Have a valid user with AAA new-model turned on
conf t
aaa new-model
aaa authentication login default local
aaa authorization exec default local
username admin privilege 15 secret cisco123
Restconf
- RESTCONF uses HTTP or HTTPS, so turn on the webserver
conf t
ip http secure-server
- Turn on RESTCONF
conf t
restconf
- Validate
RESTCONF relies on DMI and nginx
restconf-router# show platform software yang-management process
confd : Running
nesd : Running
syncfd : Running
ncsshd : Running
dmiauthd : Running
nginx : Running
ndbmand : Running
pubd : Running
Get an IP Address
This is done from the linux commandline via curl
--insecure is added because Cisco generates it's own self-signed certificates.
ariadne@tesseract:~$ curl --insecure --user admin:cisco123 \
-H "Accept: application/yang-data+json" \
https://192.168.52.199/restconf/data/Cisco-IOS-XE-native:native/interface/Loopback=0
{
"Cisco-IOS-XE-native:Loopback": {
"name": 0,
"ip": {
"address": {
"primary": {
"address": "1.1.1.1",
"mask": "255.255.255.255"
}
}
}
}
}
Set an IP Address
Also done from the linux commandline via curl, just with a PATCH message.
ariadne@tesseract:~$ curl --insecure --user admin:cisco123 \
-X PATCH \
-H "Accept: application/yang-data+json" \
-H "Content-Type: application/yang-data+json" \
https://192.168.52.199/restconf/data/Cisco-IOS-XE-native:native/interface/Loopback=0 \
-d '{
"Cisco-IOS-XE-native:Loopback": {
"name": 0,
"ip": {
"address": {
"primary": {
"address": "2.2.2.2",
"mask": "255.255.255.255"
}
}
}
}
}'
Use NETCONF-YANG
-
Ensure a Valid user with AAA new-model is turned on, and available (see above)
-
Turn on NETCONF-YANG
conf t
netconf-yang
- Validate
restconf-router#show netconf-yang status
netconf-yang: enabled
netconf-yang ssh port: 830
netconf-yang candidate-datastore: disabled
I performed this lab inside a linux virtual environment.
- Load a python virtual environment
python3 -m venv ~/netconf-lab
- Activate it
source ~/netconf-lab/bin/activate
- Install ncclient
pip install ncclient
- Enter the python shell
python
- Connect to device:
>>> conn = manager.connect(
host="192.168.52.199",
port=830,
username="admin",
password="cisco123",
hostkey_verify=False,
device_params={"name": "iosxe"}
)
- Paste in a payload, follow the XML
>>> payload = """
<config>
<native xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-native">
<interface>
<Loopback>
<name>5</name>
<ip>
<address>
<primary>
<address>5.5.5.5</address>
<mask>255.255.255.255</mask>
</primary>
</address>
</ip>
</Loopback>
</interface>
</native>
</config>
"""
>>> conn.edit_config(target="running", config=payload)
<?xml version="1.0" encoding="UTF-8"?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:5edcd8ca-3e51-4581-8bce-87f7eb939735" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0"><ok/></rpc-reply>