Additional system configuration

The following sections describe optional system configurations.

Switching from the classic CLI to the MD-CLI

Before SR OS Release 23.3.R1, the default management configuration mode was classic CLI. The following configuration enables model-driven configuration mode, the MD-CLI, NETCONF and gRPC on the router.

Run the following command in the classic CLI, then log out and log in to enable the MD-CLI.

configure system management-interface configuration-mode model-driven
logout

Use the following commands to enable automatic configuration saves in model-driven interfaces, and to enable NETCONF and gRPC.

configure private
configure system { management-interface cli md-cli auto-config-save true }
configure system { management-interface netconf admin-state enable }
configure system { management-interface netconf auto-config-save true }
configure system { security user-params local-user user “user1" access netconf true }
configure system { grpc admin-state enable }
configure system { grpc allow-unsecure-connection }
configure system { grpc gnmi admin-state enable }
configure system { grpc gnmi auto-config-save true }
configure system { security user-params local-user user “user1" access grpc true }
commit

For more information about the MD-CLI, see the 7450 ESS, 7750 SR, 7950 XRS, and VSR MD-CLI User Guide and the 7450 ESS, 7750 SR, 7950 XRS, and VSR MD-CLI Command Reference Guide.

User and profile management

SR OS supports local, TACACS+, RADIUS, or LDAP for authentication, authorization, and accounting (AAA).

Configuring local management

configure system security aaa local-profiles profile "NOC-User" default-action deny-all
configure system security aaa local-profiles profile "NOC-User" entry 10 { match "configure system security" }
configure system security aaa local-profiles profile "NOC-User" entry 10 { action deny }
configure system security aaa local-profiles profile "NOC-User" entry 20 { match "show" }
configure system security aaa local-profiles profile "NOC-User" entry 20 { action permit }

configure system security user-params local-user user "markp" password “changeme"
configure system security user-params local-user user "markp" access { console true }
configure system security user-params local-user user "markp" console { member ["NOC-User"] }

For more information about AAA, see the 7450 ESS, 7750 SR, 7950 XRS, and VSR System Management Guide.

NTP

The following example shows a Network Time Protocol (NTP) configuration.

Configuring NTP

configure system { time ntp admin-state enable }
configure system { time ntp server 172.16.1.10 router-instance "Base" key-id 5 }
configure system { time ntp server 172.16.1.10 router-instance "Base" prefer true }
configure system { time ntp server 172.18.2.20 router-instance "Base" key-id 5 }
configure system { time ntp authentication-key 5 key "keyvalue" }
configure system { time ntp authentication-key 5 type message-digest }

System alarms and logging

SR OS has a default log-id 99 for all events and log-id 100 for events with severity major and higher.

User-defined logs can be created as shown in the following example. Log destination options are file, memory, console, snmp, netconf, or syslog.

For more information about logging, see the 7450 ESS, 7750 SR, 7950 XRS, and VSR System Management Guide.

Configuring user defined logs

show log log-id 99

show log log-id 100

configure log log-id "33" admin-state enable
configure log log-id "33" source { main true }
configure log log-id "33" source { security true }
configure log log-id "33" source { change true }
configure log log-id "33" destination { memory max-entries 500 }

configure log syslog "Syslog-server-1" address 192.168.15.190
configure log syslog "Syslog-server-1" port 514

configure log log-id "To-syslog" admin-state enable
configure log log-id "To-syslog" source { main true }
configure log log-id "To-syslog" source { security true }
configure log log-id "To-syslog" source { change true }
configure log log-id "To-syslog" destination { syslog "Syslog-server-1" }