SSH Client
A simple SSH connection can also be used as a client application to interact with the NetConf server. Here are the steps to establish a connection and perform a get operation.
Establish a Connection
ssh -s ocnos@10.12.28.43 -p 830 netconf
Send Client Help Message to NetConf Server
Copy and paste this message in the session and perform operations without the Enter key:
<?xml version="1.0" encoding="UTF-8"?>
<hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<capabilities>
<capability>urn:ietf:params:netconf:base:1.0</capability>
</capabilities>
</hello>]]>]]>
Note: Only base 1.0 capability is used here though server supports both base 1.0 and 1.1 capabilities. Because the later one mandates the XML encoding type "chunked framing" (RFC 6242, section 4.1), which is not user friendly.
Perform the get operation:
<?xml version="1.0" encoding="UTF-8"?>
<rpc message-id="1" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<get xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"/>
</rpc>]]>]]>
Perform get-config operation:
<rpc message-id="102"
xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<get-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<source>
<running/>
</source>
</get-config>
</rpc>]]>]]>
Perform edit-config operation:
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<edit-config>
<target>
<candidate/>
</target>
<config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<ospfv2 xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-ospf">
<ospf-id>20</ospf-id>
<config>
<ospf-id>20</ospf-id>
<shutdown/>
<vrf-name>default</vrf-name>
</config>
</process>
</processes>
</ospfv2>
</config>
</edit-config>
</rpc>]]>]]>
Perform commit operation:
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<commit/>
</rpc>]]>]]>
Perform get-schema operation:
<rpc message-id="101"
xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<get>
<filter type="subtree">
<netconf-state xmlns=
"urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring">
<schemas/>
</netconf-state>
</filter>
</get>
</rpc>]]>]]>
Perform copy-config operation:
<rpc message-id="101"
xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<copy-config>
<target>
<url>file://ZebOS.conf</url>
</target>
<source>
<running/>
</source>
</copy-config>
</rpc>]]>]]>
NETCONF-SSH over User Defined VRF
OcNOS now supports netconf-ssh feature over user defined vrfs along with default and management vrfs. With this, user must be able to enable netconf-ssh feature over multiple user defined vrfs simultaneously and access the device through user defined vrf networks from remote client.
User must be able to customize the netconf ssh ports to non-default ports (other than 830).
Server Configuration for User Defined VRFs
#configure terminal | Enter configure mode |
(config)#ip vrf vrf_test | Configure User defined vrf |
(config)#feature netconf-ssh vrf vrf_test | Enable netconf-ssh feature over user defined vrf say vrf name vrf_test |
(config)#commit | Commit configuration |
(config)#no feature netconf-ssh vrf vrf_test | Disable netconf-ssh feature over user define vrf , and define vrf name vrf_test |
(config)#commit | Commit configuration |
Server Configuration for User Defined VRFs to Configure SSH Ports
#configure terminal | Enter configure mode |
(config)#no feature netconf-ssh vrf vrf_test | Disable netconf-ssh feature over user defined vrf say vrf name “vrf_test” |
(config)#commit | Commit configuration |
(config)#netconf server ssh-port 65535 vrf vrf_test | Configure ssh port over user defined vrf. |
(config)#commit | Commit configuration |
(config)#feature netconf-ssh vrf vrf_test | Enable netconf-ssh feature over user defined vrf and define vrf name vrf_test to reflect the port configuration |
(config)#commit | Commit configuration |
Validation
#show netconf server
VRF Management
Netconf SSH Server: Enabled
SSH-Netconf Port : 830
VRF Default
Netconf SSH Server: Enabled
SSH-Netconf Port : 830
VRF vrf_test
Netconf SSH Server: Enabled
SSH-Netconf Port : 65535