Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1973
Views
2
Helpful
7
Replies

Cannot get restconf in IOS-XE

kevintrankevin18241
Level 1
Level 1

‎03-27-2023 02:19 AM

I try to enable Restconf on my Router IOS-XE 16.06.4 but when i used python to get interface info, it not work

kevintrankevin18241_0-1679907764408.png

Enable https

kevintrankevin18241_1-1679907813364.png

USername is privilege 15, enable SSHv2: Done

This is my Code in Python

kevintrankevin18241_2-1679908180837.png

This is my fault:

kevintrankevin18241_3-1679908338934.png

 

 

Labels:
0 Helpful
7 Replies 7

bigevilbeard
VIP
VIP

‎03-27-2023 05:09 AM

Using one of the always on sandbox 

 

HOST = 'ios-xe-mgmt-latest.cisco.com'
PORT = 443
USER = 'admin'
PASS = 'C1sco12345'

# disable urlib3 warning
requests.packages.urllib3.disable_warnings()

headers = {'Content-Type': 'application/yang-data+json',
'Accept': 'application/yang-data+json'}

url = f"https://{HOST}/restconf/data/Cisco-IOS-XE-interfaces-oper:interfaces/interface=GigabitEthernet1"

response = requests.get(url, auth=(USER, PASS), headers=headers, verify=False)
print(response.text)

Gets a good reply

 

~/Downloads via  v3.11.0rc2 (venv)
❯ python moo_demo.py
{
  "Cisco-IOS-XE-interfaces-oper:interface": [
    {
      "name": "GigabitEthernet1",
      "interface-type": "iana-iftype-ethernet-csmacd",
      "admin-status": "if-state-up",
      "oper-status": "if-oper-state-ready",
      "last-change": "2023-03-24T17:34:45.037+00:00",
      "if-index": 1,
      "phys-address": "00:50:56:bf:1f:22",
      "speed": "1000000000",
      "statistics": {
        "discontinuity-time": "2023-03-24T17:32:34+00:00",
        "in-octets": "33720343",
        "in-unicast-pkts": "191422",
        "in-broadcast-pkts": "0",
        "in-multicast-pkts": "0",
        "in-discards": 0,
        "in-errors": 0,
        "in-unknown-protos": 0,
        "out-octets": 71689646,
        "out-unicast-pkts": "216422",
        "out-broadcast-pkts": "0",
        "out-multicast-pkts": "0",
        "out-discards": "0",
        "out-errors": "0",
        "rx-pps": "0",
        "rx-kbps": "0",
        "tx-pps": "0",
        "tx-kbps": "0",
        "num-flaps": "0",
        "in-crc-errors": "0",
        "in-discards-64": "0",
        "in-errors-64": "0",
        "in-unknown-protos-64": "0",
        "out-octets-64": "71689646"
      },
[/snip]

 

Been while since i used this version. Try and add via CLI - not sure if that will fix, but lets see!

restconf-yang

  

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io

kevintrankevin18241
Level 1
Level 1
In response to bigevilbeard

‎03-27-2023 06:32 PM

Of course the Demo code for Restconf on Cisco is running. But in my device it's not.

THe command Restconf-yang don't support on my device

This is my all faults in console:

PS C:\python> & C:/Users/user/AppData/Local/Programs/Python/Python311/python.exe c:/python/Restconf_exm.py
https://10.64.31.11/restconf/data/Cisco-IOS-XE-interfaces-oper:interfaces/interface=GigabitEthernet0/0/0
Traceback (most recent call last):
  File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\site-packages\urllib3\connectionpool.py", line 703, in urlopen
    httplib_response = self._make_request(
                       ^^^^^^^^^^^^^^^^^^^
  File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\site-packages\urllib3\connectionpool.py", line 386, in _make_request   
    self._validate_conn(conn)
  File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\site-packages\urllib3\connectionpool.py", line 1042, in _validate_conn 
    conn.connect()
  File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\site-packages\urllib3\connection.py", line 419, in connect
    self.sock = ssl_wrap_socket(
                ^^^^^^^^^^^^^^^^
  File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\site-packages\urllib3\util\ssl_.py", line 453, in ssl_wrap_socket      
    ssl_sock = _ssl_wrap_socket_impl(sock, context, tls_in_tls)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\site-packages\urllib3\util\ssl_.py", line 495, in _ssl_wrap_socket_impl
    return ssl_context.wrap_socket(sock)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\ssl.py", line 517, in wrap_socket
    return self.sslsocket_class._create(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\ssl.py", line 1075, in _create
    self.do_handshake()
  File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\ssl.py", line 1346, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:992)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\site-packages\requests\adapters.py", line 489, in send
    resp = conn.urlopen(
           ^^^^^^^^^^^^^
  File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\site-packages\urllib3\connectionpool.py", line 787, in urlopen
    retries = retries.increment(
              ^^^^^^^^^^^^^^^^^^
  File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\site-packages\urllib3\util\retry.py", line 592, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='10.64.31.11', port=443): Max retries exceeded with url: /restconf/data/Cisco-IOS-XE-interfaces-oper:interfaces/interface=GigabitEthernet0/0/0 (Caused by SSLError(SSLError(1, '[SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:992)')))  

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "c:\python\Restconf_exm.py", line 20, in <module>
    response = requests.get(url, auth=(USER, PASS),headers=headers, verify=False)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\site-packages\requests\api.py", line 73, in get
    return request("get", url, params=params, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\site-packages\requests\api.py", line 59, in request
    return session.request(method=method, url=url, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\site-packages\requests\sessions.py", line 587, in request
    resp = self.send(prep, **send_kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\site-packages\requests\sessions.py", line 701, in send
    r = adapter.send(request, **kwargs)
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\user\AppData\Local\Programs\Python\Python311\Lib\site-packages\requests\adapters.py", line 563, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='10.64.31.11', port=443): Max retries exceeded with url: /restconf/data/Cisco-IOS-XE-interfaces-oper:interfaces/interface=GigabitEthernet0/0/0 (Caused by SSLError(SSLError(1, '[SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:992)')))      
PS C:\python>

 

0 Helpful

Marcel Zehnder
Spotlight
Spotlight

‎03-27-2023 07:28 AM

Hi 

You should encode your forward slashes in the url (instead of "/" use "%2F"):

# don't do this
url = f"https://{HOST}/restconf/data/Cisco-IOS-XE-interfaces-oper:interfaces/interface=GigabitEthernet0/0/0"

# do this instead
url = f"https://{HOST}/restconf/data/Cisco-IOS-XE-interfaces-oper:interfaces/interface=GigabitEthernet0%2F0%2F0"

But I guess that's not the main failure reason at the moment - looks like something with the connection is not working.

kevintrankevin18241
Level 1
Level 1
In response to Marcel Zehnder

‎03-27-2023 06:38 PM

"Replace / by %2F" is not working... I try sshv2 or telnet is ok, try connect by http is ok, but https is not working (Of course I enable http and https)... any idea bro?

kevintrankevin18241_0-1679967206480.png

 

0 Helpful

Marcel Zehnder
Spotlight
Spotlight
In response to kevintrankevin18241

‎03-27-2023 09:07 PM - edited ‎03-27-2023 09:12 PM

Whats the output of „show ip http server status“?

Can you connect to port 443 (telnet router-ip 443)?

Also the outputs from „python -V“ and „pip freeze“ might help.

0 Helpful

kevintrankevin18241
Level 1
Level 1
In response to Marcel Zehnder

‎03-28-2023 08:43 PM

the first IOS XE 16.3 cannot connect to port 443, after upgrade to 17.3, it's ok, I can connect by https on browser. This link solution:

https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/215118-ios-self-signed-certificate-expiration-o.html#anc18

kevintrankevin18241_0-1680060969532.png 

kevintrankevin18241_1-1680061058735.png

 

 

After upgrade I try to connect by my code, it's also have errors:

PS C:\python> & C:/Users/AppData/Local/Programs/Python/Python311/python.exe c:/python/Restconf_exm.py
https://10.64.31.11/restconf/data/Cisco-IOS-XE-interfaces-oper:interfaces/interface=GigabitEthernet0
{
  "ietf-restconf:errors": {
    "error": [
      {
        "error-type": "protocol",   
        "error-tag": "access-denied"
      }
    ]
  }
}

PS C:\python>

Why ??

0 Helpful

kevintrankevin18241
Level 1
Level 1
In response to kevintrankevin18241

‎03-28-2023 08:55 PM

Ok i resolved the last problem - I create a new username with privilege level 15 and can connect with my Code. Thanks all

PS C:\python> & C:/Users/AppData/Local/Programs/Python/Python311/python.exe c:/python/Restconf_exm.py
https://10.64.31.11/restconf/data/Cisco-IOS-XE-interfaces-oper:interfaces/interface=GigabitEthernet0
{
  "Cisco-IOS-XE-interfaces-oper:interface": {       
    "name": "GigabitEthernet0",
    "interface-type": "iana-iftype-ethernet-csmacd",
    "admin-status": "if-state-up",
    "oper-status": "if-oper-state-ready",
    "last-change": "2023-03-28T20:07:12.541+00:00",
    "if-index": 16,
    "phys-address": "6c:31:0e:ef:55:40",
    "speed": "1000000000",
    "statistics": {
      "discontinuity-time": "2023-03-28T20:03:53+00:00",
      "in-octets": "815063",
      "in-unicast-pkts": "7643",
      "in-broadcast-pkts": "0",
      "in-multicast-pkts": "1218",
      "in-discards": 0,
      "in-errors": 0,
      "in-unknown-protos": 0,
      "out-octets": 10885534,
      "out-unicast-pkts": "10169",
      "out-broadcast-pkts": "0",
      "out-multicast-pkts": "0",
      "out-discards": "0",
      "out-errors": "0",
      "rx-pps": "13",
      "rx-kbps": "13",
      "tx-pps": "25",
      "tx-kbps": "264",
      "num-flaps": "0",
      "in-crc-errors": "0",
      "in-discards-64": "0",
      "in-errors-64": "0",
      "in-unknown-protos-64": "0",
      "out-octets-64": "10885534"
    },
0 Helpful
Customers Also Viewed These Support Documents