Basic Procedure
In NETCONF over SSH Callhome mode, switches proactively set up NETCONF sessions with iMaster NCE-Campus. The procedure consists of three phases.
Phase 1: Switches Obtain the NETCONF Enabling Configuration and iMaster NCE-Campus's Address Information
Switches need to have the NETCONF function enabled, and obtain the URL/IP address and port number of iMaster NCE-Campus. Then these switches are ready to communicate with iMaster NCE-Campus. Table 1 describes the methods for switches to enable NETCONF and obtain iMaster NCE-Campus's address information.
Method |
Description |
Scenario |
Priority |
|---|---|---|---|
Option 148 is configured on a DHCP server to contain the NETCONF enabling configuration and iMaster NCE-Campus's address information. Switches obtain the information from the DHCP server. |
This method applies to campus networks on which devices cannot communicate with the registration query center. iMaster NCE-Campus for these networks is often built by enterprises. |
High priority. This method is preferred if switches can use multiple methods to enable NETCONF and obtain iMaster NCE-Campus's address information. |
|
Switches access the registration query center through its URL and port number that are preconfigured or obtained through a software upgrade, and then obtain the NETCONF enabling configuration and iMaster NCE-Campus's address information based on their ESNs. |
This method applies to campus networks on which devices can communicate with the registration query center. The management platforms for these networks can be the Huawei iMaster NCE-Campus or other management platforms, such as MSP-built and enterprise-built management platforms. |
Low priority. |
|
Using commands or the web system |
Users manually configure the iMaster NCE-Campus's address information on switches. |
If switches cannot automatically enable the NETCONF function or dynamically obtain the iMaster NCE-Campus's address information using the preceding two methods, manually enable NETCONF and configure the iMaster NCE-Campus's address information on the switches through commands or the web system. |
Medium priority. |
Phase 2: Switches Register with iMaster NCE-Campus
After obtaining the iMaster NCE-Campus's IP address or URL, switches register with iMaster NCE-Campus for authentication, and set up NETCONF transmission channels over SSH with iMaster NCE-Campus, ensuring data transmission security. Before the authentication, iMaster NCE-Campus needs to import the ESN, device type, and CA certificate of each switch. Each switch has a local certificate and CA certificate configured before delivery.
For details about registration authentication on switches, see PKI Configuration in the S2720, S5700, and S6700 V200R019C10 Configuration Guide - Security.
- If a user configures the iMaster NCE-Campus's IP address for redirection on the graphical user interface (GUI) of iMaster NCE-Campus, the switch immediately uses this IP address to re-register with iMaster NCE-Campus.
- If a user reconfigures a management VLAN on the GUI of iMaster NCE-Campus, the switch immediately uses the new management VLAN to send a request to the DHCP server to obtain the iMaster NCE-Campus's address information and re-registers with iMaster NCE-Campus for authentication.
Phase 3: Switches Are Centrally Managed by iMaster NCE-Campus
After NETCONF transmission channels are established, iMaster NCE-Campus can manage and operate the switches. All the data exchanged between iMaster NCE-Campus and switches will be encrypted.
For details about how iMaster NCE-Campus manages switches, see the CloudCampus Solution documentation.