No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade
MENU
Knowledge Base

FAQ-How to configure NAT mapping to access eSight

Publication Date:  2018-04-30  |   Views:  1044  |   Downloads:  0  |   Author:  l00509359  |   Document ID:  EKB1001542788

Contents
Issue Description Solution

Issue Description

How to configure NAT mapping to access eSight?

Solution

modify the eSight side 

Open the default ssoclient.xml file of eSight (take eSight Solution V300R005C00 for example)

 <?xml version="1.0" encoding="UTF-8" standalone="no"?>

<config name="oms">

    <!-- Single Sign On -->

    <config name="sso">

        <config name="client">

            <param name="enabled">true</param>

            <param name="isLocalsso">true</param>

        </config>

        <config name="servers">

            <config name="upper_layer_server">

                <param name="name">192.168.3.10:8087</param>

                <param name="public">https://192.168.3.10:31942/sso</param>

                <param name="private">http://192.168.3.10:8087/sso</param>

                <param name="logout">https://192.168.3.10:31942/sso/logout</param>

            </config>

            <config name="server">

                <param name="name">192.168.3.10:8087</param>

                <param name="public">https://192.168.3.10:31942/sso</param>

                <param name="private">http://192.168.3.10:8087/sso</param>

                <param name="logout">https://192.168.3.10:31942/sso/logout</param>

            </config>

        </config>

    </config>

</config>

1)from the content <param name= "enabled" >true</param> you can see that the SSO feature is open, so you need to configure the ssoclient.xml and sso.xml files when you do NAT mappings to access eSight. 

2)<config name= "upper_layer_server" means eSight supports superior network management configuration, such as no superior network management does not need configuration: 

3)<config name= "server" > eSight lower level network management, please refer to the following steps to modify the NAT mapping eSight access steps:

Modify the lower level network management NAT map to access the eSight step:

1.modify the ssoclient.xml file


File path: AppBase\etc\oms.sso\ssoclient.xml.

To ensure that large and small nets can access eSight after the NAT mapping is completed, a new entry is required.

<config name="server">

    <param name="entryAddressMapping">X.X.X.X</param>

                <param name="name">192.168.3.10:8087</param>

                <param name="public">https://X.X.X.X:31942/sso/</param>

                <param name="private">http://192.168.3.10:8087/sso</param>

                <param name="logout">https://X.X.X.X:31942/sso/logout</param>

            </config>

 

2.modify the sso.xml file 

File path: AppBase\etc\oms.sso\sso.xml. 

Modify the following parameter values:

<param name="client-trusted-ip">10.13X.X4.98,X.X.X.X</param>

3. restart the eSight server.

 

4. The final configuration file is:

 

<?xml version="1.0" encoding="UTF-8" standalone="no"?>

<config name="oms">

    <!-- Single Sign On -->

    <config name="sso">

        <config name="client">

            <param name="enabled">true</param>

            <param name="isLocalsso">true</param>

        </config>

        <config name="servers">

            <config name="upper_layer_server">

                <param name="name">192.168.3.10:8087</param>

                <param name="public">https://192.168.3.10:31942/sso</param>

                <param name="private">http://192.168.3.10:8087/sso</param>

                <param name="logout">https://192.168.3.10:31942/sso/logout</param>

            </config>

            <config name="server">

                <param name="name">192.168.3.10:8087</param>

                <param name="public">https://192.168.3.10:31942/sso</param>

                <param name="private">http://192.168.3.10:8087/sso</param>

                <param name="logout">https://192.168.3.10:31942/sso/logout</param>

            </config>

            <config name="server">

                <param name="entryAddressMapping">X.X.X.X</param>

                <param name="name">192.168.3.10:8087</param>

                <param name="public">https://X.X.X.X:31942/sso/</param>

                <param name="private">http://192.168.3.10:8087/sso</param>

                <param name="logout">https://X.X.X.X:31942/sso/logout</param>

            </config>

        </config>

    </config>

</config>

2.configuring port mapping on a AR like device 

2.1 take AR as an example to configure the port map as follows: 

Nat server protocol TCP global X.X.X.X 31943 inside 192.168.3.10 31943 

Nat server protocol TCP global X.X.X.X 31942 inside 192.168.3.10 31942 

Nat server protocol TCP global X.X.X.X 8080 inside 192.168.3.10 8080 

Feedback
Related resources
Documentation Software Download Bulletins Tools
Related searches
By Author
Help us to improve
Write an article
Enterprise APP

Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.