Cisco Community
English
Register
Great changes are coming to Cisco Community in July. LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
1821
Views
0
Helpful
9
Replies
Brendon Neves
Beginner
Beginner
‎07-16-2019 07:21 AM
‎07-16-2019 07:21 AM

Can't do CURL REST API on CSR1000V

Hi guys!

 

I'm trying test the REST API integration with router CSRV1000v using the IOS XE version 16.09.01

 

I followed the instructions present on the link below:

https://www.cisco.com/c/en/us/td/docs/routers/csr1000/software/restapi/restapi/RESTAPIintro.html


So I'm wondering if I miss something ..

 

I'm obtaining this output when I'm trying do a CURL on the router:

 

curl -v -X POST https://10.122.66.115/api/v1/auth/token-services-H "Accept:application/json" -u "admin:password" -d "" --insecure 3
* About to connect() to 10.122.66.115port 443 (#0)
* Trying 10.122.66.115...
* Connected to 10.122.66.115(10.122.66.115) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* skipping SSL peer certificate verification
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
* subject: CN=IOS-Self-Signed-Certificate-1150883327
* start date: Out 22 22:39:49 2018GMT
* expire date: Jan 01 00:00:00 2030GMT
* common name: IOS-Self-Signed-Certificate-1150883327
* issuer: CN=IOS-Self-Signed-Certificate-1150883327
* Server auth using Basic with user 'admin'
> POST /api/v1/auth/token-services HTTP/1.1
> Authorization: Basic YWRtaW46TG9naWNhbGlzMTIz
> User-Agent: curl/7.29.0
> Host: 10.122.66.115
> Accept:application/json
> Content-Length: 0
> Content-Type: application/x-www-form-urlencoded
>
< HTTP/1.1 411 Length Required
< Server: nginx
< Date: Tue, 16 Jul 201914:09:22 GMT
< Transfer-Encoding: chunked
< Connection: keep-alive
< Accept-Ranges: none
< X-XSS-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< Strict-Transport-Security: max-age=7884000
* HTTP error before end of send, stop sending
<
* Closing connection 0
* About to connect() to 3 port 80 (#1)
* Trying 0.0.0.3...
* Failed to connect to 0.0.0.3: Argumento inválido
* couldn't connect to host at 3:80
* Closing connection 1
curl: (7) Failed to connect to 0.0.0.3: Argumento inválido

 

Could you help me please?

 

Thanks in advance,

BN.

 

Labels:
1 person had this problem
0 Helpful
9 REPLIES 9
Seb Rupik
VIP Advisor VIP Advisor
VIP Advisor
‎07-16-2019 07:32 AM
‎07-16-2019 07:32 AM

Hi there,

Looking at your curl command it is not syntactically correct: no space before '-H' , "--insecure" should have no space and "-3" needs a hypen. Try pasting the following:

curl -v -X POST https://10.122.66.115/api/v1/auth/token-services -H "Accept:application/json" -u "admin:password" -d "" --insecure -3

cheers,

Seb.

 

0 Helpful
Brendon Neves
Beginner
Beginner
In response to Seb Rupik
‎07-16-2019 07:35 AM
‎07-16-2019 07:35 AM

Hi Seb, still not works:

 

Follow the output below:

 

curl -v -X POST https://10.122.66.115/api/v1/auth/token-services-H "Accept:application/json" -u "admin:password" -d "" --insecure -3
* About to connect() to 10.122.66.115port 443 (#0)
* Trying 10.122.66.115...
* Connected to 10.122.66.115(10.122.66.115) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* NSS error -12286 (SSL_ERROR_NO_CYPHER_OVERLAP)
* Cannot communicate securely with peer: no common encryption algorithm(s).
* Closing connection 0
curl: (35) Cannot communicate securely with peer: no common encryption algorithm(s).

 

Regards,

BN.

0 Helpful
Seb Rupik
VIP Advisor VIP Advisor
VIP Advisor
In response to Brendon Neves
‎07-16-2019 07:41 AM
‎07-16-2019 07:41 AM

Well at least that is a different error message. Try the same command, but remove the '-3' from the end and let curl negotiate the cipher to use...

0 Helpful
Brendon Neves
Beginner
Beginner
In response to Seb Rupik
‎07-16-2019 07:49 AM
‎07-16-2019 07:49 AM

Hi Seb,

We back to the initially point:

[root@nadia-nginx ~]# curl -v -X POST https://10.122.66.115/api/v1/auth/token-services -H "Accept:application/json" -u "admin:password" -d "" --insecure
* About to connect() to 10.122.66.115 port 443 (#0)
* Trying 10.122.66.115...
* Connected to 10.122.66.115 (10.122.66.115) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* skipping SSL peer certificate verification
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
* subject: CN=IOS-Self-Signed-Certificate-1150883327
* start date: Out 22 22:39:49 2018 GMT
* expire date: Jan 01 00:00:00 2030 GMT
* common name: IOS-Self-Signed-Certificate-1150883327
* issuer: CN=IOS-Self-Signed-Certificate-1150883327
* Server auth using Basic with user 'admin'
> POST /api/v1/auth/token-services HTTP/1.1
> Authorization: Basic YWRtaW46TG9naWNhbGlzMTIz
> User-Agent: curl/7.29.0
> Host: 10.122.66.115
> Accept:application/json
> Content-Length: 0
> Content-Type: application/x-www-form-urlencoded
>
< HTTP/1.1 411 Length Required
< Server: nginx
< Date: Tue, 16 Jul 2019 14:47:59 GMT
< Transfer-Encoding: chunked
< Connection: keep-alive
< Accept-Ranges: none
< X-XSS-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< Strict-Transport-Security: max-age=7884000
* HTTP error before end of send, stop sending
<
* Closing connection 0
0 Helpful
Seb Rupik
VIP Advisor VIP Advisor
VIP Advisor
In response to Brendon Neves
‎07-16-2019 08:25 AM
‎07-16-2019 08:25 AM

hmmmm, ok. On the CSR, what is the output of show virtual-service detail

0 Helpful
Brendon Neves
Beginner
Beginner
In response to Seb Rupik
‎07-16-2019 08:28 AM
‎07-16-2019 08:28 AM

HQ-MC#show virtual-service detail
Virtual service csr_mgmt detail
State : Activated
Owner : IOSd
Package information
Name : iosxe-remote-mgmt.03.16.04a.S.155-3.S4a-ext.ova
Path : bootflash:/iosxe-remote-mgmt.03.16.04a.S.155-3.S4a-ext.ova
Application
Name : csr_mgmt
Installed version : 03.16.03
Description : CSR-MGMT
Signing
Key type : Cisco development key
Method : SHA-1
Licensing
Name : Not Available
Version : Not Available

Detailed guest status
Information not available
Activated profile name: None
Resource reservation
Disk : 756 MB
Memory : 512 MB
CPU : 5% system CPU

Attached devices
Type Name Alias
---------------------------------------------
NIC ieobc_1 ieobc
NIC dp_1_33 net2
Disk _rootfs
Disk /opt/var
Disk /opt/var/c
Serial/shell serial0
Serial/aux serial1
Serial/Syslog serial2
Serial/Trace serial3
Watchdog watchdog-2

Network interfaces
MAC address Attached to interface
------------------------------------------------------
54:0E:00:0B:0C:02 ieobc_1
00:50:56:B1:52:37 VirtualPortGroup33

Guest interface
---
Information not available
---

Guest routes
---
Information not available
---

Resource admission (without profile) : passed
Disk space : 756MB
Memory : 512MB
CPU : 5% system CPU
VCPUs : Not specified
0 Helpful
Seb Rupik
VIP Advisor VIP Advisor
VIP Advisor
In response to Brendon Neves
‎07-16-2019 01:41 PM
‎07-16-2019 01:41 PM

Hi Brendon,

the remote management installation looks good.

 

The presence of the line "* HTTP error before end of send, stop sending" hints at an issue with the HTTP service running in the virtual service. You are already using the latest (and only) release of this OVA and I have checked the cisco bug website for any likely culprits and nothing is apparent.

 

I'm afraid I can't help any further,

 

Seb.

0 Helpful
Brendon Neves
Beginner
Beginner
In response to Seb Rupik
‎07-17-2019 07:11 AM
‎07-17-2019 07:11 AM

Hi Seb, thanks for the help.

I will keep continue the troubleshooting with my teammates today.

BN.
0 Helpful
tom123
Beginner
Beginner
‎04-21-2020 01:54 AM
‎04-21-2020 01:54 AM

I had the same problem,Is there a solution?
0 Helpful
Latest Contents
Using Consul-Terraform-Sync to Automatically Provision Infra...
Created by patcassi on 02-23-2022 07:48 AM
0
0
0
0
In Snack Minute 57 returning guest, Cisco Developer Advocate Quinn Snyder demonstrates how Consul-Terraform-Sync enables application developers to leverage the tools they are already using to automatically provision infrastructure. https://youtu.be/sy6ujG... view more
#CiscoChat Live - A DevNet Story: Abstracting Your Infrastru...
Created by Kelli Glass on 04-02-2021 08:04 AM
0
0
0
0
Join us on Tuesday, April 6 at 10 am PT (and on demand after) for a new DevNet Story. 
#CiscoChat Live - A DevNet Story: Abstracting Your Infrastr...
Created by Kelli Glass on 04-02-2021 07:59 AM
0
0
0
0
Join us on Tuesday, April 6 at 10 am PT (and on demand after) for a new DevNet Story.  We'll take your questions during the broadcast and after, so post them below in the comments.
Join the DevNet Class of 2020 – Get your DevNet Gear
Created by Kelli Glass on 11-30-2020 09:59 AM
12
10
12
10
DevNet Certifications provide you with the skills you need to make the most of new advancements in technology. Earn any DevNet Certification before February 24 to become part of the DevNet class of 2020. You'll get access to special tools and resources a... view more
#CiscoChat Live: Become a Programming Legend with DevNet
Created by Kelli Glass on 08-05-2020 03:35 PM
0
0
0
0
Join us live on Thursday, August 6 at 10 am PT (and on demand after) for a deep-dive look into Cisco DevNet certifications. It's a thrilling time for DevNet. Between the new certifications and the growing community, join us to learn how to make histo... view more
Ask a Question
Create
+ Discussion
+ Blog
+ Document
+ Video
+ Project Story
Find more resources
Blogs
Documents
Events
Videos
Project Gallery
New Community Member Guide
Related support document topics
Recognize Your Peers
Spotlight Award Nomination
Content for Community-Ad