- Overview
- Guides
- Global SIP Configurations
- SIP Dial Peer Configurations
- Call Manager Fallback Configurations
- DSPFARM Profile Configurations
- Num-Exp Configurations
- Gateway Configurations
- Application Configurations
- Unified Communication Configurations
- HTTP Configurations
- SIP User Agent Configurations
- Codec Configurations
- Credentials Configurations
- Media Configurations
- Call Admission Control Configurations
- Gateway Accounting Configurations
- Voice Class Codec Configurations
- Voice Register Configurations
- Operational Data
- Developer Resources
- Community & Support
Getting Started
Cisco encourage 3rd party development of software to utilize Cisco’s open APIs including those defined by YANG models and interacted with using NETCONF and RESTCONF. NETCONF and RESTCONF allow programmatic access to network devices using structured data. NETCONF and RESTCONF use YANG to structure the data that is sent and received, which makes is much simpler to work with programmatically.
The NETCONF and RESTCONF with YANG model is a programmatic and standards-based way of writing configurations to any network device, replacing the process of manual configuration. Network devices running on Cisco IOS XE support the automation of configuration for multiple devices across the network using YANG data models. YANG data models are developed in a standard, industry-defined language, that can define configuration and operational state information of a network.
Using standard interfaces help network engineers:
- Utilize the new open interfaces of NETCONF and RESTCONF
- Separate configuration and operational state information
- Configure network "services" and devices
- Comprehensive feature coverage with YANG data models
Resources to check out for standard interfaces:
- Read Adam Radford's blog, Getting Started with NETCONF/YANG
- Review the IETF docs for YANG, NETCONF and RESTCONF
- Explore DevNet Learning Lab to enrich your understanding of model driven programmability
- How is Cisco involved? Read OpenConfig on Cisco Platforms by Einar Nilsen Nygarrd
Configuring NETCONF Protocol
NETCONF uses the primary trustpoint of a device. If a trustpoint does not exist when NETCONF-YANG is configured, it creates a self-signed trustpoint.
Providing Privilege Access to Use NETCONF
To start working with NETCONF, you must be a user with privilege level 15. To provide this, use the following command:
Device(config)# username example-name privilege 15 password example_password
This establishes a username-based authentication system. The Privilege level key word sets the privilege level for the user. For the programmability feature, it must be 15.
Enabling NETCONF and RESTCONF
If the legacy NETCONF protocol is enabled on your device, the RFC-compliant NETCONF protocol does not work. Disable the legacy NETCONF protocol by using the no netconf legacy command.
For enabling and authenticating NETCONF on IOS-XE, refer Enabling NETCONF on IOS-XE For enabling and authenticating RESTCONF on IOS-XE, refer Enabling RESTCONF on IOS-XE
After the initial enablement through the CLI, network devices can be managed subsequently through a model-based interface. The complete activation of model-based interface processes may require up to 90 seconds.
NETCONF uses Secure Shell (SSH) as the transport layer across network devices. It uses SSH port number 830 as the default port. NETCONF supports capability discovery and model downloads. Supported models are discovered using the ietf-netconf-monitoring model. This is a hello message from the NETCONF device, containing a list of capabilities. The capabilities contain all of the YANG models that the device supports. Verify the SSH connectivity to the network device by entering username and password.
Example:
$ ssh -p 830 sdn@10.10.6.2
sdn@10.10.6.2's password:
The response will be a long list of NETCONF capabilities from the network device followed by a session id element, which can be used with future requests.
Example:
Copy<?xml version="1.0" encoding="UTF-8"?>
<hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<capabilities>
<capability>urn:ietf:params:netconf:base:1.0</capability>
<capability>urn:ietf:params:netconf:base:1.1</capability>
<capability>urn:ietf:params:netconf:capability:writable-running:1.0</capability>
<capability>urn:ietf:params:netconf:capability:xpath:1.0</capability>
<capability>urn:ietf:params:netconf:capability:validate:1.0</capability>
<capability>urn:ietf:params:netconf:capability:validate:1.1</capability>
<capability>urn:ietf:params:netconf:capability:rollback-on-error:1.0</capability
--snip--
</capabilities>
<session-id>2870</session-id></ hello>]]>]]>
Configuring YANG Explorer Application
YANG Explorer allows the user to:
- Upload/Compile YANG data models from User Interface or Command Line
- Build NETCONF RPCs (Remote Procedure Calls)
- Execute RPC against a real NETCONF server (Catalyst 3850)
- Save created RPCs to collections for later use
- Browse data model trees and inspect YANG properties
YANG Explorer application download, setup instructions, and user guide can be found here: https://github.com/CiscoDevNet/yang-explorer
Additional References for NETCONF and RESTCONF
Related Documents
| Related Topic | Document Title |
|---|---|
| YANG data models for various release of IOS-XE platforms | To access Cisco YANG models in a developer-friendly way, please clone the GitHub repository, and navigate to the vendor/cisco subdirectory. |
Standards and RFCs
| Standard/RFC | Title |
|---|---|
| RFC 6020 | YANG - A Data Modeling Language for the Network Configuration Protocol (NETCONF) |
| RFC 6241 | Network Configuration Protocol (NETCONF) |
| RFC 6536 | Network Configuration Protocol (NETCONF) Access Control Model |
| RFC 8040 | RESTCONF Protocol |