RESTCONF API Not Responding on Cisco IOS XE
Presenting Symptom
An automation script using RESTCONF to retrieve interface configurations from a Cisco IOS XE device returns a connection timeout or HTTP 404 error.
Network Context
The network is a small branch office with a single Cisco Catalyst 9300 running IOS XE 16.12.1. The device is configured for SSH and has a management IP reachable from the automation server. The RESTCONF API is enabled but not responding to GET requests from the automation server.
Diagnostic Steps
Verify RESTCONF is enabled globally
show running-config | include restconfrestconf
If 'restconf' appears, RESTCONF is enabled globally. If not, it is disabled and must be enabled.
Check if the HTTP/HTTPS server is running
show ip http server statusHTTP server enabled HTTP server port: 80 HTTP secure server enabled HTTP secure server port: 443
Both HTTP and HTTPS servers must be enabled for RESTCONF. If disabled, RESTCONF will not respond.
Verify RESTCONF is configured on the correct port and interface
show running-config | section ip httpip http server ip http secure-server ip http authentication local ip http max-connections 100 restconf
Ensure 'restconf' is present. Also check that the management interface has an IP and is reachable.
Test RESTCONF connectivity using curl from the automation server
curl -k -u username:password https://<device-ip>/restconf/data/Cisco-IOS-XE-native:native/interface/{"Cisco-IOS-XE-native:interface": {...}}If curl returns data, RESTCONF is working. If timeout, check firewall or routing. If 404, the URL path might be wrong or RESTCONF not properly configured.
Root Cause
The RESTCONF API is not responding because the 'restconf' command is missing from the global configuration, or the HTTP/HTTPS server is disabled. In this scenario, the device had 'no ip http server' and 'no ip http secure-server' configured, and 'restconf' was not enabled.
Resolution
Verification
Run 'show ip http server status' to confirm HTTP and HTTPS servers are enabled. Then run 'show running-config | include restconf' to confirm 'restconf' is present. Finally, test with curl from the automation server to retrieve interface data.
Prevention
1. Include RESTCONF and HTTP/HTTPS server configuration in device provisioning templates. 2. Use a management access-list to restrict HTTP/HTTPS access to trusted automation servers only. 3. Regularly audit device configurations to ensure RESTCONF remains enabled after upgrades or changes.
CCNA Exam Relevance
On the CCNA 200-301 exam, RESTCONF questions may appear as multiple-choice or drag-and-drop troubleshooting scenarios. The exam tests understanding that RESTCONF requires both the 'restconf' command and HTTP/HTTPS server to be enabled. Candidates must know the difference between NETCONF and RESTCONF and the required configuration commands.
Exam Tips
Remember that RESTCONF uses HTTP/HTTPS, so 'ip http server' and 'ip http secure-server' must be enabled.
The 'restconf' command is entered in global configuration mode, not under a specific interface.
Know that RESTCONF uses YANG data models and returns JSON or XML, while NETCONF uses XML over SSH.
Commands Used in This Scenario
show ip http server status
Displays the operational status and configuration of the HTTP server (web server) on the Cisco IOS device, used to verify if the web-based GUI or REST API is enabled and accessible.
show running-config
Displays the current active configuration in DRAM, showing all non-default settings.
Test Your CCNA Knowledge
Practice with scenario-based questions to prepare for the CCNA 200-301 exam.
Practice CCNA Questions