Configuring RADIUS
Setting the Global RADIUS Configuration
Setting the Global RADIUS Configuration
POST http://<IP_Address>/api/mo/sys/userext/radiusext.json
{
"aaaRadiusEp": {
"attributes": {
"key": "aabbccd",
"keyEnc": "7",
"timeout": "60",
"retries": "5",
"srcIf": "eth1/2"
}}}
{
imdata": []
}
<System>
<userext-items>
<radiusext-items>
<key>aabbccd</key>
<keyEnc>7</keyEnc>
<retries>5</retries>
<srcIf>eth1/2</srcIf>
<timeout>60</timeout>
</radiusext-items>
</userext-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ip radius source-interface eth1/2radius-server retransmit 5radius-server timeout 60radius-server key 7 aabbccd
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaRadiusEp | sys/userext/radiusext |
aaaRadiusEp Properties
The following table contains information about the aaaRadiusEp properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| key | aaa:EncKey (string:Basic) | Global RADIUS server shared secret | MAX SIZE: 240 |
| keyEnc | aaa:KeyEnc (scalar:Enum8) | Default key encryption | SELECTION: 0 - 0 6 - 6 7 - 7 DEFAULT: 0 |
| timeout | aaa:TimeSec (scalar:Uint32) | The amount of time between authentication attempts. | RANGE: [1 , 60] DEFAULT: 5 |
| retries | aaa:Retries (scalar:Uint32) | The number of attempts that the authentication method is tried. | RANGE: [0 , 5] DEFAULT: 1 |
| srcIf | nw:IfId (base:IfIndex) | Source Interface | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Querying Global RADIUS Configuration
Querying Global RADIUS Configuration
GET http://<IP_Address>/api/node/mo/sys/userext/radiusext.json
{
"totalCount": "1",
"imdata": [
{
"aaaRadiusEp": {
"attributes": {
"childAction": "",
"descr": "",
"dn": "sys/userext/radiusext",
"lcOwn": "local",
"modTs": "2015-07-07T00:28:07.039+00:00",
"monPolDn": "uni/fabric/monfab-default",
"name": "",
"ownerKey": "",
"ownerTag": "",
"retries": "1",
"srcIf": "unspecified",
"status": "",
"timeout": "5",
"uid": "0"
}}}]}
The /sys/userext/ object contains a radiusext object that contains the global RADIUS configuration for the switch. Using this object, you can query the global RADIUS configuration.
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaRadiusEp | sys/userext/radiusext |
aaaRadiusEp Properties
The following table contains information about the aaaRadiusEp properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| childAction | mo:ModificationChildAction scalar:Bitmask32 | Delete or ignore. For internal use only. | SELECTION:
|
| descr | pol:Descr | Description of the specified attribute | |
| dn | reference:BinRef | A tag or metadata is a non-hierarchical keyword or term assigned to the fabric module. | |
| lcOwn | NA | NA | NA |
| modTs | mo:TStamp (scalar:Date) | The time when this object was last modified. | SELECTION: 0 - never DEFAULT: never |
| monPolDn | reference:BinRef | The monitoring policy attached to this observable object. | |
| name | pol:ObjName (naming:Name256) | Object name | MAX SIZE: 64 |
| ownerKey | naming:Descr (string:Basic) | The key for enabling clients to own their data for entity correlation. | MAX SIZE: 128 |
| ownerTag | naming:Descr1024 (string:Basic) | A tag for enabling clients to add their own data. For example, to indicate who created this object. | MAX SIZE: 64 |
| retries | aaa:Retries (scalar:Uint32) | The number of attempts that the authentication method is tried. | RANGE: [0 , 5] DEFAULT: 1 |
| srcIf | nw:IfId (base:IfIndex) | Source Interface | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
| status | mo:ModificationStatus (scalar:Bitmask32) | The upgrade status. This property is for internal use only. | SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced |
| timeout | aaa:TimeSec (scalar:Uint32) | The amount of time between authentication attempts. | RANGE: [1 , 60] DEFAULT: 5 |
| uid | scalar:Uint16 | A unique identifier for this object. |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Setting RADIUS Server Configuration
Setting RADIUS Server Configuration
POST http://<IP_Address>/api/mo/sys/userext/radiusext.json
{
"aaaUserEp": {
"children": [
{
"aaaRadiusEp": {
"attributes": {
"key": "aabbccd",
"keyEnc": "7",
"retries": "5",
"srcIf": "eth1/2",
"timeout": "60"
}}}]}}
{
imdata": []
}
<System>
<userext-items>
<radiusext-items>
<key>aabbccd</key>
<keyEnc>7</keyEnc>
<retries>5</retries>
<srcIf>eth1/2</srcIf>
<timeout>60</timeout>
</radiusext-items>
</userext-items>
</System>
If RADIUS is configured on the switch, the /sys/userext/radiusext/object contains one or more radiusprovider objects that contain RADIUS server configuration information. You can specify a server object and set the configuration for it.
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ip radius source-interface eth1/2radius-server retransmit 5radius-server timeout 60radius-server key 7 aabbccd
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaUserEp | sys/userext |
| aaaRadiusEp | sys/userext/radiusext |
aaaRadiusEp Properties
The following table contains information about the aaaRadiusEp properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| key | aaa:EncKey (string:Basic) | Global RADIUS server shared secret | MAX SIZE: 240 |
| keyEnc | aaa:KeyEnc (scalar:Enum8) | Default key encryption | SELECTION: 0 - 0 6 - 6 7 - 7 DEFAULT: 0 |
| retries | aaa:Retries (scalar:Uint32) | The number of attempts that the authentication method is tried. | RANGE: [0 , 5] DEFAULT: 1 |
| srcIf | nw:IfId (base:IfIndex) | Source Interface | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
| timeout | aaa:TimeSec (scalar:Uint32) | The amount of time between authentication attempts. | RANGE: [1 , 60] DEFAULT: 5 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Querying RADIUS Server Configuration
Querying RADIUS Server Configuration
GET http://<IP_Address>/api/node/mo/sys/radiusext/radiusprovider-5.6.7.8.json
{
"aaaRadiusEp": {
"attributes": {
"key": "aabbccd",
"keyEnc": "7",
"timeout": "60",
"retries": "5",
"srcIf": "eth1/2"
}}}
If RADIUS is configured on the switch, the /sys/userext/radiusext/object contains one or more radiusprovider objects that contain RADIUS server configuration information. You can query these objects to retrieve RADIUS server configurations.
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaRadiusEp | sys/userext/radiusext |
aaaRadiusEp Properties
The following table contains information about the aaaRadiusEp properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| key | aaa:EncKey (string:Basic) | Global RADIUS server shared secret | MAX SIZE: 240 |
| keyEnc | aaa:KeyEnc (scalar:Enum8) | Default key encryption | SELECTION: 0 - 0 6 - 6 7 - 7 DEFAULT: 0 |
| timeout | aaa:TimeSec (scalar:Uint32) | The amount of time between authentication attempts. | RANGE: [1 , 60] DEFAULT: 5 |
| retries | aaa:Retries (scalar:Uint32) | The number of attempts that the authentication method is tried. | RANGE: [0 , 5] DEFAULT: 1 |
| srcIf | nw:IfId (base:IfIndex) | Source Interface | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Specifying a Password Secure Mode and Userpassphrase Length
Specifying a Password Secure Mode and Userpassphrase Length
POST http://<IP_Address>/api/mo/sys/userext.json
{
"aaaUserEp": {
"attributes": {
"pwdMaxLength": "127",
"pwdMinLength": "4",
"pwdSecureMode": "yes"
}}}
{
imdata": []
}
<System>
<userext-items>
<pwdMaxLength>127</pwdMaxLength>
<pwdMinLength>4</pwdMinLength>
<pwdSecureMode>yes</pwdSecureMode>
</userext-items>
</System>
By posting a request to a RADIUS provider object, you can configure RADIUS password attributes, such as password secure mode and the length of the userpassphrase.
password secure-modeuserpassphrase min-length 4 max-length 127
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaUserEp | sys/userext |
aaaUserEp Properties
The following table contains information about the aaaUserEp properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| pwdMaxLength | scalar:Uint16 | Password max length | RANGE: [0, 65535] DEFAULT: 127 |
| pwdMinLength | scalar:Uint16 | Password min length | RANGE: [0, 65535] DEFAULT: 8 |
| pwdSecureMode | aaa:Boolean (scalar:Enum8) | Password secure-mode | SELECTION: 0 - no 1 - yes DEFAULT: yes |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring Password Recovery
Configuring Password Recovery
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"aaaUserEp": {
"attributes": {
"svcPwdRecovery": "yes"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<svcPwdRecovery>yes</svcPwdRecovery>
</userext-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
service password-recovery
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| topSystem | sys |
| aaaUserEp | sys/userext |
aaaUserEp Properties
The following table contains information about the aaaUserEp properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| svcPwdRecovery | aaa:Boolean (scalar:Enum8) | Service Password Recovery | SELECTION: 0 - no 1 - yes DEFAULT: yes |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Disabling Password Recovery
Disabling Password Recovery
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"aaaUserEp": {
"attributes": {
"svcPwdRecovery": "no"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<svcPwdRecovery>no</svcPwdRecovery>
</userext-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
no service password-recovery
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| topSystem | sys |
| aaaUserEp | sys/userext |
aaaUserEp Properties
The following table contains information about the aaaUserEp properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| svcPwdRecovery | aaa:Boolean (scalar:Enum8) | Service Password Recovery | SELECTION: 0 - no 1 - yes DEFAULT: yes |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting a RADIUS Provider
Deleting a RADIUS Provider
DELETE http://<IP_Address>/api/node/mo/sys/userext/radiusext/radiusprovider-5.6.7.8.json
{
imdata": []
}
If RADIUS is configured on the switch, the /sys/userext/radiusext/object contains one or more radiusprovider objects that contain RADIUS server configuration information. You can delete a provider object, which deletes its configuration.
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Setting the IPv4 or IPv6 Address or Hostname for a RADIUS Server
Setting the IPv4 or IPv6 Address or Hostname for a RADIUS Server
POST http://<IP_Address>/api/node/mo/sys/userext/radiusext/radiusprovider.json
{
"aaaRadiusEp": {
"children": [
{
"aaaRadiusProvider": {
"attributes": {
"name": "192.168.10.1"
}}}]}}
{
"imdata": []
}
<System>
<userext-items>
<radiusext-items>
<radiusprovider-items>
<RadiusProvider-list>
<name>192.168.10.1</name>
</RadiusProvider-list>
</radiusprovider-items>
</radiusext-items>
</userext-items>
</System>
Specifies the IPv4 address (can also be an IPv6 address or hostname) for a RADIUS server to use for authentication.
CLI Commands
The CLI command below is the equivalent of the payload example displayed in the pane on the right.
radius-server host 192.168.10.1
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaRadiusEp | sys/userext/radiusext |
| aaaRadiusProvider | sys/userext/radiusext/radiusprovider-{[name]} |
aaaRadiusProvider Properties
The following table contains information about the aaaRadiusProvider properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| name | pol:ObjName (naming:Name256) | Object name | MAX SIZE: 64 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Setting a Pre-Shared Key for All RADIUS Servers
Setting a Preshared Key for All RADIUS Servers
POST http://<IP_Address>/api/mo/sys/userext/radiusext.json
{
"aaaRadiusEp": {
"attributes": {
"key": "QsEfThUkO",
"keyEnc": "0"
}}}
{
"imdata": []
}
<System>
<userext-items>
<radiusext-items>
<key>QsEfThUkO</key>
<keyEnc>0</keyEnc>
</radiusext-items>
</userext-items>
</System>
Specifies a RADIUS key for all RADIUS servers. You can specify that the key-value is in clear text format (0), is type-6 encrypted (6), or is type-7 encrypted (7). The Cisco NX-OS software encrypts a clear text key before saving it to the running configuration. The default format is clear text. The maximum length is 63 characters.
By default, no RADIUS key is configured.
CLI Commands
The CLI command below is the equivalent of the payload example displayed in the pane on the right.
radius-server key 0 QsEfThUkO
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaRadiusEp | sys/userext/radiusext |
aaaRadiusEp Properties
The following table contains information about the aaaRadiusEp properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| key | aaa:EncKey (string:Basic) | Global RADIUS server shared secret | MAX SIZE: 240 |
| keyEnc | aaa:KeyEnc (scalar:Enum8) | Default key encryption | SELECTION: 0 - 0 6 - 6 7 - 7 DEFAULT: 0 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Setting the Retransmission Count for All RADIUS Servers
Setting the Retransmission Count for All RADIUS Servers
POST http://<IP_Address>/api/node/mo/sys/userext/radiusext.json
{
"aaaRadiusEp": {
"attributes": {
"retries": "3"
}}}
{
"imdata": []
}
<System>
<userext-items>
<radiusext-items>
<key>QsEfThUkO</key>
<keyEnc>0</keyEnc>
</radiusext-items>
</userext-items>
</System>
Specifies the retransmission count for all RADIUS servers. The default retransmission count is 1 and the range is from 0 to 5.
CLI Commands
The CLI command below is the equivalent of the payload example displayed in the pane on the right.
radius-server retransmit 3
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaRadiusEp | sys/userext/radiusext |
aaaRadiusEp Properties
The following table contains information about the aaaRadiusEp properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| retries | aaa:Retries (scalar:Uint32) | The number of attempts that the authentication method is tried. | RANGE: [0 , 5] DEFAULT: 1 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Setting the Interval for Which a Router Waits for a Server Host to Reply
Setting the Interval for Which a Router Waits for a Server Host to Reply
POST http://<IP_Address>/api/node/mo/sys/userext/radiusext.json
{
"aaaRadiusEp": {
"attributes": {
"timeout": "60"
}}}
{
"imdata": []
}
<System>
<userext-items>
<radiusext-items>
<timeout>60</timeout>
</radiusext-items>
</userext-items>
</System>
Specifies the transmission timeout interval for RADIUS servers. The default timeout interval is 5 seconds and the range is from 1 to 60 seconds.
CLI Commands
The CLI command below is the equivalent of the payload example displayed in the pane on the right.
radius-server timeout 60
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaRadiusEp | sys/userext/radiusext |
aaaRadiusEp Properties
The following table contains information about the aaaRadiusEp properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| timeout | aaa:TimeSec (scalar:Uint32) | The amount of time between authentication attempts. | RANGE: [1 , 60] DEFAULT: 5 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring the Global Source Interface for All RADIUS Server Groups Configured on the Device
Configuring the Global Source Interface for All RADIUS Server Groups Configured on the Device
POST http://<IP_Address>/api/node/mo/sys/userext/radiusext.json
{
"aaaRadiusEp": {
"attributes": {
"srcIf": "lo0"
}}}
{
"imdata": []
}
<System>
<userext-items>
<radiusext-items>
<srcIf>lo0</srcIf>
</radiusext-items>
</userext-items>
</System>
Configures the global source interface for all RADIUS server groups configured on the device.
CLI Commands
The CLI command below is the equivalent of the payload example displayed in the pane on the right.
ip radius source-interface loopback0
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaRadiusEp | sys/userext/radiusext |
aaaRadiusEp Properties
The following table contains information about the aaaRadiusEp properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| srcIf | nw:IfId (base:IfIndex) | Source Interface | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring the RADIUS Server DNS Name
Configuring the RADIUS Server DNS Name
POST http://<mgmt0_IP>/api/mo/sys/userext/radiusext.json
{
"aaaRadiusEp": {
"children": [
{
"aaaRadiusProvider": {
"attributes": {
"key": "SampleString_123",
"keyEnc": "0",
"name": "HostName"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<radiusext-items>
<radiusprovider-items>
<RadiusProvider-list>
<name>HostName</name>
<key>SampleString_123</key>
<keyEnc>0</keyEnc>
</RadiusProvider-list>
</radiusprovider-items>
</radiusext-items>
</userext-items>
</System>
Note: This example was added in Release 9.3(1).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
radius-server host HostName key SampleString_123
aaaRadiusProvider Properties
The following table contains information about the aaaRadiusProvider properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| key | aaa:EncKey (string:Basic) | A password for the AAA provider database. | MAX SIZE: 240 |
| keyEnc | aaa:KeyEnc (scalar:Enum8) | Default key encryption | SELECTION: 0 - 0 6 - 6 7 - 7 DEFAULT: inherit-from-global |
| name | pol:ObjName (naming:Name256) | Object name | MAX SIZE: 64 |
Related Documentation
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaRadiusEp | sys/userext/radiusext |
| aaaRadiusProvider | sys/userext/radiusext/radiusprovider-{[name]} |
aaaRadiusProvider Properties
The following table contains information about the aaaRadiusProvider properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| key | aaa:EncKey (string:Basic) | A password for the AAA provider database. | MAX SIZE: 240 |
| keyEnc | aaa:KeyEnc (scalar:Enum8) | Default key encryption | SELECTION: 0 - 0 6 - 6 7 - 7 DEFAULT: inherit-from-global |
| name | pol:ObjName (naming:Name256) | Object name | MAX SIZE: 64 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring the RADIUS Server DNS Name
Configuring the RADIUS Server DNS Name
POST http://<mgmt0_IP>/api/mo/sys/userext/radiusext.json
{
"aaaRadiusEp": {
"children": [
{
"aaaRadiusProvider": {
"attributes": {
"key": "",
"keyEnc": "0",
"name": "HostName"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<radiusext-items>
<radiusprovider-items>
<RadiusProvider-list>
<name>HostName</name>
<key></key>
<keyEnc>0</keyEnc>
</RadiusProvider-list>
</radiusprovider-items>
</radiusext-items>
</userext-items>
</System>
Note: This example was added in Release 9.3(1).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
no radius-server host HostName key SampleString_123
warning: no key is configured for the host
aaaRadiusProvider Properties
The following table contains information about the aaaRadiusProvider properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| key | aaa:EncKey (string:Basic) | A password for the AAA provider database. | MAX SIZE: 240 |
| keyEnc | aaa:KeyEnc (scalar:Enum8) | Default key encryption | SELECTION: 0 - 0 6 - 6 7 - 7 DEFAULT: inherit-from-global |
| name | pol:ObjName (naming:Name256) | Object name | MAX SIZE: 64 |
Related Documentation
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaRadiusEp | sys/userext/radiusext |
| aaaRadiusProvider | sys/userext/radiusext/radiusprovider-{[name]} |
aaaRadiusProvider Properties
The following table contains information about the aaaRadiusProvider properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| key | aaa:EncKey (string:Basic) | A password for the AAA provider database. | MAX SIZE: 240 |
| keyEnc | aaa:KeyEnc (scalar:Enum8) | Default key encryption | SELECTION: 0 - 0 6 - 6 7 - 7 DEFAULT: inherit-from-global |
| name | pol:ObjName (naming:Name256) | Object name | MAX SIZE: 64 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring the Time Interval for Monitoring the Server
Configuring the Time Interval for Monitoring the Server
POST http://<mgmt0_IP>/api/mo/sys/userext/radiusext.json
{
"aaaRadiusEp": {
"children": [
{
"aaaRadiusProvider": {
"attributes": {
"monitoringIdleTime": "459",
"monitoringPassword": "SampleString_123",
"monitoringPasswordType": "7",
"monitoringUser": "SampleString_123",
"name": "HostName"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<radiusext-items>
<radiusprovider-items>
<RadiusProvider-list>
<name>HostName</name>
<monitoringIdleTime>459</monitoringIdleTime>
<monitoringPassword>SampleString_123</monitoringPassword>
<monitoringPasswordType>7</monitoringPasswordType>
<monitoringUser>SampleString_123</monitoringUser>
</RadiusProvider-list>
</radiusprovider-items>
</radiusext-items>
</userext-items>
</System>
Note: This example was added in Release 9.3(1).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
radius-server host HostName test username SampleString_123 password 7 SampleString_123 idle-time 459
aaaRadiusProvider Properties
The following table contains information about the aaaRadiusProvider properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| monitoringIdleTime | aaa:IdleTimer (scalar:Uint16) | Idle timer to monitor radius server | RANGE: [0 , 1440] DEFAULT: 0 |
| monitoringPassword | aaa:MonitoringPasswordType (aaa:EncKey) | Periodic Server Monitoring Password | RANGE: [1 , 32] DEFAULT: wawy |
| monitoringPasswordType | aaa:LdapPwdEnc (scalar:Enum8) | Monitoring password type | SELECTION: 0 - 0 7 - 7 DEFAULT: 7 |
| monitoringUser | aaa:MonitoringUserType (string:Basic) | Periodic Server Monitoring Username | MAX SIZE: 31 DEFAULT: test |
| name | pol:ObjName (naming:Name256) | Object name | MAX SIZE: 64 |
Related Documentation
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaRadiusEp | sys/userext/radiusext |
| aaaRadiusProvider | sys/userext/radiusext/radiusprovider-{[name]} |
aaaRadiusProvider Properties
The following table contains information about the aaaRadiusProvider properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| monitoringIdleTime | aaa:IdleTimer (scalar:Uint16) | Idle timer to monitor radius server | RANGE: [0 , 1440] DEFAULT: 0 |
| monitoringPassword | aaa:MonitoringPasswordType (aaa:EncKey) | Periodic Server Monitoring Password | RANGE: [1 , 32] DEFAULT: wawy |
| monitoringPasswordType | aaa:LdapPwdEnc (scalar:Enum8) | Monitoring password type | SELECTION: 0 - 0 7 - 7 DEFAULT: 7 |
| monitoringUser | aaa:MonitoringUserType (string:Basic) | Periodic Server Monitoring Username | MAX SIZE: 31 DEFAULT: test |
| name | pol:ObjName (naming:Name256) | Object name | MAX SIZE: 64 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting the Time Interval for Monitoring the Server
Deleting the Time Interval for Monitoring the Server
POST http://<mgmt0_IP>/api/mo/sys/userext/radiusext.json
{
"aaaRadiusEp": {
"children": [
{
"aaaRadiusProvider": {
"attributes": {
"monitoringIdleTime": "0",
"monitoringPassword": "test",
"monitoringPasswordType": "0",
"monitoringUser": "test",
"name": "HostName"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<radiusext-items>
<radiusprovider-items>
<RadiusProvider-list>
<name>HostName</name>
<monitoringIdleTime>0</monitoringIdleTime>
<monitoringPassword>test</monitoringPassword>
<monitoringPasswordType>0</monitoringPasswordType>
<monitoringUser>test</monitoringUser>
</RadiusProvider-list>
</radiusprovider-items>
</radiusext-items>
</userext-items>
</System>
Note: This example was added in Release 9.3(1).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
no radius-server host HostName test username SampleString_123 password 7 SampleString_123 idle-time 459
aaaRadiusProvider Properties
The following table contains information about the aaaRadiusProvider properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| monitoringIdleTime | aaa:IdleTimer (scalar:Uint16) | Idle timer to monitor radius server | RANGE: [0 , 1440] DEFAULT: 0 |
| monitoringPassword | aaa:MonitoringPasswordType (aaa:EncKey) | Periodic Server Monitoring Password | RANGE: [1 , 32] DEFAULT: wawy |
| monitoringPasswordType | aaa:LdapPwdEnc (scalar:Enum8) | Monitoring password type | SELECTION: 0 - 0 7 - 7 DEFAULT: 7 |
| monitoringUser | aaa:MonitoringUserType (string:Basic) | Periodic Server Monitoring Username | MAX SIZE: 31 DEFAULT: test |
| name | pol:ObjName (naming:Name256) | Object name | MAX SIZE: 64 |
Related Documentation
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaRadiusEp | sys/userext/radiusext |
| aaaRadiusProvider | sys/userext/radiusext/radiusprovider-{[name]} |
aaaRadiusProvider Properties
The following table contains information about the aaaRadiusProvider properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| monitoringIdleTime | aaa:IdleTimer (scalar:Uint16) | Idle timer to monitor radius server | RANGE: [0 , 1440] DEFAULT: 0 |
| monitoringPassword | aaa:MonitoringPasswordType (aaa:EncKey) | Periodic Server Monitoring Password | RANGE: [1 , 32] DEFAULT: wawy |
| monitoringPasswordType | aaa:LdapPwdEnc (scalar:Enum8) | Monitoring password type | SELECTION: 0 - 0 7 - 7 DEFAULT: 7 |
| monitoringUser | aaa:MonitoringUserType (string:Basic) | Periodic Server Monitoring Username | MAX SIZE: 31 DEFAULT: test |
| name | pol:ObjName (naming:Name256) | Object name | MAX SIZE: 64 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring the Time Interval for Monitoring the Server
Configuring the Time Interval for Monitoring the Server
POST http://<mgmt0_IP>/api/mo/sys/userext/radiusext.json
{
"aaaRadiusEp": {
"children": [
{
"aaaRadiusServerMonitor": {
"attributes": {
"idleTime": "1",
"name": "SampleString_123",
"passwordType": "7",
"pwd": "SampleString_123"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<radiusext-items>
<radiusservermonitor-items>
<idleTime>1</idleTime>
<name>SampleString_123</name>
<passwordType>7</passwordType>
<pwd>SampleString_123</pwd>
</radiusservermonitor-items>
</radiusext-items>
</userext-items>
</System>
Note: This example was added in Release 9.3(1).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
radius-server test username SampleString_123 password 7 SampleString_123 idle-time 1
aaaRadiusServerMonitor Properties
The following table contains information about the aaaRadiusServerMonitor properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| idleTime | aaa:IdleTimer (scalar:Uint16) | Idle timer to monitor tacacs/radius server | RANGE: [0 , 1440] DEFAULT: 0 |
| name | pol:ObjName (naming:Name256) | Object name | RANGE: [1 , 32] DEFAULT: test |
| passwordType | aaa:LdapPwdEnc (scalar:Enum8) | Radius Server Monitor Password type | SELECTION: 0 - 0 7 - 7 DEFAULT: 7 |
| pwd | aaa:MonitoringPasswordType (aaa:EncKey) | Password | RANGE: [1 , 32] DEFAULT: wawy |
Related Documentation
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaRadiusEp | sys/userext/radiusext |
| aaaRadiusServerMonitor | sys/userext/radiusext/radiusservermonitor |
aaaRadiusServerMonitor Properties
The following table contains information about the aaaRadiusServerMonitor properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| idleTime | aaa:IdleTimer (scalar:Uint16) | Idle timer to monitor tacacs/radius server | RANGE: [0 , 1440] DEFAULT: 0 |
| name | pol:ObjName (naming:Name256) | Object name | RANGE: [1 , 32] DEFAULT: test |
| passwordType | aaa:LdapPwdEnc (scalar:Enum8) | Radius Server Monitor Password type | SELECTION: 0 - 0 7 - 7 DEFAULT: 7 |
| pwd | aaa:MonitoringPasswordType (aaa:EncKey) | Password | RANGE: [1 , 32] DEFAULT: wawy |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting the Time Interval for Monitoring the Server
Deleting the Time Interval for Monitoring the Server
POST http://<mgmt0_IP>/api/mo/sys/userext/radiusext.json
{
"aaaRadiusEp": {
"children": [
{
"aaaRadiusServerMonitor": {
"attributes": {
"idleTime": "0",
"name": "test",
"passwordType": "0",
"pwd": "test"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<radiusext-items>
<radiusservermonitor-items>
<idleTime>0</idleTime>
<name>test</name>
<passwordType>0</passwordType>
<pwd>test</pwd>
</radiusservermonitor-items>
</radiusext-items>
</userext-items>
</System>
Note: This example was added in Release 9.3(1).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
no radius-server test username SampleString_123 password 7 SampleString_123 idle-time 1
aaaRadiusServerMonitor Properties
The following table contains information about the aaaRadiusServerMonitor properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| idleTime | aaa:IdleTimer (scalar:Uint16) | Idle timer to monitor tacacs/radius server | RANGE: [0 , 1440] DEFAULT: 0 |
| name | pol:ObjName (naming:Name256) | Object name | RANGE: [1 , 32] DEFAULT: test |
| passwordType | aaa:LdapPwdEnc (scalar:Enum8) | Radius Server Monitor Password type | SELECTION: 0 - 0 7 - 7 DEFAULT: 7 |
| pwd | aaa:MonitoringPasswordType (aaa:EncKey) | Password | RANGE: [1 , 32] DEFAULT: wawy |
Related Documentation
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaRadiusEp | sys/userext/radiusext |
| aaaRadiusServerMonitor | sys/userext/radiusext/radiusservermonitor |
aaaRadiusServerMonitor Properties
The following table contains information about the aaaRadiusServerMonitor properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| idleTime | aaa:IdleTimer (scalar:Uint16) | Idle timer to monitor tacacs/radius server | RANGE: [0 , 1440] DEFAULT: 0 |
| name | pol:ObjName (naming:Name256) | Object name | RANGE: [1 , 32] DEFAULT: test |
| passwordType | aaa:LdapPwdEnc (scalar:Enum8) | Radius Server Monitor Password type | SELECTION: 0 - 0 7 - 7 DEFAULT: 7 |
| pwd | aaa:MonitoringPasswordType (aaa:EncKey) | Password | RANGE: [1 , 32] DEFAULT: wawy |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide: