Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1437
Views
0
Helpful
2
Replies

Unable to access Yang capabilities via Python ncclient

mervinh16
Level 1
Level 1

‎10-03-2020 10:52 AM

Hello,

 

 

I have a Cisco CSRv1000 with Cisco XE version 16.8.1a.

 

I have enabled netconf-yang and when i run the command ssh -2 -s admin@172.30.43.115 netconf it displays the YANG on CLI. 

 

However if i run the following code on python, it gives an error ncclient.transport.errors.SSHError: Could not open socket to 172.30.43.115:830

 

My Code:

from ncclient import manager
import xml.etree.ElementTree as ET

router = {
    "host""172.30.43.115",
    "port""830",
    "username""admin",
    "password""******",
}

with manager.connect(
    host=router["host"],
    port=router["port"],
    username=router["username"],
    password=router["password"],
    hostkey_verify=False,
    allow_agent=False,
    look_for_keys=False,
as m:
    ip_schema = m.get_schema("ietf-ip")
    root = ET.fromstring(ip_schema.xml)
    yang_tree = list(root)[0].text
    f = open("ietf-ip.yang""w")
    f.write(yang_tree)
    f.close()

Also, please find my show run on the router:
 

MyRouter#show run
Building configuration...

Current configuration : 1725 bytes
!
! Last configuration change at 17:37:24 UTC Sat Oct 3 2020
!
version 16.8
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
platform console serial
!
hostname MyRouter
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$tK3F$2WEFfM8JZcyP7YPgzRZbH1
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
!
!
!
aaa session-id common
!
!
!
!
!
!
!
ip domain name myrouter.com
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
!
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
license udi pid CSR1000V sn 96YNK5Y0HUS
no license smart enable
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
netconf-yang
!
!
username admin privilege 15 secret 5 $1$h/2L$vvzIggHKLFlS1KJlYOqkA1
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet1
ip address 172.30.43.115 255.255.255.0
ip nat outside
negotiation auto
no mop enabled
no mop sysid
!
interface GigabitEthernet2
no ip address
shutdown
negotiation auto
no mop enabled
no mop sysid
!
interface GigabitEthernet3
no ip address
shutdown
negotiation auto
no mop enabled
no mop sysid
!
interface GigabitEthernet4
no ip address
shutdown
negotiation auto
no mop enabled
no mop sysid
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip route 0.0.0.0 0.0.0.0 172.30.43.3
!
ip ssh version 2
!
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
line con 0
stopbits 1
line vty 0 4
transport input ssh
!
netconf ssh
wsma agent exec
!
wsma agent config
!
wsma agent filesys
!
wsma agent notify
!
!
end

 

Can someone please help me out ?

 

 

Labels:
0 Helpful
2 Replies 2

bigevilbeard
VIP
VIP

‎10-09-2020 04:15 AM

When you are running this command 

 

 

ssh -2 -s admin@172.30.43.115 netconf

You are using port 22, your code shows you are using the netconf port 830. If you were on your device you would see the following when running the command above using port 22.

 

 

 

*Oct 9 11:04:01.971: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: developer] [Source: 86.169.xx.xx] [localport: 22] at 11:04:01 UTC Fri Oct 9 2020

 

 

If you update your command to use port 830, see if this connects

 

ssh -2 -s admin@172.30.43.115 netconf -p 830

You should see on the device

 

 

*Oct 9 11:04:40.798: %DMI-5-AUTH_PASSED: R0/0: dmiauthd: User 'developer' authenticated successfully from 86.169.xx.xx:65128 and was authorized for netconf over ssh. External groups: PRIV15

You can check your router and see if this port is open/set up

 

csr1000v-1#show netconf-yang status
netconf-yang: enabled
netconf-yang ssh port: 830
netconf-yang candidate-datastore: disabled

 

Hope this helps.

 

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io
0 Helpful

bigevilbeard
VIP
VIP
In response to bigevilbeard

‎10-09-2020 04:22 AM

BTW your code is good, i tested this with the following using the devnet sandbox https://devnetsandbox.cisco.com/RM/Diagram/Index/38ded1f0-16ce-43f2-8df5-43a40ebf752e?diagramType=Topology

 

router = {
    'host': 'ios-xe-mgmt-latest.cisco.com',
    'port': '10000',
    'username': 'developer',
    'password': 'C1sco12345',
    }

 

(venv) STUACLAR-M-R6EU:Desktop stuaclar$ ls -la | grep ietf-ip.yang
-rw-r--r--    1 stuaclar  staff   20686  9 Oct 12:19 ietf-ip.yang
Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io
0 Helpful
Customers Also Viewed These Support Documents