Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3594
Views
0
Helpful
9
Replies

Can't do CURL REST API on CSR1000V

Brendon Neves
Level 1
Level 1

‎07-16-2019 07:21 AM

Hi guys!

 

I'm trying test the REST API integration with router CSRV1000v using the IOS XE version 16.09.01

 

I followed the instructions present on the link below:

https://www.cisco.com/c/en/us/td/docs/routers/csr1000/software/restapi/restapi/RESTAPIintro.html


So I'm wondering if I miss something ..

 

I'm obtaining this output when I'm trying do a CURL on the router:

 

curl -v -X POST https://10.122.66.115/api/v1/auth/token-services-H "Accept:application/json" -u "admin:password" -d "" --insecure 3
* About to connect() to 10.122.66.115port 443 (#0)
* Trying 10.122.66.115...
* Connected to 10.122.66.115(10.122.66.115) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* skipping SSL peer certificate verification
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
* subject: CN=IOS-Self-Signed-Certificate-1150883327
* start date: Out 22 22:39:49 2018GMT
* expire date: Jan 01 00:00:00 2030GMT
* common name: IOS-Self-Signed-Certificate-1150883327
* issuer: CN=IOS-Self-Signed-Certificate-1150883327
* Server auth using Basic with user 'admin'
> POST /api/v1/auth/token-services HTTP/1.1
> Authorization: Basic YWRtaW46TG9naWNhbGlzMTIz
> User-Agent: curl/7.29.0
> Host: 10.122.66.115
> Accept:application/json
> Content-Length: 0
> Content-Type: application/x-www-form-urlencoded
>
< HTTP/1.1 411 Length Required
< Server: nginx
< Date: Tue, 16 Jul 201914:09:22 GMT
< Transfer-Encoding: chunked
< Connection: keep-alive
< Accept-Ranges: none
< X-XSS-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< Strict-Transport-Security: max-age=7884000
* HTTP error before end of send, stop sending
<
* Closing connection 0
* About to connect() to 3 port 80 (#1)
* Trying 0.0.0.3...
* Failed to connect to 0.0.0.3: Argumento inválido
* couldn't connect to host at 3:80
* Closing connection 1
curl: (7) Failed to connect to 0.0.0.3: Argumento inválido

 

Could you help me please?

 

Thanks in advance,

BN.

 

1 person had this problem
Labels:
0 Helpful
9 Replies 9

Seb Rupik
VIP Alumni
VIP Alumni

‎07-16-2019 07:32 AM

Hi there,

Looking at your curl command it is not syntactically correct: no space before '-H' , "--insecure" should have no space and "-3" needs a hypen. Try pasting the following:

curl -v -X POST https://10.122.66.115/api/v1/auth/token-services -H "Accept:application/json" -u "admin:password" -d "" --insecure -3

cheers,

Seb.

 

0 Helpful

Brendon Neves
Level 1
Level 1
In response to Seb Rupik

‎07-16-2019 07:35 AM

Hi Seb, still not works:

 

Follow the output below:

 

curl -v -X POST https://10.122.66.115/api/v1/auth/token-services-H "Accept:application/json" -u "admin:password" -d "" --insecure -3
* About to connect() to 10.122.66.115port 443 (#0)
* Trying 10.122.66.115...
* Connected to 10.122.66.115(10.122.66.115) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* NSS error -12286 (SSL_ERROR_NO_CYPHER_OVERLAP)
* Cannot communicate securely with peer: no common encryption algorithm(s).
* Closing connection 0
curl: (35) Cannot communicate securely with peer: no common encryption algorithm(s).

 

Regards,

BN.

0 Helpful

Seb Rupik
VIP Alumni
VIP Alumni
In response to Brendon Neves

‎07-16-2019 07:41 AM

Well at least that is a different error message. Try the same command, but remove the '-3' from the end and let curl negotiate the cipher to use...

0 Helpful

Brendon Neves
Level 1
Level 1
In response to Seb Rupik

‎07-16-2019 07:49 AM

Hi Seb,

We back to the initially point:

[root@nadia-nginx ~]# curl -v -X POST https://10.122.66.115/api/v1/auth/token-services -H "Accept:application/json" -u "admin:password" -d "" --insecure
* About to connect() to 10.122.66.115 port 443 (#0)
* Trying 10.122.66.115...
* Connected to 10.122.66.115 (10.122.66.115) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* skipping SSL peer certificate verification
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
* subject: CN=IOS-Self-Signed-Certificate-1150883327
* start date: Out 22 22:39:49 2018 GMT
* expire date: Jan 01 00:00:00 2030 GMT
* common name: IOS-Self-Signed-Certificate-1150883327
* issuer: CN=IOS-Self-Signed-Certificate-1150883327
* Server auth using Basic with user 'admin'
> POST /api/v1/auth/token-services HTTP/1.1
> Authorization: Basic YWRtaW46TG9naWNhbGlzMTIz
> User-Agent: curl/7.29.0
> Host: 10.122.66.115
> Accept:application/json
> Content-Length: 0
> Content-Type: application/x-www-form-urlencoded
>
< HTTP/1.1 411 Length Required
< Server: nginx
< Date: Tue, 16 Jul 2019 14:47:59 GMT
< Transfer-Encoding: chunked
< Connection: keep-alive
< Accept-Ranges: none
< X-XSS-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< Strict-Transport-Security: max-age=7884000
* HTTP error before end of send, stop sending
<
* Closing connection 0
0 Helpful

Seb Rupik
VIP Alumni
VIP Alumni
In response to Brendon Neves

‎07-16-2019 08:25 AM

hmmmm, ok. On the CSR, what is the output of show virtual-service detail

0 Helpful

Brendon Neves
Level 1
Level 1
In response to Seb Rupik

‎07-16-2019 08:28 AM

HQ-MC#show virtual-service detail
Virtual service csr_mgmt detail
State : Activated
Owner : IOSd
Package information
Name : iosxe-remote-mgmt.03.16.04a.S.155-3.S4a-ext.ova
Path : bootflash:/iosxe-remote-mgmt.03.16.04a.S.155-3.S4a-ext.ova
Application
Name : csr_mgmt
Installed version : 03.16.03
Description : CSR-MGMT
Signing
Key type : Cisco development key
Method : SHA-1
Licensing
Name : Not Available
Version : Not Available

Detailed guest status
Information not available
Activated profile name: None
Resource reservation
Disk : 756 MB
Memory : 512 MB
CPU : 5% system CPU

Attached devices
Type Name Alias
---------------------------------------------
NIC ieobc_1 ieobc
NIC dp_1_33 net2
Disk _rootfs
Disk /opt/var
Disk /opt/var/c
Serial/shell serial0
Serial/aux serial1
Serial/Syslog serial2
Serial/Trace serial3
Watchdog watchdog-2

Network interfaces
MAC address Attached to interface
------------------------------------------------------
54:0E:00:0B:0C:02 ieobc_1
00:50:56:B1:52:37 VirtualPortGroup33

Guest interface
---
Information not available
---

Guest routes
---
Information not available
---

Resource admission (without profile) : passed
Disk space : 756MB
Memory : 512MB
CPU : 5% system CPU
VCPUs : Not specified
0 Helpful

Seb Rupik
VIP Alumni
VIP Alumni
In response to Brendon Neves

‎07-16-2019 01:41 PM

Hi Brendon,

the remote management installation looks good.

 

The presence of the line "* HTTP error before end of send, stop sending" hints at an issue with the HTTP service running in the virtual service. You are already using the latest (and only) release of this OVA and I have checked the cisco bug website for any likely culprits and nothing is apparent.

 

I'm afraid I can't help any further,

 

Seb.

0 Helpful

Brendon Neves
Level 1
Level 1
In response to Seb Rupik

‎07-17-2019 07:11 AM

Hi Seb, thanks for the help.

I will keep continue the troubleshooting with my teammates today.

BN.
0 Helpful

tom123
Level 1
Level 1

‎04-21-2020 01:54 AM

I had the same problem,Is there a solution?
0 Helpful
Customers Also Viewed These Support Documents