The use of an anti-theft policy provides the ability for the NSP to continue to manage a model-driven NE when anti-theft mode is enabled. The anti-theft policy defines the password the NSP uses to unlock the NE for NSP management when the NE is locked by anti-theft protection.

Password configuration and enabling of anti-theft mode are performed on the NE using CLI.

The password configured in the anti-theft policy in the NSP UI must match the password configured on the NE.

Caution: NSP 25.4 or later artifacts with adaptation for anti-theft must be installed in the NSP deployment before anti-theft is enabled on the NEs. Anti-theft may be supported on some classic NEs, however, management of classic NEs in anti-theft mode is not supported in NSP.

An anti-theft policy can be included with a unified discovery rule. The anti-theft password provided by the anti-theft policy is applied to all compatible NEs that are discovered by the unified discovery rule. If the discovery rule includes devices that are not compatible with anti-theft or do not have anti-theft enabled, the anti-theft policy has no effect on the NE.

When anti-theft is enabled on an NE the NE immediately locks, requiring the password to unlock and continue to manage the NE. Therefore, an anti-theft policy must be associated to the discovery rule before anti-theft mode is enabled on the NE.

See “How do I discover devices?” and “How do I edit or delete a discovery rule?” in the NSP Device Management Guide for information about creating or editing a unified discovery rule to add an anti-theft policy.

If anti-theft is enabled on an NE without an anti-theft policy in place, or if there is a password mismatch, an error is displayed in NSP. If an anti-theft error has occurred, check the MDM Server and MDM Tomcat logs for details on the root cause. When you have made the necessary changes to the policy and/or discovery rule, perform one of the following to apply the changes:

• Unmanage and re-manage the NE in the Device Management, Managed Network Elements view

• Re-discover the NE in force mode using the RESTCONF API. You can re-run the discovery rule or discover the NE again.

  See Device Administration and Mediation RESTCONF APIs on the Network Developer Portal

Click on an anti-theft policy in the Network Security, Anti-theft Policies view to see the discovery rules that use the policy, and the included NEs, that is, the NEs for which the password in the policy applies.

In the Device Management, Managed Network Elements view, the Anti-theft Mode for each NE is displayed:

• Enabled: anti-theft is configured and enabled on the NE

• Disabled: anti-theft is not configured on the NE, or is configured but not enabled.

• Not Supported: the NE does not support anti-theft.

• — (dash): not applicable: the NE is operating in classic mode, or is a third-party NE where NSP cannot verify whether anti-theft is supported.