NETCONF is not working on RG-WS6512

Dear experts!
I am trying to configure basic NETCONF functionality on Access Controller RG-WS6512.
I see that port 830 is ready for SSH, but when I trying to connect, controller is closing session immediately after successful user authentication.
As far as I know, right after connection, the controller must send HELLO with capabilities list (as acts, for example, netconf-capable Cisco devices). But Ruijie just closing connection right after establishing it.

MacBook-Pro-3 ~ % ssh -l admin -p 830 192.168.200.51
admin@192.168.200.51's password:
Connection to 192.168.200.51 closed by remote host.
Connection to 192.168.200.51 closed.
MacBook-Pro-3 ~ %

I see, that auth on AC side doing successful:

*May 19 22:26:06: %AAA-6-USER_AUTH_PASSED: User authenticated. Username: admin.

Configuration on AC side is minimal:

ruijie-wlc-01#show run | i etconf     
netconf capability rollback
netconf capability validate
netconf capability candidate
netconf enable   << --- not visible as it enabled by default

ruijie-wlc-01#

Could you, please, so kindly, help me with correct netconf configuration for minimal functionality (for example, to get capabilities list, retrieve configuration  elements and change some of them).
Regards,
Alexey

Dear sir

Here is a guide to configure netconf on AC on page 2452: https://www.ruijienetworks.com/resources/preview/ruijie-rg-wlan-series-access-controllers-configuration-guide-w2b1


You need to ensure the netconf server network connecitivity and configure the following commands:

1. Configuring netconf server management IP address:

Hostname> enable
Hostname# configure terminal
Hostname(config)#interface mgmt 0
Hostname(config-if-Mgmt 0)# ip address 172.29.71.62 255.255.255.0
Hostname(config-if-Mgmt 0)# gateway 172.29.71.1
2. Configuring SSH
Hostname> enable
Hostname# configure terminal
Hostname(config)# enable service ssh-server
Hostname(config)# crypto key generate rsa
% You already have RSA keys.
% Do you really want to replace them? [yes/no]:y
Choose the size of the rsa key modulus in the range of 512 to 2048
and the size of the dsa key modulus in the range of 360 to 2048 for your
Signature Keys. Choosing a key modulus greater than 512 may take
a few minutes.
Choose the size of the ecc key modulus from (256, 384, 521)
How many bits in the modulus [1024]:2048
% Generating 2048 bit RSA1 keys ...[ok]
% Generating 2048 bit RSA keys ...[ok]
Hostname(config)#
3. Login with username and password:

Hostname(config)# username netconf privilege 15 password netconf_1234
Hostname(config)#line vty 0 4      

Hostname(config-line)#login local
4. Enables the NETCONF framework service.
Hostname(config)# netconf enable

Hostname(config)# netconf yang multi-revision  //Configures the NETCONF server to advertise all versions of all supported YANG modules to the NETCONF client.
Hostname(config)# netconf capability candidate  //Enables the candidate and confirmed-commit capabilities of NETCONF.
Hostname(config)# netconf port 10000  //Configures the port monitored by the NETCONF server.
As shown in the figure, the NETCONF client side software is used to log in to the NETCONF server through the SSH protocol to realize the management and monitoring of network devices.

If the above commands still can not work, please help type the following commands and show me the result to further check this issue. You can send it to my email: yujiamin1@ruijie.com.cn.

Hostname# ping oob x.x.x.x  //x.x.x.x is netconfig client IP address
Hostname# show service
Hostname# show netconf session

Hostname# show run
Hostname# show version
Hostname# show log

Best regards
Jenny

GTAC-Jenny replied at 2024-5-20 14:12
Dear sir

Here is a guide to configure netconf on AC on page 2452: https://www.ruijienetworks.com/re ...

Dear Jenny.

Thank you for detailed explanation.

I have a couple of additional questions I want to ask before trying to apply your recommendations:

• Is it mandatory to use MGMT interface configuration for NETCONF (as per commands you sent me)? Because we have regular VLAN200 interface as common interface for AP-management as well as for AC-management. And, of course, there is an IP connectivity between netconf client and access controller aka netconf server:
  

ruijie-wlc-01#show ip int br
Interface                                IP-Address(Pri)      IP-Address(Sec)      Status                 Protocol
VLAN 200                                 192.168.200.51/24    no address           up                     up      
ruijie-wlc-01#sh ip route

Codes:  C - Connected, L - Local, S - Static
        R - RIP, O - OSPF, B - BGP, I - IS-IS, V - Overflow route
        N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
        E1 - OSPF external type 1, E2 - OSPF external type 2
        SU - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
        IA - Inter area, EV - BGP EVPN, * - candidate default

Gateway of last resort is 192.168.200.254 to network 0.0.0.0
S*    0.0.0.0/0 [1/0] via 192.168.200.254
C     192.168.200.0/24 is directly connected, VLAN 200
C     192.168.200.51/32 is local host.
ruijie-wlc-01#
ruijie-wlc-01#ping 192.168.254.101
Sending 5, 100-byte ICMP Echoes to 192.168.254.101, timeout is 2 seconds:
  < press Ctrl+C to break >
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/48/50 ms.
ruijie-wlc-01#

2. I already have several users with priv-level 15 configured on access controller. Do I need to create special user "netconf" as per your commands, for getting NETCONF working? With these users I see that auth is successful every time, but session is closing every time as well.

3. There is no "show netconf session" command available on my controller:

ruijie-wlc-01#show netconf ?      
  yang-suite  Show netconf yang suite
ruijie-wlc-01#

4. Show version:

ruijie-wlc-01#show version        
System description      : Ruijie 10G Wireless Switch(WS6512) By Ruijie Networks.
System start time       : 2024-05-14 20:54:19
System uptime           : 5:20:10:29
System hardware version : 1.20
System software version : AC_RGOS 11.9(6)W3B1, Release(11160201)
System patch number     : NA
System web version      : WLANWEB 11.9(6)W3B1, Release(11160201)
System serial number    : G1SA0X500012C
System boot version     : 1.8.7
Module information:
  Slot 0 : WS6512
    Hardware version    : 1.20
    Boot version        : 1.8.7
    Software version    : AC_RGOS 11.9(6)W3B1, Release(11160201)
    Serial number       : G1SA0X500012C

Best regards,

Alexey

Alexey Savkin replied at 2024-5-20 22:05
Dear Jenny.

Thank you for detailed explanation.

Dear Alexey Savkin,

Good day.
1. The ETCONF configuration has not specified MGMT port only, you can still use interface vlan 200 for communication.
2. You can create a create special user "netconf" for getting NETCONF working.
3. The commands may vary from different device models, you can refer to this link for more commands meaning
Ruijie RG-WLAN Series Access Controllers Configuration Guide, RGOS11.9(6)W2B1 (V1.2) - Ruijie Networks


RD,
David

GTAC-David replied at 2024-5-27 16:23
Dear Alexey Savkin,

Good day.

Hi Jenny.
Have created netconf username, but sill getting immediate disconnection right after login:

MacBook-Pro-3 ~ % ssh -l netconf -p 830 192.168.200.51
netconf@192.168.200.51's password:
Connection to 192.168.200.51 closed by remote host.
Connection to 192.168.200.51 closed.
MacBook-Pro-3 ~ %

But I see successful login attempt in logs:

*May 27 13:01:02: %AAA-6-USER_AUTH_PASSED: User authenticated. Username: netconf.

Any ideas so far?

Thank you in advance.

Alexey

Alexey Savkin replied at 2024-5-27 18:05
Hi Jenny.
Have created netconf username, but sill getting immediate disconnection right after logi ...

Still have no success with NETCONF connection to the controller... The problem persist((: session got disconnected right after establishing.
Any ideas?
Regards,
Alexey