In modern network automation, YANG (Yet Another Next Generation) is the data modeling language that defines the structure and constraints of configuration and operational state data. For the CCNA 200-301 exam objective 6.6, you must understand how YANG enables model-driven programmability, allowing tools like NETCONF and RESTCONF to manage network devices programmatically. This chapter covers YANG models, their role in automation, and how to interact with them using Cisco IOS XE devices.
Jump to a section
Imagine you are an architect designing a house. Without a blueprint, you might tell the builder vague instructions like 'put a window here' or 'the door should be big.' The builder would likely misinterpret your intent, leading to costly mistakes. Now, consider a standardized blueprint: every wall, window, door, and electrical outlet is precisely defined with dimensions, materials, and placement. This is exactly what YANG does for network devices. A YANG model is a formal, hierarchical blueprint that describes every configuration knob and operational state variable on a network device. For example, instead of saying 'configure interface GigabitEthernet1 with an IP address,' YANG defines a tree where 'interface' is a container, 'GigabitEthernet1' is a list entry, and 'ip-address' is a leaf with a specific data type (e.g., IPv4 address). The builder (NETCONF or RESTCONF) reads this blueprint to send configuration changes without ambiguity. If you want to change the IP, you send a YANG-encoded message that matches the exact tree structure—no more parsing CLI strings. This analogy extends to validation: the blueprint ensures you cannot put a square peg in a round hole. YANG models include constraints like mandatory fields, allowed values, and ranges, preventing invalid configurations before they reach the device. So, YANG is the language of network blueprints, enabling reliable, automated, and consistent device management across multivendor environments.
What is YANG and Why Does It Exist?
YANG (RFC 6020, RFC 7950) is a data modeling language used to model configuration and state data for network management protocols like NETCONF and RESTCONF. It was developed by the IETF to provide a standardized, vendor-neutral way to describe the capabilities of network devices. Before YANG, network management relied on proprietary CLI or SNMP MIBs, which were inconsistent across vendors and difficult to automate. YANG solves this by defining a hierarchical tree structure with well-defined data types, constraints, and operations.
YANG Model Structure
A YANG model defines data using nodes: - Leaf: A single, scalar value (e.g., an IP address). - Leaf-list: A list of scalar values (e.g., a list of DNS servers). - Container: A group of related nodes (e.g., interface settings). - List: A sequence of entries, each identified by a key (e.g., multiple interfaces, each with a unique name). - Choice: Allows one option from a set of alternatives. - Anyxml: Can hold any XML data (rarely used in modern models).
Example snippet from the ietf-interfaces YANG model:
container interfaces {
list interface {
key "name";
leaf name {
type string;
}
leaf description {
type string;
}
leaf type {
type identityref {
base iana-if-type;
}
}
leaf enabled {
type boolean;
default true;
}
}
}How YANG Works with NETCONF and RESTCONF
YANG models are used by NETCONF (RFC 6241) and RESTCONF (RFC 8040) to encode configuration and operational state data. NETCONF uses XML encoding, while RESTCONF can use XML or JSON. The YANG model defines the schema for these data formats.
#### Step-by-Step Mechanism (NETCONF Example):
1. Device Capability Exchange: During NETCONF session establishment, the device sends a <hello> message listing its supported YANG models (capabilities).
2. Retrieve Schema: A client can retrieve the YANG schema using the get-schema RPC or from a local repository.
3. Configuration Operation: The client sends an <edit-config> operation with XML data conforming to the YANG model. For example, to enable an interface:
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<edit-config>
<target>
<candidate/>
</target>
<config>
<interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces">
<interface>
<name>GigabitEthernet1</name>
<enabled>true</enabled>
</interface>
</interfaces>
</config>
</edit-config>
</rpc>Validation: The device validates the XML against the YANG model (data types, mandatory nodes, constraints).
Commit: If using candidate datastore, the client commits changes. In running datastore, changes take effect immediately.
Response: The device returns an <rpc-reply> with <ok> or error details.
Key YANG Models for CCNA
ietf-interfaces: Models physical and logical interfaces.
ietf-ip: Models IP addresses and routing.
ietf-routing: Models static and dynamic routing.
ietf-system: Models system identity, DNS, NTP.
Cisco-IOS-XE-native: Cisco's native YANG model covering all CLI commands (proprietary).
Verification on Cisco IOS XE
Use the following CLI commands to verify YANG support and operational data:
! Show NETCONF capabilities (YANG models)
Router# show netconf schema | include ietf-interfaces
urn:ietf:params:xml:ns:yang:ietf-interfaces?module=ietf-interfaces&revision=2018-02-20
! Show operational state using YANG path (NETCONF-style)
Router# show yang operational-data /interfaces/interface[name='GigabitEthernet1']
! Show YANG model list
Router# show telemetry ietf subscription 1Interaction with Related Protocols
YANG is the data modeling layer above NETCONF/RESTCONF. It provides the schema that these protocols use to encode data. Without YANG, NETCONF would lack a standardized data model, making interoperability difficult. YANG also underpins Model-Driven Telemetry (MDT), where devices push operational data defined by YANG models to collectors.
Identify YANG Model to Use
First, determine which YANG model defines the configuration or operational data you need. For example, to configure an interface IP address, use the 'ietf-ip' model, which augments 'ietf-interfaces'. On Cisco devices, you can also use the native 'Cisco-IOS-XE-native' model. Check device capabilities using 'show netconf schema' or 'show yang models' to list supported modules. For exam purposes, remember that standard models are prefixed with 'ietf-', while Cisco-specific ones start with 'Cisco-IOS-XE-'.
Establish NETCONF Session
Use an SSH connection to port 830 (default NETCONF port) on the device. Authenticate with username/password. The device sends an XML <hello> message listing its capabilities (YANG modules and revisions). The client responds with its own <hello>. After this, the client can send RPCs. Example using Python's ncclient library: from ncclient import manager; with manager.connect(host='10.1.1.1', port=830, username='admin', password='cisco', hostkey_verify=False) as m: print(m.server_capabilities).
Retrieve Device Configuration via YANG
Use the <get-config> RPC to retrieve the current running configuration filtered by a YANG path. For example, to get all interface configurations: <get-config><source><running/></source><filter type="subtree"><interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces"/></filter></get-config>. The device returns XML data that conforms to the YANG model. This is more structured than CLI output, making it easier to parse programmatically.
Modify Configuration Using YANG Data
To change a configuration, send an <edit-config> RPC with the desired changes. For example, to set the description of an interface: <edit-config><target><candidate/></target><config><interfaces xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces"><interface><name>GigabitEthernet1</name><description>Uplink to Core</description></interface></interfaces></config></edit-config>. Then commit: <commit/>. If using the running datastore directly, changes take effect immediately. The device validates the XML against the YANG model; if invalid, it returns an error with details.
Verify Configuration with YANG
After committing, retrieve the configuration again using <get-config> to confirm changes. Alternatively, use <get> to retrieve both configuration and operational state. For example, to verify the interface is up: <get><filter type="subtree"><interfaces-state xmlns="urn:ietf:params:xml:ns:yang:ietf-interfaces"><interface><name>GigabitEthernet1</name><oper-status/></interface></interfaces-state></filter></get>. The device returns the operational status. This two-step verify process is analogous to 'show run' and 'show ip interface brief' but in structured data.
Use RESTCONF for HTTP-based Access
RESTCONF uses HTTPS and RESTful API calls. For example, to get all interfaces: GET https://10.1.1.1/restconf/data/ietf-interfaces:interfaces. To change a description: PATCH https://10.1.1.1/restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet1 with JSON body {"ietf-interfaces:interface": [{"name": "GigabitEthernet1", "description": "Uplink to Core"}]}. RESTCONF uses YANG as its schema; the URL path mirrors the YANG tree. This is simpler than NETCONF for web developers but less powerful for transactional operations.
In a large enterprise, a network team manages hundreds of routers and switches across multiple data centers. They need to enforce consistent configuration baselines—for example, enabling SSH, setting NTP servers, and configuring SNMP traps. Using YANG models with NETCONF, they write a Python script that reads a CSV file of device hostnames and desired parameters, then pushes the configuration via NETCONF. The script uses the 'ietf-system' model to set NTP and DNS, and 'ietf-interfaces' to configure interface descriptions. This eliminates the risk of CLI typos and ensures every device matches the standard.
Another scenario: a service provider needs to collect interface utilization statistics from thousands of devices for capacity planning. Instead of polling SNMP OIDs individually, they use Model-Driven Telemetry (MDT) with YANG-defined paths. Devices push data (e.g., interface counters) to a collector at intervals or on change. This reduces CPU load on devices and provides near-real-time data. The YANG model 'ietf-interfaces' defines the exact counters (e.g., ifInOctets, ifOutOctets) that are streamed.
A common pitfall is using the wrong YANG model revision. Devices may support multiple revisions of the same model. If a client sends data conforming to an older revision, the device might reject it or misinterpret. Always check the device's capabilities and use the exact revision it advertises. Another issue: forgetting to commit changes when using the candidate datastore. The candidate datastore allows multiple edits before committing, but if the session ends without commit, changes are lost. In production, always implement error handling and commit confirmation.
The CCNA 200-301 exam objective 6.6 focuses on understanding YANG as a data modeling language used with NETCONF/RESTCONF. You will not be asked to write YANG models, but you must interpret YANG tree diagrams and identify correct XML/JSON payloads for common operations.
Common wrong answers: 1. Confusing YANG with NETCONF: Candidates think YANG is a protocol. YANG is a modeling language; NETCONF is the protocol that uses YANG models. 2. Thinking YANG is only for configuration: YANG models both config and operational state. The 'config false' statement marks state data. 3. Choosing wrong model for a task: For example, using 'ietf-routing' to configure an interface IP—that's in 'ietf-ip'. Know the primary models. 4. Ignoring revision dates: On the exam, a question may show two devices with different revisions of the same YANG model. The correct answer is that they may not interoperate because the data model differs.
Key values: NETCONF uses port 830 (TCP), RESTCONF uses port 443 (HTTPS). YANG models are identified by a namespace URI (e.g., urn:ietf:params:xml:ns:yang:ietf-interfaces).
Decision rule: If a question asks about the data model behind NETCONF, the answer is YANG. If it asks about the language that defines structure and constraints, it's YANG. For payload encoding, remember NETCONF uses XML only; RESTCONF uses XML or JSON.
Calculation traps: None directly, but you may need to count nodes in a YANG tree or identify the key of a list.
YANG is a data modeling language (RFC 6020/7950), not a protocol.
NETCONF uses XML; RESTCONF uses XML or JSON—both use YANG as schema.
Standard YANG models are prefixed with 'ietf-' (e.g., ietf-interfaces).
Cisco native models start with 'Cisco-IOS-XE-'.
NETCONF uses TCP port 830; RESTCONF uses HTTPS port 443.
YANG models define both configuration and operational state (config false).
The <edit-config> operation modifies configuration; <get-config> retrieves it.
These come up on the exam all the time. Here's how to tell them apart.
YANG
Data modeling language for NETCONF/RESTCONF
Hierarchical tree structure with containers and lists
Supports configuration and operational state
Uses XML/JSON encoding
Strong typing and constraints
SNMP MIB
Management Information Base for SNMP
Flat OID tree with scalar and table objects
Primarily read-only (some writable objects)
Uses ASN.1/BER encoding
Weak typing; limited constraints
Mistake
YANG is a protocol like NETCONF.
Correct
YANG is a data modeling language; NETCONF is a protocol that uses YANG models to encode configuration data.
Both are used together in automation, leading candidates to confuse their roles.
Mistake
YANG only models configuration data, not operational state.
Correct
YANG models both configuration (config true) and operational state (config false) data. The 'config false' statement marks read-only state.
Many automation tools focus on configuration, but YANG's scope includes monitoring.
Mistake
RESTCONF uses YANG but only supports JSON encoding.
Correct
RESTCONF supports both XML and JSON encoding, as defined by the YANG model. The client can choose via Accept header.
RESTCONF is often associated with JSON in web development, but XML is equally valid.
Mistake
YANG models are vendor-specific and not standardized.
Correct
IETF standard YANG models (e.g., ietf-interfaces) are vendor-neutral. Vendors also provide proprietary models, but many standard models exist.
Candidates may think YANG is Cisco-only, but it's an IETF standard.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
YANG is a data modeling language used to define the structure, syntax, and semantics of configuration and operational data. NETCONF is a network management protocol that uses XML to exchange data based on YANG models. Think of YANG as the blueprint and NETCONF as the contractor who builds according to that blueprint. For the CCNA exam, remember that YANG models data; NETCONF transports it.
NETCONF uses TCP port 830 by default. Some implementations may use a different port, but the IANA-assigned port is 830. RESTCONF uses HTTPS port 443. Exam tip: If you see port 830 in a question, it's likely NETCONF.
Yes, RESTCONF uses YANG as its schema. RESTCONF is a RESTful API that uses HTTP methods (GET, POST, PUT, PATCH, DELETE) to access data defined by YANG models. The URL path corresponds to the YANG tree structure. For example, to get interface configuration, you use GET /restconf/data/ietf-interfaces:interfaces.
Standard models (e.g., ietf-interfaces) are defined by the IETF and are vendor-neutral. Native models (e.g., Cisco-IOS-XE-native) are vendor-specific and cover proprietary features. For multivendor environments, use standard models. For Cisco-specific features, use native models. Exam tip: If a question asks for a model that works across vendors, choose the IETF model.
Use the CLI command 'show netconf schema' to list all YANG models and their revisions. Alternatively, 'show yang models' provides a summary. During a NETCONF session, the device's <hello> message includes its capabilities. Exam tip: Know that 'show netconf schema' is the go-to command for YANG model verification.
A revision is a date (e.g., 2018-02-20) that indicates the version of the YANG model. Different revisions may have different data structures or constraints. A client must use the exact revision the device advertises, otherwise the device may reject the data. Exam tip: A question might present two devices with different revisions of the same model; they may not interoperate.
The 'config false' statement indicates that a data node represents operational state (read-only) rather than configuration. For example, 'oper-status' in ietf-interfaces is config false. Clients can retrieve this state but cannot modify it. Exam tip: If a question asks about retrieving operational data via NETCONF, look for config false nodes.
You've just covered YANG Data Modelling — now see how well it sticks with free CCNA 200-301 practice questions. Full explanations included, no account needed.
Done with this chapter?