Got it
Huawei Enterprise Support Community
Community Forums Network Manager&SDN
Q&A: How to configure NAT...

Q&A: How to configure NAT mapping to access eSight

Latest reply: Jul 25, 2018 11:32:24 1031 2 0 0 0
display all floors 1#

1 modify the eSight side
 Open the default ssoclient.xml file of eSight (take eSight Solution V300R005C00 for example)

 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 <config name="oms">
     <!-- Single Sign On -->
     <config name="sso">
         <config name="client">
             <param name="enabled">true</param>
             <param name="isLocalsso">true</param>
         </config>
         <config name="servers">
             <config name="upper_layer_server">
                 <param name="name">192.168.3.10:8087</param>
                 <param name="public">https://192.168.3.10:31942/sso</param>
                 <param name="private">http://192.168.3.10:8087/sso</param>
                 <param name="logout">https://192.168.3.10:31942/sso/logout</param>
             </config>
             <config name="server">
                 <param name="name">192.168.3.10:8087</param>
                 <param name="public">https://192.168.3.10:31942/sso</param>
                 <param name="private">http://192.168.3.10:8087/sso</param>
                 <param name="logout">https://192.168.3.10:31942/sso/logout</param>
             </config>
         </config>
     </config>
 </config>

1) from the content <param name= "enabled" >true</param> you can see that the SSO feature is open, so you need to configure the ssoclient.xml and sso.xml files when you do NAT mappings to access eSight.
2) <config name= "upper_layer_server" means eSight supports superior network management configuration, such as no superior network management does not need configuration:
3) <config name= "server" > eSight lower level network management, please refer to the following steps to modify the NAT mapping eSight access steps:

Modify the lower level network management NAT map to access the eSight step: 
1) modify the ssoclient.xml file
File path: AppBase\etc\oms.sso\ssoclient.xml.
To ensure that large and small nets can access eSight after the NAT mapping is completed, a new entry is required.

<config name="server">
     <param name="entryAddressMapping">6.6.6.6</param>
                 <param name="name">192.168.3.10:8087</param>
                 <param name="public">https://6.6.6.6:31942/sso/</param>
                 <param name="private">http://192.168.3.10:8087/sso</param>
                 <param name="logout">https://6.6.6.6:31942/sso/logout</param>
             </config>

2) modify the sso.xml file
 File path: AppBase\etc\oms.sso\sso.xml.
 Modify the following parameter values:
<param name="client-trusted-ip">10.136.64.98,6.6.6.6</param>

3) restart the eSight server.

4) The final configuration file is:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
 <config name="oms">
     <!-- Single Sign On -->
     <config name="sso">
         <config name="client">
             <param name="enabled">true</param>
             <param name="isLocalsso">true</param>
         </config>
         <config name="servers">
             <config name="upper_layer_server">
                 <param name="name">192.168.3.10:8087</param>
                 <param name="public">https://192.168.3.10:31942/sso</param>
                 <param name="private">http://192.168.3.10:8087/sso</param>
                 <param name="logout">https://192.168.3.10:31942/sso/logout</param>
             </config>
             <config name="server">
                 <param name="name">192.168.3.10:8087</param>
                 <param name="public">https://192.168.3.10:31942/sso</param>
                 <param name="private">http://192.168.3.10:8087/sso</param>
                 <param name="logout">https://192.168.3.10:31942/sso/logout</param>
             </config>
             <config name="server">
                 <param name="entryAddressMapping">6.6.6.6</param>
                 <param name="name">192.168.3.10:8087</param>
                 <param name="public">https://6.6.6.6:31942/sso/</param>
                 <param name="private">http://192.168.3.10:8087/sso</param>
                 <param name="logout">https://6.6.6.6:31942/sso/logout</param>
             </config>
         </config>
     </config>
 </config>

2 configuring port mapping on a AR like device
 2.1 take AR as an example to configure the port map as follows:
 Nat server protocol TCP global 6.6.6.6 31943 inside 192.168.3.10 31943
 Nat server protocol TCP global 6.6.6.6 31942 inside 192.168.3.10 31942
 Nat server protocol TCP global 6.6.6.6 8080 inside 192.168.3.10 8080

  • x
  • convention:

Like (0) Dislike (0) Favorite(0) Share Report
Previous: eSight/eSight-nwetwork/V300R006C00SPC502/Cannot back up switch configuration
Next: Agile Controller synchronization not valid responses received in time
w1
Created May 27, 2018 19:44:13

:)
View more
  • x
  • convention:
KarimUC
Created Jul 25, 2018 11:32:24

Good case info
View more
  • x
  • convention:
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.