Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1564
Views
0
Helpful
4
Replies

NetConf doesn't work on 2960x properly

hamedkz
Level 1
Level 1

‎08-11-2021 06:36 AM - edited ‎08-11-2021 06:43 AM

I have a Cisco Catalyst 2960x 48TS-L switch, its IOS is C2960X-UNIVERSALK9-M, Version 15.0(2) EX5, RELEASE SOFTWARE (fcl).

I want to configure the switch by NetConf but I was faced with some problems. 

here I will explain the situation that I faced with it :

I know the main command for enabling NetConf is 'netconf-yangbut it doesn't exist in my CLI. another side I can connect to switch by below command :

ssh -c aes-cbc admin@192.168.1.15 -s netconf

there is 2 point in my connection command, first, -c aes-cbc is mandatory and without that connection will be refused. (I'm wonderful because nobody mentions this option in internet forums examples).

second, all examples on the internet contain -p 830 in command and set port number but if I use -p option connection will be refused.

after I run the above command, the connection to switch is established and I can use #show netconf session  command to see opened NetConf session in CLI. it shows netconf session is open and its port number is 50766.

also, the switch sends its Hello message to me and I see hello message in my console.

problems start from here : 

I send the client's Hello message to switch in response.

but when I send the first request RPC message to switch it refuses and terminates the connection.

then I installed python ncclient package and connect to the switch by its methods, Again an error occurred. (SHHError : could not open socket to 192.168.1.15:830).

now my questions are :

1. why netconf-yang dont work on my switch?

2. why SW refuse connection in first RPC request while it sends hello to me and accepts me previously?

3. does this issue is related to me?

 

 

 

Labels:
0 Helpful
4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

‎08-11-2021 07:16 AM

What License you have on the device ?  have you enable netconfig 

netconf ssh

 

can you post below output :

 

show run

show version

dir

 

here is step by step guide over ssh2 :

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/cns/configuration/15-mt/cns-15-mt-book/netconf-sshv2.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

hamedkz
Level 1
Level 1
In response to balaji.bandi

‎08-11-2021 12:28 PM - edited ‎08-11-2021 12:30 PM

thank you for your response, I am reading you guide now and here is what you want: 

 

Switch#show run
Building configuration...

Current configuration : 4270 bytes
!
! No configuration change since last restart
! NVRAM config last updated at 00:04:42 UTC Sat Jan 1 2000
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$.Mwm$7VCAvXW0ObpSzy5z5iQXV.
!
username admin privilege 15 password 0 admin
no aaa new-model
switch 1 provision ws-c2960x-48ts-l
!
!
!
!
crypto pki trustpoint TP-self-signed-3278295936
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3278295936
revocation-check none
rsakeypair TP-self-signed-3278295936
!
!
crypto pki certificate chain TP-self-signed-3278295936
certificate self-signed 01
********30820194 ******** ****************2A864886 ********05050030
31312F30 2D060355 04031326 494F532D ****************6E65642D ********
********6174652D ********32393539 ********170D3030 ********30303034
34325A17 0D323030 ********30303030 305A3031 312F302D 06035504 03132649
4F532D53 ********5369676E 65642D43 ********66696361 74652D33 32373832
39353933 ********300D0609 2A864886 ****************818D0030 ********
********ABDDE157 ********0A78A4CF 70F0FA10 ********E0401E1B ********
893EFD15 DF1E699B ********638C206D 241BD4BA ****************B0521B4B
E69B2327 95F520C6 166D9796 ********72E2C68A 8F7CD529 1C74522D ********
FB7D9C20 ********E73521E3 ********2888A983 4C36D7AA 39EDCF8B ********
0C590203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 ********040097B9 F0A74F62 168AA9DD 2CCFC7F0 7F301D06
********04160414 85F97204 0097B9F0 ********8AA9DD2C ****************
2A864886 F70D0101 ********8181004C 52466914 FFD195E7 8EF943B2 ********
********68CAC422 ********341194F5 ********5CD029F4 ********57EA1912
********0A74D4BA A70357D1 F33DDAEF ********88BFA91B 500A401F 8DF05D83
AD967BF9 ****************F69F6691 7D11C98F 7F6FCB42 002F6BDA ********
5F9FD211 ********3C69860B 9C********8A6
quit
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
!
!
vlan internal allocation policy ascending
!
ip ssh version 2
!
!
!
!
!
interface FastEthernet0
no ip address
!
interface GigabitEthernet1/0/1
!
...
interface GigabitEthernet1/0/52
!
interface Vlan1
ip address 192.168.1.15 255.255.255.0
!
ip http server
ip http secure-server
!
!
snmp-server community TTTT RW
snmp-server location Globe
snmp-server contact Company.com
!
!
line con 0
line vty 0 4
login local
transport input ssh
line vty 5 15
login
!
netconf ssh
end

 

 

 

Switch#show version
Cisco IOS Software, C2960X Software (C2960X-UNIVERSALK9-M), Version 15.0(2)EX5, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Fri 21-Feb-14 05:54 by prod_rel_team

ROM: Bootstrap program is C2960X boot loader
BOOTLDR: C2960X Boot Loader (C2960X-HBOOT-M) Version 15.2(2r)E1, RELEASE SOFTWARE (fc1)

Switch uptime is 11 minutes
System returned to ROM by power-on
System restarted at 00:02:53 UTC Sat Jan 1 2000
System image file is "flash:/c2960x-universalk9-mz.150-2.EX5/c2960x-universalk9-mz.150-2.EX5.bin"


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco WS-C2960X-48TS-L (APM86XXX) processor (revision H0) with 524288K bytes of memory.
Processor board ID FCW1849A2CV
Last reset from power-on
1 Virtual Ethernet interface
1 FastEthernet interface
52 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.

512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address : 3C:3C:3C:3C:3C:3C
Motherboard assembly number : **-**71-02
Power supply part number : 341-****-02
Motherboard serial number : FOC1848****
Power supply serial number : ********WM9
Model revision number : H0
Motherboard revision number : B0
Model number : WS-C2960X-48TS-L
Daughterboard assembly number :**-*****-03
Daughterboard serial number : *****84M6R
System serial number : *******A2CV
Top Assembly Part Number : ***-*****-01
Top Assembly Revision Number : C0
Version ID : V03
CLEI Code Number : CMMNF00ARB
Daughterboard revision number : A0
Hardware Board Revision Number : 0x12


Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 52 WS-C2960X-48TS-L 15.0(2)EX5 C2960X-UNIVERSALK9-M


Configuration register is 0xF

 

Switch#dir
Directory of flash:/

2 -rwx 104 Jan 1 2000 00:14:51 +00:00 express_setup.debug
3 -rwx 3096 Jan 1 2000 00:04:43 +00:00 multiple-fs
4 -rwx 2976 Jan 1 2000 00:04:43 +00:00 config.text
5 -rwx 1919 Jan 1 2000 00:04:43 +00:00 private-config.text
6 drwx 512 Dec 4 2014 03:25:20 +00:00 c2960x-universalk9-mz.150-2.EX5
645 drwx 512 Dec 4 2014 03:25:21 +00:00 dc_profile_dir

122185728 bytes total (98704896 bytes free)

0 Helpful

hamedkz
Level 1
Level 1
In response to balaji.bandi

‎08-11-2021 01:21 PM - edited ‎08-11-2021 01:22 PM

thank you for your response. now I'm reading the guide you provided and I attached a file which contain what you want.

Preview file
7 KB
0 Helpful

hamedkz
Level 1
Level 1

‎08-24-2021 01:44 AM - edited ‎08-24-2021 01:45 AM

i found that I have a mistake. when I send a rpc request to switch i forget to send initial xml tag , rpc message-id and terminator characters. for example below request now working properly :

<?xml version="1.0" encoding=\"UTF-8\"?>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
   <lock>
      <target>
         <running/>
      </target>
   </lock>
</rpc>]]>]]

but still my question is why my device doesn't have netconf-yang command?

additionally still my device doesn't response to another my rpc request like below request :

<?xml version="1.0" encoding=\"UTF-8\"?>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<get-arp-table-information/>
</rpc>]]>]]>
<?xml version="1.0" encoding=\"UTF-8\"?>
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<get>
<filter>
<interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces">
<interface>
<name>GigabitEthernet1/0/1</name>
</interface>
</interfaces>
</filter>
</get>
</rpc>]]>]]>

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents