Testing on netconf with Python ncclient module

Cisco router
On the cisco router I need to enable ssh version 2, netconf will only run on sshv2.

Also I need to create an ACL to allow Netconf over ssh.


ip ssh version 2
cypto key generate rsa modulus 2048 general-keys
access-list 1 permit 192.168.1.0 0.0.0.255
netconf ssh acl 1
netconf ssh

Originally I tried with plink to connect from windows using this command plink -s cisco@192.168.1.46 netconf
I got connected and saw the netconf hello xml, but I need to give a response back, but unfortunately I could not seem to be able to paste the hello xml response back to the command prompt.. So I tried an alternative and found ncclient on python.

from ncclient import manager
import os.path

path = "d:/temp/"
filename = os.path.join(path, "config.xml")
m = manager.connect(host='192.168.1.46', port='22', username='cisco', password='cisco', hostkey_verify=False)
tmp = m.get_config(source='running').data_xml
f = open(filename, "w")
f.write(tmp)
f.close()

It seems the manager.connect() does not work well with dictionary… hence I put in the arguments directly into connect()

The response from the netconf router
There is nothing special to the response… it includes a xml header and the rest are old school cisco command lines.

<?xml version="1.0" encoding="UTF-8"?><data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><cli-config-data-block>!
! Last configuration change at 19:33:47 UTC Fri Sep 1 2017
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$vXrW$AjAyyXZ806fS/LlnFwAX/.
!
no aaa new-model
!
!
!
bsd-client server url https://cloudsso.cisco.com/as/token.oauth2
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip domain name cyruslab.local
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
cts logging verbose
!
!
username cisco privilege 15 secret 5 $1$ch6j$YKylcY7mY0dnvV9gDxQTe0
!
redundancy
!
!
ip ssh version 2
ip scp server enable
! 
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback3
 ip address 3.3.3.3 255.255.255.255
!
interface Ethernet0/0
 ip address 10.0.0.2 255.255.255.252
!
interface Ethernet0/1
 ip address dhcp
!
interface Ethernet0/2
 no ip address
 shutdown
!
interface Ethernet0/3
 no ip address
 shutdown
!
router ospf 1
 passive-interface default
 no passive-interface Ethernet0/0
 network 3.3.3.3 0.0.0.0 area 0
 network 10.0.0.2 0.0.0.0 area 0
 network 192.168.1.0 0.0.0.255 area 0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
control-plane
!
!
!
!
!
!
!
!
line con 0
 logging synchronous
line aux 0
line vty 0 4
 privilege level 15
 logging synchronous
 login local
 transport input ssh
!
netconf ssh acl 1
!
end
</cli-config-data-block></data>
Advertisements
This entry was posted in General stuffs. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s