Configuring TACACS+ Group Servers
Configuring a TACACS+ Group Server
Configuring a TACACS+ Group Server
POST http://<IP_address>/api/mo/sys/userext/tacacsext.json
{
"aaaTacacsPlusEp": {
"children": [
{
"aaaTacacsPlusProviderGroup": {
"attributes": {
"name": "TACACSServer1"
}}}]}}
{
imdata": []
}
<System>
<userext-items>
<tacacsext-items>
<tacacsplusprovidergroup-items>
<TacacsPlusProviderGroup-list>
<name>TACACSServer1</name>
</TacacsPlusProviderGroup-list>
</tacacsplusprovidergroup-items>
</tacacsext-items>
</userext-items>
</System>
When posted, this creates a TACACS+ server group and enters the TACACS+ server group configuration mode for that group.
The /sys/userext object contains a tacacsplusprovidergroup-TACACSServer1 object that contains TACACS+ Provider group configuration. Using a POST request, you can retrieve the configuration information for this object.
CLI Commands
The CLI command below is the equivalent of the payload example displayed in the pane on the right.
aaa group server tacacs+ TACACSServer1
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaTacacsPlusEp | sys/userext/tacacsext |
| aaaTacacsPlusProviderGroup | sys/userext/tacacsext/tacacsplusprovidergroup-{[name]} |
aaaTacacsPlusProviderGroup Properties
The following table contains information about the aaaTacacsPlusProviderGroup properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| name | pol:ObjName (naming:Name256) | Object name | RANGE: [0 , 127] |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting TACACS+ Server Group Information
Deleting TACACS+ Server Group Information
HTTP DELETE http://<IP_Address>/api/node/mo/sys/userext/tacacsext/tacacsplusprovidergroup-TACACSServer1.json
Deletes TACACS+ provider group information.
The /sys/userext object contains a tacacsplusprovidergroup-TACACSServer1 object that contains TACACS+ Provider group configuration. Using an HTTP DELETE request, you can delete the configuration information for this object.
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Setting TACACS+ Provider Group Reference Information
Setting TACACS+ Provider Group Reference Information
POST http://<IP_Address>/api/mo/sys/userext/tacacsext.json
{
"aaaTacacsPlusEp": {
"children": [
{
"aaaTacacsPlusProviderGroup": {
"attributes": {
"name": "TACACSServer1"
},
"children": [
{
"aaaProviderRef": {
"attributes": {
"name": "tns"
}}}]}}]}}
{
imdata": []
}
<System>
<userext-items>
<tacacsext-items>
<tacacsplusprovidergroup-items>
<TacacsPlusProviderGroup-list>
<name>TACACSServer1</name>
<providerref-items>
<ProviderRef-list>
<name>tns</name>
</ProviderRef-list>
</providerref-items>
</TacacsPlusProviderGroup-list>
</tacacsplusprovidergroup-items>
</tacacsext-items>
</userext-items>
</System>
This API configures TACACS+ Provider Group reference information.
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
aaa group server tacacs+ TACACSServer1server tns
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaTacacsPlusEp | sys/userext/tacacsext |
| aaaTacacsPlusProviderGroup | sys/userext/tacacsext/tacacsplusprovidergroup-{[name]} |
| aaaProviderRef | sys/userext/tacacsext/tacacsplusprovidergroup-{[name]}/providerref-{[name]} |
aaaTacacsPlusProviderGroup Properties
The following table contains information about the aaaTacacsPlusProviderGroup properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| name | pol:ObjName (naming:Name256) | Object name | RANGE: [0 , 127] |
aaaProviderRef Properties
The following table contains information about the aaaProviderRef properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| name | pol:ObjName (naming:Name256) | Object name | MAX SIZE: 64 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring the Deadtime Period
Configuring the Deadtime Period
POST http://<mgmt0_IP>/api/mo/sys/userext/tacacsext.json
{
"aaaTacacsPlusEp": {
"children": [
{
"aaaTacacsPlusProviderGroup": {
"attributes": {
"deadtime": "1160",
"name": "TACACSServer1"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<tacacsext-items>
<tacacsplusprovidergroup-items>
<TacacsPlusProviderGroup-list>
<name>TACACSServer1</name>
<deadtime>1160</deadtime>
</TacacsPlusProviderGroup-list>
</tacacsplusprovidergroup-items>
</tacacsext-items>
</userext-items>
</System>
Note: This example was added in Release 9.3(1).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
aaa group server tacacs TACACSServer1
deadtime 1160
aaaTacacsPlusProviderGroup Properties
The following table contains information about the aaaTacacsPlusProviderGroup properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| deadtime | aaa:ProviderGroupDeadtime (scalar:Uint32) | Duration for which non-reachable server is skipped | RANGE: [0 , 1440] DEFAULT: 0 |
| name | pol:ObjName (naming:Name256) | Object name | RANGE: [0 , 127] |
Related Documentation
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaTacacsPlusEp | sys/userext/tacacsext |
| aaaTacacsPlusProviderGroup | sys/userext/tacacsext/tacacsplusprovidergroup-{[name]} |
aaaTacacsPlusProviderGroup Properties
The following table contains information about the aaaTacacsPlusProviderGroup properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| deadtime | aaa:ProviderGroupDeadtime (scalar:Uint32) | Duration for which non-reachable server is skipped | RANGE: [0 , 1440] DEFAULT: 0 |
| name | pol:ObjName (naming:Name256) | Object name | RANGE: [0 , 127] |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting the Deadtime Period
Deleting the Deadtime Period
POST http://<mgmt0_IP>/api/mo/sys/userext/tacacsext.json
{
"aaaTacacsPlusEp": {
"children": [
{
"aaaTacacsPlusProviderGroup": {
"attributes": {
"deadtime": "0",
"name": "TACACSServer1"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<tacacsext-items>
<tacacsplusprovidergroup-items>
<TacacsPlusProviderGroup-list>
<name>TACACSServer1</name>
<deadtime>0</deadtime>
</TacacsPlusProviderGroup-list>
</tacacsplusprovidergroup-items>
</tacacsext-items>
</userext-items>
</System>
Note: This example was added in Release 9.3(1).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
aaa group server tacacs TACACSServer1
no deadtime 1160
aaaTacacsPlusProviderGroup Properties
The following table contains information about the aaaTacacsPlusProviderGroup properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| deadtime | aaa:ProviderGroupDeadtime (scalar:Uint32) | Duration for which non-reachable server is skipped | RANGE: [0 , 1440] DEFAULT: 0 |
| name | pol:ObjName (naming:Name256) | Object name | RANGE: [0 , 127] |
Related Documentation
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaTacacsPlusEp | sys/userext/tacacsext |
| aaaTacacsPlusProviderGroup | sys/userext/tacacsext/tacacsplusprovidergroup-{[name]} |
aaaTacacsPlusProviderGroup Properties
The following table contains information about the aaaTacacsPlusProviderGroup properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| deadtime | aaa:ProviderGroupDeadtime (scalar:Uint32) | Duration for which non-reachable server is skipped | RANGE: [0 , 1440] DEFAULT: 0 |
| name | pol:ObjName (naming:Name256) | Object name | RANGE: [0 , 127] |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide: