Management
Reply
Contributor
Makak
Posts: 33
Registered: ‎05-13-2008

NSM (2008.2r1) - EX switches import

[ Edited ]

Hi,

 

I've just discovered how to import EX switches to NSM and I want to share.

 

I didn't managed to add it by Add new reacheable device - device autodetect failed.

 

But it works by unreachable and by Discover Devices.

 

Here how it goes with discover devices:

 

1. Enable ssh and netconf on switch

services {
ssh;
netconf {
ssh;
}

 

2. Create read-write snmp community on switch

 

snmp {
view jweb-view-all {
oid .1 include;
}
community "...." {
view jweb-view-all;
authorization read-write;
}
}

3. Create ssh user for nsm

 

system {
...
login {
user ... {
uid ...;
class super-user;
authentication {
encrypted-password "...";
}

4.  In NSM in Device Manager open device discovery and enter data - user, password, and community as on switch.

5. Save it and run. Switch should be imported. If not here is error log:  /var/netscreen/DevSvr/errorLog/gproDDM.log

 

After all I see some info from switches in NSM logs.

 

In instructions for adding in non-reacheable mode there is no info about enabling netconf.

 

Hope it helps someone.

 

Regards

Mateusz

 

 

Message Edited by Makak on 01-06-2009 01:50 PM
Super Contributor
benjaminc
Posts: 181
Registered: ‎11-07-2007
0

Re: NSM (2008.2r1) - EX switches import

Hi Makak,

 

Good walkthrough,

 

This is documented in the instructions for NSM, you must use the unreachable workflow to import these and other JunOS devices at this time.

 

This is included the administration guide for NSM In the importing devices section, page 126 in my version.

 

 

Thanks

 

Ben

 

 

krv
Contributor
krv
Posts: 14
Registered: ‎09-17-2008
0

Re: NSM (2008.2r1) - EX switches import

Which version of JUNOS does this work for?  NSM sends my 9.1 devices invalid NETCONF.  I just tried your procedure with 9.2.  The device add now works, but I still can't import:

 

--- 

Error Code:

Error Text:
   Failed to import device lab-4200!

Error Details:
   Error applying templates and defaults:
---

 

 

The most amazing part is that the log file reports that the import was sucessful:

 

2009/01/05-13:06:49.355 notice [DDH-16:1304-1] 1304-1 is now RUNNING...
2009/01/05-13:06:49.417 notice [DDH-16:1304-1] Reached here in proper directive importConfig
2009/01/05-13:06:53.394 notice [NotificationHandler] Building schema version 26...
2009/01/05-13:06:53.446 notice [NotificationHandler] Building schema version 26...
2009/01/05-13:06:53.452 notice [NotificationHandler] Building schema version 26...
2009/01/05-13:06:56.069 notice [DDH-16:1304-1] RPCBaseChannel:smileysurprised:penChannel ID=13
2009/01/05-13:06:56.101 notice [DDH-16:1304-1] +++++++++++ CommandNetconf::executing : <get-config><source><running /></source></get-config>
2009/01/05-13:06:56.717 notice [DDH-16:1304-1] +++++++++++ CommandNetconf::executed with status: Success
2009/01/05-13:06:56.717 notice [DDH-16:1304-1] RPCBaseChannel:Closing rpcChannel ID:13
2009/01/05-13:06:56.817 notice [DDH-16:1304-1] Job importConfig::1304-1::1 finished execution. Time spent: 7463 ms.

 

Contributor
Makak
Posts: 33
Registered: ‎05-13-2008
0

Re: NSM (2008.2r1) - EX switches import

Hi,

 

For me it works with Junos9.3.

 

One more thing - this SNMP community should be read/write, otherwise I got errors in NSM logs.

 

Best Regards.

 

Mateusz Grzesiak

Contributor
Makak
Posts: 33
Registered: ‎05-13-2008
0

Re: NSM (2008.2r1) - EX switches import

[ Edited ]

Update

 

It's good to set ssh version2:

 

 

ssh { protocol-version v2; }

 



And after adding device to nsm I've added keep-alive statement in outbound-ssh client:

 

 

 

 

outbound-ssh { traceoptions { file outbound_ssh size 100000; } client nsm-10.10.19.2 { device-id .....; secret "..."; ## SECRET-DATA keep-alive { retry 120; } services netconf; 10.10.19.2 port 7804; } }

 


 

After that I finally get logs in realtime - I log in to switch, enter configure mode, and see this event in a second in NSM.

 

Best regards

Mateusz Grzesiak

Message Edited by Makak on 01-26-2009 04:15 PM
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.