NETCONF

NETCONF provides a means to programmatically interact with a device – in a model-based, machine-consumable, easy to understand and standards-based way. NETCONF is defined by >RFC-6241 and is based on the YANG modeling language.

For background on model-based management, please see Model-Based Management Introduction.

Prerequsites

16.3

The introduction of IOS-XE 16 on your specific network device is outside the scope of this user-guide (to enable model-based interfaces). For platform requirements and how-to guides to successfully load IOS-XE 16 on your network device, please see the Cisco IOS XE Denali Migration Guide for Access and Edge Routers

Authentication

NETCONF connections should be authenticated using AAA credentials. RADIUS, TACACS+ or local users defined with privilege level 15 access are allowed. AAA impacts other systems, such as administrator access to the CLI. Here is a lab configuration example from an ISR-4451 using local credentials (without any AAA enabled):

                                
                                username admin privilege 15 secret cisco123
                            

Please consult ISE documentation to insure users and network-device policies are correctly setup for backend AAA.

Addressing and Ports

In 16.3, NETCONF listens on any IP address assigned to the system. When enabled, NETCONF runs on port 830 and uses SSH for transport. SSH is enabled automatically when the NETCONF feature is enabled.

Feature Commands

The CLI command to enable NETCONF is displayed below:

                                

                                    netconf-yang

                            

Once enabled via CLI, all supported operations may be governed through model interfaces, including optional settings for NETCONF configuration and operational data settings.

Is it really that easy? Only a single command?

Yes, it is that easy. You are now up and operational on port 830. Happy coding!