Cisco device configuration using Netconf

This blog is part of my series on Devops for Networking. In this blog, I will cover how to configure and monitor Cisco NXOS devices using Netconf. In 1 of my earlier blogs, I have provided basics of Netconf and Yang.

I have used Nexus 3k switch for my experiments below.

Netconf has the following layers:


  • Transport protocol is sshv2.
  • rpc request section contains namespace related details.
  • Operations section could be different operations like edit-config, get-config, commit, lock etc.
  • Content section contains the actual device operation in XML format. The schema for the content can either be specified in XSD format or using Yang. Cisco NXOS devices support XSD format and I will use it in this blog.

Steps to follow:

  1. Start sshv2 session to the device. Enable ssh server in the device. ssh server is enabled by default.
  2. Send hello message.
  3. Send rpc request and get rpc reply.
  4. Close sshv2 session.

To communicate to the device, XML requests can either be generated manually or by using XML management tool. In this blog, I have used manual approach.

To start a ssh netconf session, execute the following command:

 ssh admin@ -s xmlagent

After we start the session, the server sends a hello message and this is what I got back.

<?xml version="1.0" encoding="ISO-8859-1"?>
<hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">

Before we can send any commands, we need to respond back to the hello request.

<?xml version="1.0"?>
 <nc:hello xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0">

Following is an example of get request with vlan filter:

 <?xml version="1.0"?>
 <nc:rpc message-id="1" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0"
    <nc:filter type="subtree">

Output of above request:

<nc:rpc-reply xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns="" message-id="1">

Following is a XML request to set interface description for 1 of the interfaces.

<?xml version="1.0"?>
 <nc:rpc message-id="16" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0"
                     <desc_line>test Network1</desc_line>

Above, transport section is marked in “red“, rpc section is marked in “pink“, operations section is marked in “green“, contents section is marked in “black”. The tags used in contents section are specified in XSD model file.

This is the reply that we receive. In this case, the reply says that the request is successfully handled.

<?xml version="1.0" encoding="ISO-8859-1"?>
<?xml version="1.0" encoding="ISO-8859-1"?>
<nc:rpc-reply xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns="" message-id="16">

We can also send raw CLI commands using netconf. In the following example, I read the running-config of the interface for which I changed the description above.

<?xml version="1.0"?>
 <nf:rpc xmlns:nf="urn:ietf:params:xml:ns:netconf:base:1.0"
  xmlns:nxos="" message-id="110">
       <nxos:cmd>show running-config interface Ethernet 1/12</nxos:cmd>
<?xml version="1.0" encoding="ISO-8859-1"?>
<nf:rpc-reply xmlns:nf="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:nxos="" message-id="110">
!Command: show running-config interface Ethernet1/12
!Time: Fri Sep 26 11:48:15 2014

version 6.0(2)U4(1)

interface Ethernet1/12
  description test Network1
  no cdp enable
  no switchport
  ip address
  ip router ospf 1 area
  ip pim sparse-mode


Netconf as a configuration and management protocol looks very promising. The problem I see with XSD model is its very difficult to follow and its not user friendly. Following blog from John covers some of the practical Netconf problems. Yang modeling language is much easier to read and use. But it looks like Yang adoption is still lagging behind. It will be good if all device vendors adhere to a common Yang model for all device configuration and monitoring. In that case, management software can just load the Yang model and configure/monitor any device without worrying about intricacies of the individual device.


3 thoughts on “Cisco device configuration using Netconf

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s