tls tls-port
Use this command to enable secure or insecure TLS connection for streaming-telemetry.
Use the no parameter of this command to disable the secure or insecure TLS and restart the telemetry with a non-TLS connection.
In OcNOS, streaming telemetry over TLS secures incoming packets for dial-in connections. TLS is not supported for dial-out mode subscriptions.
Command Syntax
tls tls-port <32768-60999>
no tls tls-port <32768-60999>
tls tls-port <32768-60999> insecure
no tls tls-port <32768-60999> insecure
no insecureParameters
tls-port <32768-60999>
Specifies the port number range for the secure TLS gRPC connection.
insecure
Disables certificate validation in a TLS-enabled connection.
Default
Disabled
Command Mode
Feature telemetry configure mode
Applicability
Introduced in OcNOS version 6.6.0
Examples
Secure TLS
Enable or disable the TLS connection on the desired port.
To verify the TLS connection status, check the TLS and insecure-tls fields in the show output. If the TLS field shows enabled, the TLS connection is active. If the insecure-tls field is marked as false, it means that the provided certificates are validated.
OcNOS(config)#feature streaming-telemetry vrf management
OcNOS(feature-telemetry-config)#tls tls-port 34567
OcNOS(feature-telemetry-config)#commit
OcNOS(config)#show running-config streaming-telemetry
!
feature streaming-telemetry vrf management
tls tls-port 34567
!
OcNOS#show streaming-telemetry vrf management
Number of telemetry instances : 1 (management)
Platform type : High range
Maximum sensor-paths : 100
Minimum sample-interval : 10
Number of active sensor-paths : 1 (Dial-In : 1, Dial-out : 0)
SI : Sampling Interval in seconds
Enc-Type : Encoding type
Origin:Path : Sensor Path
1. Subscription Details (VRF-Name: management):
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Port : 34567
TLS : Enabled
insecure-tls : False
Dial-In STREAM Mode Subscription Details:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ClientIP:Port ID SI Enc-Type Origin:Path
------------- ------ ---- -------- ------------
10.12.42.10:49828 53207 90 JSON ipi:/interfaces/interface[name="eth0"]/state
OcNOS(config)#feature streaming-telemetry vrf management
OcNOS(feature-telemetry-config)#no tls tls-port 34567
OcNOS(feature-telemetry-config)#commitInsecure TLS
Enable or disable insecure TLS connection on the desired port. In the show output fields, if the insecure-tls field is marked as true, it means that the provided certificates are not validated.
OcNOS(config)#feature streaming-telemetry vrf management
OcNOS(feature-telemetry-config)#tls tls-port 34567 insecure
OcNOS(feature-telemetry-config)#commit
OcNOS(config)#show running-config streaming-telemetry
!
feature streaming-telemetry vrf management
tls tls-port 34567 insecure
!
!
OcNOS#show streaming-telemetry vrf management
Number of telemetry instances : 1 (management)
Platform type : High range
Maximum sensor-paths : 100
Minimum sample-interval : 10
Number of active sensor-paths : 2 (Dial-In : 2, Dial-out : 0)
SI : Sampling Interval in seconds
Enc-Type : Encoding type
Origin:Path : Sensor Path
1. Subscription Details (VRF-Name: management):
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Port : 34567
TLS : Enabled
insecure-tls : True
Dial-In STREAM Mode Subscription Details:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ClientIP:Port ID SI Enc-Type Origin:Path
------------- ------ ---- -------- ------------
10.14.105.105:47938 13085 90 JSON ipi:/interfaces/interface[name="eth0"]/state
ipi:/interfaces/interface[name="eth0"]/state/counters
OcNOS(config)#feature streaming-telemetry vrf management
OcNOS(feature-telemetry-config)#no tls tls-port 34567 insecure
OcNOS(feature-telemetry-config)#commit
OR
OcNOS(config)#feature streaming-telemetry vrf management
OcNOS(feature-telemetry-config)#no insecure
OcNOS(feature-telemetry-config)#commit