Ruijie Community
Title: NETCONF is not working on RG-WS6512 [Print this page]
Author: yujiamin@ruijie Time: 2024-5-20 14:12
Dear sir
Here is a guide to configure netconf on AC on page 2452: https://www.ruijienetworks.com/resources/preview/ruijie-rg-wlan-series-access-controllers-configuration-guide-w2b1
You need to ensure the netconf server network connecitivity and configure the following commands:
1. Configuring netconf server management IP address:
Hostname> enable
Hostname# configure terminal
Hostname(config)#interface mgmt 0
Hostname(config-if-Mgmt 0)# ip address 172.29.71.62 255.255.255.0
Hostname(config-if-Mgmt 0)# gateway 172.29.71.1
2. Configuring SSH
Hostname> enable
Hostname# configure terminal
Hostname(config)# enable service ssh-server
Hostname(config)# crypto key generate rsa
% You already have RSA keys.
% Do you really want to replace them? [yes/no]:y
Choose the size of the rsa key modulus in the range of 512 to 2048
and the size of the dsa key modulus in the range of 360 to 2048 for your
Signature Keys. Choosing a key modulus greater than 512 may take
a few minutes.
Choose the size of the ecc key modulus from (256, 384, 521)
How many bits in the modulus [1024]:2048
% Generating 2048 bit RSA1 keys ...[ok]
% Generating 2048 bit RSA keys ...[ok]
Hostname(config)#
3. Login with username and password:
Hostname(config)# username netconf privilege 15 password netconf_1234
Hostname(config)#line vty 0 4
Hostname(config-line)#login local
4. Enables the NETCONF framework service.
Hostname(config)# netconf enable
Hostname(config)# netconf yang multi-revision //Configures the NETCONF server to advertise all versions of all supported YANG modules to the NETCONF client.
Hostname(config)# netconf capability candidate //Enables the candidate and confirmed-commit capabilities of NETCONF.
Hostname(config)# netconf port 10000 //Configures the port monitored by the NETCONF server.
As shown in the figure, the NETCONF client side software is used to log in to the NETCONF server through the SSH protocol to realize the management and monitoring of network devices.
If the above commands still can not work, please help type the following commands and show me the result to further check this issue. You can send it to my email: yujiamin1@ruijie.com.cn.
Hostname# ping oob x.x.x.x //x.x.x.x is netconfig client IP address
Hostname# show service
Hostname# show netconf session
Hostname# show run
Hostname# show version
Hostname# show log
Best regards
Jenny
Author: alexey.savkin1@ Time: 2024-5-20 22:05
Dear Jenny.
Thank you for detailed explanation.
I have a couple of additional questions I want to ask before trying to apply your recommendations:
- Is it mandatory to use MGMT interface configuration for NETCONF (as per commands you sent me)? Because we have regular VLAN200 interface as common interface for AP-management as well as for AC-management. And, of course, there is an IP connectivity between netconf client and access controller aka netconf server:
ruijie-wlc-01#show ip int br
Interface IP-Address(Pri) IP-Address(Sec) Status Protocol
VLAN 200 192.168.200.51/24 no address up up
ruijie-wlc-01#sh ip route
Codes: C - Connected, L - Local, S - Static
R - RIP, O - OSPF, B - BGP, I - IS-IS, V - Overflow route
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
SU - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
IA - Inter area, EV - BGP EVPN, * - candidate default
Gateway of last resort is 192.168.200.254 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 192.168.200.254
C 192.168.200.0/24 is directly connected, VLAN 200
C 192.168.200.51/32 is local host.
ruijie-wlc-01#
ruijie-wlc-01#ping 192.168.254.101
Sending 5, 100-byte ICMP Echoes to 192.168.254.101, timeout is 2 seconds:
< press Ctrl+C to break >
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/48/50 ms.
ruijie-wlc-01#
2. I already have several users with priv-level 15 configured on access controller. Do I need to create special user "netconf" as per your commands, for getting NETCONF working? With these users I see that auth is successful every time, but session is closing every time as well.
3. There is no "show netconf session" command available on my controller:
ruijie-wlc-01#show netconf ?
yang-suite Show netconf yang suite
ruijie-wlc-01#
4. Show version:
ruijie-wlc-01#show version
System description : Ruijie 10G Wireless Switch(WS6512) By Ruijie Networks.
System start time : 2024-05-14 20:54:19
System uptime : 5:20:10:29
System hardware version : 1.20
System software version : AC_RGOS 11.9(6)W3B1, Release(11160201)
System patch number : NA
System web version : WLANWEB 11.9(6)W3B1, Release(11160201)
System serial number : G1SA0X500012C
System boot version : 1.8.7
Module information:
Slot 0 : WS6512
Hardware version : 1.20
Boot version : 1.8.7
Software version : AC_RGOS 11.9(6)W3B1, Release(11160201)
Serial number : G1SA0X500012C
Best regards,
Alexey
Author: taizhaolong@rui Time: 2024-5-27 16:23
Dear Alexey Savkin,
Good day.
1. The ETCONF configuration has not specified MGMT port only, you can still use interface vlan 200 for communication.
2. You can create a create special user "netconf" for getting NETCONF working.
3. The commands may vary from different device models, you can refer to this link for more commands meaning
Ruijie RG-WLAN Series Access Controllers Configuration Guide, RGOS11.9(6)W2B1 (V1.2) - Ruijie Networks
RD,
David
Author: alexey.savkin1@ Time: 2024-5-27 18:05
Hi Jenny.
Have created netconf username, but sill getting immediate disconnection right after login:
MacBook-Pro-3 ~ % ssh -l netconf -p 830 192.168.200.51
netconf@192.168.200.51's password:
Connection to 192.168.200.51 closed by remote host.
Connection to 192.168.200.51 closed.
MacBook-Pro-3 ~ %
But I see successful login attempt in logs:
*May 27 13:01:02: %AAA-6-USER_AUTH_PASSED: User authenticated. Username: netconf.
Any ideas so far?
Thank you in advance.
Alexey
Author: alexey.savkin1@ Time: 2024-6-4 14:31
Still have no success with NETCONF connection to the controller... The problem persist((: session got disconnected right after establishing.
Any ideas?
Regards,
Alexey
| Welcome to Ruijie Community (https://community.ruijienetworks.com/) |
Powered by Discuz! X3.2 |