09-12-2023 09:58 AM
Hi,
On ASR1001-HX, I have set management port eth0 ip as X.X.X.X and other to a regular interface GigabitEthernet0/0/3 as Y.Y.Y.Y.
I also have netconf-yang enabled and username enabled with the following commands
username netuser privilege 15 password 0 P8ssw0rd
netconf detailed-error
netconf ssh
netconf-yang
However even though I am able to get the netconf yang working on regular interface and able to get the the hello message when I do the ssh -p 830 netuser@Y.Y.Y.Y with reply as:
----
<session-id>28</session-id></hello>]]>]]>
----
I can't get the same when I try with ssh -p 830 netuser@X.X.X.X where X.X.X.X is the ip of the management interface.
Is there another command I have to enable for getting netconf-yang working on eth0 port of ASR1001-HX
09-12-2023 10:48 AM
Do you have a access list on your VTY?
09-12-2023 10:54 AM
That is what I thought originally too.
But on examination all I see is
asr2#show access-lists
Extended IP access list meraki-fqdn-dns
asr2#
09-12-2023 11:25 AM
another thing which has caught my attention is:
asr2#show platform software yang-management process
confd : Running
nesd : Running
syncfd : Running
ncsshd : Running
dmiauthd : Running
nginx : Running
ndbmand : Running
pubd : Running
gnmib : Not Running
asr2#
09-12-2023 11:39 AM
Might be a stupid question: Normal SSH into the mgmt-interface is working on the box? The mgmt-interface is in its own VRF, so I assume routing (default gateway) is correct: show ip route vrf Mgmt-intf may be used to check this.
09-13-2023 06:10 AM - edited 09-13-2023 06:15 AM
Thanks @Marcel Zehnder . Normal SSH into the mgmt-interface is working
Yes show ip route vrf Mgmt-intf those are setup correctly.
If you see below
ibm002-asr2#show ip route vrf Mgmt-intf
Routing Table: Mgmt-intf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
H - NHRP, G - NHRP registered, g - NHRP registration summary
o - ODR, P - periodic downloaded static route, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
& - replicated local route overrides by connected
Gateway of last resort is 192.168.27.1 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 192.168.27.1
[1/0] via 10.120.27.1, GigabitEthernet0
192.168.27.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.27.0/24 is directly connected, GigabitEthernet0
L 192.168.27.67/32 is directly connected, GigabitEthernet0
ibm002-asr2#
09-13-2023 06:38 AM
Sorry, @kn2022 I have no more ideas. The only ASR1001s I have access to are productive boxes without the Gig0/Mgmt-Intf configured, so I have no way to test this further
09-13-2023 06:52 AM
Thanks for the help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide