Network Configuration Protocol Commands

This chapter includes commands to configure the Network Configuration (Netconf) Protocol. More details on the Netconf protocol and the Yang model, please see the System Security Configuration Guide for Cisco CRS Routers.

clear netconf-yang agent session

To clear the specified netconf agent session, use the clear netconf-yang agent session in EXEC mode.

clear netconf-yang agent session session-id

Syntax Description

session-id

The session-id which needs to be cleared.

Command Default

None

Command Modes

EXEC mode

Command History

Release Modification

Release 5.3.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

The show netconf-yang clients command can be used to get the required session-id(s).

Task ID

Task ID Operation

config-services

read, write

Examples

This example shows how to use the clear netconf-yang agent session command: 

RP/0/RP0/CPU0:router (config) #  clear netconf-yang agent session 32125

clear netconf-yang agent rate-limit

To clear the set rate-limit statistics, use the clear netconf-yang agent rate-limit command in the appropriate mode.

clear netconf-yang agent rate-limit

Syntax Description

This command has no keywords or arguments.

Command Default

None

Command Modes

EXEC

Command History

Release Modification

Release 5.3.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation
config-services

read, write

Examples

This example shows how to use the clear netconf-yang agent rate-limit command: 

RP/0/RP0/CPU0:router # clear netconf-yang agent rate-limit

netconf-yang agent ssh

To enable netconf agent over SSH (Secure Shell) , use the netconf-yang agent ssh command in Global Configuration mode. To disable netconf, use the no form of the command.

netconf-yang agent ssh

Syntax Description

This command has no keywords or arguments.

Command Default

None

Command Modes

Global Configuration mode

Command History

Release Modification

Release 5.3.0

This command was introduced.

Usage Guidelines

SSH is currently the supported transport method for Netconf.

Task ID

Task ID Operation

config-services

read, write

Examples

This example shows how to use the netconf-yang agent ssh command: 

RP/0/RP0/CPU0:router (config) #  netconf-yang agent ssh

netconf-yang agent session

To set the session details (limits and timeouts) for a netconf-yang agent, use the netconf-yang agent session command in the appropriate mode. To remove the configured session limits and timeouts, use the no form of the command.

netconf-yang agent session { limit value | absolute-timeout value | idle-timeout value }

no netconf-yang agent session { limit value | absolute-timeout value | idle-timeout value }

Syntax Description

limit value

Sets the maximum count for concurrent netconf-yang sessions. Range is 1 to 1024.

absolute-timeout value

Enables session absolute timeout and sets the absolute session lifetime. Range is 1 to 1440. Unit is minutes.

idle-timeout value

Enables session idle timeout and sets the idle session lifetime. Range is 1 to 1440. Unit is minutes.

Command Default

By default, no limits are set

Command Modes

Global Configuration mode

Command History

Release Modification

Release 5.3.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

config-services

read, write

Examples

This command shows how to use the netconf-yang agent session command: 

RP/0/RP0/CPU0:router (config) #   netconf-yang agent session limit

netconf-yang agent rate-limit

To set the rate-limit for the netconf yang agent, use the netconf-yang agent rate-limit command in the appropriate mode. To delete the set rate-limit, use the no form of the command.

netconf-yang agent rate-limit bytes

no netconf-yang agent rate-limit bytes

Syntax Description

bytes

The number of bytes to process per second. Range is 4096-4294967295. It is based on the size of the request(s) from the client to the netconf server.

Command Default

By default, no limit is set

Command Modes

Global Configuration mode

Command History

Release Modification

Release 5.3.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Use the show netconf-yang rate-limit command to check if the set limit is adequate.

Task ID

Task ID Operation

config-services

read, write

Examples

This example shows how to use the netconf-yang agent rate-limit command: 

RP/0/RP0/CPU0:router # netconf-yang agent rate-limit 5000

netconf-yang agent yfw idle-timeout

To configure idle timeout value for the operational yang model use the netconf-yang agent yfw idle-timeout command. Idle timeout indicates the duration for which there is no netconf process activity. If the idle timeout value is configured, all the operational yang models that are not being used for the specified duration, are released from the memory.

netconf-yang agent yfw idle-timeout time in seconds

Syntax Description

Specify the time in seconds. The valid value must be between the range of 1 to 4294967295 seconds

Command Default

If this command is not configured, the operational yang models are not released from the memory. To manually release the yang models, the Netconf process should be restarted.

Command Modes

Global Configuration mode

Command History

Release

Modification

Release 6.0

This command was introduced.

Examples

This example shows how to use the netconf-yang agent yfw idle-timeout command: 

RP/0/RP0/CPU0:router (config) #  netconf-yang agent yfw idle-timeout 60

show netconf-yang clients

To display the client details for netconf-yang, use the show netconf-yang clients command in EXEC mode.

show netconf-yang clients

Syntax Description

This command has no keywords or arguments.

Command Default

None

Command Modes

EXEC mode

Command History

Release Modification

Release 5.3.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

config-services

read

Examples

This example shows how to use the show netconf-yang clients command: 

RP/0/RP0/CPU0:router (config) #  sh netconf-yang clients
Netconf clients 
client session ID|   NC version|    client connect time|        last OP time|        last OP type|    <lock>|
 22969|          											1.1|        	 0d  0h  0m  2s|            11:11:24|       close-session|        No|           
 15389|          											1.1|        	 0d  0h  0m  1s|            11:11:25|          get-config|        No|
Table 1. Field descriptions

Field name

Description

Client session ID

Assigned session identifier

NC version

Version of the Netconf client as advertised in the hello message

Client connection time

Time elapsed since the client was connected

Last OP time

Last operation time

Last OP type

Last operation type

Lock (yes or no)

To check if the session holds a lock on the configuration datastore

show netconf-yang rate-limit

To display the statistics of the total data dropped , due to the set rate-limit, use the show netconf-yang rate-limit command in the appropriate mode.

show netconf-yang rate-limit

Syntax Description

This command has no keywords or arguments.

Command Default

None

Command Modes

EXEC

Command History

Release Modification

Release 5.3.1

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation
config-services

read

Examples

This example shows how to use the show netconf-yang rate-limit command: 

RP/0/RP0/CPU0:router # show netconf-yang rate-limit
rate-limit statistics
Total data dropped: 0 Bytes

show netconf-yang statistics

To display the statistical details for netconf-yang, use the show netconf-yang statistics command in EXEC mode.

show netconf-yang statistics

Syntax Description

This command has no keywords or arguments.

Command Default

None

Command Modes

EXEC mode

Command History

Release Modification

Release 5.3.0

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID Operation

config-services

read

Examples

This example shows how to use the show netconf-yang statistics command: 

RP/0/RP0/CPU0:router (config) #  sh netconf-yang statistics
Summary statistics                         
			                      # requests|             total time|   min time per request|   max time per request|   avg time per request|
other                             0|       0h  0m  0s   0ms|       0h  0m  0s   0ms|       0h  0m  0s   0ms|       0h  0m  0s   0ms|
close-session                     4|       0h  0m  0s   3ms|       0h  0m  0s   0ms|       0h  0m  0s   1ms|       0h  0m  0s   0ms|
kill-session                      0|       0h  0m  0s   0ms|       0h  0m  0s   0ms|       0h  0m  0s   0ms|       0h  0m  0s   0ms|
get-schema                        0|       0h  0m  0s   0ms|       0h  0m  0s   0ms|       0h  0m  0s   0ms|       0h  0m  0s   0ms|
get                               0|       0h  0m  0s   0ms|       0h  0m  0s   0ms|       0h  0m  0s   0ms|       0h  0m  0s   0ms|
get-config                        1|       0h  0m  0s   1ms|       0h  0m  0s   1ms|       0h  0m  0s   1ms|       0h  0m  0s   1ms|
edit-config                       3|       0h  0m  0s   2ms|       0h  0m  0s   0ms|       0h  0m  0s   1ms|       0h  0m  0s   0ms|
commit                            0|       0h  0m  0s   0ms|       0h  0m  0s   0ms|       0h  0m  0s   0ms|       0h  0m  0s   0ms|
cancel-commit                     0|       0h  0m  0s   0ms|       0h  0m  0s   0ms|       0h  0m  0s   0ms|       0h  0m  0s   0ms|
lock                              0|       0h  0m  0s   0ms|       0h  0m  0s   0ms|       0h  0m  0s   0ms|       0h  0m  0s   0ms|
unlock                            0|       0h  0m  0s   0ms|       0h  0m  0s   0ms|       0h  0m  0s   0ms|       0h  0m  0s   0ms|
discard-changes                   0|       0h  0m  0s   0ms|       0h  0m  0s   0ms|       0h  0m  0s   0ms|       0h  0m  0s   0ms|
validate                          0|       0h  0m  0s   0ms|       0h  0m  0s   0ms|       0h  0m  0s   0ms|       0h  0m  0s   0ms|
xml parse                         8|       0h  0m  0s   4ms|       0h  0m  0s   0ms|       0h  0m  0s   1ms|       0h  0m  0s   0ms|
netconf processor                 8|       0h  0m  0s   6ms|       0h  0m  0s   0ms|       0h  0m  0s   1ms|       0h  0m  0s   0ms|
Table 2. Field descriptions

Field name

Description

Requests

Total number of processed requests of a given type

Total time

Total processing time of all requests of a given type

Min time per request

Minimum processing time for a request of a given type

Max time per request

Maximum processing time for a request of a given type

Avg time per request

Average processing time for a request type

ssh server netconf port

To configure a port for the netconf SSH server, use the ssh server netconf port command in Global Configuration mode. To return to the default port, use the no form of the command.

ssh server netconf port port number

Syntax Description

port port-number

Port number for the netconf SSH server (default port number is 830).

Command Default

The default port number is 830.

Command Modes

Global Configuration mode

Command History

Release

Modification

Release 2.0

This command was introduced.

Release 3.8.0

The vrf keyword was supported.

Release 6.0

The ssh server netconf command is no longer auto completed to configure the default port. This command is now optional

Usage Guidelines

Starting with IOS-XR 6.0.0 it is no longer sufficient to configure a netconf port to enable netconf subsystem support. ssh server netconf needs to be at least configured for one vrf.

Task ID

Task ID

Operations

crypto

read, write

Examples

This example shows how to use the ssh server netconf port command with port 831: 


RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# ssh server netconf port 831

Related Commands

Command

Description

ssh server netconf

Configures the vrf(s), where netconf subsystem requests are to be received.

netconf-yang agent ssh

Configures the ssh netconf-yang backend for the netconf subsystem (Required to allow the system to service netconf-yang requests).

For more information, see the Cisco ASR 9000 Series Aggregation Services Router System Management Command Reference.

ssh server capability netconf-xml

To enable NETCONF reach XML subsystem via port 22, use the ssh server capability netconf-xml command in in the Global Configuration mode. Use no form of this command to disable NETCONF reach XML subsystem.

ssh server capability netconf-xml

Syntax Description

This command has no keywords or arguments.

Command Default

Port 22 is the default port.

Command Modes

Global configuration

Command History

Release Modification
Release 6.1.4

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Task ID

Task ID

Operations

crypto

read, write