Configuring Secure Login Features

Configuring Quiet-Mode Active Time Period

Configuring Quiet-Mode Active Time Period 

POST http://<mgmt0_IP>/api/mo/sys/userext.json

{
  "aaaUserEp": {
    "children": [
      {
        "aaaLoginProtection": {
          "attributes": {
            "loginAttempts": "13209",
            "loginAttemptsFailureThreshold": "13209",
            "loginBlockTimeOnDoSAttack": "13209"
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <loginprotection-items>
      <loginAttempts>13209</loginAttempts>
      <loginAttemptsFailureThreshold>13209</loginAttemptsFailureThreshold>
      <loginBlockTimeOnDoSAttack>13209</loginBlockTimeOnDoSAttack>
    </loginprotection-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(3).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

system login block-for 13209 attempts 13209 within 13209


Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MODN
aaaUserEp sys/userext
aaaLoginProtection sys/userext/loginprotection


aaaLoginProtection Properties

The following table contains information about the aaaLoginProtection properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
loginAttemptsscalar:Uint32
system login fail attempts value
RANGE: [0 , 65535]
loginAttemptsFailureThresholdscalar:Uint32
system login watch period for fail attempts
RANGE: [0 , 65535]
loginBlockTimeOnDoSAttackscalar:Uint32
system login block time in seconds
RANGE: [0 , 65535]


Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting Quiet-Mode Active Time Period

Deleting Quiet-Mode Active Time Period 

POST http://<mgmt0_IP>/api/mo/sys/userext.json

{
  "aaaUserEp": {
    "children": [
      {
        "aaaLoginProtection": {
          "attributes": {
            "loginAttempts": "0",
            "loginAttemptsFailureThreshold": "0",
            "loginBlockTimeOnDoSAttack": "0"
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <loginprotection-items>
      <loginAttempts>0</loginAttempts>
      <loginAttemptsFailureThreshold>0</loginAttemptsFailureThreshold>
      <loginBlockTimeOnDoSAttack>0</loginBlockTimeOnDoSAttack>
    </loginprotection-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(3).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

no system login block-for 13209 attempts 13209 within 13209


Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MODN
aaaUserEp sys/userext
aaaLoginProtection sys/userext/loginprotection


aaaLoginProtection Properties

The following table contains information about the aaaLoginProtection properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
loginAttemptsscalar:Uint32
system login fail attempts value
RANGE: [0 , 65535]
loginAttemptsFailureThresholdscalar:Uint32
system login watch period for fail attempts
RANGE: [0 , 65535]
loginBlockTimeOnDoSAttackscalar:Uint32
system login block time in seconds
RANGE: [0 , 65535]


Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring Access-Class Quiet-Mode

Configuring Access-Class Quiet-Mode

POST http://<mgmt0_IP>/api/mo/sys/userext.json

{
  "aaaUserEp": {
    "children": [
      {
        "aaaLoginProtection": {
          "attributes": {
            "loginAccessList": "SampleString_123"
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <loginprotection-items>
      <loginAccessList>SampleString_123</loginAccessList>
    </loginprotection-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(3).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

system login quiet-mode access-class SampleString_123


Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MODN
aaaUserEp sys/userext
aaaLoginProtection sys/userext/loginprotection


aaaLoginProtection Properties

The following table contains information about the aaaLoginProtection properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
loginAccessListstring:Basic
configuration for system login access list name
RANGE: [0 , 64]


Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting Access-Class Quiet-Mode

Deleting Access-Class Quiet-Mode

POST http://<mgmt0_IP>/api/mo/sys/userext.json

{
  "aaaUserEp": {
    "children": [
      {
        "aaaLoginProtection": {
          "attributes": {
            "loginAccessList": ""
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <loginprotection-items>
      <loginAccessList></loginAccessList>
    </loginprotection-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(3).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

no system login quiet-mode access-class SampleString_123


Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MODN
aaaUserEp sys/userext
aaaLoginProtection sys/userext/loginprotection


aaaLoginProtection Properties

The following table contains information about the aaaLoginProtection properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
loginAccessListstring:Basic
configuration for system login access list name
RANGE: [0 , 64]


Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting Quiet-Mode Active Time Period

Deleting Quiet-Mode Active Time Period

POST http://<mgmt0_IP>/api/mo/sys/userext.json

{
  "aaaUserEp": {
    "children": [
      {
        "aaaLoginProtection": {
          "attributes": {
            "loginAttempts": "0",
            "loginAttemptsFailureThreshold": "0",
            "loginBlockTimeOnDoSAttack": "0"
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <loginprotection-items>
      <loginAttempts>0</loginAttempts>
      <loginAttemptsFailureThreshold>0</loginAttemptsFailureThreshold>
      <loginBlockTimeOnDoSAttack>0</loginBlockTimeOnDoSAttack>
    </loginprotection-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(3).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

no system login block-for


Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MODN
aaaUserEp sys/userext
aaaLoginProtection sys/userext/loginprotection


aaaLoginProtection Properties

The following table contains information about the aaaLoginProtection properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
loginAttemptsscalar:Uint32
system login fail attempts value
RANGE: [0 , 65535]
loginAttemptsFailureThresholdscalar:Uint32
system login watch period for fail attempts
RANGE: [0 , 65535]
loginBlockTimeOnDoSAttackscalar:Uint32
system login block time in seconds
RANGE: [0 , 65535]


Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting Quiet-Mode Options

Deleting Quiet-Mode Options

POST http://<mgmt0_IP>/api/mo/sys/userext.json

{
  "aaaUserEp": {
    "children": [
      {
        "aaaLoginProtection": {
          "attributes": {
            "loginAccessList": ""
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <loginprotection-items>
      <loginAccessList></loginAccessList>
    </loginprotection-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(3).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

no system login quiet-mode


Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MODN
aaaUserEp sys/userext
aaaLoginProtection sys/userext/loginprotection


aaaLoginProtection Properties

The following table contains information about the aaaLoginProtection properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
loginAccessListstring:Basic
configuration for system login access list name
RANGE: [0 , 64]


Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html