- Install k9sec and mgbl packages
- Generate crypto keys
- IOS-XE version 16.3 or higher
- User access with privilege level 15
(config)# ssh server v2(config)# ssh server netconf(config)# netconf-yang agent ssh(config)# netconf agent tty
(config)# ip ssh version 2(config)# netconf-yang(config)# netconf-yang feature candidate-datastore
# show netconf-yang status
Netconf status summary:
state: ready
# show platform software yang-management process
confd : Running
nesd : Running
syncfd : Running
ncsshd : Running
dmiauthd : Running
nginx : Not Running
ndbmand : Running
pubd : Running
-
$ ssh <username>@<host> –p 830 –s netconf -
Respond to NETCONF server (network device) with a hello message that includes its own capabilities
<hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<capabilities>
<capability>urn:ietf:params:netconf:base:1.0</capability>
<capability>urn:ietf:params:netconf:base:1.1</capability>
</capabilities>
</hello>]]>]]>- At this point the session is open, and the client may send any RPC request to the server (such as
get,get-config,edit-config,commit, and others).
NETCONF over an SSH session provides a raw session. In a raw session, RPCs must follow NETCONF chunk format framing.
- get-config example on IOS XR
#143 <!--number of bytes that the client is going to send-->
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="101">
<get-config>
<source>
<running/>
</source>
</get-config>
</rpc>
## <!--the RPC must end with a couple of “#”-->- get example on IOS XE
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<get>
<filter>
<interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces">
<interface>
<name>GigabitEthernet1</name>
</interface>
</interfaces>
</filter>
</get>
</rpc>
]]>]]> <!--the RPC must end with “]]>]]>”-->