使用Netconf管理Cisco网络设备
测试环境:Cisco CSR1000V虚拟化环境
Step 1:开启Cisco设备netconf-Yang,如下图:
CSR1000V(config)#netconf-yang
CSR1000V(config)#netconf-yang ssh port 830
Step 2:配置AAA
CSR1000V(config)#aaa new-model
CSR1000V(config)#aaa authorization exec default local
Step 3:查看netconf-Yang配置
CSR1000V#show platform software yang-management process
confd : Running
nesd : Running
syncfd : Running
ncsshd : Running
dmiauthd : Running
vtyserverutild : Running
opdatamgrd : Running
ngnix : Running
Step 4:使用SSH登录Cisco设备
[root@docker ~]# ssh -s admin@192.168.188.150 -p 830 netconf
admin@192.168.188.150's password:
<?xml version="1.0" encoding="UTF-8"?>
<hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<capabilities>
<capability>urn:ietf:params:netconf:base:1.0</capability>
<capability>urn:ietf:params:netconf:base:1.1</capability>
<capability>urn:ietf:params:netconf:capability:writable-running:1.0</capability>
<capability>urn:ietf:params:netconf:capability:xpath:1.0</capability>
<capability>urn:ietf:params:netconf:capability:validate:1.0</capability>
<capability>urn:ietf:params:netconf:capability:validate:1.1</capability>
<capability>urn:ietf:params:netconf:capability:rollback-on-error:1.0</capability>
<capability>urn:ietf:params:netconf:capability:notification:1.0</capability>
<capability>urn:ietf:params:netconf:capability:interleave:1.0</capability>
<capability>http://tail-f.com/ns/netconf/actions/1.0</capability>
<capability>http://tail-f.com/ns/netconf/extensions</capability>
<capability>urn:ietf:params:netconf:capability:with-defaults:1.0?basic-mode=explicit&also-supported=report-all-tagged</capability>
<capability>urn:ietf:params:xml:ns:yang:ietf-netconf-with-defaults?revision=2011-06-01&module=ietf-netconf-with-defaults</capability>
<capability>http://cisco.com/ns/yang/ned/ios?module=ned&revision=2016-10-24&features=zone,vservice,vpdn,voice,service-insertion,seg-routing,ptp,pfr,otv,mpls-te,mls,l3vpn,l2vpn,intf-service,eth-evc,esmc,controller,card,bridge-domain,bba-group</capability>
<capability>http://cisco.com/ns/yang/ned/ios/asr1k?module=ned-asr1k&revision=2016-04-07</capability>
<capability>http://cisco.com/yang/cisco-ia?module=cisco-ia&revision=2016-06-30</capability>
<capability>http://cisco.com/yang/cisco-odm?module=cisco-odm&revision=2016-08-05</capability>
<capability>http://cisco.com/yang/cisco-self-mgmt?module=cisco-self-mgmt&revision=2016-05-14</capability>
<capability>http://tail-f.com/ns/aaa/1.1?module=tailf-aaa&revision=2015-06-16</capability>
<capability>http://tail-f.com/ns/mibs/IPV6-TC/199812010000Z?module=IPV6-TC&revision=1998-12-01</capability>
<capability>http://tail-f.com/ns/mibs/SNMP-COMMUNITY-MIB/200308060000Z?module=SNMP-COMMUNITY-MIB&revision=2003-08-06</capability>
<capability>http://tail-f.com/ns/mibs/SNMP-FRAMEWORK-MIB/200210140000Z?module=SNMP-FRAMEWORK-MIB&revision=2002-10-14</capability>
<capability>http://tail-f.com/ns/mibs/SNMP-MPD-MIB/200210140000Z?module=SNMP-MPD-MIB&revision=2002-10-14</capability>
<capability>http://tail-f.com/ns/mibs/SNMP-NOTIFICATION-MIB/200210140000Z?module=SNMP-NOTIFICATION-MIB&revision=2002-10-14</capability>
<capability>http://tail-f.com/ns/mibs/SNMP-TARGET-MIB/200210140000Z?module=SNMP-TARGET-MIB&revision=2002-10-14</capability>
<capability>http://tail-f.com/ns/mibs/SNMP-USER-BASED-SM-MIB/200210160000Z?module=SNMP-USER-BASED-SM-MIB&revision=2002-10-16</capability>
<capability>http://tail-f.com/ns/mibs/SNMP-VIEW-BASED-ACM-MIB/200210160000Z?module=SNMP-VIEW-BASED-ACM-MIB&revision=2002-10-16</capability>
附配置文件:
version 16.4
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
platform console auto
!
hostname CSR1000V
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$EyMO$IFGbXXBCiWsUq/N9Nrzyg1
!
aaa new-model
!
!
aaa authorization exec default local
!
!
!
!
!
aaa session-id common
!
!
!
!
!
!
!
!
!
ip domain name cisco.com
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
crypto pki trustpoint TP-self-signed-2486061073
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2486061073
revocation-check none
rsakeypair TP-self-signed-2486061073
!
!
crypto pki certificate chain TP-self-signed-2486061073
certificate self-signed 01
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32343836 30363130 3733301E 170D3139 30363137 30313433
35375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 34383630
36313037 33308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
0A028201 0100A11C B1E382EB 9D9CF6CD 857D1F86 1BA3C2A7 A421769C BE1B8861
2C8A61EB 6062547D 2C5B16C7 937714BC EE9496F3 59729571 2792B5D5 5440E09B
C42EC60A D744E30D AD4F16B0 7E756F2B 5CDEB554 9D9D5E82 C854219F D97FBADC
07AD7BD4 E915EDA6 0BB756CE 974043B1 44E24777 C0991BFD 9F7FB2CF 6B5EE0BF
EFA0FD35 6A7969DE DB441727 0614E0A0 0A82181F F70109D3 2BCDC2E6 7BB657ED
EEB9E5E9 C5D727B7 4A0F0245 0C6D7F32 A3B340E5 79C69962 55CEFDFA 9702BDF1
CF51419D 2E3FF490 4235A8F1 ABB8B0ED BEE35789 0CAADE77 176082EF 8C687CAC
AC11AE51 515E0818 DB4E77AA 014D3BA0 456305CF ADAEB10E 907CF3C2 C2AC9589
BC9143BC 904B0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF
301F0603 551D2304 18301680 14AA70B5 41780650 94D75910 18614801 139F3E51
3D301D06 03551D0E 04160414 AA70B541 78065094 D7591018 61480113 9F3E513D
300D0609 2A864886 F70D0101 05050003 82010100 3FAA16B0 D110FF20 DEC3D85E
98F87B2A 748350BB 71A854AD F32E3DA9 CEFE181B 9AB9BE80 574168A7 3F011ED4
E51E7E01 4DBD1F7E 5C10A0FB 3F6E2A58 3A62F989 E022E53D 227D60AD 17D30BAC
41523589 AB87F1E6 81606280 416D0306 96777BB5 7012943D FD30F18C FE2D65E5
0C9F8FCE E64252D5 02AAD7D4 09853E89 8F0EFDB1 E0FE371C D02BE009 472EDBC1
9CB025CF F02DF230 088B890F BBCFD378 10AA6ED4 EB135C43 03D16848 450100C2
068F87D2 7D1449D8 9C4B6D9E AAE791D2 3B6A5B0A B871A93F 9BD729DF 301A2277
7153BABC BE42A970 92A81AB7 269F6EF6 9873F8C1 EB747F75 9881F1DC 2CFB35DF
8BC05006 5C87EC7F 67616742 231FFD68 65BB6503
quit
!
!
!
!
!
!
!
license udi pid CSR1000V sn 9U8UJUQ3U0O
license boot level ax
diagnostic bootup level minimal
!
spanning-tree extend system-id
netconf-yang cisco-odm actions ACL
netconf-yang cisco-odm actions BGP
netconf-yang cisco-odm actions OSPF
netconf-yang cisco-odm actions Archive
netconf-yang cisco-odm actions IPRoute
netconf-yang cisco-odm actions EFPStats
netconf-yang cisco-odm actions IPSLAStats
netconf-yang cisco-odm actions Interfaces
netconf-yang cisco-odm actions Environment
netconf-yang cisco-odm actions FlowMonitor
netconf-yang cisco-odm actions MemoryStats
netconf-yang cisco-odm actions BFDNeighbors
netconf-yang cisco-odm actions BridgeDomain
netconf-yang cisco-odm actions CPUProcesses
netconf-yang cisco-odm actions LLDPNeighbors
netconf-yang cisco-odm actions VirtualService
netconf-yang cisco-odm actions MemoryProcesses
netconf-yang cisco-odm actions EthernetCFMStats
netconf-yang cisco-odm actions MPLSLDPNeighbors
netconf-yang cisco-odm actions PlatformSoftware
netconf-yang cisco-odm actions MPLSStaticBinding
netconf-yang cisco-odm actions MPLSForwardingTable
netconf-yang
!
!
username admin privilege 15 secret 5 $1$1U/S$7ZnTHY6orTeSU4HPGR7G81
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet1
ip address 192.168.188.150 255.255.0.0
negotiation auto
no mop enabled
no mop sysid
!
interface GigabitEthernet2
no ip address
shutdown
negotiation auto
no mop enabled
no mop sysid
!
interface GigabitEthernet3
no ip address
shutdown
negotiation auto
no mop enabled
no mop sysid
!
!
virtual-service csr_mgmt
ip shared host-interface GigabitEthernet1
activate
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 GigabitEthernet1 192.168.188.254
ip ssh rsa keypair-name ssh-key
ip ssh version 2
!
!
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
stopbits 1
line vty 0 4
transport input ssh
!
!
!
!
!
!
end
使用Netconf管理Cisco网络设备的更多相关文章
- 使用域账号统一管理cisco网络设备
1.思科设备和微软系统整合的背景: 公司内部有一定数量的客户端,为了实现统一化,在管理内部部署了域架构,这样可以通过组策略对客户端进行批量化管理,提高了管理的效率. 同样公司内部有一定数量的网络设备( ...
- 使用python管理Cisco设备-乾颐堂
今天发现一个老外使用python写的管理cisco设备的小框架tratto,可以用来批量执行命令. 下载后主要有3个文件: Systems.py 定义了一些不同设备的操作系统及其常见命令. Conne ...
- 使用tratto进行CISCO网络设备的管理
测试环境: CSR1000V CentOS7.4 X64 Step 1:在CentOS7上安装python 3.0环境 [root@docker ~]# python3 -VPython 3.7.0[ ...
- H3C、Huawei、Cisco网络设备AAA TACACS认证配置
TACACS技术白皮书 摘要:TACACS是实现AAA功能的一种安全协议,主要是通过TACACS客户端与TACACS服务器通信来实现多种用户的AAA功能. HWTACACS采用TCP协议承载报文,TC ...
- 用python管理Cisco路由器
目前DevOps是整个运维发展的方向,Network的运维也一样.使用程序控制底层的路由器是最基本的要求之一. 本文简单解释如何用Python控制路由器,对网络设备进行配置. Python和网络设备连 ...
- Cisco网络设备命名规则
1. CISCO 开头的产品都是路由器:2. RSP 开头的都是CISCO7500 系列产品的引擎:3. VIP 开头的产品都是CISCO 7500系列产品的多功能接口处理器模块:4. PA 开头 ...
- 配置Cisco网络设备
了解就行,不用记 电脑管理路由器软件 路由器显示命令: router#show run :显示配置信息 router#show interface :显示接口信息 router#show ip r ...
- cisco网络设备IOS升级步骤
step1:检查和备份================================================================4507R#write4507R#copy run ...
- Cisco的互联网络操作系统IOS和安全设备管理器SDM__管理Cisco互联网络
1.如果不能远程登录到一台设备上,可能是由于远程设备上没有设置口令.也可能是由于访问控制列表过滤了远程登录会话. show users:检查都有哪些设备连接到了此路由器. clear line #:清 ...
随机推荐
- 小强的HTML5移动开发之路(33)—— jqMobi基础
一.什么是jqMobi jqMobi是由appMobi针对HTML5浏览器和移动设备开发的javascript框架,是个极快速的查询选择库,支持W3C查询. 版本 jqMobi源码最初在2012年1月 ...
- 一起学Python:网络通信过程
1. 2台电脑的网络 image 说明 如果两台电脑之间通过网线连接是可以直接通信的,但是需要提前设置好ip地址以及网络掩码 并且ip地址需要控制在同一网段内,例如 一台为192.168.1.1另一台 ...
- MapReduce 经典案例手机流量排序的分析
在进行流量排序之前,先要明白排序是发生在map阶段,排序之后(排序结束后map阶段才会显示100%完成)才会到reduce阶段(事实上reduce也会排序),.此外排序之前要已经完成了手机流量的统计工 ...
- 说下IEnumerable相关的
IEnumerable 我们每天都在使用foreach进行遍历,今天讨论下面三个常见的问题: 为什么在foreach中不能修改item的值 要实现foreach需要满足什么条件 为什么Linq to ...
- No_Sql总结
NoSQL简介 NoSQL(NoSQL = Not Only SQL ),意即"不仅仅是SQL",是对不同于传统的关系型数据库的数据库管理系统的统称.在现代的计算系统上每天网络上都 ...
- gridview分页
protected void lnkbtnFrist_Click(object sender, EventArgs e) { //首页 ; this.ReadData(); } protected v ...
- discuz数据库函数使用
- Spring中的Interceptor 拦截器 专题
spring-webmvc-4.3.14.RELEASE.jar org.springframework.web.servlet.DispatcherServlet#doDispatch /** * ...
- 设置npm淘宝镜像
npm config set registry https://registry.npm.taobao.org
- C++ Lambda表达式基本用法(言简意赅,非常清楚)
创建一个匿名函数并执行.Objective-C采用的是上尖号^,而C++ 11采用的是配对的方括号[].实例如下: 1 2 3 4 5 6 7 8 9 #include <iostream> ...