Netconf IOS XE issues on CML 2.1.1
Python code:
from ncclient import manager
import xmltodict
import xml.dom.minidom
# Create an XML filter for targeted NETCONF queries
netconf_filter = """
<filter>
<interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces">
<interface></interface>
</interfaces>
</filter>"""
with manager.connect(
host="10.0.30.151",
port="830",
username="cisco",
password="cisco",
hostkey_verify=False
) as m:
netconf_reply = m.get_config(source = 'running', filter = netconf_filter)
print(xml.dom.minidom.parseString(netconf_reply.xml).toprettyxml())
# Parse the returned XML to an Ordered Dictionary
netconf_data = xmltodict.parse(netconf_reply.xml)["rpc-reply"]["data"]
# Create a list of interfaces
interfaces = netconf_data["interfaces"]["interface"]
for interface in interfaces:
print("Interface {} enabled status is {}".format(
interface["name"],
interface["enabled"]
)
)Error:
C:\Users\ge\Git\CodeSamples>C:/Users/ge/AppData/Local/Microsoft/WindowsApps/python.exe c:/Users/ge/Documents/Python/DEVNET/cisco.py
Traceback (most recent call last):
File "c:/Users/ge/Documents/Python/DEVNET/cisco.py", line 20, in <module>
netconf_reply = m.get_config(source = 'running', filter = netconf_filter)
File "C:\Users\ge\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.8_qbz5n2kfra8p0\LocalCache\local-packages\Python38\site-packages\ncclient\manager.py", line 226, in execute
return cls(self._session,
File "C:\Users\ge\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.8_qbz5n2kfra8p0\LocalCache\local-packages\Python38\site-packages\ncclient\operations\retrieve.py", line 166, in request
return self._request(node)
File "C:\Users\ge\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.8_qbz5n2kfra8p0\LocalCache\local-packages\Python38\site-packages\ncclient\operations\rpc.py", line 360, in _request
raise self._reply.error
ncclient.operations.rpc.RPCError: {'type': 'protocol', 'tag': 'unknown-element', 'app_tag': None, 'severity': 'error', 'info': '<?xml version="1.0" encoding="UTF-8"?><error-info xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0"><bad-element>filter</bad-element>\n</error-info>\n', 'path': '\n /rpc/get-config\n ', 'message': None}version affected:
csr1000v#sh ver
Cisco IOS XE Software, Version 17.03.01a
Cisco IOS Software [Amsterdam], Virtual XE Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 17.3.1a, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2020 by Cisco Systems, Inc.
Compiled Wed 12-Aug-20 00:16 by mcpre
Solution:
- Download refplat_p-20200409-fcs
- exctract csr1000v-universalk9.16.11.01b-serial.qcow2
Add the new image definition in CML (only fill in ID, Label and description):
Tools -> Node and Image Definitions:
Select ‘IMAGE DEFINITIONS’ tab and choose ‘ADD’:
Add the new image definition in CML (only fill in ID, Label and description)
Open a lab in CML and drag the CSR 1000v image onto your CML workshop and under the simulate tab select the new image definition you created:
allow the image time to boot then proceed to enable netconf:
username cisco priv 15 sec 0 cisco
ip domain name ge.lab
int gi 1
ip add dhcp
exi
crypto key gen rsa mod 1024
ip ssh ver 2
line vty 0
logg syn
line vty 0 14
trans in ssh
login local
netconf ssh
netconf-yangNOTE:
You will receive an error about “%DMI-3-NETCONF_SSH_ERROR: F0: ncsshd_bp: NETCONF/SSH: error: Trustpoint does not have a cert“
This issue appears to be a result of self-signed certificates on IOS/IOS-XE platforms expiring on Jan 1st 2020:
A workaround is to set clock to Jan 1, 2017 and make sure to remove the configuration for the NTP server.
Give the router a couple of minutes and then verify netconf:ssh cisco@10.0.30.151 -p 830 netconf
Now re-run the python script!
Leave a Reply