SR OS NETCONF Server Basics
This chapter provides information about SR OS NETCONF server basics.
Topics in this chapter include:
Applicability
This chapter was initially written for SR OS Release 16.0.R4, but the MD-CLI in the current edition corresponds to SR OS Release 21.5.R2.
Overview
The SR OS Network Configuration Protocol (NETCONF) server can communicate with a NETCONF client, that is, exchange hello messages, receive requests, and reply with responses. Before communicating with the SR OS NETCONF server, some SR OS configurations are prerequisites, and others are optional. This chapter describes the basic configurations needed for a seamless interaction with the SR OS NETCONF server. NETCONF client-server communication shows the NETCONF client-server communication between the controller and the SR OS node.
Configuration
The following steps describe the procedure to configure a NETCONF server on SR OS.
-
Because NETCONF uses SSH for transport, enable the SSH server in SR OS:
configure { system { security { ssh { server-admin-state enable
-
Enable the NETCONF server:
configure { system { management-interface { netconf { admin-state enable
-
Enable the YANG modules to use with NETCONF; for example, the Nokia combined modules:
configure { system { management-interface { yang-modules { nokia-submodules false nokia-combined-modules true }
Note:The Nokia combined modules and the Nokia submodules are mutually exclusive and cannot both be set to true at the same time.
-
Configure an "nc_user" user with administrative privileges (access netconf):
configure { system { security { user-params { local-user { user "nc-user" { password <password> access { console true netconf true } console { member ["administrative"] } }
-
Optionally, enable NETCONF auto-config-save, which auto-saves the data (that is, makes it persistent) after each successful NETCONF commit:
configure { system { management-interface { netconf { auto-config-save true
-
Optionally, grant the NETCONF user permission to lock a datastore through NETCONF:
configure { system { security { aaa { local-profiles { profile "administrative" { netconf { base-op-authorization { lock true
-
Optionally, grant the NETCONF user permission to kill an open NETCONF session:
configure { system { security { aaa { local-profiles { profile "administrative" { netconf { base-op-authorization { kill-session true
-
Commit the configuration:
commit
-
If MD-CLI auto-config-save is disabled, save the configuration manually:
admin save
Conclusion
This chapter describes general SR OS NETCONF server configurations.