- COURSES
- SPECIALS
- BLOG
- MEMBERS
- SHOP
- ABOUT
- ENROLL HERE
RESTCONF Protocol is a network automation and programmability protocol which allows us to manage and configure network devices automatically. The other protocol which does the same job is NETCONF. We have talked about what is RESTCONF before. Here, we will focus on Cisco RESTCONF Configuration and we will learn how to configure RESTCONF on Cisco router.
You can also check Cisco NETCONF Configuration Example Lesson.
Table of Contents
To configure RESTCONF on Cisco routers, we will follow the below configuration steps one by one:
The first step of our configuration is authentication configuration. Here, we will use AAA Authentication. To do AAA configuration, we will use “aaa new-model” to enable AAA. Then, we will use “aaa authentication login default local” to set the authentication to use the local username database. Then we will use “aaa authorization exec default local” command to configure the AAA authorization to check local database. We also allow the user to run Exec shell.
Router# configure terminal
Router(config)# aaa new-model
Router(config)# aaa authentication login default local
Router(config)# aaa authorization exec default local
The second step of Cisco RESTCONF configuration is enabling HTTP Services for RESTCONF. Here, we will use “restconf” command, to enable RESTCONF on the interfaces. After that to enable a secure HTTP server (HTTPS), we will use “ip http secure-server” command.
Router(config)# restconf
Router(config)# ip http secure-server
Router(config)# end
As you can see, configuration a Cisco device for RESTCONF is not too difficult.
To verify RESTCONF on Cisco devices, you can use the below verification commands:
To check NGINX status, we will use “show platform software yang-management process monitor” command. NGINX provides Transport Layer Security (TLS)-based HTTPS. Our RESTCONF requests will be sent via HTTPS and it is received by NGINX proxy web server.
Router# show platform software yang-management process monitor
COMMAND PID S VSZ RSS %CPU %MEM ELAPSED
nginx 28626 S 228356 18428 0.0 0.4 01:27
nginx 28972 S 228822 13600 0.0 0.5 01:27
Router# show platform software yang-management process
confd : Not Running
nesd : Not Running
syncfd : Not Running
ncsshd : Not Running
dmiauthd : Not Running
nginx : Running
ndbmand : Not Running
pubd : Not Running
After “restconf” command, the status of NGINX and DMI processes:
Router# show platform software yang-management process
confd : Running
nesd : Running
syncfd : Running
ncsshd : Not Running ! NETCONF-YANG is not configured, hence ncsshd process is in not running.
dmiauthd : Running
vtyserverutild : Running
opdatamgrd : Running
nginx : Running ! nginx process is up due to the HTTP configuration, and it is restarted when RESTCONF is enabled.
ndbmand : Running
To see the NETCONF sessions, we will use “show netconf-yang sessions” command.
Router# show netconf-yang sessions
R: Global-lock on running datastore
C: Global-lock on candidate datastore
S: Global-lock on startup datastore
Number of sessions : 1
session-id transport username source-host global-lock
——————————————————————————–
16 netconf-ssh admin 2001:db8::1 None
To see the session details, we will use “show netconf-yang sessions detail” command.
Router# show netconf-yang sessions detail
R: Global-lock on running datastore
C: Global-lock on candidate datastore
S: Global-lock on startup datastore
Number of sessions : 1
session-id : 16
transport : netconf-ssh
username : admin
source-host : 2001:db8::1
login-time : 2024-5-14T16:28:22+00:00
in-rpcs : 0
in-bad-rpcs : 0
out-rpc-errors : 0
out-notifications : 0
global-lock : None
You can also use the below RFCs for more information about RESTCONF and YANG.
Leave a Reply