Skip to content

NETCONF

Overview

EOS provides support for managing the switch via NETCONF.

NETCONF

Currently supported NETCONF operations: get, get-config, get-schema, edit-config, lock, unlock, close-session, kill-session.

To configure NETCONF in default VRF we can enable the ssh transport under management api netconf:

Default VRF

management api netconf
   transport ssh test

Non-default VRF

management api netconf
   transport ssh test
      vrf management

Changing the port

management api netconf
   transport ssh test
      port 830

Restricting access

Applying ACLs on NETCONF

NETCONF ACLs are configured in the management ssh mode with the commands: ip|ipv6 access-group <vrf> in

management ssh
   ip access-group netdevops_admins vrf MGMT in
   ip access-group netdevops_admins in

Note

The ACL should be a standard ACL allowing hosts or subnets.

Status check

#show management api netconf

Enabled:            Yes
Server:             running on port 830, in management VRF