8.15. Procedure to pair a GCap with the GCenter
A - Introduction
On the GCenter, get the IP address of the GCenter
On the GCap, enter the IP address of the GCenter
On the GCenter, declare the GCap and generate the One Time Password (OTP)
On the GCap, pair the GCap and the GCenter
For... |
Use the command |
carry out the procedures successively |
|---|---|---|
Display the IP address of the GCenter |
N/A |
|
Set the compatibility mode on the GCap |
||
Set the GCenter IP on the GCap |
||
Declare the GCap in the GCenter |
N/A |
|
Pair the GCap and the GCenter |
||
Remove the pairing between a GCap and the GCenter |
B - Prerequisites
User: setup
Commands used in this procedure:
C - Preliminary operations
Connect to the GCap (refer to Procedure to remote connection to GCap via an SSH tunnel)
Know the FQDN of the GCap and its IP address
Know the FQDN of the GCenter and its IP address
Check that the date and time of the GCenter and the GCap match : refer to Procedure to change the date and time of the GCap
D - Procedure to display the IP address of the GCenter
- Connect to the GCenter and display the GCenter network settingsFor more information, please refer to the GCenter documentation
E - Procedure to set the compatibility mode on the GCap
- To view the software version of the GCenter : Log into the GCenter and view the GCenter version numberThe information is located at the bottom left of the GCenter page (GCenter v2.5.3.101-7173-HF3 for example)
To display the current compatibility mode between the GCap and the GCenter:
- Connect to the GCap (refer to Procedure to remote connection to GCap via an SSH tunnel)The command prompt is displayed
(gcap-cli)
enter the command
show compatibility-mode
- ValidateThe system displays the current compatibility mode
Current compatibility mode: 2.5.3.101
- Compare the version between the one displayed on the GCap and the one on the GCenterIn this case:
On the GCenter, the version is: v2.5.3.101
On the GCap, the mode is: 2.5.3.101
Thus, the GCap is well configuredIn this example, it is not necessary to modify the compatibility modeHowever, if it is necessary to change the mode, use the following procedure
To change the GCap compatibility mode:
Enter the following command (for example for 2.5.3.102 version )
set compatibility-mode 2.5.3.102
Validate
F - Procedure to set the GCenter IP on the GCap
(gcap-cli)
To display the GCenter IP:
Connect to the GCap (refer to Procedure to remote connection to GCap via an SSH tunnel)
Enter the following command
show gcenter-ip
- ValidateThe system displays the IP address of the current GCenter : make sure it is the IP address of the GCenter to be paired
Current GCenter IP:
If there is no paired Gcenter then the following message is displayed :Current GCenter IP: None
Check that the IP address displayed is that of the GCenter to be paired. If there is a change, continue this procedure
To change the GCenter IP:
Note
- Replace in the following commands:
IP by its value
- Enter the command
set gcenter-ip IP
Example: set gcenter-ip X.X.X.X - ValidateThe system displays the new IP address of the GCenter
Setting GCenter IP to X.X.X.X
G - Procedure to declare the GCap in the GCenter
Obtain the FQDN (hostname.domain) of the GCap via the
`show status`commandConnect to the GCenter via a web browser
Enter the FQDN (refer to the GCenter documentation)
- Click on the
`Start Pairing`buttonThe One Time Password (OTP) is displayed at the top left of the web pageFor example: pcmqsnf7iyo34ianzzi7gbgrr Copy the OTP
H - Procedure to pair the GCap and the GCenter
- Log on to the GCap CLIThe command prompt is displayed
(gcap-cli)
Enter the command
pairing otp
Insert the OTP previously generated by the GCenter after positioning the cursor after the text
pairing otp pcmqsnf7iyo34ianzzi7gbgrr
- ValidateThe GCap connects to the GCenter via the IP address of the GCenter set on the GCap earlierThe GCap then calculates the fingerprint using the FQDN of the GCapIt asks the user to compare it with the fingerprint calculated by the GCenter, which was itself calculated using the FQDN enteredThe system displays the following message:
Resetting any previous GCenter pairing... Generating IPSec certificates for the GCenter pairing... Probing for GCenter SSH fingerprint... Fingerprint for GCenter x is e65145b25e229186a32bd3943a3fde70b2c6c3988457e80 0f08b#. Is it correct? (y/N)
Compare the GCenter fingerprint retrieved by the GCap in the CLI with the one present in the
`GCaps pairing..`part under the`GcenterSSH fingerprint`text in the GCenter web interface on the web browser.If the fingerprints are not identical:
Check the GCenter IP address and the value entered in the GCap
Check the GCap FQDN and the name entered in the GCenter
If they are identical, press <Y> and validate
Sending OTP to GCenter... Operation successful
- On the GCenter Web UI, check that the GCap is now Online in the
`GCaps pairing and status`menu page.For more information, please refer to the GCenter documentation. - On the GCap, enter the following command.
show status
The system displays the following message:Gcap FQDN : gcap.gatewatcher.com Version : #.#.#.0 Overall status : Running Tunnel : Up Detection Engine : Up and running Configuration : Complete Gcap name : gcap Domain name : gatewatcher.com Tunnel interface : Management interface : Gcenter version : #.#.#.103 Gcenter IP : Paired on Gcenter : Yes Monitoring interfaces : mon0,mon2,mon4,monvirt © Copyright GATEWATCHER 2024
The
`Paired on GCenter`field takes the value`Yes`or`No`.
I - Procedure to remove the pairing between a GCap and the GCenter
- Log on to the GCap CLIThe command prompt is displayed
(gcap-cli)
Enter the command
unpairValidate