Additional system configuration

The following sections describe optional system configurations.

Switching from the classic CLI to the MD-CLI

Before SR OS Release 23.3.R1, the default management configuration mode was classic CLI. The following configuration enables model-driven configuration mode, the MD-CLI, NETCONF and gRPC on the router.

Run the following command in the classic CLI, then log out and log in to enable the MD-CLI.

configure system management-interface configuration-mode model-driven
logout

Use the following commands to enable NETCONF and gRPC.

configure private
configure system management-interface netconf listen admin-state enable
configure system security user-params local-user user “user1" access netconf true
configure system grpc admin-state enable
configure system grpc allow-unsecure-connection
configure system security user-params local-user user “user1" access grpc true
commit

For more information about the MD-CLI, see the 7450 ESS, 7750 SR, 7950 XRS, and VSR MD-CLI User Guide and the 7450 ESS, 7750 SR, 7950 XRS, and VSR MD-CLI Command Reference Guide.

User and profile management

SR OS supports local, TACACS+, RADIUS, or LDAP for authentication, authorization, and accounting (AAA).

Configuring local management

configure system security aaa local-profiles profile "NOC-User" default-action deny-all
configure system security aaa local-profiles profile "NOC-User" entry 10 match "configure system security"
configure system security aaa local-profiles profile "NOC-User" entry 10 action deny
configure system security aaa local-profiles profile "NOC-User" entry 20 match "show"
configure system security aaa local-profiles profile "NOC-User" entry 20 action permit

configure system security user-params local-user user "markp" password “changeme"
configure system security user-params local-user user "markp" access console true
configure system security user-params local-user user "markp" console member ["NOC-User"]

For more information about AAA, see the 7450 ESS, 7750 SR, 7950 XRS, and VSR System Management Guide.

NTP

The following example shows a Network Time Protocol (NTP) configuration.

Configuring NTP

configure system time ntp admin-state enable
configure system time ntp server 172.16.1.10 router-instance "Base" key-id 5
configure system time ntp server 172.16.1.10 router-instance "Base" prefer true
configure system time ntp server 172.18.2.20 router-instance "Base" key-id 5
configure system time ntp authentication-key 5 key "keyvalue"
configure system time ntp authentication-key 5 type message-digest

Execute the show system ntp all command to display the status of NTP.

System alarms and logging

SR OS has a default log-id 99 for all events and log-id 100 for events with severity major and higher.

User-defined logs can be created as shown in the following example. Log destination options are file, memory, console, snmp, netconf, or syslog.

For more information about logging, see the 7450 ESS, 7750 SR, 7950 XRS, and VSR System Management Guide.

Configuring user defined logs

show log log-id
show log log-id 99

show log log-id 100

configure log log-id "33" admin-state enable
configure log log-id "33" source main true
configure log log-id "33" source security true
configure log log-id "33" source change true
configure log log-id "33" destination memory max-entries 500

configure log syslog "Syslog-server-1" address 192.168.15.190
configure log syslog "Syslog-server-1" port 514

configure log log-id "To-syslog" admin-state enable
configure log log-id "To-syslog" source main true
configure log log-id "To-syslog" source security true
configure log log-id "To-syslog" source change true
configure log log-id "To-syslog" destination syslog "Syslog-server-1"