# Device Programmability

Hello Jorge

It could be that the specific IOS doesn’t support this functionality. Looking at the Cisco Feature Navigator for your particular version of IOS, it depends on the feature set and licence that you have as shown:

However, it seems that the programmbility documentation that Cisco offers is from IOS XE Fuji 16.X and later. In order to fully take advantage of it you’ll require the newer IOS.

I hope this has been helpful!

Laz

Hi everyone,
I am quite new in RESTCONF so I would appreciate detailed instructions. I was trying to configure it using YANG models from GitHub, ( https://github.com/YangModels/yang/tree/master/vendor/cisco/xe/1693 )
My cisco ios is 16.9.3

I would like to configure a basic topology, see picture below. I know how to configure RIP using Cisco CLI, but I dont know how to do it using RESTCONF.

Thank you for you assistance.
Kristina

Hello Kristina

I suggest you first go over RESTCONF as a concept as described in the Device Programmability lesson. There you will find examples as well as practical implementations of RESTCONF for configuration. Some additional helpful content can be found at this Cisco documentation.

Once you go over those you should be in a position to begin implementation of your topology. If you run into any specific problems or issues with your configuration, please let us know more specifically about what we can help you with.

I hope this has been helpful!

Laz

Hi,
I have tried to configure RIP, and I was able to configure it using RESTCONF (i just need to test the connectivity between routers).

I have found out issue with deleting the configuration? Is it even possible?
I have RIP configured on the ROUTER and I tried to delete it using this URL:

DELETE https: //192.168.10.55/restconf/data/Cisco-IOS-XE-native:native/router
Status: 204 No Content


But if i show running config on ROUTER, i see that RIP is still configured.

Even when i run GET URL to show RIP configuration:

https: //192.168.10.55/restconf/data/Cisco-IOS-XE-native:native/router/Cisco-IOS-XE-rip:rip

https ://192.168.10.55/restconf/data/Cisco-IOS-XE-native:native/router
Status: 204 No Content


Kristina

Hi ,

What is Netconf , yang and yml file , is there any tutorial references to understand these terms and uses ?

Hello Sameer

Here are some lessons that cover these topics:

As for .yml files, these are script files written in the YAML language. This language is commonly used for configuration files and in applications where data is being stored or transmitted. It can be used for many of the same communications applications as XML, but is more human-readable, and thus more user friendly. YAML is most often used with Ansible, a network orchestration tool. You can find out more about YAML and Ansible at the following lesson:

I hope this has been helpful!

Laz

1 Like

Thanks Laz , i will go through it and will get back if there any doubts .

1 Like

Hello Kristina

I took a look at this behaviour with Rene, and it seems that this is a bug or an error in the IOS. Specifically, we tried to configure OSPF and then to remove OSPF configuration using the DELETE HTTP command, and the configuration was removed successfully.

Configuring RIP was also successful, but when it came down to deleting the configuration, it would not be removed, so we go the same results as you.

Looking further into the problem, we found the following error messages generated on the CLI of the router:

*Mar 17 10:08:32.988: %DMI-5-AUTH_PASSED: R0/0: dmiauthd: User 'cisco' authenticated successfully from 10.82.100.188:0 and was authorized for rest over http. External groups: PRIV15
*Mar 17 10:08:33.265: %DMI-3-CLI_GEN_FAIL: R0/0: nesd: Failed to generate CLI change set internal error (18): internal error.
*Mar 17 10:08:33.267: %DMI-5-CONFIG_I: R0/0: nesd: Configured from NETCONF/RESTCONF by cisco, transaction-id 365


Notice the error marked DMI-3-CLI_GEN_FAIL. It states “Failed to generate CLI change set internal error (18): internal error.” I was unable to find information about such an error online, but it seems to indicate that there is an error as far as the IOS is concerned.

Specifically, we were using the following IOS version:

Note that the “Status: 204 No Content” is not actually a problem, as many commands don’t actually result in a response that contains content. 204 states that the command was sent successfully, but the device doesn’t necessarily send a response back, and in many cases this is normal behaviour. You need to go into the device to verify your changes.

I hope this has been helpful!

Laz

Hi,

just one question on which I can’t find any answers on line.

What is “arpgmp”, why you are using “arpgmp” and not “ARP”?

I can’t understand what this “gmp” is.

Thanks

Hi all

I want information please how i can learn and implement restconf language ?
i want know how i can make practise with restconf language
and wich are the step to implement its?

thanks

Hello Ugo

You can find out more about RESTCONF at the following lesson:

Included in this lesson, you will find some examples of the implementation of RESTCONF and how it works as well as some implementations that you can try as well. Some additional resources you may find useful include:

I hope this has been helpful!

Laz

very very thanks i will look

1 Like

Hello,

I ma using your postman restconf collection to do a restconf lab on EVE-NG VM with the IOS-XE
“Cisco IOS Software [Everest], Virtual XE Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 16.6.7”
I followed the exact same steps to configure the router and Postman but still not working:
I am getting: “Could not get any response” in Postman right away when I click send
SSL certificate is turned off
Postman is running on my host and I can ping the router. could you please give some hints for troubleshooting…thanks

logs show this error but no clue how to resolve it:

Error: write EPROTO 6900:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:c:\users\administrator\buildkite-agent\builds\pm-electron\postman\electron-release\vendor\node\deps\openssl\openssl\ssl\record\rec_layer_s3.c:1407:SSL alert number 40

Hany

Hello Hany

There are a few things that you can do to troubleshoot this issue. First of all, does the configuration work with cURL? cURL is a simpler command line tool that can do the same tasks as postman. If you can get it to work with cURL, then we can then confirm that the problem is with Postman. If it doesn’t then the problem exists in the router configuration.

Also, it might be helpful to take a look at the following post on Github that pertains to the error that you see:

Although not quite clear, it does seem to indicate that it is related to not specifying a client certificate. In the lesson however, client certificates are not used, but credentials (username and password) are used instead. It could be that Postman is configured to use a certain client certificate where it should send a username and password.

So I suggest you first try cURL, and then take a look at the certificate issue. Let us know how you get on…

I hope this has been helpful!

Laz

I have ‘some’ CSR1000v router, i can ssh from ubuntu, but when i type ssh cisco@ip address -p 830 netconf it shows me ssh: connect to host 172.17.1.2 port 830: Connection refused. Are there any show commands or something to help solve this problem? wireshark shows RST flag from router in TCP connection.

Hello Jan

The first thing you can do is to check if there are any access lists that are blocking the particular IP address, or port. If not, you can then use syslog to see why the connection was refused. You can temporarily reduce the syslog severity to debug or informational and set the terminal monitor on so you can see the output in the CLI. Then try to log in and see the reason for the refusal.

The RST flag on the TCP packet does give us some clues however. Barring any malicious attacks, there are two primary reasons why you would see an RST flag:

• The packet is an initial SYN packet trying to establish a connection to a server port on which no process is listening.
• The packet arrives on a TCP connection that was previously established, but the local application already closed its socket or exited and the OS closed the socket.

The most likely case is that the router is not listening on that port. If that is the case, make sure that netconf is enabled on the router.

I hope this has been helpful!

Laz

I’ve solved the issue by changing system date to year 2019, it had something to do with certificates and with january 2020. But now I have a problem with scripts in the topic. When I use netconf-get-running-configuration-filter.py it gives me something like this, no interface configuration, I’m using Cisco IOS XE Software, Version 16.07.01netconf.txt (2.3 KB)

Hi Rene, I would like to know and also to better understand, in which situations is better to use RESTCONF/gRPC and in which situations is better to use Ansible for instance, thank you, beforehand.

Hello Jan

Your output shows four interfaces (GE1 through GE4) where GE1 is enabled and GE2 to GE4 are not enabled. There are no IP addresses configured on these interfaces. Are you saying that the actual configuration on the device is different than what is showing up in the XML output? If so, how is it different?

Laz

Hello Armando

It is not a question of whether to use Ansible OR RESTCONF/gRPC. These are not mutually exclusive, and can actually be used together. Take a look at this post which will give you more informaiton about how to choose what tools for what job:

If you need more specific information, feel free to ask!

I hope this has been helpful!

Laz