NSM (2008.2r1) - EX switches import

[ Edited ]
12.29.08   |  
‎12-29-2008 03:51 AM



I've just discovered how to import EX switches to NSM and I want to share.


I didn't managed to add it by Add new reacheable device - device autodetect failed.


But it works by unreachable and by Discover Devices.


Here how it goes with discover devices:


1. Enable ssh and netconf on switch

services {
netconf {


2. Create read-write snmp community on switch


snmp {
view jweb-view-all {
oid .1 include;
community "...." {
view jweb-view-all;
authorization read-write;

3. Create ssh user for nsm


system {
login {
user ... {
uid ...;
class super-user;
authentication {
encrypted-password "...";

4.  In NSM in Device Manager open device discovery and enter data - user, password, and community as on switch.

5. Save it and run. Switch should be imported. If not here is error log:  /var/netscreen/DevSvr/errorLog/gproDDM.log


After all I see some info from switches in NSM logs.


In instructions for adding in non-reacheable mode there is no info about enabling netconf.


Hope it helps someone.






Message Edited by Makak on 01-06-2009 01:50 PM

Re: NSM (2008.2r1) - EX switches import

01.05.09   |  
‎01-05-2009 02:14 AM

Hi Makak,


Good walkthrough,


This is documented in the instructions for NSM, you must use the unreachable workflow to import these and other JunOS devices at this time.


This is included the administration guide for NSM In the importing devices section, page 126 in my version.









Re: NSM (2008.2r1) - EX switches import

01.05.09   |  
‎01-05-2009 10:12 AM

Which version of JUNOS does this work for?  NSM sends my 9.1 devices invalid NETCONF.  I just tried your procedure with 9.2.  The device add now works, but I still can't import:



Error Code:

Error Text:
   Failed to import device lab-4200!

Error Details:
   Error applying templates and defaults:



The most amazing part is that the log file reports that the import was sucessful:


2009/01/05-13:06:49.355 notice [DDH-16:1304-1] 1304-1 is now RUNNING...
2009/01/05-13:06:49.417 notice [DDH-16:1304-1] Reached here in proper directive importConfig
2009/01/05-13:06:53.394 notice [NotificationHandler] Building schema version 26...
2009/01/05-13:06:53.446 notice [NotificationHandler] Building schema version 26...
2009/01/05-13:06:53.452 notice [NotificationHandler] Building schema version 26...
2009/01/05-13:06:56.069 notice [DDH-16:1304-1] RPCBaseChannelSmiley SurprisedpenChannel ID=13
2009/01/05-13:06:56.101 notice [DDH-16:1304-1] +++++++++++ CommandNetconf::executing : <get-config><source><running /></source></get-config>
2009/01/05-13:06:56.717 notice [DDH-16:1304-1] +++++++++++ CommandNetconf::executed with status: Success
2009/01/05-13:06:56.717 notice [DDH-16:1304-1] RPCBaseChannel:Closing rpcChannel ID:13
2009/01/05-13:06:56.817 notice [DDH-16:1304-1] Job importConfig::1304-1::1 finished execution. Time spent: 7463 ms.



Re: NSM (2008.2r1) - EX switches import

01.06.09   |  
‎01-06-2009 03:48 AM



For me it works with Junos9.3.


One more thing - this SNMP community should be read/write, otherwise I got errors in NSM logs.


Best Regards.


Mateusz Grzesiak


Re: NSM (2008.2r1) - EX switches import

[ Edited ]
01.26.09   |  
‎01-26-2009 06:13 AM



It's good to set ssh version2:



ssh { protocol-version v2; }


And after adding device to nsm I've added keep-alive statement in outbound-ssh client:





outbound-ssh { traceoptions { file outbound_ssh size 100000; } client nsm- { device-id .....; secret "..."; ## SECRET-DATA keep-alive { retry 120; } services netconf; port 7804; } }



After that I finally get logs in realtime - I log in to switch, enter configure mode, and see this event in a second in NSM.


Best regards

Mateusz Grzesiak

Message Edited by Makak on 01-26-2009 04:15 PM