- Cisco Community
- Technology and Support
- DevNet
- DevNet Site
- DevNet Sandbox
- Catalyst 8000 Always On sandbox python script won't execute.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-09-2025 12:18 PM
I am trying to execute this python script on the above mentioned devnet sandbox.
When running the command: NC-Get-Config.py --host devnetsandboxiosxec8k.cisco.com -u shawn.horne -p d2_IRT8W_4oNXfp --port 830
I am receiving the following output in my terminal:
Traceback (most recent call last):
File "C:\Users\329087\AppData\Local\Programs\Python\Python314\NC-Get-Config.py", line 48, in <module>
m = manager.connect(host=args.host,
port=args.port,
username=args.username,
password=args.password,
device_params={'name':"csr"})
File "C:\Users\329087\AppData\Local\Programs\Python\Python314\Lib\site-packages\ncclient\manager.py", line 242, in connect
return connect_ssh(*args, **kwds)
File "C:\Users\329087\AppData\Local\Programs\Python\Python314\Lib\site-packages\ncclient\manager.py", line 155, in connect_ssh
session.connect(*args, **kwds)
~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^
File "C:\Users\329087\AppData\Local\Programs\Python\Python314\Lib\site-packages\ncclient\transport\ssh.py", line 349, in connect
self._auth(username, password, key_filenames, allow_agent, look_for_keys)
~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\329087\AppData\Local\Programs\Python\Python314\Lib\site-packages\ncclient\transport\ssh.py", line 494, in _auth
raise AuthenticationError(repr(saved_exception))
This is the python script I am referencing in my command which is named NC-Get-Config.py
#!/usr/bin/env python
#
# Copyright (c) 2017 Jason Frazier <jafrazie@cisco.com>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
# This script retrieves entire configuration from a network element via NETCONF
# prints it out in a "pretty" XML tree.
import sys
from argparse import ArgumentParser
from ncclient import manager
import xml.dom.minidom
if __name__ == '__main__':
parser = ArgumentParser(description='Select options.')
# Input parameters
parser.add_argument('--host', type=str, required=True,
help="The device IP or DN")
parser.add_argument('-u', '--username', type=str, default='cisco',
help="Go on, guess!")
parser.add_argument('-p', '--password', type=str, default='cisco',
help="Yep, this one too! ;-)")
parser.add_argument('--port', type=int, default=830,
help="Specify this if you want a non-default port")
args = parser.parse_args()
m = manager.connect(host=args.host,
port=args.port,
username=args.username,
password=args.password,
device_params={'name':"csr"})
hostname_filter = '''
<filter xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<native xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-native">
</native>
</filter>
'''
# Pretty print the XML reply
xmlDom = xml.dom.minidom.parseString( str( m.get_config('running', hostname_filter)))
print(xmlDom.toprettyxml( indent = " " ))
ncclient.transport.errors.AuthenticationError: AuthenticationException('Authentication failed.')
Solved! Go to Solution.
- Labels:
-
Other Sandbox Issues
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-10-2025 06:56 AM
@shawn-horne i just tested this with your script, the only functional change I made was adding three connection parameters to the manager.connect() call:
hostkey_verify=False,
allow_agent=False,
look_for_keys=False,
These parameters disable SSH host key verification and SSH agent/key file usage, which are required for connecting to the
DevNet sandbox environment. Output comes back as
python3 /Users/root/Desktop/NC-Get-Config.py --host devnetsandboxiosxec8k.cisco.com --username [removed] --password='[removed]'
⋮
<?xml version="1.0" ?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:c868e000-8374-4f13-8e5d-ea6fcd637042">
<data>
<native xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-native">
<version>17.9</version>
<boot-start-marker/>
<boot-end-marker/>
<memory>
<free>
<low-watermark>
<processor>63709</processor>
</low-watermark>
</free>
</memory>
<call-home>
<contact-email-addr xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-call-home">sch-smart-licensing@cisco.com</contact-email-addr>
<tac-profile xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-call-home">
<profile>
<CiscoTAC-1>
<active>true</active>
<destination>
<transport-method>http</transport-method>
</destination>
</CiscoTAC-1>
</profile>
</tac-profile>
</call-home>
<service>
<password-encryption/>
<timestamps>
<debug-config>
<datetime>
<msec/>
</datetime>
</debug-config>
<log-config>
<datetime>
<msec/>
</datetime>
</log-config>
</timestamps>
<call-home/>
<dhcp/>
</service>
<platform>
<console xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-platform">
<output>virtual</output>
</console>
<qfp xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-platform">
<utilization>
<monitor>
<load>80</load>
</monitor>
</utilization>
</qfp>
<punt-keepalive xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-platform">
<disable-kernel-core>true</disable-kernel-core>
</punt-keepalive>
</platform>
<hostname>Cat8K</hostname>
<enable>
<password>
<type>7</type>
<secret>123A540411045D56797F71</secret>
</password>
</enable>
<username>
<name>admin</name>
<privilege>15</privilege>
<secret>
<encryption>9</encryption>
<secret>$9$lgJxy7Ga.Th5FU$gocFhcHC/8pvixGr.s2wB7X59FiGVvwYawfCPrmaJuY</secret>
</secret>
</username>
<username>
<name>jokearns</name>
<privilege>15</privilege>
<password>
<encryption>7</encryption>
<password>143443180F0B7B79777C66</password>
</password>
</username>
<vrf>
<definition>
<name>Mgmt-vrf</name>
<address-family>
<ipv4/>
<ipv6/>
</address-family>
</definition>
</vrf>
<ip>
<domain>
<lookup>false</lookup>
</domain>
<forward-protocol>
<protocol>nd</protocol>
</forward-protocol>
<ftp>
<passive/>
</ftp>
<multicast>
<route-limit xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-multicast">2147483647</route-limit>
</multicast>
<route>
<ip-route-interface-forwarding-list>
<prefix>0.0.0.0</prefix>
<mask>0.0.0.0</mask>
<fwd-list>
<fwd>GigabitEthernet1</fwd>
<interface-next-hop>
<ip-address>10.10.20.254</ip-address>
</interface-next-hop>
</fwd-list>
</ip-route-interface-forwarding-list>
</route>
<ssh>
<rsa>
<keypair-name>ssh-key</keypair-name>
</rsa>
<ssh-version>2</ssh-version>
<version>2</version>
</ssh>
<http xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-http">
<authentication>
<local/>
</authentication>
<server>true</server>
<secure-server>true</secure-server>
</http>
<igmp xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-igmp">
<snooping>
<querier/>
</snooping>
</igmp>
<nbar xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-nbar">
<classification>
<dns>
<classify-by-domain/>
</dns>
</classification>
</nbar>
</ip>
<interface>
<GigabitEthernet>
<name>1</name>
<switchport>
<trunk xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-switch">
<native>
<vlan-config>
<tag>true</tag>
</vlan-config>
</native>
</trunk>
</switchport>
<ip>
<address>
<primary>
<address>10.10.20.148</address>
<mask>255.255.255.0</mask>
</primary>
</address>
</ip>
<logging>
<event>
<link-status/>
</event>
</logging>
<access-session>
<host-mode>multi-auth</host-mode>
</access-session>
<negotiation xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-ethernet">
<auto>true</auto>
</negotiation>
</GigabitEthernet>
<GigabitEthernet>
<name>2</name>
<switchport>
<trunk xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-switch">
<native>
<vlan-config>
<tag>true</tag>
</vlan-config>
</native>
</trunk>
</switchport>
<shutdown/>
<logging>
<event>
<link-status/>
</event>
</logging>
<access-session>
<host-mode>multi-auth</host-mode>
</access-session>
<negotiation xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-ethernet">
<auto>true</auto>
</negotiation>
</GigabitEthernet>
<GigabitEthernet>
<name>3</name>
<description>hejsan</description>
<switchport>
<trunk xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-switch">
<native>
<vlan-config>
<tag>true</tag>
</vlan-config>
</native>
</trunk>
</switchport>
<shutdown/>
<logging>
<event>
<link-status/>
</event>
</logging>
<access-session>
<host-mode>multi-auth</host-mode>
</access-session>
<negotiation xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-ethernet">
<auto>true</auto>
</negotiation>
</GigabitEthernet>
</interface>
<control-plane/>
<aaa>
<new-model xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-aaa"/>
<group xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-aaa">
<server>
<tacacsplus>
<name>labtac</name>
<server>
<name>
<name>sandboxtacacs</name>
</name>
</server>
<ip>
<tacacs>
<source-interface>
<GigabitEthernet>1</GigabitEthernet>
</source-interface>
</tacacs>
</ip>
</tacacsplus>
</server>
</group>
<authentication xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-aaa">
<login>
<name>default</name>
<a1>
<group>labtac</group>
</a1>
<a2>
<local/>
</a2>
</login>
<login>
<name>netconf-authn</name>
<a1>
<group>labtac</group>
</a1>
<a2>
<local/>
</a2>
</login>
</authentication>
<authorization xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-aaa">
<commands>
<level>1</level>
<list-name>default</list-name>
<a1>
<group>labtac</group>
</a1>
<a2>
<local/>
</a2>
<a3>
<if-authenticated/>
</a3>
<group>labtac</group>
<if-authenticated/>
</commands>
<commands>
<level>15</level>
<list-name>default</list-name>
<a1>
<group>labtac</group>
</a1>
<a2>
<local/>
</a2>
<a3>
<if-authenticated/>
</a3>
<group>labtac</group>
<if-authenticated/>
</commands>
<exec>
<name>default</name>
<a1>
<group>labtac</group>
</a1>
<a2>
<local/>
</a2>
<a3>
<if-authenticated/>
</a3>
</exec>
<exec>
<name>netconf-authz</name>
<a1>
<group>labtac</group>
</a1>
<a2>
<local/>
</a2>
</exec>
</authorization>
<session-id xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-aaa">common</session-id>
</aaa>
<login>
<on-success>
<log/>
</on-success>
</login>
<multilink>
<bundle-name xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-ppp">authenticated</bundle-name>
</multilink>
<redundancy/>
<subscriber>
<templating/>
</subscriber>
<tacacs>
<server xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-aaa">
<name>sandboxtacacs</name>
<address>
<ipv4>10.17.248.43</ipv4>
</address>
<key>
<encryption>7</encryption>
<key>12101612110A185C21</key>
</key>
</server>
</tacacs>
<tacacs-server>
<host xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-aaa">
<name>sandboxtacacs</name>
</host>
</tacacs-server>
<ethernet>
<cfm xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-ethernet">
<alarm>
<delay>2500</delay>
<reset>10000</reset>
</alarm>
</cfm>
</ethernet>
<crypto>
<ikev2 xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-crypto">
<http-url>
<cert/>
</http-url>
</ikev2>
<pki xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-crypto">
<certificate>
<chain>
<name>SLA-TrustPoint</name>
<certificate>
<serial>01</serial>
<certtype>ca</certtype>
</certificate>
</chain>
<chain>
<name>TP-self-signed-3209586145</name>
<certificate>
<serial>01</serial>
<certtype>self-signed</certtype>
</certificate>
</chain>
</certificate>
<trustpoint>
<id>SLA-TrustPoint</id>
<enrollment>
<enrollment-method>
<pkcs12/>
</enrollment-method>
<pkcs12/>
</enrollment>
<revocation-check>crl</revocation-check>
</trustpoint>
<trustpoint>
<id>TP-self-signed-3209586145</id>
<enrollment>
<enrollment-method>
<selfsigned/>
</enrollment-method>
<selfsigned/>
</enrollment>
<revocation-check>none</revocation-check>
<rsakeypair>
<key-label>TP-self-signed-3209586145</key-label>
</rsakeypair>
<subject-name>cn=IOS-Self-Signed-Certificate-3209586145</subject-name>
</trustpoint>
</pki>
</crypto>
<license>
<udi>
<pid>C8000V</pid>
<sn>9VNZGF5ZOKE</sn>
</udi>
</license>
<standby>
<redirects>true</redirects>
</standby>
<line>
<aux>
<first>0</first>
</aux>
<console>
<first>0</first>
<stopbits>1</stopbits>
</console>
<vty>
<first>0</first>
<last>4</last>
<length>0</length>
<transport>
<input>
<input>ssh</input>
</input>
</transport>
</vty>
</line>
<diagnostic xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-diagnostics">
<bootup>
<level>minimal</level>
</bootup>
</diagnostic>
</native>
</data>
</rpc-reply>import sys
from argparse import ArgumentParser
from ncclient import manager
import xml.dom.minidom
if __name__ == '__main__':
parser = ArgumentParser(description='Select options.')
# Input parameters
parser.add_argument('--host', type=str, required=True,
help="The device IP or DN")
parser.add_argument('-u', '--username', type=str, default='cisco',
help="Go on, guess!")
parser.add_argument('-p', '--password', type=str, default='cisco',
help="Yep, this one too! ;-)")
parser.add_argument('--port', type=int, default=830,
help="Specify this if you want a non-default port")
args = parser.parse_args()
m = manager.connect(host=args.host,
port=args.port,
username=args.username,
password=args.password,
hostkey_verify=False,
allow_agent=False,
look_for_keys=False,
device_params={'name':"csr"})
hostname_filter = '''
<filter xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<native xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-native">
</native>
</filter>
'''
# Pretty print the XML reply
xmlDom = xml.dom.minidom.parseString( str( m.get_config('running', hostname_filter)))
print(xmlDom.toprettyxml( indent = " " ))
Connect with me https://bigevilbeard.github.io
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-09-2025 01:17 PM
Only based on your error, your username and password are the issue. Check your session is active. If this and you can ssh on these creds, it could be linked to this issue https://community.cisco.com/t5/devnet-sandbox/trying-to-test-restconf-on-catalyst-8000-always-on-sandbox/m-p/5345283#M11892
Since the always on has moved to dynamic creds, it could be these dynamic updates to the configuration on the device to allow the username and password 830/443 access.
Connect with me https://bigevilbeard.github.io
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-10-2025 06:56 AM
@shawn-horne i just tested this with your script, the only functional change I made was adding three connection parameters to the manager.connect() call:
hostkey_verify=False,
allow_agent=False,
look_for_keys=False,
These parameters disable SSH host key verification and SSH agent/key file usage, which are required for connecting to the
DevNet sandbox environment. Output comes back as
python3 /Users/root/Desktop/NC-Get-Config.py --host devnetsandboxiosxec8k.cisco.com --username [removed] --password='[removed]'
⋮
<?xml version="1.0" ?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:c868e000-8374-4f13-8e5d-ea6fcd637042">
<data>
<native xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-native">
<version>17.9</version>
<boot-start-marker/>
<boot-end-marker/>
<memory>
<free>
<low-watermark>
<processor>63709</processor>
</low-watermark>
</free>
</memory>
<call-home>
<contact-email-addr xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-call-home">sch-smart-licensing@cisco.com</contact-email-addr>
<tac-profile xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-call-home">
<profile>
<CiscoTAC-1>
<active>true</active>
<destination>
<transport-method>http</transport-method>
</destination>
</CiscoTAC-1>
</profile>
</tac-profile>
</call-home>
<service>
<password-encryption/>
<timestamps>
<debug-config>
<datetime>
<msec/>
</datetime>
</debug-config>
<log-config>
<datetime>
<msec/>
</datetime>
</log-config>
</timestamps>
<call-home/>
<dhcp/>
</service>
<platform>
<console xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-platform">
<output>virtual</output>
</console>
<qfp xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-platform">
<utilization>
<monitor>
<load>80</load>
</monitor>
</utilization>
</qfp>
<punt-keepalive xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-platform">
<disable-kernel-core>true</disable-kernel-core>
</punt-keepalive>
</platform>
<hostname>Cat8K</hostname>
<enable>
<password>
<type>7</type>
<secret>123A540411045D56797F71</secret>
</password>
</enable>
<username>
<name>admin</name>
<privilege>15</privilege>
<secret>
<encryption>9</encryption>
<secret>$9$lgJxy7Ga.Th5FU$gocFhcHC/8pvixGr.s2wB7X59FiGVvwYawfCPrmaJuY</secret>
</secret>
</username>
<username>
<name>jokearns</name>
<privilege>15</privilege>
<password>
<encryption>7</encryption>
<password>143443180F0B7B79777C66</password>
</password>
</username>
<vrf>
<definition>
<name>Mgmt-vrf</name>
<address-family>
<ipv4/>
<ipv6/>
</address-family>
</definition>
</vrf>
<ip>
<domain>
<lookup>false</lookup>
</domain>
<forward-protocol>
<protocol>nd</protocol>
</forward-protocol>
<ftp>
<passive/>
</ftp>
<multicast>
<route-limit xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-multicast">2147483647</route-limit>
</multicast>
<route>
<ip-route-interface-forwarding-list>
<prefix>0.0.0.0</prefix>
<mask>0.0.0.0</mask>
<fwd-list>
<fwd>GigabitEthernet1</fwd>
<interface-next-hop>
<ip-address>10.10.20.254</ip-address>
</interface-next-hop>
</fwd-list>
</ip-route-interface-forwarding-list>
</route>
<ssh>
<rsa>
<keypair-name>ssh-key</keypair-name>
</rsa>
<ssh-version>2</ssh-version>
<version>2</version>
</ssh>
<http xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-http">
<authentication>
<local/>
</authentication>
<server>true</server>
<secure-server>true</secure-server>
</http>
<igmp xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-igmp">
<snooping>
<querier/>
</snooping>
</igmp>
<nbar xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-nbar">
<classification>
<dns>
<classify-by-domain/>
</dns>
</classification>
</nbar>
</ip>
<interface>
<GigabitEthernet>
<name>1</name>
<switchport>
<trunk xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-switch">
<native>
<vlan-config>
<tag>true</tag>
</vlan-config>
</native>
</trunk>
</switchport>
<ip>
<address>
<primary>
<address>10.10.20.148</address>
<mask>255.255.255.0</mask>
</primary>
</address>
</ip>
<logging>
<event>
<link-status/>
</event>
</logging>
<access-session>
<host-mode>multi-auth</host-mode>
</access-session>
<negotiation xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-ethernet">
<auto>true</auto>
</negotiation>
</GigabitEthernet>
<GigabitEthernet>
<name>2</name>
<switchport>
<trunk xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-switch">
<native>
<vlan-config>
<tag>true</tag>
</vlan-config>
</native>
</trunk>
</switchport>
<shutdown/>
<logging>
<event>
<link-status/>
</event>
</logging>
<access-session>
<host-mode>multi-auth</host-mode>
</access-session>
<negotiation xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-ethernet">
<auto>true</auto>
</negotiation>
</GigabitEthernet>
<GigabitEthernet>
<name>3</name>
<description>hejsan</description>
<switchport>
<trunk xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-switch">
<native>
<vlan-config>
<tag>true</tag>
</vlan-config>
</native>
</trunk>
</switchport>
<shutdown/>
<logging>
<event>
<link-status/>
</event>
</logging>
<access-session>
<host-mode>multi-auth</host-mode>
</access-session>
<negotiation xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-ethernet">
<auto>true</auto>
</negotiation>
</GigabitEthernet>
</interface>
<control-plane/>
<aaa>
<new-model xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-aaa"/>
<group xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-aaa">
<server>
<tacacsplus>
<name>labtac</name>
<server>
<name>
<name>sandboxtacacs</name>
</name>
</server>
<ip>
<tacacs>
<source-interface>
<GigabitEthernet>1</GigabitEthernet>
</source-interface>
</tacacs>
</ip>
</tacacsplus>
</server>
</group>
<authentication xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-aaa">
<login>
<name>default</name>
<a1>
<group>labtac</group>
</a1>
<a2>
<local/>
</a2>
</login>
<login>
<name>netconf-authn</name>
<a1>
<group>labtac</group>
</a1>
<a2>
<local/>
</a2>
</login>
</authentication>
<authorization xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-aaa">
<commands>
<level>1</level>
<list-name>default</list-name>
<a1>
<group>labtac</group>
</a1>
<a2>
<local/>
</a2>
<a3>
<if-authenticated/>
</a3>
<group>labtac</group>
<if-authenticated/>
</commands>
<commands>
<level>15</level>
<list-name>default</list-name>
<a1>
<group>labtac</group>
</a1>
<a2>
<local/>
</a2>
<a3>
<if-authenticated/>
</a3>
<group>labtac</group>
<if-authenticated/>
</commands>
<exec>
<name>default</name>
<a1>
<group>labtac</group>
</a1>
<a2>
<local/>
</a2>
<a3>
<if-authenticated/>
</a3>
</exec>
<exec>
<name>netconf-authz</name>
<a1>
<group>labtac</group>
</a1>
<a2>
<local/>
</a2>
</exec>
</authorization>
<session-id xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-aaa">common</session-id>
</aaa>
<login>
<on-success>
<log/>
</on-success>
</login>
<multilink>
<bundle-name xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-ppp">authenticated</bundle-name>
</multilink>
<redundancy/>
<subscriber>
<templating/>
</subscriber>
<tacacs>
<server xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-aaa">
<name>sandboxtacacs</name>
<address>
<ipv4>10.17.248.43</ipv4>
</address>
<key>
<encryption>7</encryption>
<key>12101612110A185C21</key>
</key>
</server>
</tacacs>
<tacacs-server>
<host xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-aaa">
<name>sandboxtacacs</name>
</host>
</tacacs-server>
<ethernet>
<cfm xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-ethernet">
<alarm>
<delay>2500</delay>
<reset>10000</reset>
</alarm>
</cfm>
</ethernet>
<crypto>
<ikev2 xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-crypto">
<http-url>
<cert/>
</http-url>
</ikev2>
<pki xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-crypto">
<certificate>
<chain>
<name>SLA-TrustPoint</name>
<certificate>
<serial>01</serial>
<certtype>ca</certtype>
</certificate>
</chain>
<chain>
<name>TP-self-signed-3209586145</name>
<certificate>
<serial>01</serial>
<certtype>self-signed</certtype>
</certificate>
</chain>
</certificate>
<trustpoint>
<id>SLA-TrustPoint</id>
<enrollment>
<enrollment-method>
<pkcs12/>
</enrollment-method>
<pkcs12/>
</enrollment>
<revocation-check>crl</revocation-check>
</trustpoint>
<trustpoint>
<id>TP-self-signed-3209586145</id>
<enrollment>
<enrollment-method>
<selfsigned/>
</enrollment-method>
<selfsigned/>
</enrollment>
<revocation-check>none</revocation-check>
<rsakeypair>
<key-label>TP-self-signed-3209586145</key-label>
</rsakeypair>
<subject-name>cn=IOS-Self-Signed-Certificate-3209586145</subject-name>
</trustpoint>
</pki>
</crypto>
<license>
<udi>
<pid>C8000V</pid>
<sn>9VNZGF5ZOKE</sn>
</udi>
</license>
<standby>
<redirects>true</redirects>
</standby>
<line>
<aux>
<first>0</first>
</aux>
<console>
<first>0</first>
<stopbits>1</stopbits>
</console>
<vty>
<first>0</first>
<last>4</last>
<length>0</length>
<transport>
<input>
<input>ssh</input>
</input>
</transport>
</vty>
</line>
<diagnostic xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-diagnostics">
<bootup>
<level>minimal</level>
</bootup>
</diagnostic>
</native>
</data>
</rpc-reply>import sys
from argparse import ArgumentParser
from ncclient import manager
import xml.dom.minidom
if __name__ == '__main__':
parser = ArgumentParser(description='Select options.')
# Input parameters
parser.add_argument('--host', type=str, required=True,
help="The device IP or DN")
parser.add_argument('-u', '--username', type=str, default='cisco',
help="Go on, guess!")
parser.add_argument('-p', '--password', type=str, default='cisco',
help="Yep, this one too! ;-)")
parser.add_argument('--port', type=int, default=830,
help="Specify this if you want a non-default port")
args = parser.parse_args()
m = manager.connect(host=args.host,
port=args.port,
username=args.username,
password=args.password,
hostkey_verify=False,
allow_agent=False,
look_for_keys=False,
device_params={'name':"csr"})
hostname_filter = '''
<filter xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<native xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-native">
</native>
</filter>
'''
# Pretty print the XML reply
xmlDom = xml.dom.minidom.parseString( str( m.get_config('running', hostname_filter)))
print(xmlDom.toprettyxml( indent = " " ))
Connect with me https://bigevilbeard.github.io
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide