Configuring the VSH Roles and Rules

This section contains payload examples to demonstrate how to use the NX-API REST API to configure VSH roles and rules on the Cisco Nexus 3000 and 9000 Series switches.

Configuring Role

This section contains payload examples and CLIs to demonstrate how the NX-API REST APIs correspond to the CLI commands and to demonstrate how to configure roles.

Creating and Configuring a Role

Creating and Configuring a Role
```	


```[DME]
POST http://<IP_Address>/api/node/mo/sys/userext/role-test.json

{
  "aaaRole": {
    "attributes": {
      "descr": "test description",
      "denyVRF": "yes",
      "denyVLAN": "yes",
      "denyIntf": "yes"
}}}

{
  "imdata": []
}

Note: The property information for this example was added in Release 9.3(3).


Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MODN
aaaRole sys/userext/role-{[name]}


aaaRole Properties

The following table contains information about the aaaRole properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
descrpol:Descr
Description of the specified attribute
RANGE: [0 , 128]
DEFAULT: new role
denyVRFaaa:Boolean
(scalar:Enum8)		Deny all VRF except allowed onesSELECTION:
0 - no
1 - yes
DEFAULT: no
denyVLANaaa:Boolean
(scalar:Enum8)		Deny all VLAN except allowed onesSELECTION:
0 - no
1 - yes
DEFAULT: no
denyIntfaaa:Boolean
(scalar:Enum8)		Deny all interfaces except allowed onesSELECTION:
0 - no
1 - yes
DEFAULT: no


Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Creating and configuring a Rule in a Role

Creating and configuring a Rule in a Role

POST http://<IP_Address>/api/node/mo/sys/userext/role-test/rule-1.json

{
  "aaaRoleRule": {
    "attributes": {
      "ruleNumber": "1",
      "permission": "permit",
      "ruleAccess": "command",
      "cmdStr": "show version"
}}}

Creating and configuring a Rule in a Role

POST http://<IP_Address>/api/mo/sys/userext/role-test/rule-<number>.json

{
  "aaaRoleRule": {
    "attributes": {
      "ruleNumber": "2",
      "permission": "permit",
      "ruleAccess": "read",
      "ruleScope": "feature",
      "scopeEntity": "config"
}}}

Note: The property information for this example was added in Release 9.3(3).


Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MODN
aaaRoleRule sys/userext/role-{[name]}/rule-{ruleNumber}


aaaRoleRule Properties

The following table contains information about the aaaRoleRule properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
ruleNumberaaa:RuleNumberType
(scalar:Uint32)		Role Rule number
RANGE: [1 , 256]
permissionaaa:RulePermissionType
(scalar:Enum8)		Permission type permit or denySELECTION:
0 - none
1 - permit
2 - deny
ruleAccessaaa:RuleAccessType
(scalar:Enum8)		Rule access type command or read or read-writeSELECTION:
0 - none
1 - read
2 - read-write
3 - command
cmdStraaa:RuleCmdStrType
(string:Basic)		Allowed command string pattern
MAX SIZE: 128


Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring Terminal Log-All

Terminal Log-All enables the logging of all commands, including the show commands, to the accounting log.

Enabling Terminal Log-All

Enabling Terminal Log-All

POST http://<IP_Address>/api/api/mo/sys/termlog.json

{
  "terminalTerminalLog": {
    "attributes": {
      "logShowCommand": "1"
}}}


CLI Command

The CLI command below is the equivalent of the payload example displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.

terminal log-all

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Disabling Terminal Log-All

Disabling Terminal Log-All

POST http://<IP_Address>/api/api/mo/sys/termlog.json

{
  "terminalTerminalLog": {
    "attributes": {
      "logShowCommand": "0"
}}}

{
  "imdata": []
}


CLI Command

The CLI command below is the equivalent of the payload example displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload..

no terminal log-all

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html