Enabling NETCONF

Procedure

1. Run system-view

   The system view is displayed.

2. Enable NETCONF.

   Both the snetconf server enable and protocol inbound ssh port 830 commands can enable the NETCONF function. If both commands are run, the client can use either port 22 or port 830 to set up a NETCONF connection with the server.

   • Enable the NETCONF service of SSH server on TCP port 22.

     Run snetconf [ ipv4| ipv6] server enable

     The NETCONF service of SSH server on TCP port 22 is enabled.

   • Enable the NETCONF service of SSH server on port 830.

     1. Run netconf

        The NETCONF user interface view is displayed.

     2. Run protocol inbound ssh [ ipv4| ipv6] port 830

        The NETCONF service of SSH server is enabled on port 830.

     3. Run quit

        Exit from the NETCONF user interface view.

   

   After the NETCONF service of SSH server is disabled on TCP port 22 or 830, all clients connecting to port 22 or 830 through NETCONF are disconnected.

3. (Optional) Set correct NETCONF parameters to ensure secure NETCONF session connections. The default parameters are recommended.

   1. Run netconf

      The NETCONF user interface view is displayed.

   2. Run max-sessions count

      The maximum number of NETCONF users that the NETCONF user interface supports is set.

      To prevent unauthorized users from using NETCONF, set the maximum number of NETCONF users. After the maximum number of users who are using NETCONF is reached, subsequent users are not allowed to use NETCONF. This mechanism ensures network management security.

   3. Run idle-timeout minutes [ seconds ]

      The timeout period of an idle NETCONF connection is set.

      If no timeout period is set for an idle NETCONF connection, the idle NETCONF connection cannot be released in time for other authorized users.

4. Run commit

   The configuration is committed.