CLI: Example for Using the NETCONF Client to Manage the Device

The FW supports the NETCONF-based northbound management interface. The administrator can use the NETCONF client to configure and manage the FW.

Networking Requirement

As shown in Figure 1, the customer wants to use the NETCONF client to configure and manage the FW.

Figure 1 Using the NETCONF client to configure and manage the FW

Configuration Procedure

Configure the IP address of the FW management interface, so that the FW and NETCONF client are routable.
Configure access management for the FW management interface to allow the NETCONF client to access the NETCONF interface on the FW.
Configure the FW administrator and set the service type to API. The NETCONF client uses this administrator account to log in to and configure the FW.
Configure and enable the NETCONF interface.

This example focuses on the configurations of the interconnection between the FW and NETCONF client. Configure routes to ensure that devices are routable. For the NETCONF client configuration, see its manual.

Data Planning

Item		Data	Description
FW	Interface	Interface name: GigabitEthernet 0/0/0 IP address: 10.0.0.2/24 Access management: netconf	Management interface, reachable to the NETCONF client If the management interface is not used, the used port must be added to a security zone.
	Administrator	User name: netconf-admin Password: Myadmin@123 Authentication scheme: admin_local Level: 15 Service type: API	-
	NETCONF port number	1025	-
NETCONF client	IP address	10.0.0.11/24	-
NETCONF client	Port	10020	-

Procedure

Configure the management interface.

# Configure the IP address of the management interface.

<sysname> system-view
[sysname] interface GigabitEthernet 0/0/0
[sysname-GigabitEthernet0/0/0] ip address 10.0.0.2 24

# Configure access management for the management interface to permit NETCONF packets.

[sysname-GigabitEthernet0/0/0] service-manage enable
[sysname-GigabitEthernet0/0/0] service-manage netconf permit
[sysname-GigabitEthernet0/0/0] quit

Configure the administrator and the corresponding service type, level, and authentication type.

[sysname] aaa
[sysname-aaa] manager-user netconf-admin
[sysname-aaa-manager-user-netconf-admin] password
Enter Password: 
Confirm Password:
[sysname-aaa-manager-user-netconf-admin] service-type api
[sysname-aaa-manager-user-netconf-admin] level 15
[sysname-aaa-manager-user-netconf-admin] authentication-scheme admin_local
[sysname-aaa-manager-user-netconf-admin] quit
[sysname-aaa] quit

Configure and enable the NETCONF interface.

[sysname] api
[sysname-api] api netconf port 1025
[sysname-api] api netconf enable
[sysname-api] quit

Configuration Scripts

#
aaa                                                                             
 manager-user netconf-admin                                                     
  password cipher @%@%\.!W9qM+A7"0/(!S@rLG1_YNTW#lDz>ZpH]~%%Uk^#;G_YQ1@%@%      
  service-type api                                                              
  level 15                                                                      
  authentication-scheme admin_local    

#                                                                               
interface GigabitEthernet0/0/0                                                  
 undo shutdown                                                                  
 ip address 10.0.0.2 255.255.255.0                                               
 service-manage netconf permit  

#                                                                               
api                                                                             
 api netconf port 1025                                                          
 api netconf enable