This guide follows the youtube -guide of Keith Barker: Enable and Verify RESTCONF with the CLI and Postman.
Use a multilayer switch !
Multilayer | Router |
---|---|
pryl#show version | inc Model Number|IOS XE Cisco IOS XE Software, Version 16.09.04 Model Number : WS-C3650-24PS |
pryl#show vers | incl 4321|IOS XE Cisco IOS XE Software, Version 16.12.08 cisco ISR4321/K9 (1RU) processor with ... |
! MultiLayer Switch version should be
! Cisco IOS XE Software, Version 16.09.04
!
show version | incl IOS XE
conf t
interface vlan 1
! interface gi0/0/0
ip address dhcp
no shutdown
!
ntp server ntp.hv.se
do show ntp ass
!
! PAUSE HERE !! Wait for st=2, not strata 16 !!
!
!
hostname pryl
ip domain name cnap.hv.se
crypto key generate rsa usage-keys modulus 512
! (OBS; måste vara default 512)
!
username admin priv 15 secret cisco
ip http authentication local
! ip http server !! Kan vara bra för att testa, men behövs inte
ip http secure-server
!
end
wr
??debug: web-gränssnittet fungerar inte (vit sida) om man är inne i conf t !?!
??debug: Om du inte har sparat (wr), så hittar inte web-UI confen, utan börjar från början
??debug: show control-plane host open-ports -- visa att tcp-porten är igång och lyssnar
??debug: debug ip http ssl error
Find out IP of cisco-unit with the command show ip int bri | inc up
Make sure that you use https above
IOS-prompt(config)# restconf
(One single command, no parameters )
C:\Users\cisco>curl -k https://192.168.16.13/restconf -u "admin:cisco"
<!DOCTYPE html>
<html>
<head>
<title>Error</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>An error occurred.</h1>
<p>Sorry, the page you are looking for is currently unavailable.<br/>
Please try again later.</p>
<p>If you are the system administrator of this resource then you should check
the <a href="http://nginx.org/r/error_log">error log</a> for details.</p>
<p><em>Faithfully yours, nginx.</em></p>
</body>
</html>
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#restconf
Router(config)#
Dec 6 13:42:26.808: %PSD_MOD-5-DMI_NOTIFY_RESTCONF_START: R0/0: psd: PSD/DMI: restconf server has been notified to start
Dec 6 13:43:08.572: %NDBMAN-5-ACTIVE: R0/0: ndbmand: All data providers active.
Dec 6 13:43:16.770: %DMI-5-NACM_INIT: R0/0: dmiauthd: NACM configuration has been set to its initial configuration.
Dec 6 13:43:22.544: %MODULE_STATE-6-ALL_MODULES_UP: All modules are now on-line.
Dec 6 13:43:22.578: %DMI-5-SYNC_START: R0/0: syncfd: External change to running configuration detected. The running configuration will be synchronized to the NETCONF running data store.
Dec 6 13:43:25.863: %MODULE_STATE-6-ALL_MODULES_UP: All modules are now on-line.
Dec 6 13:43:25.866: %DMI-5-ACTIVE: R0/0: nesd: process is in steady state.
Dec 6 13:43:27.039: %DMI-5-SYNC_COMPLETE: R0/0: syncfd: The running configuration has been synchronized to the NETCONF running data store.
Dec 6 13:43:27.040: %DMI-5-ACTIVE: R0/0: syncfd: process is in steady state.
Router(config)#^Z
Dec 6 13:43:40.941: %SYS-5-CONFIG_I: Configured from console by console
Router#wr
Building configuration...
[OK]
C:\Users\cisco>curl -k https://192.168.16.13/restconf -u "admin:cisco"
<restconf xmlns="urn:ietf:params:xml:ns:yang:ietf-restconf">
<data/>
<operations/>
<yang-library-version>2016-06-21</yang-library-version>
</restconf>
C:\Users\cisco>
https://youtu.be/qeanMXpcHIk?t=411
Make sure your PC is on the same network as your cisco-device. Use IPCONFIG to verify that your IP address starts with 192.168.16...
Start a CommandPrompt (CMD) on your PC and try ONE of the below commands, starting at the top, one by one
at the prompt type curl -k https://192.168.16.XX/restconf -u "admin:cisco"
, but with the correct IP-number
See the proof-of-concept below
curl -k https://192.168.16.XX/restconf -u "admin:cisco"
curl -k https://192.168.16.XX/restconf/data/netconf-state/capabilities -u "admin:cisco"
curl -k https://192.168.16.XX/restconf/data/Cisco-IOS-XE-native:native/ -u "admin:cisco"
curl -k https://192.168.16.XX/restconf/data/Cisco-IOS-XE-native:native/switch/ -u "admin:cisco"
curl -k https://192.168.16.XX/restconf/data/Cisco-IOS-XE-native:native/router/ -u "admin:cisco"
curl -k https://192.168.16.XX/restconf/data/Cisco-IOS-XE-native:native/interface/ -u "admin:cisco"
^ .../router only works if OSPF is configured (or EIGRP, ...)
Barker YouTube: https://youtu.be/qeanMXpcHIk?t=596 (watch from 9'57")
https://192.168.16.12/restconf
after [Get]SWITCH (multilayer)
! %2F betyder '/' så 1/0/1 blir 1%2F0%2F1
https://192.168.16.12/restconf/data/netconf-state/capabilities
https://192.168.16.12/restconf/data/Cisco-IOS-XE-native:native/
https://192.168.16.12/restconf/data/Cisco-IOS-XE-native:native/switch/
https://192.168.16.12/restconf/data/Cisco-IOS-XE-interfaces-oper:interfaces
https://192.168.16.12/restconf/data/Cisco-IOS-XE-interfaces-oper:interfaces/interface=GigabitEthernet1%2F0%2F1/
https://192.168.16.12/restconf/data/Cisco-IOS-XE-interfaces-oper:interfaces/interface=Loopback0
^^^ GET Loopback0 gives error if it does *not* exist
ROUTER
https://192.168.16.12/restconf/data/netconf-state/capabilities
https://192.168.16.12/restconf/data/Cisco-IOS-XE-native:native/
https://192.168.16.12/restconf/data/Cisco-IOS-XE-native:native/router/
https://192.168.16.12/restconf/data/Cisco-IOS-XE-native:native/router/router-ospf/
https://192.168.16.12/restconf/data/Cisco-IOS-XE-native:native/interface/
https://192.168.16.12/restconf/data/Cisco-IOS-XE-interfaces-oper:interfaces
! %2F betyder '/' så 0/0/0 blir 0%2F0%2F0
https://192.168.16.12/restconf/data/Cisco-IOS-XE-interfaces-oper:interfaces/interface=GigabitEthernet0%2F0%2F0
https://192.168.16.12/restconf/data/Cisco-IOS-XE-interfaces-oper:interfaces/interface=Loopback0
https://193.10.203.158/restconf/data/Cisco-IOS-XE-interfaces-oper:interfaces/interface=Loopback6/ipv6-addrs
https://193.10.203.158/restconf/data/ietf-interfaces:interfaces/interface=Loopback6
^ .../router only works if OSPF is configured (or EIGRP, ...)
Accept
Value: application/yang-data+json
QUESTION: How do you find information about (GET) physical interfaces and loopbacks?
conf t
^Z
and save wr
Content-Type
Value: application/yang-data+json
{
"ietf-interfaces:interface": {
"name": "Loopback5",
"type": "iana-if-type:softwareLoopback",
"enabled": true,
"ietf-ip:ipv4": {
"address": [
{
"ip": "5.5.5.5",
"netmask": "255.255.255.0"
}
]
}
}
}
KRASCHAR! FUNGERAR INTE!!
Trots att man fixar både "Content-Type" och "Accept" så är det ngt fel i body ?!?
Frivillig uppgift
<quote from Flipped-Network Guide> (Spine-Leaf)
"The client ports where we put our servers are also routed ports with IP-addresses in the flipped network. The IP-address of these should hierarchy include Flipped Network (10), a leaf (10.0) the port number (10.0.4) and the default gateway of that LAN (10.0.4.1). Server admins tend to get confused if the direction towards the network isn’t dot1 (.1)."
This gives us the configuration in pseudo-code:
foreach { $portno towards server }
interface Gigabit $portno
no switchport
ip address 10.$switchno.$portno.1 255.255.255.0
Translated to Python-code it should read something like:
import requests
def rest_my_port(name, ip) {
url = "http://192.168.16.12/"
headers = {
'Authorization': 'Basic YWRtaW46Y2lzY28=',
'Content-Type': 'text/plain'
}
payloadDict = { # Python dictionary-datatype
"name": name, # Use parameter-variable 'name' instead of constant
"type": "iana-if-type:softwareLoopback",
"enabled": "true",
"ietf-ip:ipv4": {
"address": [
{
"ip": ip, # Use parameter-variable 'ip' instead of constant
"netmask": "255.255.255.0"
}
]
},
"ietf-ip:ipv6": { }
}
payload = str(payloadDict) # Convert Dictionary to String (bättre: json.dumps() )
payload = payload.replace("'", '\\\"') # Change all single-quotes to backslash+doublequote
response = requests.request("POST", url, headers=headers, data=payload)
print("Response from requests is", response.text)
###############
# MAIN PROGRAM, should be same as "flipped-network pseudo-code" above (Spine-Leaf)
###############
switchno="1" # This is switch 1
for i in range(10,20) {
port = "1/0/" + str(i)
ip = "10." + str(switchno) + "." + str(portno) + ".1"
# insert <REST CODE> here, should make the port "no switchport" ! OR DO IT MANUALLY (conf t)
rest_my_port(port, ip)
print("all done")
The interested reader should create python-code for "<REST CODE>" above
GLHF!
R1# show platform software yang-management process
confd : Running
nesd : Running
syncfd : Running
ncsshd : Not Running
dmiauthd : Running
nginx : Running
ndbmand : Running
pubd : Running