08-18-2021 12:00 PM
Hi, community!
I have an error <bad-element>filter</bad-element> in the netconf response in IOS XE 17.3.1 on CSR Latest Code Always On DevNet Sandbox but the same code works fine in IOS XE 16.9.4 on CSR. I found discussions with the same problem (link_1, link_2), but did not understand the cause of the problem and how to solve it.
Please help me.
get_interfaces.py
import sys import xml.dom.minidom from ncclient import manager from device_info import ios_xe_16_9_4 as ios_xe # Doesn't work with IOS XE 17.3.1 !!! # from device_info import ios_xe_17_3_1 as ios_xe netconf_filter = 'get_interfaces.xml' def get_configured_interfaces(xml_filter): with manager.connect(**ios_xe, hostkey_verify=False, device_params={'name': 'default'}, allow_agent=False, look_for_keys=False) as m: with open(xml_filter) as f: return(m.get_config('running', f.read())) def main(): netconf_reply = get_configured_interfaces(netconf_filter) interfaces = xml.dom.minidom.parseString(netconf_reply.xml) print(interfaces.toprettyxml()) if __name__ == '__main__': sys.exit(main()) ''' OUTPUT for 16.9.4 >>> <?xml version="1.0" ?> <rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" \ message-id="urn:uuid:2fcc075c-8357-436d-9259-80e14965af48"> <data> <interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces"> <interface> <name>GigabitEthernet1</name> <description>VBox</description> <type xmlns:ianaift="urn:ietf:params:xml:ns:yang:iana-if-type">ianaift:ethernetCsmacd\ </type> <enabled>true</enabled> <ipv4 xmlns="urn:ietf:params:xml:ns:yang:ietf-ip"/> <ipv6 xmlns="urn:ietf:params:xml:ns:yang:ietf-ip"/> </interface> <interface> <name>Loopback1</name> <description>WHATEVER</description> <type xmlns:ianaift="urn:ietf:params:xml:ns:yang:iana-if-type">ianaift:softwareLoopback\ </type> <enabled>true</enabled> <ipv4 xmlns="urn:ietf:params:xml:ns:yang:ietf-ip"> <address> <ip>2.2.2.2</ip> <netmask>255.255.255.0</netmask> </address> </ipv4> <ipv6 xmlns="urn:ietf:params:xml:ns:yang:ietf-ip"/> </interface> <interface> <name>Loopback2</name> <description>NEWBUTSAMEIP</description> <type xmlns:ianaift="urn:ietf:params:xml:ns:yang:iana-if-type">ianaift:softwareLoopback\ </type> <enabled>true</enabled> <ipv4 xmlns="urn:ietf:params:xml:ns:yang:ietf-ip"/> <ipv6 xmlns="urn:ietf:params:xml:ns:yang:ietf-ip"/> </interface> <interface> <name>Loopback99</name> <description>WHATEVER99</description> <type xmlns:ianaift="urn:ietf:params:xml:ns:yang:iana-if-type">ianaift:softwareLoopback\ </type> <enabled>true</enabled> <ipv4 xmlns="urn:ietf:params:xml:ns:yang:ietf-ip"> <address> <ip>99.99.99.99</ip> <netmask>255.255.255.0</netmask> </address> </ipv4> <ipv6 xmlns="urn:ietf:params:xml:ns:yang:ietf-ip"/> </interface> </interfaces> </data> </rpc-reply> '''
''' OUTPUT for 17.3.1
>>>
ncclient.operations.rpc.RPCError: {'type': 'protocol', 'tag': 'unknown-element', 'app_tag': None,
'severity': 'error', 'info': '<?xml version="1.0" encoding="UTF-8"?>
<error-info xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0">
<bad-element>filter</bad-element>\n</error-info>\n', 'path': '\n /rpc/get-config\n ', 'message': None}
'''
device_info.py
# DevNet IOS XE 17.3.1 on CSR Latest Code Always On Sandbox Device # https://devnetsandbox.cisco.com/RM/Diagram/Index/7b4d4209-a17c-4bc3-9b38-f15184e53a94?diagramType=Topology ios_xe_17_3_1 = { "host": "sandbox-iosxe-latest-1.cisco.com", "port": 830, "username": "developer", "password": "C1sco12345" } # IOS XE 16.9.4 on CSR runned locally inside VirtualBox ios_xe_16_9_4 = { "host": "192.168.56.101", "port": 830, "username": "cisco", "password": "cisco123!" }
get_interfaces.xml
<filter> <interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces"> <interface></interface> </interfaces> </filter>
Solved! Go to Solution.
08-19-2021 01:59 PM
I guess the issue here is that Netconf server cannot identify where the 'filter' definition is coming from. Try to add namespace like this:
<filter xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces">
<interface/>
</interfaces>
</filter>
08-19-2021 01:59 PM
I guess the issue here is that Netconf server cannot identify where the 'filter' definition is coming from. Try to add namespace like this:
<filter xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces">
<interface/>
</interfaces>
</filter>
08-20-2021 03:25 AM
You are the best! Now it works fine with both versions of ios xe-16.9.4 and 17.3.1. But I don't understand why the previous code works fine with ios xe 16.9.4, but returned an error with 17.3.1. Can you explain? Thank you again!
08-31-2021 10:13 AM
This has to do with the addition of strict checking of namespace in the RPC in IOS XE 17.n.n+ and in the ncclient python library versions 0.6.6+.
Earlier versions of ncclient and IOS XE assumed netconf namespace for many of the netconf tags. Both server and client libraries now do not make those assumptions and strict namespace rules are applied.
04-04-2022 07:04 AM
Unbelievable Jeff! You absolute legend.
12-31-2023 02:07 AM
There is an error when trying to get config in part 4 step 1 b, the code is not good as of at least 31.12.2023.
(ios-xe version 16.9)
this is the code to get the output from the lab:
from ncclient import manager
netconf_filter = """
<filter XML="urn:ietf:params:xml:ns:netconf:base:1.0">
<native xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-native ">
</native>
</filter>
"""
m = manager.connect(
host="192.168.56.101",
port=830,
username="cisco",
password="cisco123!",
hostkey_verify=False
)
netconf_reply = m.get_config(source="running", filter=netconf_filter)
print(netconf_reply)
Output:
<?xml version="1.0" encoding="UTF-8"?> <rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:3477d1e5-8f2e-4e53-9635-251ee1117756"> <data> <native xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-native"> <version>16.9</version> <boot-start-marker/> <boot-end-marker/> <banner> <motd> <banner>^C</banner> </motd> </banner> <service> <timestamps> <debug> <datetime> <msec/> </datetime> </debug> <log> <datetime> <msec/> </datetime> </log> </timestamps> </service> <platform> <console xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-platform"> <output>virtual</output> </console> </platform> <hostname>CSR1kv</hostname> <username> <name>cisco</name> <privilege>15</privilege> <password> <encryption>0</encryption> <password>cisco123</password> </password> </username> <ip> <domain> <name>example.netacad.com</name> </domain> <forward-protocol> <protocol>nd</protocol> </forward-protocol> <http xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-http"> <authentication> <local/> </authentication> <server>false</server> <secure-server>true</secure-server> </http> </ip> <interface> <GigabitEthernet> <name>1</name> <description>VBox</description> <ip> <address> <dhcp/> </address> </ip> <ipv6> <address> <prefix-list> <prefix>2001:DB8:ACAD:56::101/64</prefix> </prefix-list> <link-local-address> <address>fe80::56:1</address> <link-local/> </link-local-address> </address> </ipv6> <mop> <enabled>false</enabled> <sysid>false</sysid> </mop> <negotiation xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-ethernet"> <auto>true</auto> </negotiation> </GigabitEthernet> </interface> <control-plane/> <login> <on-success> <log/> </on-success> </login> <multilink> <bundle-name xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-ppp">authenticated</bundle-name> </multilink> <redundancy/> <spanning-tree> <extend xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-spanning-tree"> <system-id/> </extend> </spanning-tree> <subscriber> <templating/> </subscriber> <crypto> <pki xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-crypto"> <trustpoint> <id>TP-self-signed-2109600387</id> <enrollment> <selfsigned/> </enrollment> <revocation-check>none</revocation-check> <rsakeypair> <key-label>TP-self-signed-2109600387</key-label> </rsakeypair> <subject-name>cn=IOS-Self-Signed-Certificate-2109600387</subject-name> </trustpoint> <certificate> <chain> <name>TP-self-signed-2109600387</name> <certificate> <serial>01</serial> <certtype>self-signed</certtype> </certificate> </chain> </certificate> </pki> </crypto> <license> <udi> <pid>CSR1000V</pid> <sn>9VF0JU7V5NN</sn> </udi> </license> <line> <console> <first>0</first> <logging> <synchronous/> </logging> <stopbits>1</stopbits> </console> <vty> <first>0</first> <last>4</last> <login> <local/> </login> <transport> <input> <input>ssh</input> </input> </transport> </vty> <vty> <first>5</first> <last>15</last> <login> <local/> </login> <transport> <input> <input>ssh</input> </input> </transport> </vty> </line> <diagnostic xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-diagnostics"> <bootup> <level>minimal</level> </bootup> </diagnostic> </native> </data> </rpc-reply>
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide