Configuring NX-API Management
Configuring an HTTPS Key File
Configuring an HTTPS Key FilePOST http://<mgmt0_IP>/api/mo/sys.json{
"topSystem": {
"children": [
{
"nxapiInst": {
"attributes": {
"certFile": "bootflash:/ssl.crt"
}}}]}}{
imdata:[]
}POST: http://<IP_Address>/restconf/data/Cisco-NX-OS-device:<System xmlns="http://cisco.com/ns/yang/cisco-nx-os-device">
<nxapi-items>
<certFile>bootflash:/ssl.crt</certFile>
</nxapi-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
nxapi certificate httpscrt certfile ssl.crt
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/media/dme/index.html
Enabling an NX-API Certificate
Enabling an NX-API CertificatePOST http://<mgmt0_IP>/api/mo/sys.json{
"topSystem": {
"children": [
{
"nxapiInst": {
"attributes": {
"certEnable": "yes"
}}}]}}{
imdata:[]
}POST: http://<IP_Address>/restconf/data/Cisco-NX-OS-device:<System xmlns="http://cisco.com/ns/yang/cisco-nx-os-device">
<nxapi-items>
<certEnable>true</certEnable>
</nxapi-items>
</System>Note: You cannot enable a certificate in the same request used to configure a key and/or certificate file; the request to enable the certificate must be sent separately.
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
nxapi certificate enable
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/media/dme/index.html
Setting SSL Protocols
Setting SSL ProtocolsPOST http://<mgmt0_IP>/api/mo/sys.json{
"topSystem": {
"children": [
{
"nxapiInst": {
"attributes": {
"sslProtocols": "TLSv1 TLSv1.1 TLSv1.2"
}}}]}}{
imdata:[]
}POST: http://<IP_Address>/restconf/data/Cisco-NX-OS-device:<System xmlns="http://cisco.com/ns/yang/cisco-nx-os-device">
<nxapi-items>
<sslProtocols>TLSv1 TLSv1.1 TLSv1.2</sslProtocols>
</nxapi-items>
</System>The nxapi ssl protocols TLSv1 TLSv1.1 TLSv1.2 command enables the TLS versions specified in the string. The no nxapi ssl protocols TLSv1 TLSv1.1 TLSv1.2 form of the command changes it to default (by default only TLS1.1 and TLS1.2 will be enabled).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
nxapi ssl protocols TLSv1 TLSv1.1 TLSv1.2
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/media/dme/index.html
Unconfiguring the SSL Protocols
Unconfiguring the SSL ProtocolsPOST http://<mgmt0_IP>/api/mo/sys.json{
"topSystem": {
"children": [
{
"nxapiInst": {
"attributes": {
"sslProtocols": "TLSv1.1 TLSv1.2"
}}}]}}{
imdata:[]
}POST: http://<IP_Address>/restconf/data/Cisco-NX-OS-device:<System xmlns="http://cisco.com/ns/yang/cisco-nx-os-device">
<nxapi-items>
<sslProtocols>TLSv1.1 TLSv1.2</sslProtocols>
</nxapi-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
no nxapi ssl protocols TLSv1 TLSv1.1 TLSv1.2
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/media/dme/index.html
Configuring an HTTPS Certificate File
Configuring an HTTPS Certificate FilePOST http://<mgmt0_IP>/api/mo/sys.json{
"topSystem": {
"children": [
{
"nxapiInst": {
"attributes": {
"certFile": "volatile:/server.crt"
}}}]}}{
imdata:[]
}POST: http://<IP_Address>/restconf/data/Cisco-NX-OS-device:<System xmlns="http://cisco.com/ns/yang/cisco-nx-os-device">
<nxapi-items>
<certFile>volatile:/server.crt</certFile>
</nxapi-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
nxapi certificate httpscrt certfile volatile:/server.crt
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/media/dme/index.html
Configuring a VRF to be Used for NX-API Management
Configuring a VRF to be Used for NX-API ManagementPOST http://<mgmt0_IP>/api/mo/sys.json{
"topSystem": {
"children": [
{
"nxapiInst": {
"attributes": {
"useVrf": "management"
}}}]}}{
imdata:[]
}POST: http://<IP_Address>/restconf/data/Cisco-NX-OS-device:<System xmlns="http://cisco.com/ns/yang/cisco-nx-os-device">
<nxapi-items>
<useVrf>management</useVrf>
</nxapi-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
nxapi use-vrf management
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/media/dme/index.html
Deleting a VRF to be Used for NX-API Management
Deleting a VRF to be Used for NX-API ManagementPOST http://<mgmt0_IP>/api/mo/sys.json{
"topSystem": {
"children": [
{
"nxapiInst": {
"attributes": {
"useVrf": ""
}}}]}}{
imdata:[]
}POST: http://<IP_Address>/restconf/data/Cisco-NX-OS-device:<System xmlns="http://cisco.com/ns/yang/cisco-nx-os-device">
<nxapi-items>
<useVrf></useVrf>
</nxapi-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
no nxapi use-vrf management
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/media/dme/index.html
Configuring a Default VRF
Configuring a Default VRFPOST http://<mgmt0_IP>/api/mo/sys.json{
"topSystem": {
"children": [
{
"nxapiInst": {
"attributes": {
"useVrf": "default"
}}}]}}{
imdata:[]
}POST: http://<IP_Address>/restconf/data/Cisco-NX-OS-device:<System xmlns="http://cisco.com/ns/yang/cisco-nx-os-device">
<nxapi-items>
<useVrf>default</useVrf>
</nxapi-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
nxapi use-vrf default
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/media/dme/index.html
Deleting a Default VRF
Deleting a Default VRFPOST http://<mgmt0_IP>/api/mo/sys.json{
"topSystem": {
"children": [
{
"nxapiInst": {
"attributes": {
"useVrf": ""
}}}]}}{
imdata:[]
}POST: http://<IP_Address>/restconf/data/Cisco-NX-OS-device:<System xmlns="http://cisco.com/ns/yang/cisco-nx-os-device">
<nxapi-items>
<useVrf></useVrf>
</nxapi-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
no nxapi use-vrf default
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/media/dme/index.html
Configuring a VRF to be Used for NX-API Communication
Configuring a VRF to be Used for NX-API CommunicationPOST http://<mgmt0_IP>/api/mo/sys.json{
"topSystem": {
"children": [
{
"nxapiInst": {
"attributes": {
"useVrf": "VRF_1"
}}}]}}{
imdata:[]
}POST: http://<IP_Address>/restconf/data/Cisco-NX-OS-device:<System xmlns="http://cisco.com/ns/yang/cisco-nx-os-device">
<nxapi-items>
<useVrf>VRF_1</useVrf>
</nxapi-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
nxapi use-vrf VRF_1
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/media/dme/index.html
Deleting a VRF to be Used for NX-API Communication
Deleting a VRF to be Used for NX-API CommunicationPOST http://<mgmt0_IP>/api/mo/sys.json{
"topSystem": {
"children": [
{
"nxapiInst": {
"attributes": {
"useVrf": ""
}}}]}}{
imdata:[]
}POST: http://<IP_Address>/restconf/data/Cisco-NX-OS-device:<System xmlns="http://cisco.com/ns/yang/cisco-nx-os-device">
<nxapi-items>
<useVrf></useVrf>
</nxapi-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
no nxapi use-vrf VRF_1
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/media/dme/index.html
Configuring a Port Number
Configuring a Port NumberPOST http://<mgmt0_IP>/api/mo/sys.json{
"topSystem": {
"children": [
{
"nxapiInst": {
"attributes": {
"httpPort": "123"
}}}]}}{
imdata:[]
}POST: http://<IP_Address>/restconf/data/Cisco-NX-OS-device:<System xmlns="http://cisco.com/ns/yang/cisco-nx-os-device">
<nxapi-items>
<httpPort>123</httpPort>
</nxapi-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
nxapi http port 123
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/media/dme/index.html
Deleting a Port Number
Deleting a Port NumberPOST http://<mgmt0_IP>/api/mo/sys.json{
"topSystem": {
"children": [
{
"nxapiInst": {
"attributes": {
"httpPort": "-1"
}}}]}}{
imdata:[]
}POST: http://<IP_Address>/restconf/data/Cisco-NX-OS-device:<System xmlns="http://cisco.com/ns/yang/cisco-nx-os-device">
<nxapi-items>
<httpPort>-1</httpPort>
</nxapi-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
no nxapi http port 123
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/media/dme/index.html
Configuring a Port Number (HTTPS Private Key)
Configuring a Port Number (HTTPS Private Key)POST http://<mgmt0_IP>/api/mo/sys.json{
"topSystem": {
"children": [
{
"nxapiInst": {
"attributes": {
"httpsPort": "123"
}}}]}}{
imdata:[]
}POST: http://<IP_Address>/restconf/data/Cisco-NX-OS-device:<System xmlns="http://cisco.com/ns/yang/cisco-nx-os-device">
<nxapi-items>
<httpsPort>123</httpsPort>
</nxapi-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
nxapi https port 123
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/media/dme/index.html
Deleting a Port Number (HTTPS Private Key)
Deleting a Port Number (HTTPS Private Key)POST http://<mgmt0_IP>/api/mo/sys.json{
"topSystem": {
"children": [
{
"nxapiInst": {
"attributes": {
"httpsPort": "443"
}}}]}}{
imdata:[]
}POST: http://<IP_Address>/restconf/data/Cisco-NX-OS-device:<System xmlns="http://cisco.com/ns/yang/cisco-nx-os-device">
<nxapi-items>
<httpsPort>443</httpsPort>
</nxapi-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
no nxapi https port 123
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/media/dme/index.html
Configuring to Allow Weak Ciphers
Configuring to Allow Weak CiphersPOST http://<mgmt0_IP>/api/mo/sys.json{
"topSystem": {
"children": [
{
"nxapiInst": {
"attributes": {
"sslCiphersWeak": "yes"
}}}]}}{
imdata:[]
}POST: http://<IP_Address>/restconf/data/Cisco-NX-OS-device:<System xmlns="http://cisco.com/ns/yang/cisco-nx-os-device">
<nxapi-items>
<sslCiphersWeak>true</sslCiphersWeak>
</nxapi-items>
</System>The nxapi ssl ciphers weak example enables the weak ciphers for NGINX. The no nxapi ssl ciphers weak example changes it to default (by default weak ciphers is disabled).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
nxapi ssl ciphers weak
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/media/dme/index.html
Unconfiguring Weak Ciphers
Unconfiguring Weak CiphersPOST http://<mgmt0_IP>/api/mo/sys.json{
"topSystem": {
"children": [
{
"nxapiInst": {
"attributes": {
"sslCiphersWeak": "no"
}}}]}}{
imdata:[]
}POST: http://<IP_Address>/restconf/data/Cisco-NX-OS-device:<System xmlns="http://cisco.com/ns/yang/cisco-nx-os-device">
<nxapi-items>
<sslCiphersWeak>false</sslCiphersWeak>
</nxapi-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
no nxapi ssl ciphers weak
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/media/dme/index.html