01-18-2022 01:13 PM
I'm working on building a network configuration security compliance script that pulls the YANG running-config using NETCONF and checks that the Cisco 3850(16.9) has specific security configurations.
I've run into an issue where I'm not seeing "login block-for" or "login quiet-mode" CLI options defined in the YANG model.
I've looked through the YANG models for 16.9 on GitHub <https://github.com/YangModels/yang/tree/master/vendor/cisco/xe/1691> and I don't see those options in the model.
Am I missing something or are the Cisco IOS Login Enhancements not part of the YANG model? Is it possible to push a partial custom update of the YANG model to fix the issue locally?
Solved! Go to Solution.
01-24-2022 11:44 AM
Hello ,
The "login block-for" or "login quiet-mode" were introduced in IOS XE 17.3.1.
In order to access to this part of the config , you will have to upgrade your device to the release 17.3.1 .
Here the result of the grep
nabil@LAPTOP:~/yang/vendor/cisco/xe$ grep -r -n -i "block-for" * 1731/Cisco-IOS-XE-native.yang:49: - Added model for block-for attempts and within 1731/Cisco-IOS-XE-native.yang:2646: leaf block-for { 1741/Cisco-IOS-XE-native.yang:58: - Added model for block-for attempts and within 1741/Cisco-IOS-XE-native.yang:2725: leaf block-for { 1751/Cisco-IOS-XE-native.yang:66: - Added model for block-for attempts and within 1751/Cisco-IOS-XE-native.yang:2809: leaf block-for { 1761/Cisco-IOS-XE-native.yang:77: - Added model for block-for attempts and within 1761/Cisco-IOS-XE-native.yang:2827: leaf block-for { 1771/Cisco-IOS-XE-native.yang:85: - Added model for block-for attempts and within 1771/Cisco-IOS-XE-native.yang:2922: leaf block-for { 1771/YANG_1.1/Cisco-IOS-XE-native.yang:86: - Added model for block-for attempts and within 1771/YANG_1.1/Cisco-IOS-XE-native.yang:2923: leaf block-for { nabil@LAPTOP:~/yang/vendor/cisco/xe$ grep -r -n -i "quiet-mode" * 1731/Cisco-IOS-XE-native.yang:48: - Added model for quiet-mode and access-class 1731/Cisco-IOS-XE-native.yang:2628: container quiet-mode { 1731/Cisco-IOS-XE-native.yang:2630: "Set quiet-mode options"; 1731/Cisco-IOS-XE-native.yang:2648: "Set quiet-mode active time period"; 1741/Cisco-IOS-XE-native.yang:57: - Added model for quiet-mode and access-class 1741/Cisco-IOS-XE-native.yang:2707: container quiet-mode { 1741/Cisco-IOS-XE-native.yang:2709: "Set quiet-mode options"; 1741/Cisco-IOS-XE-native.yang:2727: "Set quiet-mode active time period"; 1751/Cisco-IOS-XE-native.yang:65: - Added model for quiet-mode and access-class 1751/Cisco-IOS-XE-native.yang:2791: container quiet-mode { 1751/Cisco-IOS-XE-native.yang:2793: "Set quiet-mode options"; 1751/Cisco-IOS-XE-native.yang:2811: "Set quiet-mode active time period"; 1761/Cisco-IOS-XE-native.yang:76: - Added model for quiet-mode and access-class 1761/Cisco-IOS-XE-native.yang:2809: container quiet-mode { 1761/Cisco-IOS-XE-native.yang:2811: "Set quiet-mode options"; 1761/Cisco-IOS-XE-native.yang:2829: "Set quiet-mode active time period"; 1771/Cisco-IOS-XE-native.yang:84: - Added model for quiet-mode and access-class 1771/Cisco-IOS-XE-native.yang:2904: container quiet-mode { 1771/Cisco-IOS-XE-native.yang:2906: "Set quiet-mode options"; 1771/Cisco-IOS-XE-native.yang:2924: "Set quiet-mode active time period"; 1771/YANG_1.1/Cisco-IOS-XE-native.yang:85: - Added model for quiet-mode and access-class 1771/YANG_1.1/Cisco-IOS-XE-native.yang:2905: container quiet-mode { 1771/YANG_1.1/Cisco-IOS-XE-native.yang:2907: "Set quiet-mode options"; 1771/YANG_1.1/Cisco-IOS-XE-native.yang:2925: "Set quiet-mode active time period"; nabil@DESKTOP-8ECTID4:~/yang/vendor/cisco/xe$
01-24-2022 11:44 AM
Hello ,
The "login block-for" or "login quiet-mode" were introduced in IOS XE 17.3.1.
In order to access to this part of the config , you will have to upgrade your device to the release 17.3.1 .
Here the result of the grep
nabil@LAPTOP:~/yang/vendor/cisco/xe$ grep -r -n -i "block-for" * 1731/Cisco-IOS-XE-native.yang:49: - Added model for block-for attempts and within 1731/Cisco-IOS-XE-native.yang:2646: leaf block-for { 1741/Cisco-IOS-XE-native.yang:58: - Added model for block-for attempts and within 1741/Cisco-IOS-XE-native.yang:2725: leaf block-for { 1751/Cisco-IOS-XE-native.yang:66: - Added model for block-for attempts and within 1751/Cisco-IOS-XE-native.yang:2809: leaf block-for { 1761/Cisco-IOS-XE-native.yang:77: - Added model for block-for attempts and within 1761/Cisco-IOS-XE-native.yang:2827: leaf block-for { 1771/Cisco-IOS-XE-native.yang:85: - Added model for block-for attempts and within 1771/Cisco-IOS-XE-native.yang:2922: leaf block-for { 1771/YANG_1.1/Cisco-IOS-XE-native.yang:86: - Added model for block-for attempts and within 1771/YANG_1.1/Cisco-IOS-XE-native.yang:2923: leaf block-for { nabil@LAPTOP:~/yang/vendor/cisco/xe$ grep -r -n -i "quiet-mode" * 1731/Cisco-IOS-XE-native.yang:48: - Added model for quiet-mode and access-class 1731/Cisco-IOS-XE-native.yang:2628: container quiet-mode { 1731/Cisco-IOS-XE-native.yang:2630: "Set quiet-mode options"; 1731/Cisco-IOS-XE-native.yang:2648: "Set quiet-mode active time period"; 1741/Cisco-IOS-XE-native.yang:57: - Added model for quiet-mode and access-class 1741/Cisco-IOS-XE-native.yang:2707: container quiet-mode { 1741/Cisco-IOS-XE-native.yang:2709: "Set quiet-mode options"; 1741/Cisco-IOS-XE-native.yang:2727: "Set quiet-mode active time period"; 1751/Cisco-IOS-XE-native.yang:65: - Added model for quiet-mode and access-class 1751/Cisco-IOS-XE-native.yang:2791: container quiet-mode { 1751/Cisco-IOS-XE-native.yang:2793: "Set quiet-mode options"; 1751/Cisco-IOS-XE-native.yang:2811: "Set quiet-mode active time period"; 1761/Cisco-IOS-XE-native.yang:76: - Added model for quiet-mode and access-class 1761/Cisco-IOS-XE-native.yang:2809: container quiet-mode { 1761/Cisco-IOS-XE-native.yang:2811: "Set quiet-mode options"; 1761/Cisco-IOS-XE-native.yang:2829: "Set quiet-mode active time period"; 1771/Cisco-IOS-XE-native.yang:84: - Added model for quiet-mode and access-class 1771/Cisco-IOS-XE-native.yang:2904: container quiet-mode { 1771/Cisco-IOS-XE-native.yang:2906: "Set quiet-mode options"; 1771/Cisco-IOS-XE-native.yang:2924: "Set quiet-mode active time period"; 1771/YANG_1.1/Cisco-IOS-XE-native.yang:85: - Added model for quiet-mode and access-class 1771/YANG_1.1/Cisco-IOS-XE-native.yang:2905: container quiet-mode { 1771/YANG_1.1/Cisco-IOS-XE-native.yang:2907: "Set quiet-mode options"; 1771/YANG_1.1/Cisco-IOS-XE-native.yang:2925: "Set quiet-mode active time period"; nabil@DESKTOP-8ECTID4:~/yang/vendor/cisco/xe$
01-26-2022 12:37 PM
Thank you @Nabsch !
How can I update to the 17.3 schema if the Cisco 3850 latest IOS release is 16.12?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide