Netconf feature on Cisco IOS/IOSXE

Posted on October 7, 2018

I tried to see how Ansible works with the netconf feature on Cisco and Juniper in past days: Juniper’s official document is clear and easy to follow. but for Cisco, I followed NETCONF over SSHv2, unfortunately, I was stuck on it for 6 days.

OS Version

  • Cisco IOS XE Software, Version 16.04.01
  • Cisco IOS Software, Linux Software (I86BI_LINUXL2-IPBASEK9-M), Experimental Version 15.2(20170809:194209) [dstivers-aug9_]

NetConf Requests

Tried many requests, all failed:

  1. The hello (works) request:

    <?xml version=”1.0″ encoding=”UTF-8″?>
    <hello>
    <capabilities>
    <capability>
    urn:ietf:params:xml:ns:netconf:base:1.0
    </capability>
    </capabilities>
    </hello>]]>]]>
    
  2. The request with nf: which was mentioned in (Cisco community)[https://community.cisco.com/t5/network-management/netconf-get-config-error-wrong-document-namespaces-not-specified/td-p/3298323]:

    <?xml version=”1.0″ encoding=”UTF-8″?>
    <hello xmlns=”urn:ietf:params:xml:ns:netconf:base:1.0″>
    <capabilities>
    <capability>urn:ietf:params:netconf:base:1.0</capability>
    </capabilities>
    </hello>]]>]]>
    <?xml version=”1.0″ encoding=”UTF-8″?>
    <nf:rpc xmlns:nf=”urn:ietf:params:xml:ns:netconf:base:1.0″ message-id=”1″>
    <nf:get-configtype=”subtree”>
    <nf:source>
    <nf:running/>
    </nf:source>
    <nf:filter>
    <nf:config-format-text-block/>
    </nf:filter>
    </nf:get-config>
    </nf:rpc>]]>]]>
    
    <?xml version=”1.0″ encoding=”UTF-8″?>
    <hello xmlns=”urn:ietf:params:xml:ns:netconf:base:1.0″>
    <capabilities>
    <capability>urn:ietf:params:netconf:base:1.0</capability>
    </capabilities>
    </hello>]]>]]>
    <?xml version=”1.0″ encoding=”UTF-8″?>
    <rpc xmlns:nf=”urn:ietf:params:xml:ns:netconf:base:1.0″ message-id=”101″>
    <get-config>
    <source>
    <running/>
    </source>
    </get-config>
    </rpc>]]>]]>
    
    <?xml version=”1.0″ encoding=”UTF-8″?>
    <hello xmlns=”urn:ietf:params:xml:ns:netconf:base:1.0″>
    <capabilities>
    <capability>urn:ietf:params:netconf:base:1.0</capability>
    </capabilities>
    </hello>]]>]]>
    <?xml version=”1.0″ encoding=”UTF-8″?>
    <rpc xmlns=”urn:ietf:params:xml:ns:netconf:base:1.0″ message-id=”101″>
    <get-config>
    <source>
    <running/>
    </source>
    <filter>
    <config-format-text-block/>
    </filter>
    </get-config>
    </rpc>
    ]]>]]>
    
    <?xml version=”1.0″?>
    <nc:rpc message-id=”1″ xmlns:nc=”urn:ietf:params:xml:ns:netconf:base:1.0″ xmlns=”http://www.cisco.com/nxos:1.0:nfcli”&gt;
    <nc:get>
    <nc:filtertype=”subtree”>
    <show>
    <xml>
    <server>
    <status/>
    </server>
    </xml>
    </show>
    </nc:filter>
    </nc:get>
    </nc:rpc>]]>]]>
    

How I test the requests

  1. Send the request after enter the netconf subsystem by the command:

    ssh test@device_ip -s netconf
    
  2. The tool: (netconf_client)[https://github.com/nnakamot/netconf_client] (which was mentioned in the Cisco Community). I have made some changes so that the tool can run with Python3, here is the link.

Error Message

<?xml version=”1.0″ encoding=”UTF-8″?><rpc-reply message-id=”1″ xmlns=”urn:ietf:params:xml:ns:netconf:base:1.0″><rpc-error><error-type>protocol</error-type><error-tag>operation-failed</error-tag><error-severity>error</error-severity></rpc-error></rpc-reply>]]>]]>

Solution

Refer to NETCONF/YANG を使って、Ciscoルータからコンフィグ設定を取得する(IOS-XE)

Configure the username password with privilege 15 on devices:

username test privilege 15 password 0 test123
netconf
netconf

Netconf feature on Cisco IOS/IOSXE


donation

Scan the QR code using WeChat

comments powered by Disqus