Managing Netvisor ONE Certificates
Pluribus Networks includes the Netvisor ONE certificates along with the switches during shipment and you can access the certificates from /var/nvos/certs directory. These certificates are necessary for communication between switches in a fabric and hinders the transactions between fabric members if the certificate expires. You can view the validity (dates valid from and dates valid until) for Netvisor ONE certificate using the switch-info-show command.
When you configure the alarm, the certificate is checked every 24 hours and an alarm is issued if the number of days of expiry is equal to or less than 30 days . The certificate expiry alert is enabled by default for 30 days, but can configured between 7 days through 180 days on Netvisor ONE. You can disable this feature using the cert-expiration-alert-modify no-netvisor command.
You can view the certificate expiration alert or alarm configuration by using the cert-expiration-alert-show command and can schedule an alert notification before the certificate expires. You can view the alarm or alert notification in the event.log file and also by running the log-alert-show command. You can also configure a new SNMP trap for certificate expiry on the SNMP services.
Alarm is an event in the event log, an alert in log-alert-show command and a new SNMP trap if the trap server is configured. Frequency of alarm will be every 24 hours until the certificate has expired.
To configure the certificate expiry alert, use the command:
CLI (network-admin@switch01) > cert-expiration-alert-modify
Specify one or more of the following options: |
|
netvisor|no-netvisor |
Specify whether to enable or disable Netvisor ONE certificate expiration alerts. |
days-before-expiration 7..180 |
Modify the number of days before expiration to send alerts (Default 30 days). The value ranges from 7 through 180 days. |
To view the alert configuration for the certificate expiry, use the command:
CLI (network-admin@switch01) > cert-expiration-alert-show
switch: switch01
days-before-expiration(d): 30
To enable or disable the SNMP trap for certificate expiry alert, use the command:
CLI (network-admin@switch01) > snmp-trap-enable-modify cert-expiry|no-cert-expiry
where,
cert-expiry|no-cert-expiry |
Specify whether to monitor certificate expiry or not. |
To view the alert configuration details older than an hour, use the command:
CLI (network-admin@switch01) > log-alert-show older-than 1h
time switch code name count last-message
-------- ---------- ----- ------------------ ----- ------------------------------
00:17:05 switch01 31008 smf_nvOSd_stop 1 SMF Service stopping nvOSd
00:17:08 switch01 11008 nvOSd_start 1 version 5.1.5010014665
00:35:49 switch01 31016 certificate_expiry 1 switch cert expiring in 19 days
The switch-info-show command displays the validity (dates valid from and dates valid until) for Netvisor ONE certificate. For example,
CLI (network-admin@nru03-sw-1*) > switch-info-show
model: NRU03
chassis-serial: 1937ST9100075
cpu1-type: Intel(R) Xeon(R) CPU D-1557 @ 1.50GHz
cpu2-type: Intel(R) Xeon(R) CPU D-1557 @ 1.50GHz
cpu3-type: Intel(R) Xeon(R) CPU D-1557 @ 1.50GHz
cpu4-type: Intel(R) Xeon(R) CPU D-1557 @ 1.50GHz
system-mem: 30.6G
switch-device: OK
fan1-status: OK
fan2-status: OK
fan3-status: OK
fan4-status: OK
fan5-status: OK
fan6-status: OK
fan7-status: OK
fan8-status: OK
fan9-status: OK
fan10-status: OK
fan11-status: OK
fan12-status: OK
ps1-status: OK
ps2-status: OK
disk-model: Micron_1300_MTFDDAV256TDL
disk-firmware: M5MU000
disk-size: 238G
disk-type: Solid State Disk, TRIM Supported
bios-vendor: American Megatrends Inc.
bios-version: 1.00.00
netvisor-cert-valid-from: Sep 13 07:00:00 2019 GMT
netvisor-cert-valid-till: Sep 14 06:59:59 2039 GMT