-Campus using the controller ip-address command.

In a disaster recovery scenario, you can run the controller backup ip-address command to configure the IP address of the standby iMaster NCE-Campus. When the active iMaster NCE-Campus breaks down or is disconnected, services are automatically switched to the standby iMaster NCE-Campus, ensuring service continuity.

Precautions

  • If the switch obtains the IP addresses of iMaster NCE-Campus using all the three methods, the IP addresses are sorted in descending order of priority as follows: IP address obtained using DHCP, IP address configured using the command, and IP address obtained through the registration query center.

  • If you run this command multiple times, only the latest configuration takes effect.

  • When both the controller ip-address command and the controller url command are configured on the switch, only the latest command takes effect. That is, the switch registers with iMaster NCE-Campus using either the IP address of iMaster NCE-Campus or the IP address resolved from the URL of iMaster NCE-Campus.

  • If a switch that has registered with a iMaster NCE-Campus registers with another iMaster NCE-Campus, the device configurations will change. Exercise caution when performing this operation.
  • The configuration of this command is saved in the flash memory and therefore cannot be cleared by running the reset netconf db-configuration command. To clear the configuration of this command, run the undo controller backup ip-address, undo netconf, or reset factory-configuration command.

Example

# Configure the IP address of the standby iMaster NCE-Campus on a switch.

<HUAWEI> system-view
[HUAWEI] netconf
[HUAWEI-netconf] controller backup ip-address 10.1.1.1 port 10020

controller ip-address

Function

The controller ip-address command configures an IP address for iMaster NCE-Campus.

The undo controller ip-address command deletes the IP address configured for iMaster NCE-Campus.

By default, no IP address is configured for iMaster NCE-Campus on a switch.

Format

controller ip-address ip-address port port-number

undo controller ip-address

Parameters

Parameter Description Value

ip-address

Specifies an IP address for iMaster NCE-Campus.

The value is in dotted decimal notation.

port port-number

Specifies a port number.

The value is an integer in the range 1 to 65535.

Views

NETCONF view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

The switch needs to register with iMaster NCE-Campus for authentication in NETCONF over SSH Callhome mode. Before registration authentication, the switch needs to obtain the IP address of iMaster NCE-Campus for communication with iMaster NCE-Campus. The switch can obtain the IP address of iMaster NCE-Campus through DHCP or the registration query center, or you can configure an IP address for iMaster NCE-Campus using the controller ip-address command.

Precautions

  • If the switch obtains the IP addresses of iMaster NCE-Campus using all the three methods, the IP addresses are sorted in descending order of priority as follows: IP address obtained using DHCP, IP address configured using the command, and IP address obtained through the registration query center.

  • If you run this command multiple times, only the latest configuration takes effect.

  • When both the controller ip-address command and the controller url command are configured on the switch, only the latest command takes effect. That is, the switch registers with iMaster NCE-Campus using either the IP address of iMaster NCE-Campus or the IP address resolved from the URL of iMaster NCE-Campus.

  • If a switch that has registered with a iMaster NCE-Campus registers with another iMaster NCE-Campus, the device configurations will change. Exercise caution when performing this operation.
  • The configuration of this command is saved in the flash memory and therefore cannot be cleared by running the reset netconf db-configuration command. To clear the configuration of this command, run the undo controller ip-address, undo netconf, or reset factory-configuration command.

Example

# Configure an IP address for iMaster NCE-Campus.

<HUAWEI> system-view
[HUAWEI] netconf
[HUAWEI-netconf] controller ip-address 10.1.1.1 port 10020

controller url

Function

The controller url command configures a URL for iMaster NCE-Campus.

The undo controller url deletes the URL configured for iMaster NCE-Campus.

By default, no URL is configured for iMaster NCE-Campus on the switch.

Format

controller url url-string port port-number

undo controller url

Parameters

Parameter Description Value

url-string

Specifies a URL for iMaster NCE-Campus.

The value is a string of 3 to 128 case-sensitive characters. If you need to set one or more consecutive spaces, enclose the URL in double quotation marks (").

port port-number

Specifies a port number.

The value is an integer in the range 1 to 65535.

Views

NETCONF view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

In NETCONF over SSH Callhome mode, the switch needs to register with iMaster NCE-Campus for authentication. Before registration authentication, the switch needs to obtain the IP address of iMaster NCE-Campus for communication with iMaster NCE-Campus. The switch can obtain the IP address of iMaster NCE-Campus through DHCP or the registration query center or obtain the IP address by resolving the URL configured using the controller url command.

Precautions

  • If the switch obtains the URL of iMaster NCE-Campus using all the three methods, the URLs are sorted in descending order of priority as follows: URL obtained using DHCP, URL configured using the command, and URL obtained through the registration query center.

  • If you run this command multiple times, only the latest configuration takes effect.

  • When both the controller url command and the controller ip-address or controller backup ip-address command are configured on the switch, only the latest command takes effect. That is, the switch registers with iMaster NCE-Campus using either the IP address of iMaster NCE-Campus or the IP address resolved from the URL of iMaster NCE-Campus.

  • The configuration of this command is saved in the flash memory and therefore cannot be cleared by running the reset netconf db-configuration command. To clear the configuration of this command, run the undo controller url, undo netconf, or reset factory-configuration command.

Example

# Configure a URL for iMaster NCE-Campus on the switch.

<HUAWEI> system-view
[HUAWEI] netconf
[HUAWEI-netconf] controller url controller.huawei.com port 10020

display netconf alarm active

Function

The display netconf alarm active command displays the active alarms reported by the switch to NMS.

Format

display netconf alarm active

Parameters

None

Views

All views

Default Level

3: Management level

Usage Guidelines

After the NETCONF function is enabled on a switch, you can run the display netconf alarm active command to view the active alarms reported by the switch.

Example

# Display the active alarms reported by the switch to NMS.

<HUAWEI> display netconf alarm active
A/B/C/D/E/F/G                                                                                                                       
A=Sequence, B=Alarm type, C=Generating time                                                                                         
D=Name, E=Level, F=OID, G=Description                                                                                               
                                                                                                                                    
  1/equipmentAlarm/2019-08-27T02:15:42Z/hwPowerInvalid/critical/1.3.6.1.4.1.2011.5.25.219.2.5.5/Power supply is unavailable for some reason. 
(Index=67207181, EntityPhysicalIndex=67207181, PhysicalName="POWER Card 0/PWR2", EntityTrapFaultID=136973)
  2/equipmentAlarm/2019-08-27T02:15:59Z/hwPowerInvalid/critical/1.3.6.1.4.1.2011.5.25.219.2.5.5/Power supply is unavailable for some reason. 
(Index=68255757, EntityPhysicalIndex=68255757, PhysicalName="POWER Card 1/PWR2", EntityTrapFaultID=136973)
Table 16-87 Description of the display netconf alarm active command output

Item

Description

A/B/C/D/E/F/G

Alarm format.

A=Sequence

Alarm sequence number.

B=Alarm type

Alarm type.

C=Generating time

Time when an alarm was generated

D=Name

Alarm name.

E=Level

Alarm severity.

F=OID

Alarm OID.

G=Description

Alarm description.

display netconf configuration

Function

The display netconf configuration command displays the information of iMaster NCE-Campus.

Format

display netconf configuration

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

To view the information of iMaster NCE-Campus (such as the IP address), run the display netconf configuration command.

This command cannot display the information of iMaster NCE-Campus obtained through DHCP or the registration query center.

Example

# Display the information of iMaster NCE-Campus.

<HUAWEI> display netconf configuration
--------------- Configuration begin---------------
controller ip-address 10.1.1.1 port 10020
controller ip-address 192.168.2.2 port 10020 (redirected)
CLI permission: allowed
Current startup rdb file: configbackup/2022-06-23_startup.rdb
--------------- Configuration end-----------------
Table 16-88 Description of the display netconf configuration command output

Item

Description

controller ip-address 10.1.1.1 port 10020

The configured IP address and port number of iMaster NCE-Campus are 10.1.1.1 and 10020 respectively. If the information is marked with redirected, the switch has been redirected from iMaster NCE-Campus with which it just registers to another iMaster NCE-Campus for management.

CLI permission

Whether commands except those for configuring the whitelist can be configured on the device.

  • denied
  • allowed (default value)

You can change the value only through the iMaster NCE-Campus.

Current startup rdb file

Database file that takes effect currently.

display netconf connect-status

Function

The display netconf connect-status command displays the NETCONF configuration on a switch.

Format

display netconf connect-status

Parameters

None

Views

All views

Default Level

3: Management level

Usage Guidelines

To view the NETCONF configuration on a switch, run the display netconf connect-status command.

Example

# Display the NETCONF configuration on the switch.

<HUAWEI> display netconf connect-status
--------------------------------------------------------------------------------------
Netconf status                 : enable                                                                                             
Upload alarm status            : enable                                                                                             
 
--------------------------------------------------------------------------------------
Controller address source      : --
Controller URL                 : --
Controller IP address          : --
Controller port                : --
Backup controller URL          : --
Backup controller IP address   : 10.1.1.1
Backup controller port         : 10020
Management VLAN                : --
Management IP address          : --
Register phase                 : --
Register status                : --
--------------------------------------------------------------------------------------
Netconf src-ip                 : 192.168.10.1
Netconf src-ipv6               : --
Netconf src-port               : 830 
Controller information         :
---------------------------------------------------------------------------------------
No Mode     Name                             IP                Port  Connected
---------------------------------------------------------------------------------------
1  callhome aa                               192.168.30.1      830   N 
2  ssh      -                                -                 -     N
---------------------------------------------------------------------------------------
Bootstrap information
  Address source               : User-configured 
  Main URL                     : https://1.1.1.1:30217(Active)
  Backup URL                   : --  
---------------------------------------------------------------------------------------
Table 16-89 Description of the display netconf connect-status command output

Item

Description

Netconf status

Status of the NETCONF function:

  • enable: The function is enabled.
  • disable: The function is disabled.

To configure the NETCONF function, run the netconf command.

Upload alarm status

Whether the switch is configured to send alarms to the NMS:

  • enable: The switch is configured to send alarms to the NMS.
  • disable: The switch cannot send alarms to the NMS.

Controller address source

Source from which the iMaster NCE-Campus address is obtained.

  • User-defined configuration: indicates that the address is defined by the user.
  • Allocated by Register Center: indicates that the address is obtained from the registration query center.
  • Allocated by DHCP: indicates that the address is obtained through DHCP.
  • Allocated by controller: indicates that the IP address is obtained from iMaster NCE-Campus.
  • --: indicates that the iMaster NCE-Campus address is not obtained.

Controller URL

URL of iMaster NCE-Campus.

To configure the URL for iMaster NCE-Campus, run the controller url command. If no URL is configured or obtained, this parameter value is --.

Controller IP address

IP address of iMaster NCE-Campus.

To configure the IP address for iMaster NCE-Campus, run the controller ip-address command. If no IP address is configured or obtained, this parameter value is --.

Controller port

Port number of iMaster NCE-Campus.

To configure the port number of iMaster NCE-Campus, run the controller ip-address command. If no port number is configured or obtained, this parameter value is -.

Backup controller URL

URL of the standby iMaster NCE-Campus.

The value can be obtained only through Option 148. If no value is obtained, the parameter value is --.

Backup controller IP address

IP address of the standby iMaster NCE-Campus.

To configure this parameter, run the controller backup ip-address command. If no IP address is configured or obtained, the parameter value is --.

Backup controller port

Port number of the standby iMaster NCE-Campus.

To configure this parameter, run the controller backup ip-address command. If no port number is configured or obtained, the parameter value is --.

Management VLAN

Management VLAN ID used when the switch communicates with iMaster NCE-Campus.

The management VLAN can be configured using the management-vlan (NETCONF view) command. If Management VLAN (Dynamic) is displayed in the command output, the management VLAN is automatically negotiated using the PNP protocol.

The management VLAN statically configured using the management-vlan command in the NETCONF view has a higher priority than the management VLAN dynamically negotiated using PNP.

Management IP address

IP address of the VLANIF interface corresponding to the management VLAN used when the switch communicates with iMaster NCE-Campus. This IP address can be dynamically allocated by the DHCP server, or it can be the static IP address configured for the VLANIF interface corresponding to the management VLAN. If no IP address is dynamically allocated or configured on the VLANIF interface, this parameter value is --.

Register phase
Current registration phase of the switch.
  • DHCP: The switch is requesting an IP address from a DHCP server.
  • registering: The switch has obtained an IP address from a DHCP server and is registering with iMaster NCE-Campus.
  • registered: The switch has registered with iMaster NCE-Campus.
  • aborted: The process of registering the switch with iMaster NCE-Campus is terminated using the netconf register abort command.

Register status

Current registration status of the switch.

NOTE:

If the TCP connection between the switch and iMaster NCE-Campus is disconnected, it takes the switch 3 minutes to detect the disconnection. The switch changes from registered to unregistered state only after detecting the disconnection.

Netconf src-ip

IPv4 address of the switch.

To configure the IPv4 address of the switch, run the source ip command.

Netconf src-ipv6

IPv6 address of the switch.

To configure the IPv6 address of the switch, run the source ipv6-address command.

Netconf src-port

Port number used by the switch.

To configure the port number, run the source ip command.

Controller information

Information about the connected NMS.

No

Connection number.

Mode

NETCONF mode:

  • callhome: NETCONF over SSH Callhome
  • ssh: NETCONF over SSH

name

Name of a callhome template. This parameter is not supported in NETCONF over SSH mode and the parameter value will be a hyphen (-) in this mode.

To configure the name of a callhome template, run the callhome command.

IP

IPv4 address of the NMS.

To configure the IPv4 address of the NMS in NETCONF over SSH Callhome mode, run the ip address command in the callhome template view.

Port
  • This parameter is the port number used by the NMS in NETCONF over SSH Callhome mode. To configure the port number, run the ip address command in the callhome template view.
  • This parameter is the port number used by both the switch and NMS in NETCONF over SSH mode. To configure the port number, run the source ip or source ipv6-address command.

Connected

Whether the NMS has set up a NETCONF connection with the switch:

  • Y: The NMS has set up a NETCONF connection with the switch.
  • N: The NMS has not set up a NETCONF connection with the switch.

RegisterStatus

Status of the switch on iMaster NCE-Campus. This field is supported only when the NETCONF mode is callhome.

  • Unregistered: The switch is offline.
  • Registered: The switch is online.
  • -: This field is not supported.

Bootstrap information

Bootstrap information.

Address source

Method used to obtain Bootstrap information.

Main URL

Primary address, including the IP address/domain name and port number. If (Active) is contained in the value, the device has set up a connection with this address.

Backup URL

Backup address, including the IP address/domain name and port number. If (Active) is contained in the value, the device has set up a connection with this address.

display netconf offline-record

Function

The display netconf offline-record command displays the reason for the switch to go offline.

Format

display netconf offline-record

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

When a switch goes offline, you can run the display netconf offline-record command to check the reason. Only the latest five records will be displayed.

Example

# Display the reason for the switch to go offline.

<HUAWEI> display netconf offline-record
------------------------------------------------------------------------------                                                      
Time                        Error Info                                                                                              
------------------------------------------------------------------------------                                                      
2019/10/12 11:13:10         Connect lost                                                                                            
2019/10/12 11:05:53         Connect lost                                                                                            
2019/10/12 10:58:32         Board reset by VRP command or net manager                                                               
2019/10/12 10:58:30         Connect lost                                                                                            
------------------------------------------------------------------------------
Table 16-90 Description of the display netconf offline-record command output

Item

Description

Time

Time when the switch went offline.

Error Info

Reason for the switch to go offline.

  • Connect lost
  • The stackid is inconsistent and setting failed due to fabric port member configuration
  • Board reset by VRP for unknown reason
  • Board reset by VRP for registering failure
  • Board reset by VRP interface management module
  • Board reset by VRP command or net manager
  • Board reset by VRP for not ready when slave switching to master
  • Board reset by VRP for schedule
  • Board reset by ISSU for switch-prepare or switch-age failed
  • Board reset by NSR
  • Board reset by PATCH for restore patch number error
  • Board reset by PATCH for restore patch file error
  • Board reset by PATCH for effect after restore running
  • Board reset by NSF
  • Board reset by ISIS for purging LSP error
  • Board reset by OSPF for aging LSA error
  • Board reset by PATCH for the patch is not empty
  • Board reset by PATCH for the patch filename or status is incorrect
  • Board reset by PATCH for the insufficient space or file occupation
  • Board reset by PATCH for the patch file fails to be synchronized
  • Board reset by PATCH after the patch is successfully synchronized
  • Board reset by PATCH due to patch restoration preprocessing failure

display netconf register-fail-record

Function

The display netconf register-fail-record command displays records about failed registrations with iMaster NCE-Campus.

Format

display netconf register-fail-record

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

After this command is executed, a maximum of five registration failure records can be displayed.

If there are multiple registration failures caused by the same reason, only the corresponding registration failure record is updated, which will not overwrite registration failure records with other reasons.

Example

# Display records about failed registrations with iMaster NCE-Campus.

<HUAWEI> display netconf register-fail-record
------------------------------------------------------------------------------  
Time                        Error Info
------------------------------------------------------------------------------  
2019/11/09 23:21:02         Failed to apply IP address
2019/11/09 23:12:13         Failed to create TCP link to controller (192.168.1.1)
2022/07/09 22:21:02         Failed to obtain the Lite CA certificate from the bootstrap server
2022/09/09 22:21:02         Failed to obtain local certificate (192.168.1.1)
------------------------------------------------------------------------------
Table 16-91 Description of the display netconf register-fail-record command output

Item

Description

Time

Registration failure time.

Error Info

Reason for the registration failure. The IP address in this parameter value is the IP address of iMaster NCE-Campus with which the switch failed to register. Possible reasons are as follows:

  • Manage VLAN is physical down
  • Change to tradition work mode failed
  • Failed to apply IP address
  • No DNS information in DHCP options
  • No controller IP or URL information
  • Failed to get IP address of controller
  • Failed to create TCP link to controller
  • Failed to get register result from controller
  • Controller certificate authentication failed
  • Controller ESN check failed
  • Device is not authorized
  • Device type and ESN does not match
  • Failed to connect registration center
  • The configuration of the device is inconsistent with that of the controller: For example, the stack configuration exists on the device, but not on the controller.
  • The slot number of the device is inconsistent with that on the controller
  • The controller failed to verify the sitecode
  • Failed to obtain the Lite CA certificate from the bootstrap server
  • Failed to obtain local certificate
  • Others

display netconf { rsa | dsa } local-key-pair public

Function

The display netconf { rsa | dsa } local-key-pair public command displays the public key in the local RSA or DSA key pair.

Format

display netconf { rsa | dsa } local-key-pair public

Parameters

Parameter Description Value

rsa

Displays the public key in the local RSA key pair.

-

dsa

Displays the public key in the local DSA key pair.

-

Views

All views

Default Level

3: Management level

Usage Guidelines

You can run this command to display the public key in the RSA or DSA key pair on a switch, and then copy the public key to the RSA or DSA public key on the controller. In this way, the public keys on the switch and controller are the same, ensuring successful authentication.

Example

# Display the public key in the local DSA key pair.

<HUAWEI> display netconf dsa local-key-pair public
The DSA public key:
ssh-dss AAAAB3NzaC1kc3MAAACBAOAWWAtGClBH4qhgm0+ntDTZVW/tR8R9Vn+rXVA8GFWM5TVUJWXFWghy4QTJqmvg+ca0znn+c2hDGDhx1yhRsduKWmOBAzIQE/1OYhMLdK0vRmceyYtSTfVNCbtAwJNOM0JPBlbim/vjp3aX3iRn6EPU7bYaJ3A8KEUZlVKh7YU5AAAAFQCQ8znriZRmpyoAVK68YPNDnKzkGQAAAIA8f1ELwIJC9J73zg6an2Hz7P3zDAqDv2mnvOuvKEbVWY3IVNhCHaX39yBl0PT2rWmXzHI6nJWEPiuoW/eJpDxNwV1OCgSN4mhG90/iOJkLKqF6UENdQWXNKbjLHYKTkKXSnpi2ibqEzrqnbkzIVbaf2a8nBDrh1CHKRhw1dQChggAAAIA7TGIupodUc1Enn3rzTNch5rL0CKL9znjFG+lyeJU39fDWSOVfgWfz4ehs48/5Zco6H9wj1seLxh3pVXYLqJvRDR6B0g/68T3aEYEKGoHeRYC3sU80lXb8s0VFae90ohOf89ULyfVt7HVE+QKkExQIj9sAo8KbR3gNkb84PM+Z9g== root@root

display work-mode

Function

The display work-mode command displays the working mode of the switch.

Format

display work-mode

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run the display work-mode command to view the working mode of a switch.

Example

# Display the working mode of the switch.

<HUAWEI> display work-mode
Current work-mode       : NETCONF
Work-mode before upgrade: Cloud-mng
Table 16-92 Description of the display work-mode command output

Item

Description

Current work-mode

Working mode of the switch:

  • NETCONF: NETCONF is enabled.
  • Tradition: NETCONF is disabled.

Work-mode before upgrade

Working mode of the switch before the upgrade. Cloud-mng indicates cloud-based management.

This field is displayed only when a switch working in cloud-based management mode is upgraded to V200R019C00 or a later version.

ip address (callhome template view)

Function

The ip address command configures the IPv4 address and port number used by the NMS that communicates with a switch through NETCONF.

The undo ip address command deletes the IPv4 address and port number used by the NMS that communicates with a switch through NETCONF.

By default, no IPv4 address and port number have been configured for the NMS with which the switch communicates through NETCONF.

Format

ip address ip-address port port-number

undo ip address

Parameters

Parameter Description Value

ip-address

IPv4 address of the NMS.

The value is in dotted decimal notation.

port port-number

Port number used by the NMS.

The value is an integer in the range 1 to 65535.

Views

Callhome template view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

If the NMS needs to configure and manage a switch in NETCONF over SSH Callhome mode, you must run the ip address command to configure the IPv4 address and port number for the NMS so that the switch can proactively set up a NETCONF connection with the NMS.

Precautions

If a switch that has registered with a iMaster NCE-Campus needs to register with another iMaster NCE-Campus, restart the switch before the re-registration.

Example

# Set the IP address and port number used by the NMS to communicate with the switch through NETCONF to 10.1.2.1 and 830, respectively.

<HUAWEI> system-view
[HUAWEI] netconf
[HUAWEI-netconf] callhome Test123
[HUAWEI-netconf-callhome-Test123] ip address 10.1.2.1 port 830

lldp tlv-enable legacy-tlv pnp

Function

The lldp tlv-enable legacy-tlv pnp command configures an interface to advertise PnP TLVs.

The undo lldp tlv-enable legacy-tlv pnp command disables an interface from advertising PnP TLVs.

By default, an interface advertises all PnP TLVs.

Format

lldp tlv-enable legacy-tlv pnp { all | startup-vlan | startup-link-aggregation | device-type }

undo lldp tlv-enable legacy-tlv pnp { all | startup-vlan | startup-link-aggregation | device-type }

Parameters

Parameter Description Value

all

Advertises all PnP TLVs.

-

startup-vlan

Specifies the PnP TLVs to be advertised to VLAN IDs.

-

startup-link-aggregation

Specifies the PnP TLVs to be advertised to the Eth-Trunk flag and LACP mode flag.

-

device-type

Specifies the PnP TLVs to be advertised to device types.

-

Views

Ethernet interface view, GE interface view, XGE interface view, MultiGE interface view, 40GE interface view, 100GE interface view, 25GE interface view, port group view

Default Level

2: Configuration level

Usage Guidelines

  • Scenario 1: All switches on a CloudCampus network can be managed by iMaster NCE-Campus.

    On the CloudCampus network shown in Figure 16-2, SwitchA and SwitchB are both switches. SwitchB is newly connected to the network when the VLAN for the IP address pool of the DHCP server is not VLAN 1. After SwitchB is connected to the network, by default, it uses the management VLAN 1 to send a request packet to the DHCP server to obtain the NETCONF enabling configuration, IP address, and information of iMaster NCE-Campus. However, SwitchB fails to obtain the information because the VLAN for the IP address pool of the DHCP server is not VLAN 1.
    Figure 16-2 CloudCampus networking

    To address the problem, configure PnP VLAN auto-negotiation on SwitchA. After SwitchB starts, SwitchA transmits the PnP VLAN ID to SwitchB through PnP VLAN auto-negotiation, so that SwitchB can use the PnP VLAN to obtain related information from the DHCP server.

    SwitchA can transmit the PnP VLAN ID to SwitchB only when SwitchA meets the following conditions:
    • SwitchA has registered with iMaster NCE-Campus successfully.
    • iMaster NCE-Campus has delivered a PnP VLAN ID to SwitchA, and the configuration file contains the pnp startup-vlan vlan-id command or SwitchA has negotiated a PnP VLAN ID with its upstream device.
    • iMaster NCE-Campus has delivered the function of transmitting the PnP VLAN ID to the downstream device to SwitchA, and the configuration file contains the pnp startup-vlan send enable command.
    • SwitchA is enabled to send LLDPDUs containing PnP VLAN information to its downstream device. This function is enabled by default. If the configuration file contains the undo lldp tlv-enable legacy-tlv pnp startup-vlan or undo lldp tlv-enable legacy-tlv pnp all command, the function of sending LLDPDUs containing the PnP VLAN ID to the downstream device is disabled. You can enable the function on iMaster NCE-Campus.

    SwitchB can obtain the PnP VLAN ID transmitted by SwitchA only after SwitchB is enabled to receive the PnP VLAN negotiation packets sent by its upstream device. This function is enabled by default. If the configuration file contains the undo pnp startup-vlan receive enable command, the function of receiving the PnP VLAN negotiation packets sent by the upstream device is disabled. You can enable the function on iMaster NCE-Campus.

    The function of transmitting the PnP VLAN ID to the downstream device and the PnP VLAN ID can be preconfigured on iMaster NCE-Campus and delivered to a switch after the switch has registered with iMaster NCE-Campus.

  • Scenario 2: On a CloudCampus network, some switches cannot be managed by iMaster NCE-Campus.

    On the CloudCampus network shown in Figure 16-3, the access and aggregation switches can be managed by iMaster NCE-Campus. The core switch is not managed by iMaster NCE-Campus. When the management VLAN is changed on iMaster NCE-Campus from VLAN 1 (default) to VLAN 2, the core switch needs to notify its downstream switches of the new management VLAN ID.
    Figure 16-3 CloudCampus networking
    Configure PnP VLAN auto-negotiation on the core switch so that the core switch can notify its downstream switches of the new management VLAN ID. This process consists of the following operations:
    • Run the pnp startup-vlan command to configure a PnP VLAN ID.
    • Run the pnp startup-vlan send enable command to enable the switch to transmit the PnP VLAN ID to its downstream devices.
    • Run the lldp tlv-enable legacy-tlv pnp all command to enable the device to send LLDPDUs containing PnP information to its downstream devices. This function is enabled by default. LLDPDUs carry PnP information, including the PnP VLAN ID, Eth-Trunk enabling flag, LACP mode flag, and device type.
    • If the core switch and the aggregation switches are connected through Eth-Trunks, you also need to run the pnp startup-link-aggregation enable command to enable the function of notifying downstream devices of the need to establish an Eth-Trunk. After the command is run, the downstream devices will automatically add interfaces to Eth-Trunks based on the negotiation. LLDPDUs carry the Eth-Trunk enabling flag and LACP mode flag.

  • Scenario 3: Zero-touch deployment using EasyDeploy

    In Figure 16-4, when EasyDeploy is used for zero touch deployment, the Commander needs to notify a client of the new VLAN ID if the Commander does not use VLAN 1 to communicate with the client.
    Figure 16-4 EasyDeploy networking diagram
  • Configure PnP VLAN auto-negotiation on the Commander to enable the Commander to notify clients of the new VLAN ID. This process consists of the following operations:
    • Run the pnp startup-vlan command to configure a PnP VLAN ID.
    • Run the pnp startup-vlan send enable command to enable the switch to transmit the PnP VLAN ID to its downstream devices.
    • Run the lldp tlv-enable legacy-tlv pnp all command to enable the device to send LLDPDUs containing PnP information to its downstream devices. This function is enabled by default. LLDPDUs carry PnP information, including the PnP VLAN ID, Eth-Trunk enabling flag, LACP mode flag, and device type.
    • If the core switch and the aggregation switches are connected through Eth-Trunks, you also need to run the pnp startup-link-aggregation enable command to enable the function of notifying downstream devices of the need to establish an Eth-Trunk. After the command is run, the downstream devices will automatically add interfaces to Eth-Trunks based on the negotiation. LLDPDUs carry the Eth-Trunk enabling flag and LACP mode flag.

Example

# Enable a switch to send LLDPDUs containing PnP VLAN information to downstream devices.

<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] lldp tlv-enable legacy-tlv pnp startup-vlan

management-vlan (NETCONF view)

Function

The management-vlan command configures the VLAN used by the switch to communicate with a DHCP server. This VLAN is the management VLAN of the switch.

Format

management-vlan vlan-id

undo management-vlan

Parameters

Parameter Description Value

vlan-id

Specifies the VLAN ID used by the switch to communicate with a DHCP server.

The value is an integer in the range 1 to 4094.

Views

NETCONF view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

In NETCONF over SSH Callhome mode, the switch can obtain the IP address of iMaster NCE-Campus using DHCP. The request sent by the switch to the DHCP server to obtain the IP address of iMaster NCE-Campus is transmitted over VLAN 1. After the switch passes registration authentication, iMaster NCE-Campus changes the VLAN ID used by the switch to communicate with the DHCP server again. After the switch restarts, to ensure that it continues to use the configured VLAN to communicate with the DHCP server, you can configure the management VLAN on the switch.

Precautions

  • This command cannot be configured if the source ip-address command has been executed in the SMI view to configure the IPv4 address used by the switch to communicate with the NMS (such as the analyzer iMaster NCE-CampusInsight).
  • The management VLAN of the switch cannot be the same as the management VLAN of the CAPWAP tunnel.
  • When you disable NETCONF in the system view or delete the management VLAN in the NETCONF view, the system displays a message asking you whether to retain the ip address dhcp-alloc configuration. Exercise caution when you choose to delete the configuration.
  • Assume that a static IP address has been configured for a VLANIF interface. When you run the management-vlan command to configure the VLAN corresponding to this VLANIF interface as the management VLAN, the device displays a message indicating that users in the management VLAN will be unable to go online through DHCP. Exercise caution when running this command.

Example

# Set the management VLAN ID of the switch to 2.

<HUAWEI> system-view
[HUAWEI] netconf
[HUAWEI-netconf] management-vlan 2

netconf

Function

The netconf command enables the NETCONF function and enters the NETCONF view.

The undo netconf command disables the NETCONF function.

By default, NETCONF is disabled on a switch.

Format

netconf

undo netconf

Parameters

None

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

If the NMS needs to configure and manage a switch using NETCONF, run the netconf command on the switch to enable the NETCONF function.

Precautions

  • After the undo netconf command is executed on the switch to disable the NETCONF function, all NETCONF configurations, all the database information, and the card register-permit configuration on the switch are deleted, leading to communication interruption between the switch and NMS.
  • Before running the netconf command to enable the NETCONF function, ensure that port 830 and ports 55552 to 55807 are not in use. Otherwise, NETCONF cannot be enabled.
  • Before running the netconf command to enable the NETCONF function, ensure that the fixed IP address 169.254.2.1 that is automatically configured for a virtual management interface is not in use. Otherwise, NETCONF cannot be enabled.
  • If Eth-Trunk 0 has been created on a switch, Eth-Trunk auto-negotiation will become abnormal after you enable the NETCONF function using the netconf command.
  • When you disable NETCONF in the system view or delete the management VLAN in the NETCONF view, the system will prompt you to delete the ip address dhcp-alloc configuration. Exercise caution when you choose to delete the configuration.
  • For the S6735-S, S6720-EI and S6720S-EI, when you run the netconf command to enable NETCONF, the device automatically delivers the unknown-unicast load-balance enhanced lbid command and displays a message indicating that enabling NETCONF will automatically disable LNP, enable STP, and configure load balancing for broadcast, unknown unicast, and multicast packets (BUM packets). Exercise caution when performing this operation. If the S6735-S, S6720-EI or S6720S-EI running a version earlier than V200R021C10 is enabled with NETCONF and then is upgraded to V200R021C10 or later, the switch does not automatically deliver the unknown-unicast load-balance enhanced lbid command for upgrade compatibility purposes.

Example

# Enable the NETCONF function and display the NETCONF view.

<HUAWEI> system-view
[HUAWEI] netconf

netconf config enhanced

Function

The netconf config enhanced command sets the configuration mode of a switch to enhanced mode.

The undo netconf config enhanced command restores the default configuration mode of a switch.

By default, the default configuration mode is used on a switch.

Format

netconf config enhanced

undo netconf config enhanced

Parameters

None

Views

NETCONF view

Default Level

3: Management level

Usage Guidelines

When the default configuration mode is used on a switch, the switch limits the number of objects in the packets sent from iMaster NCE-Campus. If the number of objects in the packets sent from iMaster NCE-Campus exceeds this limit, the switch returns an error message indicating that the configuration fails to be delivered.

To remove this limit, run the netconf config enhanced command on the switch to enable the enhanced configuration mode.

In versions earlier than V200R022C10, a switch does not limit the number of nodes in packets issued by iMaster NCE-Campus packets. After the switch is upgraded to V200R022C10 or a later version, the netconf config enhanced configuration is automatically added to the configuration file to ensure that the switch still has no such a limitation after the upgrade.

The enhanced configuration mode of a switch affects system stability, which may cause device exceptions. Therefore, use this function under the guidance of technical support engineers.

Example

# Set the switch configuration mode to default mode.

<HUAWEI> system-view
[HUAWEI] netconf
[HUAWEI-netconf] undo netconf config enhanced

netconf alarm upload enable

Function

The netconf alarm upload enable command enables the switch to report alarms to the NMS.

The undo netconf alarm upload enable command disables the switch from reporting alarms to the NMS.

By default, a switch is enabled to report alarms to the NMS.

Format

netconf alarm upload enable

undo netconf alarm upload enable

Parameters

None

Views

NETCONF view

Default Level

3: Management level

Usage Guidelines

If a switch reports a large number of alarms to the NMS, the CPU usage of the switch is high. As a result, services cannot be configured on the switch. To prevent this problem, you can run the undo netconf alarm upload enable command to disable the device from reporting alarms to the NMS.

Example

# Disable the device from reporting alarms to the NMS.

<HUAWEI> system-view
[HUAWEI] netconf
[HUAWEI-netconf] undo netconf alarm upload enable

netconf register abort

Function

The netconf register abort command terminates a switch's registration with iMaster NCE-Campus.

The undo netconf register abort command resumes a switch's registration with iMaster NCE-Campus.

By default, a switch registers with iMaster NCE-Campus normally.

Format

netconf register abort

undo netconf register abort

Parameters

None

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

When a switch fails to register with iMaster NCE-Campus, log in to the switch through SSH to view the registration status. If the registration process is not terminated, the DHCP server may re-assign an IP address to the switch, which will cause the SSH login process to terminate. To prevent this problem, log in to the switch and then run the netconf register abort command to terminate the registration process.

After this command is executed, the registration process stops for 30 minutes and then resumes. To view the registration status, run the display netconf connect-status command.

Precautions

  • The netconf register abort command cannot be executed repeatedly.

  • Do not run this command when the switch has registered with iMaster NCE-Campus successfully.

  • The command configuration is not recorded to the configuration file and the command will become ineffective after the switch restarts.

  • If this command is run and iMaster NCE-Campus displays the device status as registered, the actual registration status is subject to the display netconf connect-status command output.

Example

# Terminate the switch's registration with iMaster NCE-Campus.

<HUAWEI> system-view
[HUAWEI] netconf register abort

pnp startup-link-aggregation enable

Function

The pnp startup-link-aggregation enable command enables a switch to inform its downstream device of the need to establish an Eth-Trunk.

The undo pnp startup-link-aggregation enable command disables a switch from informing its downstream device of the need to establish an Eth-Trunk.

By default, a switch is disabled from informing its downstream device of the need to establish an Eth-Trunk.

Format

pnp startup-link-aggregation enable

undo pnp startup-link-aggregation enable

Parameters

None

Views

Eth-Trunk interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Figure 16-5 CloudCampus network diagram

As shown in Figure 16-5, the new switch, SwitchB, is connected to its upstream device, SwitchA, through two links. When SwitchB and SwitchA negotiate the PnP VLAN, if SwitchA is enabled to inform its downstream device of the need to establish an Eth-Trunk, SwitchB adds two links to the Eth-Trunk and sets the Eth-Trunk mode based on whether the Eth-Trunk mode of SwitchA is LACP.

The auto-negotiated Eth-Trunk can only be Eth-Trunk0, which is reserved on iMaster NCE-Campus and cannot be used by other services.

Precautions

  • Running this command on uplink interfaces is not recommended, as it will cause connection failures.
  • Only the following configurations are allowed on the physical uplink port of the downstream device when this port is added to Eth-Trunk 0 through auto-negotiation. If any other configurations exist on the physical uplink port, it cannot be automatically added to Eth-Trunk 0.
    • trust dscp
    • port link-type trunk
    • description description
  • After a switch registers with iMaster NCE-Campus, you are advised to fix the auto-negotiated Eth-Trunk through iMaster NCE-Campus. This prevents the configuration from becoming invalid after the switch goes offline from the controller.

Example

# Enable the function of transmitting the flag indicating whether to establish an Eth-Trunk to downstream devices.

<HUAWEI> system-view
[HUAWEI] interface eth-trunk 1
[HUAWEI-Eth-Trunk1] pnp startup-link-aggregation enable

pnp startup-link-aggregation receive enable

Function

The pnp startup-link-aggregation receive enable command enables Eth-Trunk auto-negotiation.

The undo pnp startup-link-aggregation receive enable command disables Eth-Trunk auto-negotiation.

By default, Eth-Trunk auto-negotiation is enabled.

Format

pnp startup-link-aggregation receive enable

undo pnp startup-link-aggregation receive enable

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When a device goes online through a negotiated PnP VLAN and the network of the upstream device becomes stable, you can run the undo pnp startup-link-aggregation receive enable command on the downstream device to disable Eth-Trunk auto-negotiation. Then, the device will not accept new Eth-Trunk auto-negotiation requests. In this way, the configuration of Eth-Trunk 0 and its member interfaces remain unchanged, preventing flapping of the upstream device from affecting local services. If Eth-Trunk auto-negotiation is not disabled, the connection between the device and controller will be unstable when Eth-Trunk members are added or deleted.

Precautions

After Eth-Trunk auto-negotiation is disabled, if the networking mode of the upstream device changes, you need to enable Eth-Trunk auto-negotiation again.

Example

# Disable Eth-Trunk auto-negotiation.

<HUAWEI> system-view
[HUAWEI] undo pnp startup-link-aggregation receive enable

pnp startup-vlan

Function

The pnp startup-vlan command configures a wired PnP VLAN ID for wired devices.

The undo pnp startup-vlan command deletes a wired PnP VLAN ID.

By default, no wired PnP VLAN ID is configured on a switch.

Format

pnp startup-vlan vlan-id

undo pnp startup-vlan vlan-id

Parameters

Parameter Description Value

vlan-id

Specifies a wired PnP VLAN ID.

The value is an integer in the range 1 to 4094.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

There are two types of PnP VLANs: wired and wireless PnP VLANs. Switches obtain management IP addresses through the wired PnP VLAN. When a switch has APs connected, the switch automatically changes the PVID of interfaces connected to the APs to the wireless PnP VLAN ID. For switches, PnP VLAN negotiation involves both wired and wireless PnP VLANs. The PnP VLAN applies to the following scenarios:

  • Scenario 1: All switches on a CloudCampus network can be managed by iMaster NCE-Campus.

    On the CloudCampus network shown in Figure 16-6, SwitchA and SwitchB are both switches. SwitchB is newly connected to the network when the VLAN for the IP address pool of the DHCP server is not VLAN 1. After SwitchB is connected to the network, by default, it uses the management VLAN 1 to send a request packet to the DHCP server to obtain the NETCONF enabling configuration, IP address, and information of iMaster NCE-Campus. However, SwitchB fails to obtain the information because the VLAN for the IP address pool of the DHCP server is not VLAN 1.
    Figure 16-6 CloudCampus networking

    To address the problem, configure PnP VLAN auto-negotiation on SwitchA. After SwitchB starts, SwitchA transmits the PnP VLAN ID to SwitchB through PnP VLAN auto-negotiation, so that SwitchB can use the PnP VLAN to obtain related information from the DHCP server.

    SwitchA can transmit the PnP VLAN ID to SwitchB only when SwitchA meets the following conditions:
    • SwitchA has registered with iMaster NCE-Campus successfully.
    • iMaster NCE-Campus has delivered a PnP VLAN ID to SwitchA, and the configuration file contains the pnp startup-vlan vlan-id command or SwitchA has negotiated a PnP VLAN ID with its upstream device.
    • iMaster NCE-Campus has delivered the function of transmitting the PnP VLAN ID to the downstream device to SwitchA, and the configuration file contains the pnp startup-vlan send enable command.
    • SwitchA is enabled to send LLDPDUs containing PnP VLAN information to its downstream device. This function is enabled by default. If the configuration file contains the undo lldp tlv-enable legacy-tlv pnp startup-vlan or undo lldp tlv-enable legacy-tlv pnp all command, the function of sending LLDPDUs containing the PnP VLAN ID to the downstream device is disabled. You can enable the function on iMaster NCE-Campus.

    SwitchB can obtain the PnP VLAN ID transmitted by SwitchA only after SwitchB is enabled to receive the PnP VLAN negotiation packets sent by its upstream device. This function is enabled by default. If the configuration file contains the undo pnp startup-vlan receive enable command, the function of receiving the PnP VLAN negotiation packets sent by the upstream device is disabled. You can enable the function on iMaster NCE-Campus.

    The function of transmitting the PnP VLAN ID to the downstream device and the PnP VLAN ID can be preconfigured on iMaster NCE-Campus and delivered to a switch after the switch has registered with iMaster NCE-Campus.

  • Scenario 2: On a CloudCampus network, some switches cannot be managed by iMaster NCE-Campus.

    On the CloudCampus network shown in Figure 16-7, the access and aggregation switches can be managed by iMaster NCE-Campus. The core switch is not managed by iMaster NCE-Campus. When the management VLAN is changed on iMaster NCE-Campus from VLAN 1 (default) to VLAN 2, the core switch needs to notify its downstream switches of the new management VLAN ID.
    Figure 16-7 CloudCampus networking
    Configure PnP VLAN auto-negotiation on the core switch so that the core switch can notify its downstream switches of the new management VLAN ID. This process consists of the following operations:
    • Run the pnp startup-vlan command to configure a PnP VLAN ID.
    • Run the pnp startup-vlan send enable command to enable the switch to transmit the PnP VLAN ID to its downstream devices.
    • Run the lldp tlv-enable legacy-tlv pnp all command to enable the device to send LLDPDUs containing PnP information to its downstream devices. This function is enabled by default. LLDPDUs carry PnP information, including the PnP VLAN ID, Eth-Trunk enabling flag, LACP mode flag, and device type.
    • If the core switch and the aggregation switches are connected through Eth-Trunks, you also need to run the pnp startup-link-aggregation enable command to enable the function of notifying downstream devices of the need to establish an Eth-Trunk. After the command is run, the downstream devices will automatically add interfaces to Eth-Trunks based on the negotiation. LLDPDUs carry the Eth-Trunk enabling flag and LACP mode flag.

  • Scenario 3: Zero-touch deployment using EasyDeploy

    In Figure 16-8, when EasyDeploy is used for zero touch deployment, the Commander needs to notify a client of the new VLAN ID if the Commander does not use VLAN 1 to communicate with the client.
    Figure 16-8 EasyDeploy networking diagram
  • Configure PnP VLAN auto-negotiation on the Commander to enable the Commander to notify clients of the new VLAN ID. This process consists of the following operations:
    • Run the pnp startup-vlan command to configure a PnP VLAN ID.
    • Run the pnp startup-vlan send enable command to enable the switch to transmit the PnP VLAN ID to its downstream devices.
    • Run the lldp tlv-enable legacy-tlv pnp all command to enable the device to send LLDPDUs containing PnP information to its downstream devices. This function is enabled by default. LLDPDUs carry PnP information, including the PnP VLAN ID, Eth-Trunk enabling flag, LACP mode flag, and device type.
    • If the core switch and the aggregation switches are connected through Eth-Trunks, you also need to run the pnp startup-link-aggregation enable command to enable the function of notifying downstream devices of the need to establish an Eth-Trunk. After the command is run, the downstream devices will automatically add interfaces to Eth-Trunks based on the negotiation. LLDPDUs carry the Eth-Trunk enabling flag and LACP mode flag.

Precautions

  • If the management VLAN of a switch is set to VLAN 1 through iMaster NCE-Campus or a command, the switch automatically goes online in the PNP VLAN. If the management VLAN configured through iMaster NCE-Campus or a command is not VLAN 1, the switch uses the management VLAN to send a request to the DHCP server. Even if the request fails, the switch does not use the PNP VLAN to send a request to the DHCP server. Therefore, ensure that the switch can communicate with the DHCP server through the management VLAN. Otherwise, the switch cannot go online.
  • The wired PnP VLAN must have been created and cannot be the reserved VLAN of a stack, the control VLAN of RRPP/ERPS/SEP or the management VLAN of a CAPWAP tunnel in an SVF system.
  • The wired and wireless PnP VLANs can be the same or different.
  • If a wired PnP VLAN is configured and no wireless PnP VLAN is configured (using the pnp wireless startup-vlan command), the PVID of the interface connecting the switch to an AP is changed to the wired PnP VLAN.

Example

# Configure the PnP VLAN ID.

<HUAWEI> system-view
[HUAWEI] pnp startup-vlan 2

pnp wireless startup-vlan

Function

The pnp wireless startup-vlan command configures a wireless PnP VLAN ID for APs.

The undo pnp wireless startup-vlan command deletes a wireless PnP VLAN ID.

By default, no wireless PnP VLAN ID is configured on a switch.

Format

pnp wireless startup-vlan vlan-id

undo pnp wireless startup-vlan vlan-id

Parameters

Parameter Description Value

vlan-id

Specifies a wireless PnP VLAN ID.

The value is an integer in the range 1 to 4094.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

On a smart campus network, wired devices (such as switches) and wireless devices (such as APs) can use different management VLANs to facilitate maintenance and management. The wired and wireless devices can obtain management VLANs through the wired and wireless PnP VLANs, respectively.

  • When all devices on the network can be managed by iMaster NCE-Campus, you can pre-configure wired and wireless PnP VLANs on iMaster NCE-Campus. After switches successfully register with iMaster NCE-Campus, iMaster NCE-Campus automatically delivers the wired and wireless PnP VLANs to the switches. When a switch identifies that the downstream device is an AP, it automatically changes the PVID of the interface connected to the AP to the wireless PnP VLAN ID and add the interface to the wireless PnP VLAN ID .
  • If some switches on the network cannot be managed by iMaster NCE-Campus, you can manually configure wired and wireless PnP VLANs on these switches, which will deliver the PnP VLANs to downstream devices.
The device can obtain a wireless PnP VLAN in multiple ways. A wireless PnP VLAN configured using a command takes precedence over that negotiated with the upstream device. If no wireless PnP VLAN is specified or negotiated with the upstream devices, a wired PnP VLAN is used as a wireless PnP VLAN. To be specific, the device determines the PnP VLAN to be used as the wireless PnP VLAN in descending order of priority as follows:
  1. Wireless PnP VLAN configured using the pnp wireless startup-vlan command
  2. Wired PnP VLAN configured using the pnp startup-vlan command
  3. Wireless PNP VLAN negotiated with the upstream device
  4. Wired PnP VLAN negotiated with the upstream device

Precautions

  • The VLAN used as the wireless PnP VLAN must have been created and cannot be the reserved VLAN of a stack, the control VLAN of RRPP/ERPS/SEP, or the management VLAN of a CAPWAP tunnel in an SVF system.
  • The wired and wireless PnP VLANs can be the same or different.
  • When a switch identifies that the downstream device is an AP, the switch adds the interconnection interface to the PnP VLAN. However, no corresponding configuration is added to the configuration file, and this interface cannot be removed from the PnP VLAN by manually adding the interface to the PnP VLAN and then removing the interface from the PnP VLAN.
  • If a wired PnP VLAN is configured and no wireless PnP VLAN is configured (using the pnp wireless startup-vlan command), the PVID of the interface connecting the switch to an AP is changed to the wired PnP VLAN.

Example

# Configure a wireless PnP VLAN ID.

<HUAWEI> system-view
[HUAWEI] pnp wireless startup-vlan 2

pnp startup-vlan receive enable

Function

The pnp startup-vlan receive enable command enables a switch to receive the PnP VLAN negotiation packets sent by its upstream device.

The undo pnp startup-vlan receive enable command disables a switch from receiving the PnP VLAN negotiation packets sent by its upstream device.

By default, a switch is enabled to receive the PnP VLAN negotiation packets from its upstream device.

Format

pnp startup-vlan receive enable

undo pnp startup-vlan receive enable

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

On a campus network shown in Figure 16-9, the VLAN for the IP address pool of the DHCP server is not VLAN 1 and SwitchB is newly connected to the network. After SwitchB is connected to the network, it uses the management VLAN 1 to send a request packet to the DHCP server to obtain the NETCONF enabling configuration, IP address, and information of controller. The VLAN for the IP address pool of the DHCP server is not VLAN 1. As a result, SwitchB cannot obtain the related information.

Figure 16-9 Campus network diagram

To address the problem, configure PnP VLAN auto-negotiation on SwitchA. After SwitchB starts, SwitchA transmits the PnP VLAN ID to SwitchB through PnP VLAN auto-negotiation, so that SwitchB can use the PnP VLAN to obtain the related information from the DHCP server.

SwitchA can transmit the PnP VLAN ID to SwitchB only when SwitchA meets the following conditions:
  • If NETCONF is enabled on SwitchA:
    • SwitchA has registered with iMaster NCE-Campus successfully.
    • iMaster NCE-Campus has delivered a PnP VLAN ID to SwitchA, and the configuration file contains the pnp startup-vlan vlan-id command or SwitchA has negotiated a PnP VLAN ID with its upstream device.
    • iMaster NCE-Campus has delivered to SwitchA the function of transmitting the PnP VLAN ID to its downstream device, and the configuration file contains the pnp startup-vlan send enable command.
    • SwitchA is enabled to send LLDP packets containing PnP VLAN information to its downstream device. This function is enabled by default. If the configuration file contains the undo lldp tlv-enable legacy-tlv pnp startup-vlan command, the function of sending LLDP packets containing the PnP VLAN ID to the downstream device is disabled. You can enable the function on iMaster NCE-Campus.
  • If NETCONF is not enabled on SwitchA:
    • SwitchA has a PnP VLAN ID configured using the pnp startup-vlan vlan-id command.
    • The pnp startup-vlan send enable command has been configured on SwitchA to transmit PnP VLAN information to its downstream device.
    • SwitchA is enabled to send LLDP packets containing PnP VLAN information to its downstream device. This function is enabled by default. If the configuration file contains the undo lldp tlv-enable legacy-tlv pnp startup-vlan command, the function of sending LLDP packets containing the PnP VLAN ID to the downstream device is disabled. You can run the lldp tlv-enable legacy-tlv pnp startup-vlan command to enable this function.

SwitchB can obtain the PnP VLAN ID transmitted by SwitchA only after SwitchB is enabled to receive the PnP VLAN negotiation packets sent by its upstream device. This function is enabled by default. If the configuration file contains the undo pnp startup-vlan receive enable command, the function of receiving the PnP VLAN negotiation packets sent by the upstream device is disabled. You can enable the function by running pnp startup-vlan receive enable command.

The function of transmitting the PnP VLAN ID to the downstream device and the PnP VLAN ID can be preconfigured on controller and delivered to a switch after the switch has registered with controller. If the switch does not register with controller, perform preconfiguration on the switch.

Example

# Enable the downstream device to receive the PnP VLAN negotiation packets sent by the upstream device.

<HUAWEI> system-view
[HUAWEI] pnp startup-vlan receive enable

pnp startup-vlan send enable

Function

The pnp startup-vlan send enable command enables the device to transmit the PnP VLAN ID to its downstream device.

The undo pnp startup-vlan send enable command disables the device from transmitting the PnP VLAN ID to its downstream device.

By default, a switch does not transmit the PnP VLAN ID to its downstream device.

Format

pnp startup-vlan send enable

undo pnp startup-vlan send enable

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

  • Scenario 1: All switches on a CloudCampus network can be managed by iMaster NCE-Campus.

    On the CloudCampus network shown in Figure 16-10, SwitchA and SwitchB are both switches. SwitchB is newly connected to the network when the VLAN for the IP address pool of the DHCP server is not VLAN 1. After SwitchB is connected to the network, by default, it uses the management VLAN 1 to send a request packet to the DHCP server to obtain the NETCONF enabling configuration, IP address, and information of iMaster NCE-Campus. However, SwitchB fails to obtain the information because the VLAN for the IP address pool of the DHCP server is not VLAN 1.
    Figure 16-10 CloudCampus networking

    To address the problem, configure PnP VLAN auto-negotiation on SwitchA. After SwitchB starts, SwitchA transmits the PnP VLAN ID to SwitchB through PnP VLAN auto-negotiation, so that SwitchB can use the PnP VLAN to obtain related information from the DHCP server.

    SwitchA can transmit the PnP VLAN ID to SwitchB only when SwitchA meets the following conditions:
    • SwitchA has registered with iMaster NCE-Campus successfully.
    • iMaster NCE-Campus has delivered a PnP VLAN ID to SwitchA, and the configuration file contains the pnp startup-vlan vlan-id command or SwitchA has negotiated a PnP VLAN ID with its upstream device.
    • iMaster NCE-Campus has delivered the function of transmitting the PnP VLAN ID to the downstream device to SwitchA, and the configuration file contains the pnp startup-vlan send enable command.
    • SwitchA is enabled to send LLDPDUs containing PnP VLAN information to its downstream device. This function is enabled by default. If the configuration file contains the undo lldp tlv-enable legacy-tlv pnp startup-vlan or undo lldp tlv-enable legacy-tlv pnp all command, the function of sending LLDPDUs containing the PnP VLAN ID to the downstream device is disabled. You can enable the function on iMaster NCE-Campus.

    SwitchB can obtain the PnP VLAN ID transmitted by SwitchA only after SwitchB is enabled to receive the PnP VLAN negotiation packets sent by its upstream device. This function is enabled by default. If the configuration file contains the undo pnp startup-vlan receive enable command, the function of receiving the PnP VLAN negotiation packets sent by the upstream device is disabled. You can enable the function on iMaster NCE-Campus.

    The function of transmitting the PnP VLAN ID to the downstream device and the PnP VLAN ID can be preconfigured on iMaster NCE-Campus and delivered to a switch after the switch has registered with iMaster NCE-Campus.

  • Scenario 2: On a CloudCampus network, some switches cannot be managed by iMaster NCE-Campus.

    On the CloudCampus network shown in Figure 16-11, the access and aggregation switches can be managed by iMaster NCE-Campus. The core switch is not managed by iMaster NCE-Campus. When the management VLAN is changed on iMaster NCE-Campus from VLAN 1 (default) to VLAN 2, the core switch needs to notify its downstream switches of the new management VLAN ID.
    Figure 16-11 CloudCampus networking
    Configure PnP VLAN auto-negotiation on the core switch so that the core switch can notify its downstream switches of the new management VLAN ID. This process consists of the following operations:
    • Run the pnp startup-vlan command to configure a PnP VLAN ID.
    • Run the pnp startup-vlan send enable command to enable the switch to transmit the PnP VLAN ID to its downstream devices.
    • Run the lldp tlv-enable legacy-tlv pnp all command to enable the device to send LLDPDUs containing PnP information to its downstream devices. This function is enabled by default. LLDPDUs carry PnP information, including the PnP VLAN ID, Eth-Trunk enabling flag, LACP mode flag, and device type.
    • If the core switch and the aggregation switches are connected through Eth-Trunks, you also need to run the pnp startup-link-aggregation enable command to enable the function of notifying downstream devices of the need to establish an Eth-Trunk. After the command is run, the downstream devices will automatically add interfaces to Eth-Trunks based on the negotiation. LLDPDUs carry the Eth-Trunk enabling flag and LACP mode flag.

  • Scenario 3: Zero-touch deployment using EasyDeploy

    In Figure 16-12, when EasyDeploy is used for zero touch deployment, the Commander needs to notify a client of the new VLAN ID if the Commander does not use VLAN 1 to communicate with the client.
    Figure 16-12 EasyDeploy networking diagram
  • Configure PnP VLAN auto-negotiation on the Commander to enable the Commander to notify clients of the new VLAN ID. This process consists of the following operations:
    • Run the pnp startup-vlan command to configure a PnP VLAN ID.
    • Run the pnp startup-vlan send enable command to enable the switch to transmit the PnP VLAN ID to its downstream devices.
    • Run the lldp tlv-enable legacy-tlv pnp all command to enable the device to send LLDPDUs containing PnP information to its downstream devices. This function is enabled by default. LLDPDUs carry PnP information, including the PnP VLAN ID, Eth-Trunk enabling flag, LACP mode flag, and device type.
    • If the core switch and the aggregation switches are connected through Eth-Trunks, you also need to run the pnp startup-link-aggregation enable command to enable the function of notifying downstream devices of the need to establish an Eth-Trunk. After the command is run, the downstream devices will automatically add interfaces to Eth-Trunks based on the negotiation. LLDPDUs carry the Eth-Trunk enabling flag and LACP mode flag.

Example

# Enable a switch to transmit the PnP VLAN ID to its downstream devices.

<HUAWEI> system-view
[HUAWEI] pnp startup-vlan send enable

redirected-controller backup ip-address

Function

The redirected-controller backup ip-address command configures the redirected IP address and port number of the standby iMaster NCE-Campus.

The undo redirected-controller backup ip-address command deletes the redirected IP address and port number of the standby iMaster NCE-Campus.

By default, no redirected IP address and port number of the standby iMaster NCE-Campus are configured on a switch.

Format

redirected-controller backup ip-address ip-address port port-number

undo redirected-controller backup ip-address

Parameters

Parameter Description Value

ip-address

Specifies a redirected IP address.

The value is in dotted decimal notation.

port port-number

Specifies a redirected port number.

The value is an integer in the range 1 to 65535.

Views

NETCONF view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

Assume that a switch has successfully registered with iMaster NCE-Campus through DHCP. After a restart, the switch will use DHCP to obtain the IP address of iMaster NCE-Campus for registration. If you want the switch to use the IP address already obtained during the previous registration, fix the IP address on iMaster NCE-Campus. Then, iMaster NCE-Campus delivers this command to the switch, and the switch executes this command to save the IP address of iMaster NCE-Campus.

Precautions

  • After a restart, the switch can obtain the address of iMaster NCE-Campus using different methods (listed in descending order of priority): configured in the callhome template view on the switch, from the redirection information of iMaster NCE-Campus configured on the switch, through DHCP, using commands, or in the registration query center.
  • When the following conditions are met, a switch regenerate the redirection configuration command: (1) iMaster NCE-Campus delivers redirection information to the switch to fix the IP address of iMaster NCE-Campus on the switch; (2) the undo redirected-controller backup ip-address command is run on the switch to delete redirection information ; (3) the configuration is saved and the switch is restarted.

Example

# Configure the redirected IP address and port number of the standby iMaster NCE-Campus on a switch.

<HUAWEI> system-view
[HUAWEI] netconf
[HUAWEI-netconf] redirected-controller backup ip-address 10.1.1.2 port 10020

redirected-controller ip-address

Function

The redirected-controller ip-address command configures the redirection IP address and port number of iMaster NCE-Campus.

The undo redirected-controller ip-address command deletes the redirection IP address and port number of iMaster NCE-Campus.

By default, no redirection IP address and port number are configured for iMaster NCE-Campus on a switch.

Format

redirected-controller ip-address ip-address port port-number

undo redirected-controller ip-address

Parameters

Parameter Description Value

ip-address

Specifies the redirection IP address.

The value is in dotted decimal notation.

port port-number

Specifies the redirection port number.

The value is an integer in the range 1 to 65535.

Views

NETCONF view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

Assume that a switch has successfully registered with iMaster NCE-Campus through DHCP. After a restart, the switch will use DHCP to obtain the IP address of iMaster NCE-Campus for registration. If you want the switch to use the IP address already obtained during the previous registration, fix the IP address on iMaster NCE-Campus. Then, iMaster NCE-Campus delivers this command to the switch, and the switch executes this command to save the IP address of iMaster NCE-Campus.

Precautions

  • After a restart, the switch can obtain the address of iMaster NCE-Campus using different methods (listed in descending order of priority): configured in the callhome template view on the switch, from the redirection information of iMaster NCE-Campus configured on the switch, through DHCP, using commands, or in the registration query center.
  • When the following conditions are met, a switch regenerate the redirection configuration command: (1) iMaster NCE-Campus delivers redirection information to the switch to fix the IP address of iMaster NCE-Campus on the switch; (2) the undo redirected-controller ip-address command is run on the switch to delete redirection information ; (3) the configuration is saved and the switch is restarted.

Example

# Configure the redirection IP address and port number of iMaster NCE-Campus on the switch.

<HUAWEI> system-view
[HUAWEI] netconf
[HUAWEI-netconf] redirected-controller ip-address 10.1.1.2 port 10020

reset cloud-mng work-mode

Function

The reset cloud-mng work-mode command clears the cloud-based management flag in the flash memory of a switch.

Format

reset cloud-mng work-mode

Parameters

None

Views

All views

Default Level

3: Management level

Usage Guidelines

Since V200R019C00, you no longer need to change the working mode of a switch to cloud-mng to implement cloud-based management. Instead, you can enable NETCONF on the switch to implement cloud-based management. However, after a switch working in cloud-mng mode is upgraded from an earlier version to V200R019C10 or a later version, the cloud-based management flag still exists in the flash memory of the switch. As a result, the LNP, VCMP, and OPS functions do not take effect.

To resolve this problem, run the reset cloud-mng work-mode command to clear the cloud-based management flag in the flash memory of the switch.

  • When you run the undo netconf command on a switch that originally worked in cloud-mng mode before the upgrade, the following message is displayed to prompt you to run the reset cloud-mng work-mode command to restore the LNP, VCMP, and OPS functions:
    Info: After the device is upgraded in cloud management mode, execute 'reset cloud-mng work-mode' to restore the LNP, VCMP, and OPS functions.

    When you run the reset cloud-mng work-mode command, the switch displays the following message indicating that this operation will delete the saved configuration and the device will restart. Exercise caution when performing this operation.

    Warning: The action will delete the saved configuration and reboot. Continue? [Y/N]:
  • When you run the reset cloud-mng work-mode command on a switch that did not work in cloud-mng mode before the upgrade, the following message is displayed indicating that this operation is not required:
    Info: Current status is not upgrade from Cloud-mng mode.

Example

# Clear the cloud-based management flag in the flash memory of a switch.

<HUAWEI> reset cloud-mng work-mode

reset netconf db-configuration

Function

The reset netconf db-configuration command clears the database configuration.

Format

reset netconf db-configuration

Parameters

None

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

To stop providing network services, run the reset netconf db-configuration command to clear all database configuration.

Precautions

After the reset netconf db-configuration or reset saved-configuration command is run, the assign trunk command configuration is cleared, that is, the default configuration is restored.

After the reset netconf db-configuration command is executed, the system asks whether you want to restart the switch. If you enter Y, the switch restarts and clears all the database and configuration file information. Confirm your action.

Example

# Clear the database configuration on a switch.

<HUAWEI> system-view
[HUAWEI] reset netconf db-configuration
Warning: This operation will clear the database and saved configuration and restart the device. Continue? [Y/N]:

reset netconf register-fail-record

Function

The reset netconf register-fail-record command clears records about failed registrations with iMaster NCE-Campus.

Format

reset netconf register-fail-record

Parameters

None

Views

All views

Default Level

3: Management level

Usage Guidelines

You can run the reset netconf register-fail-record command to clear records about failed registries with iMaster NCE-Campus. Confirm the action before running this command.

Example

# Clear records about failed registrations with iMaster NCE-Campus.

<HUAWEI> reset netconf register-fail-record
Warning: This command will clear the registration failures. Continue? [Y/N]: y

{ rsa | dsa } local-key-pair create (NETCONF view)

Function

The { rsa | dsa } local-key-pair create command creates a local RSA or DSA key pair.

Format

{ rsa | dsa } local-key-pair create

Parameters

Parameter Description Value

rsa

Creates a local RSA key pair.

-

dsa

Creates a local DSA key pair.

-

Views

NETCONF view

Default Level

3: Management level

Usage Guidelines

You can run this command to create a local RSA or DSA key pair. If the local RSA or DSA key pair already exists, the system displays a message asking you whether to create a new one.

Example

# Create a local DSA key pair.

<HUAWEI> system-view
[HUAWEI] netconf
[HUAWEI-netconf] dsa local-key-pair create

set netconf db-configuration-file

Function

The set netconf db-configuration-file command configures a NETCONF database file used by the system.

This command is supported only in scenarios where the device is registered with iMaster NCE-Campus.

Format

set netconf db-configuration-file database-file

Parameters

Parameter

Description

Value

database-file

Specifies a database file. The file must already exist.

NOTE:

You must specify a database file in the flash:/ directory on the active device.

The value is a string of 5 to 64 characters in the format of [ drive-name ][ file-name ]. It cannot contain spaces.

  • If drive-name is not specified, the default flash memory name is used.
  • The value of file-name cannot contain special characters including | ; & $ < > ' ! \ and must use .rdb as the file name extension.

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

If the database file is abnormal due to misoperations or system exceptions, you can run the set netconf db-configuration-file command to manually specify a valid database file. To view the currently effective database file, run the display netconf configuration command.

When you run this command, the system displays a message indicating that the device will be disconnected from iMaster NCE-Campus for a short period of time. After you enter Y, the device is disconnected for a short period of time and then reconnects to iMaster NCE-Campus. Therefore, exercise caution when running this command.

Prerequisites

The configurations in the database file must be the same as those in the configuration file. Therefore, before running this command, configure the corresponding configuration file and make it take effect by using one of the following methods:
  • Run the startup saved-configuration command to configure the configuration file used by the system, and then restart the system for the configuration file to take effect. You are advised to use the backup configuration file in the backup directory.
  • Manually supplement configurations in the configuration file and make the configurations take effect.

Precautions

  • When you run this command to configure a database file, the system checks the file content. If the file content is invalid, the command configuration fails and the configurations in the configuration file may be lost. To ensure validity of the database file, you are advised to use the backup database file.
  • The database file specified in this command cannot exceed 30 MB or be named startup.rdb. Otherwise, the configuration fails.
  • This command cannot be executed repeatedly in a short period of time.

Example

# Specify 2022-06-23_startup.rdb as the system datastore file.

<HUAWEI> set netconf db-configuration-file configbackup/2022-06-23_startup.rdb
Warning: Configure the corresponding CFG file first. This operation will activate the database configuration file and make the device go offline for a short period of time, Continue? [Y/N]:y                                                                          
Info: The operation is in progress. Please wait........................Done.

source ip

Function

The source ip command configures the IPv4 address and port number used by a switch to communicate with the NMS through NETCONF.

The undo source ip command deletes the IPv4 address and port number used by a switch to communicate with the NMS through NETCONF.

By default, no IPv4 address and port number are configured for a switch to communicate with the NMS through NETCONF.

Format

source ip { ip-address | interface interface-type interface-number } [ vpn-instance vpn-instance-name ] [ port port-number ]

undo source ip

Parameters

Parameter Description Value

ip-address

Specifies the IPv4 address of a switch.

The value is in dotted decimal notation.

vpn-instance vpn-instance-name

Specifies the name of a VPN instance to which the IPv4 address or interface of the switch belongs.

The value must be an existing VPN instance name.

interface interface-type interface-number

Specifies the interface to which the IPv4 address used by the switch belongs.
The interface must be an existing Layer 3 interface on the switch.
  • interface-type specifies the interface type.
  • interface-number specifies the interface number.

port port-number
  • This parameter is the port number used by the switch in NETCONF over SSH Callhome mode.
  • This parameter is the port number used by both the switch and NMS in NETCONF over SSH mode.

The value is 830 or an integer in the range 55552 to 55807. The default value is 830.

Views

NETCONF view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

If the NMS needs to configure and manage a switch using NETCONF, run the source ip command to configure the IPv4 address and port number used by the switch to communicate with the NMS, regardless of whether the NETCONF over SSH or NETCONF over SSH Callhome mode is used.

Precautions
  • You cannot run this command if you have run the source ip-address command in the SMI view to configure the IPv4 address used by the switch to communicate with an NMS (for example, iMaster NCE-CampusInsight).
  • When you run the source ip command to configure or change the port number for IPv4 communication between the switch and NMS, the port number for IPv6 communication between the two systems configured using the source ipv6-address command will be changed accordingly.
  • Changing the IPv4 address or port number will cause communication interruption between the switch and NMS.

Example

# Set the IPv4 address and port number used by the switch to communicate with the NMS through NETCONF to 10.1.1.1 and 55555, respectively.

<HUAWEI> system-view
[HUAWEI] netconf
[HUAWEI-netconf] source ip 10.1.1.1 port 55555

source ipv6-address

Function

The source ipv6-address command configures the IPv6 address and port number used by a switch to communicate with the NMS through NETCONF.

The undo source ipv6-address command deletes the IPv6 address and port number used by a switch to communicate with the NMS through NETCONF.

By default, no IPv6 address and port number are configured for a switch to communicate with the NMS using NETCONF.

Format

source ipv6-address { ipv6-address | interface interface-type interface-number } [ vpn-instance vpn-instance-name ] [ port port-number ]

undo source ipv6-address

Parameters

Parameter Description Value

ipv6-address

Specifies the IPv6 address of a switch.

The total length of the value is 128 bits, which are divided into eight groups. Each group contains four hexadecimal digits. The value is in the format of X:X:X:X:X:X:X:X.

vpn-instance vpn-instance-name

Specifies the name of a VPN instance to which the IPv6 address or interface of the switch belongs.

The value must be an existing VPN instance name.

interface interface-type interface-number

Specifies the interface to which the IPv6 address used by the switch belongs.
The interface must be an existing Layer 3 interface on the switch.
  • interface-type specifies the interface type.
  • interface-number specifies the interface number.

port port-number

Specifies the port number used by the switch and NMS.

The value is 830 or an integer in the range 55552 to 55807. The default value is 830.

Views

NETCONF view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

If the NMS needs to configure and manage a switch using an IPv6 address in NETCONF over SSH mode, run the source ipv6-address command to configure the IPv6 address and port number of the switch.

Precautions

When you run the source ipv6-address command to configure or change the port number for IPv6 communication between the switch and NMS, the port number for IPv4 communication between the two systems configured using the source ip command will be changed accordingly.

Changing the IPv6 address or port number will cause communication interruption between the switch and NMS.

Example

# Set the IPv6 address and port number used by the switch to communicate with the NMS through NETCONF to FC00::1 and 55555, respectively.

<HUAWEI> system-view
[HUAWEI] netconf
[HUAWEI-netconf] source ipv6-address FC00::1 port 55555

user assign { rsa | dsa } public-key

Function

The user user-name assign { rsa | dsa } public-key public-key-name command assigns an existing RSA or DSA public key to a specified user.

The undo user user-name assign { rsa | dsa } public-key command deletes the mapping between a user and an RSA or DSA public key.

By default, no RSA or DSA public key is assigned to a user.

Format

user user-name assign { rsa | dsa } public-key public-key-name

undo user user-name assign { rsa | dsa } public-key

Parameters

Parameter Description Value

user-name

Specifies a NETCONF user name.

The value is a string of 1 to 25 case-insensitive characters without spaces.

NOTE:

If the string is enclosed in quotation marks, the string can contain spaces.

rsa

Assigns an RSA public key to a specified user.

-

dsa

Assigns a DSA public key to a specified user.

-

public-key-name

Specifies the name of an RSA or DSA public key.

The value is a string of 1 to 30 case-insensitive characters without spaces.

NOTE:

If the string is enclosed in double quotation marks ("), the string can contain spaces.

Views

NETCONF view

Default Level

3: Management level

Usage Guidelines

When a controller acting as a NETCONF client needs to log in to the switch acting as the NETCONF server in RSA or DSA mode, you can run this command to assign an RSA or DSA public key to a specified user. If multiple public keys are assigned to a user, the last assigned public key takes effect.

Example

# Assign the DSA public key key1 to the NETCONF user named test123.

<HUAWEI> system-view
[HUAWEI] netconf
[HUAWEI-netconf] user test123 assign dsa public-key key1
Translation
Favorite
Download
Update Date:2025-05-27
Document ID:EDOC1100325914
Views:823976
Downloads:918
Average rating:0.0Points

Related Documents

Digital Signature File

digtal sigature tool