Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
12477
Views
7
Helpful
4
Replies

Command "netconf-yang" doesn't open port 830

RAW1456
Level 1
Level 1

‎08-12-2020 09:37 AM

Greetings,

I am using a Cisco ISR4321 running IOSXE 16.06.04

 

I am trying to get started with NETCONF and according to every tutorial I've read the command "netconf-yang" should be enough to start the NETCONF service and open Port 830, however, trying to get the Router's capabilities via

ssh -s <user>@192.168.88.211 -p 830 netconf

returns

ssh: connect to host 192.168.88.211 port 830: Connection refused

An NMAP scan also doesn't list Port 830 as open.

The service is definitely running though:

Router#show platform software yang-management process 
confd            : Running 
nesd             : Running 
syncfd           : Running 
ncsshd           : Running 
dmiauthd         : Running 
vtyserverutild   : Running 
opdatamgrd       : Running 
nginx            : Running 
ndbmand          : Running

I've been stuck on this for a while now and would greatly appreciate any hints as to what I'm missing here. 

 

4 people had this problem
Labels:
0 Helpful
4 Replies 4

marce1000
Hall of Fame
Hall of Fame

‎08-12-2020 09:54 AM

 

 - Check if this guide can help you :

           https://www.cisco.com/c/en/us/support/docs/storage-networking/management/200933-YANG-NETCONF-Configuration-Validation.html

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

RAW1456
Level 1
Level 1
In response to marce1000

‎08-12-2020 10:14 AM

Thank you, but that seems to be the exact guide I've been using.

As I understand it, it states that if AAA and Syslog/SNMP monitoring aren't required you only need the basic SSH configuration and the "netconf-yang" command for the aforementioned Capabilities check to work.

 

For troubleshooting it only states that if the test doesn't work, there may be a firewall blocking Port 830 but I've already tested the command while connected directly to the router.

0 Helpful

PJO2
Level 1
Level 1
In response to RAW1456

‎06-09-2021 08:18 AM

Hello,

My answer comes late, but may help the ones who fall on this page.

 

I recently got the very same behaviour after deleting some crypto keys (i know it is bad :))

To restore them, you can disable and reenable netconf like :

csr-hub(config)#no netconf-yang
csr-hub(config)#
*Jun  9 15:01:04.021: yang-infra: netconf-yang server has been notified to stop
csr-hub(config)#
csr-hub(config)#netconf-yang
The existing self-signed trustpoint cannot be used for NETCONF.
Delete it and create a new one? [yes/no]: yes
CRYPTO_PKI: setting trustpoint policy TP-self-signed-3222202584 to use keypair TP-self-signed-3222202584
csr-hub(config)#

mikedennis
Level 1
Level 1
In response to PJO2

‎03-15-2023 10:56 AM

My reply may come late to this as well, but THIS finally pointed me in the right direction. After reenabling netconf-yang, a log message notified me that it was using an old trustpoint certificate. I disabled netconf-yang, deleted the cert, and reenabled netconf-yang. I then tested SSH over port 830 from Prime, and it finally let me accept the certificate in Prime.

0 Helpful
Customers Also Viewed These Support Documents