Login
- Table of Contents
-
- 12-Network Management and Monitoring Command Reference
- 00-Preface
- 01-System maintenance and debugging commands
- 02-NQA commands
- 03-NTP commands
- 04-SNMP commands
- 05-NETCONF commands
- 06-RMON commands
- 07-EAA commands
- 08-Process monitoring and maintenance commands
- 09-sFlow commands
- 10-Mirroring commands
- 11-Information center commands
- 12-GOLD commands
- 13-Packet capture commands
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 05-NETCONF commands | 51.44 KB |
NETCONF commands
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide.
netconf log
Use netconf log to enable NETCONF logging.
Use undo netconf log to remove the configuration for the specified NETCONF operation sources and NETCONF operations.
Syntax
netconf log source { all | { agent | soap | web } * } { { protocol-operation { all | { action | config | get | set | session | syntax | others } * } } | verbose }
undo netconf log source { all | { agent | soap | web } * } { { protocol-operation { all | { action | config | get | set | session | syntax | others } * } } | verbose }
Default
NETCONF logging is disabled.
Views
System view
Predefined user roles
network-admin
Parameters
source: Specifies a NETCONF operation source that represents clients that use a protocol.
· all: Specifies NETCONF clients that use all protocols.
· agent: Specifies clients that use Telnet, SSH, console, or NETCONF over SSH.
· soap: Specifies clients that use SOAP over HTTP, or SOAP over HTTPS.
· web: Specifies clients that use Web.
protocol-operation: Specifies a NETCONF operation type.
· all: Specifies all NETCONF operations.
· action: Specifies the action operation.
· config: Specifies the configuration-related NETCONF operations, including the CLI, save, load, rollback, lock, unlock, and save-point operations.
· get: Specifies the data retrieval-related NETCONF operations, including the get, get-config, get-bulk, get-bulk-config, and get-sessions operations.
· session: Specifies session-related NETCONF operations, including the kill-session and close-session operations, and capability exchanges by hello messages.
· set: Specifies all edit-config operations.
· syntax: Specifies the requests that include XML and schema errors.
· others: Specifies NETCONF operations except for those specified by keywords action, config, get, set, session, and syntax.
verbose: Logs detailed NETCONF information. For request operations, this keyword logs the texts of the requests after brief information. For service operations, this keyword takes effect only on edit-config operations. When an edit-config operation error occurs, this keyword logs detailed error information.
Usage guidelines
For NETCONF to correctly send the generated logs to the information center, you must also configure the information center. For information about information center configuration, see the network management and monitoring configuration guide for the device.
Examples
# Configure the device to log NETCONF edit-config information sourced from agent clients.
<Sysname> system-view
[Sysname] netconf log source agent protocol-operation set
netconf soap http dscp
Use netconf soap http dscp to set the DSCP value for outgoing NETCONF over SOAP over HTTP packets.
Use undo netconf soap http dscp to restore the default.
Syntax
netconf soap http dscp dscp-value
undo netconf soap http dscp
Default
The DSCP value is 0 for outgoing NETCONF over SOAP over HTTP packets.
Views
System view
Predefined user roles
network-admin
Parameters
dscp-value: Specifies a DSCP value in the range of 0 to 63. A larger DSCP value represents a higher priority.
Usage guidelines
The DSCP value of an IP packet specifies the priority level of the packet and affects the transmission priority of the packet.
Examples
# Set the DSCP value to 30 for outgoing NETCONF over SOAP over HTTP packets.
<Sysname> system-view
[Sysname] netconf soap http dscp 30
netconf soap http enable
Use netconf soap http enable to enable NETCONF over SOAP over HTTP.
Use undo netconf soap http enable to disable NETCONF over SOAP over HTTP.
Syntax
netconf soap http enable
undo netconf soap http enable
Default
NETCONF over SOAP over HTTP is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
This command is not available for high encryption in FIPS mode.
This command enables the device to resolve NETCONF messages that are encapsulated with SOAP in HTTP packets.
Examples
# Enable NETCONF over SOAP over HTTP.
<Sysname> system-view
[Sysname] netconf soap http enable
netconf soap https dscp
Use netconf soap https dscp to set the DSCP value for outgoing NETCONF over SOAP over HTTPS packets.
Use undo netconf soap https dscp to restore the default.
Syntax
netconf soap https dscp dscp-value
undo netconf soap https dscp
Default
The DSCP value is 0 for outgoing NETCONF over SOAP over HTTPS packets.
Views
System view
Predefined user roles
network-admin
Parameters
dscp-value: Specifies a DSCP value in the range of 0 to 63. A larger DSCP value represents a higher priority.
Usage guidelines
The DSCP value of an IP packet specifies the priority level of the packet and affects the transmission priority of the packet.
Examples
# Set the DSCP value to 30 for outgoing NETCONF over SOAP over HTTPS packets.
<Sysname> system-view
[Sysname] netconf soap https dscp 30
netconf soap https enable
Use netconf soap https enable to enable NETCONF over SOAP over HTTPS.
Use undo netconf soap https enable to disable NETCONF over SOAP over HTTPS.
Syntax
netconf soap https enable
undo netconf soap https enable
Default
NETCONF over SOAP over HTTPS is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
This command enables the device to resolve NETCONF messages that are encapsulated with SOAP in HTTPS packets.
Examples
# Enable NETCONF over SOAP over HTTPS.
<Sysname> system-view
[Sysname] netconf soap https enable
netconf ssh server enable
Use netconf ssh server enable to enable NETCONF over SSH.
Use undo netconf ssh server enable to disable NETCONF over SSH.
Syntax
netconf ssh server enable
undo netconf ssh server enable
Default
NETCONF over SSH is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
This feature allows you to use an SSH client to invoke NETCONF as an SSH subsystem. Then, you can directly use XML messages to perform NETCONF operations without using the xml command.
Before you execute this command, configure the authentication mode for users as scheme on the device. Then, the NETCONF-over-SSH-enabled user terminals can access the device through NETCONF over SSH.
Only capability set urn:ietf:params:netconf:base:1.0 is available. It is supported by both the device and user terminals.
Examples
# Enable NETCONF over SSH.
<Sysname> system
[Sysname] netconf ssh server enable
netconf ssh server port
Use netconf ssh server port to specify a port to listen for NETCONF over SSH connections.
Use undo netconf ssh server port to restore the default.
Syntax
netconf ssh server port port-number
undo netconf ssh server port
Default
Port 830 listens for NETCONF over SSH connections.
Views
System view
Predefined user roles
network-admin
Parameters
port-number: Specifies a port by its number in the range of 1 to 65535.
Usage guidelines
When assigning a listening port, make sure the specified port is not being used by other services. The SSH service can share the same port with other services, but it might not operate correctly.
Examples
# Specify port 800 to listen for NETCONF over SSH connections.
<Sysname> system
[Sysname] netconf ssh server port 800
xml
Use xml to enter XML view.
Syntax
xml
Views
User view
Predefined user roles
network-admin
network-operator
Usage guidelines
In XML view, use NETCONF messages to configure the device or obtain data from the device. The NETCONF operations you can perform depend on the user roles you have, as shown in Table 1.
Table 1 NETCONF operations available for the predefined user roles
|
User role |
NETCONF operations |
|
network-admin |
All NETCONF operations |
|
network-operator |
· Get · Get-bulk · Get-bulk-config · Get-config · Get-sessions · Close-session |
NETCONF messages must comply with the XML format requirements and semantic and syntactic requirements in the NETCONF XML API reference for the device. To ensure successful configuration, use third-party software to generate NETCONF messages.
To quit XML view, use a NETCONF message instead of the quit command.
If you have configured a shortcut key (Ctrl + C, by default) by using the escape-key command in user line/user line class view, the NETCONF message should not contain the shortcut key string. Otherwise, relevant configurations in XML view might be affected. For example, in user line view, you configured "a" as the shortcut key by using the escape-key a command. When a NETCONF message includes the character "a," only the contents after the last "a" in the message can be processed.
Examples
# Enter XML view.
<Sysname> xml
<?xml version="1.0" encoding="UTF-8"?><hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><capabilities><capability>urn:ietf:params:netconf:base:1.1</capability><capability>urn:ietf:params:netconf:writable-running</capability><capability>urn:ietf:params:netconf:capability:notification:1.0</capability><capability>urn:ietf:params:netconf:capability:validate:1.1</capability><capability>urn:ietf:params:netconf:capability:interleave:1.0</capability><capability>urn:h3c:params:netconf:capability:h3c-netconf-ext:1.0</capability></capabilities><session-id>1</session-id></hello>]]>]]>
# Quit XML view.
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<close-session>
</close-session>
</rpc>]]>]]>
<Sysname>
