RESTCONF

Overview

EOS provides support for RESTCONF and the necessary transport services to support it.

The RESTCONF server is in the EOS device.

RESTCONF configuration on EOS

Certificate

Certificate-based authentication is required for RESTCONF to operate. You should follow the instructions in the Certificate Authentication section in order to generate and install a certificate to support RESTCONF in your environment. Alternately, a self-signed certificate may be generated on the switch and certificate validation can be handled appropriately by remote RESTCONF clients.

The following Cli command generates a self-signed cert:

security pki certificate generate self-signed restconf.crt key restconf.key generate rsa 2048 parameters common-name restconf

Create ssl profile:

management security
   ssl profile restconf
   certificate restconf.crt key restconf.key

RESTCONF API

Configure RESTCONF:

Default VRF:

management api restconf
   transport https test
   ssl profile restconf

Non-default VRF

management api restconf
   transport https test
   ssl profile restconf
   vrf management

Changing the port:

management api restconf
   transport https test
      port 5900

Apply ACL

management api restconf
   transport https test
      ip access-group ACCESS_GROUP

Note The ACL should be a standard ACL allowing hosts or subnets.

Control-plane ACL

The default RESTCONF port on Arista devices is TCP 6020.

We need to change the default control-plane ACL on EOS in order to allow TCP 6020 (or to allow the configured RESTCONF port).

Please refer to this link

Status check

#show management api restconf
Enabled:            Yes
Server:             running on port 6020, in management VRF
SSL Profile:        restconf
QoS DSCP:           none