Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Words and Phrases
| Search for | Example | Results |
|---|---|---|
| A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
|
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Using Boolean Operators
| Search for | Operator | Example |
|---|---|---|
|
Two or more words in the same topic |
|
|
| Either word in a topic |
|
|
| Topics that do not contain a specific word or phrase |
|
|
| Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
| A combination of search types | ( ) parentheses |
|
Deploy MPLS
This topic includes the following sections:
- Deploy MPLS
- Use Single Sign-On with NNM iSPI
- Configure Access with Public Key Infrastructure Authentication
Inter-Provider VPN for NNM iSPI for MPLS
The NNM iSPI for MPLS provides the following options to users for Inter-Provider VPN, they are:
- To Turn-on or Turn-off the Inter-Provider Feature.
- To Modify an AS Name
- To Turn-Off the LSP feature
To Turn-on or Turn-off the Inter-Provider Feature
Inter-Provider VPN feature is Disabled by default in NNM iSPI for MPLS. To Enable the inter-provider VPN feature:
-
Modify interProviderVPNConfig file. This file is stored in the following path:
For Windows:
%NnmDataDir%\shared\mpls\conf\interProviderVPNConfig
For Linux:
/var/opt/OV/shared/mpls/conf/interProviderVPNConfig
interProviderVPNConfig has a global flag to enable or disable the inter-provider VPN feature, along with a list of inter-provider VPNs.
You do not have to restart the mpls jboss after modifying interProviderVPNConfig file
To Modify an AS Name
You can modify the Autonomous System name by modifying the publicASMapping file. This file is stored in the following path:
For Windows:
%NnmDataDir%\shared\mpls\conf\publicASMapping
For Linux:
/var/opt/OV/shared/mpls/conf/publicASMapping
To Turn-Off the LSP feature
The LSP feature is enabled by default in the NNM iSPI for MPLS. To disable the LSP feature:
-
Open the nms-mpls.jvm.properties file located in the following path:
On Windows:
%NnmDataDir%\shared\mpls\conf
On Linux:
/var/opt/OV/shared/mpls/conf
-
Uncomment the following parameter from the file:
com.hp.ov.nms.spi.mpls.lsp.lspFeatureDisabled=true
-
Restart the NNM iSPI for MPLS with the following commands:
ovstop -c mplsjboss
ovstart -c mplsjboss
Use Single Sign-On with NNM iSPI
By default Single Sign-On is disabled. To enable the Single Sign-On feature, follow these steps after installing NNM iSPI for MPLS.
Edit /var/opt/OV/shared/nnm/conf/props/nms-ui.properties:
- Set com.hp.nms.ui.sso.isEnabled = true
-
Run nnmsso.ovpl –reload
- Run mplsssoreload.ovpl
Do not enable Single Sign-On feature when NNMi and the NNM iSPI for MPLS is configured to use Public Key Infrastructure (PKI) authentication.
For more information, see Using Single Sign-On with NNMi in NNMi Deployment Reference.
Configure Access with Public Key Infrastructure Authentication
You can configure NNMi to map Public Key Infrastructure (PKI) certificates to the NNMi user accounts. As a result, you can log on to the NNMi console without having to type in the NNMi user name and password on the Login page. However, you will be prompted to provide the NNMi user name and password again when you try to launch the NNM iSPI for MPLS Configuration form, unless you perform additional steps to reconcile the mapping with the iSPI.
When the NNMi is configured to use the PKI authentication, it is mandatory for the NNM iSPI for MPLS to use the PKI authentication.
You can continue to authenticate users with the NNMi user credentials for the NNM iSPI for MPLS Configuration form. However, do not configure only the iSPI to use the PKI authentication when the NNMi continues to use the credentials-based authentication.
Configuring the iSPI to use the PKI authentication involves the following tasks:
- Configuring NNMi
- Configuring a Certificate Validation Method
- Enabling Secure Sockets Layer (SSL) on the NNM iSPI for MPLS
- Configuring the NNM iSPI for MPLS
To configure PKI authentication on the NNM iSPI for MPLS in an HA cluster, you must perform the required configuration tasks on both, primary and secondary node.
Configure NNMi
To configure NNMi to use the PKI authentication, follow the steps in the Configuring NNMi to Support Public Key Infrastructure Authentication section.
Configure a Certificate Validation Method
When NNMi is configured to use the PKI authentication, unauthorized access using invalid certificates must be prevented. You must perform additional steps to configure NNMi to use a certificate validation method—Certificate Revocation List (CRL) or Online Certificate Status Protocol (OCSP).
Follow the steps in the Certificate Validation (CRL and OCSP) section in the Network Node Manager Deployment Reference.
Enable Secure Sockets Layer (SSL) on the NNM iSPI for MPLS
When NNMi is configured to use the PKI authentication, you must enable SSL on the NNM iSPI for MPLS to ensure communication between the NNMi management server and the NNM iSPI for MPLS.
To enable SSL on the NNM iSPI for MPLS:
- Log on to the NNM iSPI for MPLS.
-
Navigate to the following directory:
On Windows
%nnmdatadir%\shared\mpls\conf
On Linux
/var/opt/OV/shared/mpls/conf
- Open the nnm.extended.properties file with a text editor.
-
Set the value of following properties to true:
com.hp.ov.nms.spi.mpls.spi.isSecure
com.hp.ov.nms.spi.mpls.Nnm.isSecure
- Save and close the file.
-
Restart the ovjboss process by running the following commands:
ovstop -c mplsjboss
ovstart -c mplsjboss
Configure the NNM iSPI for MPLS
Configuring the NNM iSPI for MPLS to enable the PKI authentication you must modify the nms-authconfig. xml file in the iSPI configuration data directory (%nnmdatadir%\nmsas\mpls\conf on Windows; /var/opt/OV/nmsas/mpls/conf on UNIX/Linux) based on the updated nms-auth-config.xml file. To configure the NNM iSPI for MPLS to use the PKI authentication:
-
Make sure Task 1, Task 2 and Task 3 are complete.
-
Log on to the NNMi management server.
-
Navigate to the following directory:
On Windows
%nnmdatadir%\nmsas\mpls\conf
On Linux
/var/opt/OV/nmsas/mpls/conf
- Open the nms-auth-config.xml file using a text editor.
-
Modify the nms-auth-config.xml file to enable the PKI authentication.
Make sure that you modify the iSPI nms-auth-config.xml file to match the changes done to the nms-auth-config.xml file on the NNMi management server.
-
Save and close the file.
-
Run the following command:
On Windows
%NnmInstallDir%\mpls\bin\nmsmplsauthconfigreload.ovpl
On Linux
/opt/OV/mpls/bin/nmsmplsauthconfigreload.ovpl
The NNM iSPI for MPLS is now configured for PKI authentication.
Do not enable Single Sign-On feature when NNMi and the NNM iSPI for MPLS is configured to use Public Key Infrastructure (PKI) authentication.
The -u <user> and -p <password> parameters are optional for Command Line Interface (CLI) in the NNM iSPI for MPLS.
We welcome your comments!
To open the configured email client on this computer, open an email window.
Otherwise, copy the information below to a web mail client, and send this email to network-management-doc-feedback@hpe.com.
Help Topic ID:
Product:
Topic Title:
Feedback: