Configuring Switches to Communicate with iMaster NCE-Campus

Prerequisites

Context

Procedure

1. Switches enable NETCONF and obtain the URL/IP address and port number of iMaster NCE-Campus. This phase can be implemented through DHCP, a registration query center, or manual configuration (using commands or web system).

   
   

   Table 15-11 Methods to enable NETCONF and obtain iMaster NCE-Campus's address information

   Method	Procedure
   Through a DHCP server	Configure Option 148 in the format of option 148 ascii ascii-string on the DHCP server. The value of ascii-string is in the format of agilemode=agile-cloud;agilemanage-mode=ip;agilemanage-domain=ip-address;agilemanage-port=port-number;. The fields are separated by semicolons (;) and end with a semicolon (;). Their meanings are described as follows: agilemode enables NETCONF. agilemanage-mode indicates whether a switch obtains the URL or IP address of iMaster NCE-Campus. agilemanage-mode=domain indicates that the switch obtains the URL, and agilemanage-domain is set to domain-name accordingly. agilemanage-mode=domain indicates that the device obtains the IP address, and agilemanage-domain is set to ip-address accordingly. agilemanage-domain specifies the URL or IP address of iMaster NCE-Campus. agilemanage-port specifies the port number of iMaster NCE-Campus. Perform configurations based on the VLAN for the IP address pool of the DHCP server. When the VLAN for the IP address pool of the DHCP server is not VLAN 1, if the DHCP server does not support the PnP VLAN function, the interface of the root switch connected to the DHCP server must allow packets from the PnP VLAN to pass through. If the DHCP server supports the PnP VLAN function, perform the following configurations: Run system-view The system view is displayed. Run pnp startup-vlan vlan-id The wired PnP VLAN ID is configured. By default, no wired PnP VLAN ID is configured on a switch. Run pnp wireless startup-vlan vlan-id The wireless PnP VLAN ID is configured. By default, no wireless PnP VLAN ID is configured on a switch. Run pnp startup-vlan send enable The switch is enabled to transmit the PnP VLAN ID to its downstream devices. By default, the switch does not transmit the PnP VLAN ID to its downstream device. Run interface interface-type interface-number The Ethernet interface view is displayed. Run lldp tlv-enable legacy-tlv pnp { all | startup-vlan | startup-link-aggregation | device-type } The interface is configured to advertise PnP TLVs. By default, an interface advertises all PnP TLVs. Run quit Exit the Ethernet interface view. (Optional) If switches are connected through an Eth-Trunk, perform the following operations: Run interface eth-trunk trunk-id The Eth-Trunk interface view is displayed. Run pnp startup-link-aggregation enable The switch is enabled to transmit the flag indicating whether to establish an Eth-Trunk to downstream devices. By default, a switch does not inform its downstream device of the need to establish an Eth-Trunk. NOTE: When the networking of the upstream device is stable, you are advised to run the undo pnp startup-link-aggregation receive enable command on the downstream device to disable Eth-Trunk auto-negotiation to prevent flapping of the upstream device from affecting local services. By default, Eth-Trunk auto-negotiation is enabled. When the VLAN for the IP address pool of the DHCP server is VLAN 1, perform the following operations: Ensure that switches are unconfigured and have no input on the console port. After these switches are connected to the network, they automatically enable NETCONF and obtain the iMaster NCE-Campus's address information using DHCP.
   Through a registration query center	Import information about each switch, including the ESN and device type, into iMaster NCE-Campus. After the information is imported, iMaster NCE-Campus uploads the device ESNs and corresponding iMaster NCE-Campus's address information to the registration query center. Ensure that switches are unconfigured and have no input on the console port. Switches are preconfigured with the URL (register.naas.huawei.com) and port number (10020) of the registration query center. After switches are connected to the network, they send requests to the registration query center to automatically enable NETCONF and obtain the iMaster NCE-Campus's address and Bootstrap server's address. If NETCONF has been enabled on a switch but the switch cannot obtain the iMaster NCE-Campus's address information through DHCP or manual configuration, the switch also sends a request to the registration query center to obtain the iMaster NCE-Campus's address and Bootstrap server's address. In this situation, the switch does not need to be unconfigured and can have input on the console port.
   Using commands	Method 1: Run system-view The system view is displayed. Run netconf The NETCONF function is enabled and the NETCONF view is displayed. Run source ip { ip-address | interface interface-type interface-number } [ vpn-instance vpn-instance-name ] [ port port-number ] Or source ipv6-address { ipv6-address | interface interface-type interface-number } [ vpn-instance vpn-instance-name ] [ port port-number ] The IP address and port number used by the switch to communicate with iMaster NCE-Campus using NETCONF are configured. Run callhome callhome-name A callhome template is created and the callhome template view is displayed. Run ip address ip-address port port-number The IPv4 address and port number used by iMaster NCE-Campus to communicate with the switch using NETCONF are configured. (Optional) Run assign arp netconf number number-value The number of ARP entries reserved for NETCONF is configured. By default, no ARP entries are reserved for NETCONF. Method 2: Run system-view The system view is displayed. Run netconf The NETCONF function is enabled and the NETCONF view is displayed. Run management-vlan (NETCONF view) The VLAN used by the switch to communicate with the DHCP server is configured. Run controller ip-address ip-address port port-number The IP address of iMaster NCE-Campus is configured. Or run controller url url-string port port-number The URL of iMaster NCE-Campus is configured. Either the URL or IP address of iMaster NCE-Campus must be configured.
   Through the web system	For details about how to enable NETCONF on the web system, see Device Working Mode in the S7700 V200R021C10 Web System Guide. For details about how to obtain the iMaster NCE-Campus's address information, see Controller Mgmt (NETCONF Mode) in the S7700 V200R021C10 Web System Guide.

   
   
2. Switches register with iMaster NCE-Campus for authentication and establish NETCONF transmission channels over SSH, ensuring data transmission security.

   
   

   Before the authentication, iMaster NCE-Campus needs to import the ESN, device type, and CA certificate of each switch. Each switch has a local certificate and CA certificate configured before delivery.

   To perform operations on the local certificate of a switch, for example, updating the local certificate, you need to run commands or log in to the web system. For details about command settings, see PKI Configuration in the S7700 V200R021C10 Configuration Guide - Security. For details about web settings, see Client Configuration in the S7700 V200R021C10 Web System Guide.

3. iMaster NCE-Campus manages switches.

   
   

   For details about how iMaster NCE-Campus manages switches, see the CloudCampus Solution documentation.