Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2355
Views
17
Helpful
5
Replies

Netconf error in IOS XE on CSR Latest Code Always On DevNet Sandbox

Go to solution
Vostbur
Level 1
Level 1

‎08-18-2021 12:00 PM

Hi, community!

 

I have an error <bad-element>filter</bad-element> in the netconf response in IOS XE 17.3.1 on CSR Latest Code Always On DevNet Sandbox but the same code works fine in IOS XE 16.9.4 on CSR. I found discussions with the same problem (link_1, link_2), but did not understand the cause of the problem and how to solve it.

 

Please help me.

 

get_interfaces.py

import sys
import xml.dom.minidom

from ncclient import manager

from device_info import ios_xe_16_9_4 as ios_xe

# Doesn't work with IOS XE 17.3.1 !!!
# from device_info import ios_xe_17_3_1 as ios_xe

netconf_filter = 'get_interfaces.xml'


def get_configured_interfaces(xml_filter):
    with manager.connect(**ios_xe, hostkey_verify=False,
                         device_params={'name': 'default'},
                         allow_agent=False, look_for_keys=False) as m:
        with open(xml_filter) as f:
            return(m.get_config('running', f.read()))


def main():
    netconf_reply = get_configured_interfaces(netconf_filter)
    interfaces = xml.dom.minidom.parseString(netconf_reply.xml)
    print(interfaces.toprettyxml())

if __name__ == '__main__':
    sys.exit(main())

''' OUTPUT for 16.9.4
>>>
<?xml version="1.0" ?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" \
    message-id="urn:uuid:2fcc075c-8357-436d-9259-80e14965af48">
        <data>
                <interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces">
                        <interface>
                                <name>GigabitEthernet1</name>
                                <description>VBox</description>
                                <type xmlns:ianaift="urn:ietf:params:xml:ns:yang:iana-if-type">ianaift:ethernetCsmacd\
                                    </type>
                                <enabled>true</enabled>
                                <ipv4 xmlns="urn:ietf:params:xml:ns:yang:ietf-ip"/>
                                <ipv6 xmlns="urn:ietf:params:xml:ns:yang:ietf-ip"/>
                        </interface>
                        <interface>
                                <name>Loopback1</name>
                                <description>WHATEVER</description>
                                <type xmlns:ianaift="urn:ietf:params:xml:ns:yang:iana-if-type">ianaift:softwareLoopback\
                                    </type>
                                <enabled>true</enabled>
                                <ipv4 xmlns="urn:ietf:params:xml:ns:yang:ietf-ip">
                                        <address>
                                                <ip>2.2.2.2</ip>
                                                <netmask>255.255.255.0</netmask>
                                        </address>
                                </ipv4>
                                <ipv6 xmlns="urn:ietf:params:xml:ns:yang:ietf-ip"/>
                        </interface>
                        <interface>
                                <name>Loopback2</name>
                                <description>NEWBUTSAMEIP</description>
                                <type xmlns:ianaift="urn:ietf:params:xml:ns:yang:iana-if-type">ianaift:softwareLoopback\
                                    </type>
                                <enabled>true</enabled>
                                <ipv4 xmlns="urn:ietf:params:xml:ns:yang:ietf-ip"/>
                                <ipv6 xmlns="urn:ietf:params:xml:ns:yang:ietf-ip"/>
                        </interface>
                        <interface>
                                <name>Loopback99</name>
                                <description>WHATEVER99</description>
                                <type xmlns:ianaift="urn:ietf:params:xml:ns:yang:iana-if-type">ianaift:softwareLoopback\
                                    </type>
                                <enabled>true</enabled>
                                <ipv4 xmlns="urn:ietf:params:xml:ns:yang:ietf-ip">
                                        <address>
                                                <ip>99.99.99.99</ip>
                                                <netmask>255.255.255.0</netmask>
                                        </address>
                                </ipv4>
                                <ipv6 xmlns="urn:ietf:params:xml:ns:yang:ietf-ip"/>
                        </interface>
                </interfaces>
        </data>
</rpc-reply>
'''
''' OUTPUT for 17.3.1
>>>
ncclient.operations.rpc.RPCError: {'type': 'protocol', 'tag': 'unknown-element', 'app_tag': None,
'severity': 'error', 'info': '<?xml version="1.0" encoding="UTF-8"?>
<error-info xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0">
<bad-element>filter</bad-element>\n</error-info>\n', 'path': '\n /rpc/get-config\n ', 'message': None}
'''  

 device_info.py

# DevNet IOS XE 17.3.1 on CSR Latest Code Always On Sandbox Device
# https://devnetsandbox.cisco.com/RM/Diagram/Index/7b4d4209-a17c-4bc3-9b38-f15184e53a94?diagramType=Topology
ios_xe_17_3_1 = {
    "host": "sandbox-iosxe-latest-1.cisco.com",
    "port": 830,
    "username": "developer",
    "password": "C1sco12345"
}

# IOS XE 16.9.4 on CSR runned locally inside VirtualBox
ios_xe_16_9_4 = {
    "host": "192.168.56.101",
    "port": 830,
    "username": "cisco",
    "password": "cisco123!"
}

 get_interfaces.xml

<filter>
  <interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces">
    <interface></interface>
  </interfaces>
</filter> 

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
yangorelik
Spotlight
Spotlight

‎08-19-2021 01:59 PM

I guess the issue here is that Netconf server cannot identify where the 'filter' definition is coming from. Try to add namespace like this:

<filter xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces">
    <interface/>
  </interfaces>
</filter>
Yan Gorelik
YDK Solutions

View solution in original post

5 Replies 5

Go to solution
yangorelik
Spotlight
Spotlight

‎08-19-2021 01:59 PM

I guess the issue here is that Netconf server cannot identify where the 'filter' definition is coming from. Try to add namespace like this:

<filter xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces">
    <interface/>
  </interfaces>
</filter>
Yan Gorelik
YDK Solutions

Go to solution
Vostbur
Level 1
Level 1
In response to yangorelik

‎08-20-2021 03:25 AM

You are the best! Now it works fine with both versions of ios xe-16.9.4 and 17.3.1. But I don't understand why the previous code works fine with ios xe 16.9.4, but returned an error with 17.3.1. Can you explain? Thank you again!

0 Helpful

Go to solution
miott
Cisco Employee
Cisco Employee
In response to Vostbur

‎08-31-2021 10:13 AM

This has to do with the addition of strict checking of namespace in the RPC in IOS XE 17.n.n+ and in the ncclient python library versions 0.6.6+.

Earlier versions of ncclient and IOS XE assumed netconf namespace for many of the netconf tags.  Both server and client libraries now do not make those assumptions and strict namespace rules are applied.

  • filter tag must see xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" in its tag or in a parent tag
  • nc:filter tag must see xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" in its tag or in a parent tag

 

Go to solution
ChrisNewnham_
Level 1
Level 1
In response to yangorelik

‎04-04-2022 07:04 AM

Unbelievable Jeff! You absolute legend.

0 Helpful

Go to solution
njurchescu94
Level 1
Level 1

‎12-31-2023 02:07 AM

There is an error when trying to get config in part 4 step 1 b, the code is not good as of at least 31.12.2023.

(ios-xe version 16.9)

this is the code to get the output from the lab:

from ncclient import manager

netconf_filter = """
                           <filter XML="urn:ietf:params:xml:ns:netconf:base:1.0">
                              <native xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-native ">
                              </native>
                          </filter>

                       """

m = manager.connect(
       host="192.168.56.101",
       port=830,
       username="cisco",
       password="cisco123!",
       hostkey_verify=False
       )

netconf_reply = m.get_config(source="running", filter=netconf_filter)
print(netconf_reply)

 

 

Output:

<?xml version="1.0" encoding="UTF-8"?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:3477d1e5-8f2e-4e53-9635-251ee1117756">
  <data>
    <native xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-native">
      <version>16.9</version>
      <boot-start-marker/>
      <boot-end-marker/>
      <banner>
        <motd>
          <banner>^C</banner>
        </motd>
      </banner>
      <service>
        <timestamps>
          <debug>
            <datetime>
              <msec/>
            </datetime>
          </debug>
          <log>
            <datetime>
              <msec/>
            </datetime>
          </log>
        </timestamps>
      </service>
      <platform>
        <console xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-platform">
          <output>virtual</output>
        </console>
      </platform>
      <hostname>CSR1kv</hostname>
      <username>
        <name>cisco</name>
        <privilege>15</privilege>
        <password>
          <encryption>0</encryption>
          <password>cisco123</password>
        </password>
      </username>
      <ip>
        <domain>
          <name>example.netacad.com</name>
        </domain>
        <forward-protocol>
          <protocol>nd</protocol>
        </forward-protocol>
        <http xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-http">
          <authentication>
            <local/>
          </authentication>
          <server>false</server>
          <secure-server>true</secure-server>
        </http>
      </ip>
      <interface>
        <GigabitEthernet>
          <name>1</name>
          <description>VBox</description>
          <ip>
            <address>
              <dhcp/>
            </address>
          </ip>
          <ipv6>
            <address>
              <prefix-list>
                <prefix>2001:DB8:ACAD:56::101/64</prefix>
              </prefix-list>
              <link-local-address>
                <address>fe80::56:1</address>
                <link-local/>
              </link-local-address>
            </address>
          </ipv6>
          <mop>
            <enabled>false</enabled>
            <sysid>false</sysid>
          </mop>
          <negotiation xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-ethernet">
            <auto>true</auto>
          </negotiation>
        </GigabitEthernet>
      </interface>
      <control-plane/>
      <login>
        <on-success>
          <log/>
        </on-success>
      </login>
      <multilink>
        <bundle-name xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-ppp">authenticated</bundle-name>
      </multilink>
      <redundancy/>
      <spanning-tree>
        <extend xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-spanning-tree">
          <system-id/>
        </extend>
      </spanning-tree>
      <subscriber>
        <templating/>
      </subscriber>
      <crypto>
        <pki xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-crypto">
          <trustpoint>
            <id>TP-self-signed-2109600387</id>
            <enrollment>
              <selfsigned/>
            </enrollment>
            <revocation-check>none</revocation-check>
            <rsakeypair>
              <key-label>TP-self-signed-2109600387</key-label>
            </rsakeypair>
            <subject-name>cn=IOS-Self-Signed-Certificate-2109600387</subject-name>
          </trustpoint>
          <certificate>
            <chain>
              <name>TP-self-signed-2109600387</name>
              <certificate>
                <serial>01</serial>
                <certtype>self-signed</certtype>
              </certificate>
            </chain>
          </certificate>
        </pki>
      </crypto>
      <license>
        <udi>
          <pid>CSR1000V</pid>
          <sn>9VF0JU7V5NN</sn>
        </udi>
      </license>
      <line>
        <console>
          <first>0</first>
          <logging>
            <synchronous/>
          </logging>
          <stopbits>1</stopbits>
        </console>
        <vty>
          <first>0</first>
          <last>4</last>
          <login>
            <local/>
          </login>
          <transport>
            <input>
              <input>ssh</input>
            </input>
          </transport>
        </vty>
        <vty>
          <first>5</first>
          <last>15</last>
          <login>
            <local/>
          </login>
          <transport>
            <input>
              <input>ssh</input>
            </input>
          </transport>
        </vty>
      </line>
      <diagnostic xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-diagnostics">
        <bootup>
          <level>minimal</level>
        </bootup>
      </diagnostic>
    </native>
  </data>
</rpc-reply>

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents