Additional system configuration
The following sections describe optional system configurations.
Switching from the classic CLI to the MD-CLI
Before SR OS Release 23.3.R1, the default management configuration mode was classic CLI. The following configuration enables model-driven configuration mode, the MD-CLI, NETCONF and gRPC on the router.
Run the following command in the classic CLI, then log out and log in to enable the MD-CLI.
configure system management-interface configuration-mode model-driven
logout
Use the following commands to enable automatic configuration saves in model-driven interfaces, and to enable NETCONF and gRPC.
configure private
configure system management-interface netconf listen admin-state enable
configure system security user-params local-user user “user1" access netconf true
configure system grpc admin-state enable
configure system grpc allow-unsecure-connection
configure system security user-params local-user user “user1" access grpc true
commit
For more information about the MD-CLI, see the 7450 ESS, 7750 SR, 7950 XRS, and VSR MD-CLI User Guide and the 7450 ESS, 7750 SR, 7950 XRS, and VSR MD-CLI Command Reference Guide.
User and profile management
SR OS supports local, TACACS+, RADIUS, or LDAP for authentication, authorization, and accounting (AAA).
Configuring local management
configure system security aaa local-profiles profile "NOC-User" default-action deny-all
configure system security aaa local-profiles profile "NOC-User" entry 10 match "configure system security"
configure system security aaa local-profiles profile "NOC-User" entry 10 action deny
configure system security aaa local-profiles profile "NOC-User" entry 20 match "show"
configure system security aaa local-profiles profile "NOC-User" entry 20 action permit
configure system security user-params local-user user "markp" password “changeme"
configure system security user-params local-user user "markp" access console true
configure system security user-params local-user user "markp" console member ["NOC-User"]
For more information about AAA, see the 7450 ESS, 7750 SR, 7950 XRS, and VSR System Management Guide.
NTP
The following example shows a Network Time Protocol (NTP) configuration.
Configuring NTP
configure system time ntp admin-state enable
configure system time ntp server 172.16.1.10 router-instance "Base" key-id 5
configure system time ntp server 172.16.1.10 router-instance "Base" prefer true
configure system time ntp server 172.18.2.20 router-instance "Base" key-id 5
configure system time ntp authentication-key 5 key "keyvalue"
configure system time ntp authentication-key 5 type message-digest
Execute the show system ntp all command to display the status of NTP.
System alarms and logging
SR OS has a default log-id 99 for all events and log-id 100 for events with severity major and higher.
User-defined logs can be created as shown in the following example. Log destination options are file, memory, console, snmp, netconf, or syslog.
For more information about logging, see the 7450 ESS, 7750 SR, 7950 XRS, and VSR System Management Guide.
Configuring user defined logs
show log log-id
show log log-id 99
show log log-id 100
configure log log-id "33" admin-state enable
configure log log-id "33" source main true
configure log log-id "33" source security true
configure log log-id "33" source change true
configure log log-id "33" destination memory max-entries 500
configure log syslog "Syslog-server-1" address 192.168.15.190
configure log syslog "Syslog-server-1" port 514
configure log log-id "To-syslog" admin-state enable
configure log log-id "To-syslog" source main true
configure log log-id "To-syslog" source security true
configure log log-id "To-syslog" source change true
configure log log-id "To-syslog" destination syslog "Syslog-server-1"