Cisco Nexus 3000 and 9000 Series NX-API REST SDK User Guide and API Reference, Release 10.5(x)

Cisco Nexus 3000 and 9000 Series NX-API REST Documentation

Setting TACACS+ Configuration Data

DME

YANG

Copy
POST http://<IP_Address>/api/mo/sys/userext.json
{
 "aaaUserEp": {
   "children": [
    {
      "aaaTacacsPlusEp": {
        "attributes": {
          "deadtime": "10",
          "key": "fewhg",
          "keyEnc": "7",
          "timeout": "20"
    }}}]}}
Response
{
    imdata": []
}

Copy
<System>
  <userext-items>
    <tacacsext-items>
      <deadtime>10</deadtime>
      <key>fewhg</key>
      <keyEnc>7</keyEnc>
      <timeout>20</timeout>
    </tacacsext-items>
  </userext-items>
</System>

Configuring TACACS+

Setting TACACS+ Configuration Data

The aaaUser object contains an aaaTacacsPlusEp object that contains general TACACS+ information. By posting data to the tacacsext.json object, you can set this information.

CLI Commands

The CLI commands and options listed below are the equivalent to the payload example displayed in the pane on the right.

Posting this data is equivalent to issuing several tacacs-server commands, for example

tacacs-server key 7 fewhg
tacacs-server deadtime 10
tacacs-server timeout 20

Note: The property information for this example was added in Release 9.3(3).

Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
aaaUserEp	sys/userext
aaaTacacsPlusEp	sys/userext/tacacsext

aaaTacacsPlusEp Properties

The following table contains information about the aaaTacacsPlusEp properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
deadtime	aaa:TimeMin (scalar:Uint32)	Duration for which non-reachable server is skipped	RANGE: [0 , 1440] DEFAULT: 0
key	aaa:EncKey (string:Basic)	Global TACACS\+ server shared secret	MAX SIZE: 240
keyEnc	aaa:KeyEnc (scalar:Enum8)	Default key encryption	SELECTION: 0 - 0 6 - 6 7 - 7 DEFAULT: 0
timeout	aaa:TimeSec (scalar:Uint32)	The amount of time between authentication attempts.	RANGE: [1 , 60] DEFAULT: 5

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring the TACACS+ Global Dead-Time Interval

Specifies the number of minutes before the Cisco NX-OS device checks a TACACS+ server that was previously unresponsive. The default value is 0 minutes, and the valid range is from 0 to 1440 minutes.

CLI Commands

The CLI command below is the equivalent of the payload example displayed in the pane on the right.

tacacs-server deadtime 15

Note: The property information for this example was added in Release 9.3(3).

MO	DN
aaaUserEp	sys/userext
aaaTacacsPlusEp	sys/userext/tacacsext

aaaTacacsPlusEp Properties

Property Name	Data Type	Description	Values
deadtime	aaa:TimeMin (scalar:Uint32)	Duration for which non-reachable server is skipped	RANGE: [0 , 1440] DEFAULT: 0

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Querying TACACS+ Configuration Data

The aaaUser object contains an aaaTacacsPlusEp object that contains general TACACS+ information. By querying the tacacsext.json object, you can obtain this information.

Note: The property information for this example was added in Release 9.3(3).

MO	DN
aaaTacacsPlusEp	sys/userext/tacacsext

aaaTacacsPlusEp Properties

Property Name	Data Type	Description	Values
childAction	mo:ModificationChildAction scalar:Bitmask32	Delete or ignore. For internal use only.	SELECTION: 16384u - deleteAll 4096u - ignore 8192u - deleteNonPresent DEFAULT: 0
deadtime	aaa:TimeMin (scalar:Uint32)	Duration for which non-reachable server is skipped	RANGE: [0 , 1440] DEFAULT: 0
descr	pol:Descr	Description of the specified attribute
directedReq	NA	NA	NA
dn	reference:BinRef	A tag or metadata is a non-hierarchical keyword or term assigned to the fabric module.
lcOwn	NA	NA	NA
modTs	mo:TStamp (scalar:Date)	The time when this object was last modified.	SELECTION: 0 - never DEFAULT: never
monPolDn	reference:BinRef	The monitoring policy attached to this observable object.
name	pol:ObjName (naming:Name256)	Object name	MAX SIZE: 64
ownerKey	naming:Descr (string:Basic)	The key for enabling clients to own their data for entity correlation.	MAX SIZE: 128
ownerTag	naming:Descr1024 (string:Basic)	A tag for enabling clients to add their own data. For example, to indicate who created this object.	MAX SIZE: 64
retries	aaa:Retries (scalar:Uint32)	The number of attempts that the authentication method is tried.	RANGE: [0 , 5] DEFAULT: 1
srcIf	nw:IfId (base:IfIndex)	Source Interface	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
status	mo:ModificationStatus (scalar:Bitmask32)	The upgrade status. This property is for internal use only.	SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced
timeout	aaa:TimeSec (scalar:Uint32)	The amount of time between authentication attempts.	RANGE: [1 , 60] DEFAULT: 5
uid	scalar:Uint16	A unique identifier for this object.

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Setting TACACS+ Provider Information

Specifies a secret key for a specific TACACS+ server. You can specify that the key-value is in clear text format (0), is type-6 encrypted (6), or is type-7 encrypted (7). The Cisco NX-OS software encrypts a clear text key before saving it to the running configuration. The default format is clear text. The maximum length is 63 characters.

This secret key is used instead of the global secret key.

This example also specifies the TCP port to use for TACACS+ messages to the server. The default TCP port is 49. The range is from 1 to 65535.

The aaaUser object contains a tacacsplusprovider-tns object that contains TACACS+ provider configuration data. Using an POST method, you can set the TACACS+ provider settings for a switch.

CLI Commands

The CLI command below is the equivalent of the payload example displayed in the pane on the right.

tacacs-server host tns key 7 test port 50

Note: The property information for this example was added in Release 9.3(3).

MO	DN
aaaTacacsPlusEp	sys/userext/tacacsext
aaaTacacsPlusProvider	sys/userext/tacacsext/tacacsplusprovider-{[name]}

aaaTacacsPlusProvider Properties

The following table contains information about the aaaTacacsPlusProvider properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
key	aaa:EncKey (string:Basic)	A password for the AAA provider database.	MAX SIZE: 240
keyEnc	aaa:KeyEnc (scalar:Enum8)	Default key encryption	SELECTION: 0 - 0 6 - 6 7 - 7 DEFAULT: inherit-from-global
name	pol:ObjName (naming:Name256)	Object name	MAX SIZE: 64
port	aaa:Port (scalar:Uint32)	The service port number for the TACACS\+ service.	RANGE: [1 , 65535] DEFAULT: 49

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting TACACS+ Provider Information

Deletes TACACS+ provider information.

The aaaUser object contains a tacacsplusprovider-tns object that contains TACACS+ provider configuration data. Using an HTTP DELETE call, you can delete the TACACS+ provider settings for a switch.

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

Querying TACACS+ Provider Information

The aaaUser object contains a tacacsplusprovider-tns object that contains TACACS+ provider configuration data. Using an HTTP GET method, you can return the TACACS+ provider settings for a switch.

Note: The property information for this example was added in Release 9.3(3).

MO	DN
aaaTacacsPlusProvider	sys/userext/tacacsext/tacacsplusprovider-{[name]}

aaaTacacsPlusProvider Properties

Property Name	Data Type	Description	Values
authProtocol	aaa:authenticationProtocol (scalar:Enum8)	The TACACS\+ authentication protocol.	SELECTION: 0 - pap 1 - chap 2 - mschap 3 - mschapv2 4 - ascii DEFAULT: pap
childAction	mo:ModificationChildAction scalar:Bitmask32	Delete or ignore. For internal use only.	SELECTION: 16384u - deleteAll 4096u - ignore 8192u - deleteNonPresent DEFAULT: 0
descr	pol:Descr	Description of the specified attribute
dn	reference:BinRef	A tag or metadata is a non-hierarchical keyword or term assigned to the fabric module.
epgDn	reference:BinRef	Management EpG dn
keySet	scalar:Bool	NO COMMENTS	SELECTION: false - no true - yes DEFAULT: no(false)
lcOwn	NA	NA	NA
modTs	mo:TStamp (scalar:Date)	The time when this object was last modified.	SELECTION: 0 - never DEFAULT: never
monPolDn	reference:BinRef	The monitoring policy attached to this observable object.
monitorServer	aaa:MonitorServerType scalar:Enum8		SELECTION: 0 - disabled 1 - enabled DEFAULT: disabled(0)
monitoringUser	aaa:MonitoringUserType (string:Basic)	Periodic Server Monitoring Username	MAX SIZE: 31 DEFAULT: test
name	pol:ObjName (naming:Name256)	Object name	MAX SIZE: 64
operState	aaa:ProviderState scalar:Enum8	The current state of the provider.	SELECTION: 0 - unknown 1 - operable 2 - inoperable DEFAULT: unknown(0)
ownerKey	naming:Descr (string:Basic)	The key for enabling clients to own their data for entity correlation.	MAX SIZE: 128
ownerTag	naming:Descr1024 (string:Basic)	A tag for enabling clients to add their own data. For example, to indicate who created this object.	MAX SIZE: 64
port	aaa:Port (scalar:Uint32)	The service port number for the TACACS\+ service.	RANGE: [1 , 65535] DEFAULT: 49
retries	aaa:Retries (scalar:Uint32)	RANGE: [0 , 5] DEFAULT: inherit-from-global
snmpIndex	aaa:ProviderSnmpIndex (scalar:Uint32)	RANGE: [0, 4294967295]
status	mo:ModificationStatus (scalar:Bitmask32)	The upgrade status. This property is for internal use only.	SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced
timeout	aaa:TimeSec (scalar:Uint32)	The amount of time between authentication attempts.	RANGE: [0 , 60] DEFAULT: 0
uid	scalar:Uint16	A unique identifier for this object.
vrfName	l3:VrfName string:Basic	The VRF to which this client group belongs.

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Querying TACACS+ Provider Group Information

The /sys/userext object contains a tacacsplusprovidergroup-tac1 object that contains TACACS+ Provider group configuration. Using an HTTP GET request, you can retrieve the configuration information for this object.

Note: The property information for this example was added in Release 9.3(3).

MO	DN
aaaTacacsPlusProviderGroup	sys/userext/tacacsext/tacacsplusprovidergroup-{[name]}

aaaTacacsPlusProviderGroup Properties

The following table contains information about the aaaTacacsPlusProviderGroup properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
childAction	mo:ModificationChildAction scalar:Bitmask32	Delete or ignore. For internal use only.	SELECTION: 16384u - deleteAll 4096u - ignore 8192u - deleteNonPresent DEFAULT: 0
deadtime	aaa:ProviderGroupDeadtime (scalar:Uint32)	Duration for which non-reachable server is skipped	RANGE: [0 , 1440] DEFAULT: 0
descr	pol:Descr	Description of the specified attribute
dn	reference:BinRef	A tag or metadata is a non-hierarchical keyword or term assigned to the fabric module.
modTs	mo:TStamp (scalar:Date)	The time when this object was last modified.	SELECTION: 0 - never DEFAULT: never
name	pol:ObjName (naming:Name256)	Object name	RANGE: [0 , 127]
ownerKey	naming:Descr (string:Basic)	The key for enabling clients to own their data for entity correlation.	MAX SIZE: 128
ownerTag	naming:Descr1024 (string:Basic)	A tag for enabling clients to add their own data. For example, to indicate who created this object.	MAX SIZE: 64
persistentOnReload	mo:Persistent scalar:Enum8	NO COMMENTS	SELECTION: 0 - false 1 - true DEFAULT: true(1)
snmpIndex	aaa:ProviderGroupSnmpIndex (scalar:Uint32)	RANGE: [0, 4294967295]
srcIf	nw:IfId (base:IfIndex)	Source Interface	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100
status	mo:ModificationStatus (scalar:Bitmask32)	The upgrade status. This property is for internal use only.	SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced
uid	scalar:Uint16	A unique identifier for this object.
vrf	l3:VrfName (string:Basic)	VRF	A sequence of characters DEFAULT: default

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting TACACS+ Provider Group Reference Information

This deletes TACACS+ provider group reference information.

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

Querying TACACS+ Provider Group Reference Information

Getting TACACS+ Provider Group Reference Information

The /sys/userext object contains a tacacsplusprovidergroup-tac1 reference object that contains TACACS+ Provider group reference configuration. Using an HTTP GET request, you can retrieve the configuration information for this object.

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

Setting a TACACS+ Key for All TACACS+ Servers

Specifies a TACACS+ key for all TACACS+ servers.

CLI Commands

The CLI command below is the equivalent of the payload example displayed in the pane on the right.

tacacs-server key 0 QsEfThUkO

Note: The property information for this example was added in Release 9.3(3).

MO	DN
aaaUserEp	sys/userext
aaaTacacsPlusEp	sys/userext/tacacsext

aaaTacacsPlusEp Properties

Property Name	Data Type	Description	Values
key	aaa:EncKey (string:Basic)	Global TACACS\+ server shared secret	MAX SIZE: 240
keyEnc	aaa:KeyEnc (scalar:Enum8)	Default key encryption	SELECTION: 0 - 0 6 - 6 7 - 7 DEFAULT: 0

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Setting the Timeout Interval for TACACS+ Servers

Specifies the global TACACS+ server timeout period in seconds.

CLI Commands

The CLI command below is the equivalent of the payload example displayed in the pane on the right.

tacacs-server timeout 10

Note: The property information for this example was added in Release 9.3(3).

MO	DN
aaaUserEp	sys/userext
aaaTacacsPlusEp	sys/userext/tacacsext

aaaTacacsPlusEp Properties

Property Name	Data Type	Description	Values
timeout	aaa:TimeSec (scalar:Uint32)	The amount of time between authentication attempts.	RANGE: [1 , 60] DEFAULT: 5

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring the Global Source Interface for All TACACS+ Server Groups Configured on a Device

Specifies the source interface to be used to reach the TACACS+ server.

CLI Commands

The CLI command below is the equivalent of the payload example displayed in the pane on the right.

ip tacacs source-interface mgmt 0

Note: The property information for this example was added in Release 9.3(3).

MO	DN
aaaUserEp	sys/userext
aaaTacacsPlusEp	sys/userext/tacacsext

aaaTacacsPlusEp Properties

Property Name	Data Type	Description	Values
srcIf	nw:IfId (base:IfIndex)	Source Interface	Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring a TACACS+ Server with a Clear Text Encryption, the Timeout Period, and Single Connection

Note: This example was added in Release 9.2(2).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

tacacs-server host 1.2.3.4 key 0 <s0> port 1 timeout 1 single-connection

Note: The property information for this example was added in Release 9.3(3).

MO	DN
aaaTacacsPlusEp	sys/userext/tacacsext
aaaTacacsPlusProvider	sys/userext/tacacsext/tacacsplusprovider-{[name]}

aaaTacacsPlusProvider Properties

Property Name	Data Type	Description	Values
key	aaa:EncKey (string:Basic)	A password for the AAA provider database.	MAX SIZE: 240
keyEnc	aaa:KeyEnc (scalar:Enum8)	Default key encryption	SELECTION: 0 - 0 6 - 6 7 - 7 DEFAULT: inherit-from-global
name	pol:ObjName (naming:Name256)	Object name	MAX SIZE: 64
port	aaa:Port (scalar:Uint32)	The service port number for the TACACS\+ service.	RANGE: [1 , 65535] DEFAULT: 49
singleConnection	aaa:Boolean (scalar:Enum8)	TACACS\+ single connection mode enabled	SELECTION: 0 - no 1 - yes DEFAULT: no
timeout	aaa:TimeSec (scalar:Uint32)	The amount of time between authentication attempts.	RANGE: [0 , 60] DEFAULT: 0

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting a TACACS+ Server with a Clear Text Encryption, the Timeout Period, and Single Connection

Note: This example was added in Release 9.2(2).

CLI Commands

no tacacs-server host 1.2.3.4 key 0 <s0> port 1 timeout 1 single-connection

Note: The property information for this example was added in Release 9.3(3).

MO	DN
aaaTacacsPlusEp	sys/userext/tacacsext
aaaTacacsPlusProvider	sys/userext/tacacsext/tacacsplusprovider-{[name]}

aaaTacacsPlusProvider Properties

Property Name	Data Type	Description	Values
key	aaa:EncKey (string:Basic)	A password for the AAA provider database.	MAX SIZE: 240
keyEnc	aaa:KeyEnc (scalar:Enum8)	Default key encryption	SELECTION: 0 - 0 6 - 6 7 - 7 DEFAULT: inherit-from-global
name	pol:ObjName (naming:Name256)	Object name	MAX SIZE: 64
port	aaa:Port (scalar:Uint32)	The service port number for the TACACS\+ service.	RANGE: [1 , 65535] DEFAULT: 49
singleConnection	aaa:Boolean (scalar:Enum8)	TACACS\+ single connection mode enabled	SELECTION: 0 - no 1 - yes DEFAULT: no
timeout	aaa:TimeSec (scalar:Uint32)	The amount of time between authentication attempts.	RANGE: [0 , 60] DEFAULT: 0

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring a TACACS+ Server with a Type-6 Encryption, the Timeout Period, and Single Connection

Configuring Type-6 Encryption, the Timeout Period, and Single Connection

Note: This example was added in Release 9.2(2).

CLI Commands

tacacs-server host 2.3.4.5 key 6 <s6> port 1 timeout 1 single-connection

Note: The property information for this example was added in Release 9.3(3).

MO	DN
aaaTacacsPlusEp	sys/userext/tacacsext
aaaTacacsPlusProvider	sys/userext/tacacsext/tacacsplusprovider-{[name]}

aaaTacacsPlusProvider Properties

Property Name	Data Type	Description	Values
key	aaa:EncKey (string:Basic)	A password for the AAA provider database.	MAX SIZE: 240
keyEnc	aaa:KeyEnc (scalar:Enum8)	Default key encryption	SELECTION: 0 - 0 6 - 6 7 - 7 DEFAULT: inherit-from-global
name	pol:ObjName (naming:Name256)	Object name	MAX SIZE: 64
port	aaa:Port (scalar:Uint32)	The service port number for the TACACS\+ service.	RANGE: [1 , 65535] DEFAULT: 49
singleConnection	aaa:Boolean (scalar:Enum8)	TACACS\+ single connection mode enabled	SELECTION: 0 - no 1 - yes DEFAULT: no
timeout	aaa:TimeSec (scalar:Uint32)	The amount of time between authentication attempts.	RANGE: [0 , 60] DEFAULT: 0

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting a TACACS+ Server with a Type-6 Encryption, the Timeout Period, and Single Connection

Note: This example was added in Release 9.2(2).

CLI Commands

no tacacs-server host 2.3.4.5 key 6 <s6> port 1 timeout 1 single-connection

Note: The property information for this example was added in Release 9.3(3).

MO	DN
aaaTacacsPlusEp	sys/userext/tacacsext
aaaTacacsPlusProvider	sys/userext/tacacsext/tacacsplusprovider-{[name]}

aaaTacacsPlusProvider Properties

Property Name	Data Type	Description	Values
key	aaa:EncKey (string:Basic)	A password for the AAA provider database.	MAX SIZE: 240
keyEnc	aaa:KeyEnc (scalar:Enum8)	Default key encryption	SELECTION: 0 - 0 6 - 6 7 - 7 DEFAULT: inherit-from-global
name	pol:ObjName (naming:Name256)	Object name	MAX SIZE: 64
port	aaa:Port (scalar:Uint32)	The service port number for the TACACS\+ service.	RANGE: [1 , 65535] DEFAULT: 49
singleConnection	aaa:Boolean (scalar:Enum8)	TACACS\+ single connection mode enabled	SELECTION: 0 - no 1 - yes DEFAULT: no
timeout	aaa:TimeSec (scalar:Uint32)	The amount of time between authentication attempts.	RANGE: [0 , 60] DEFAULT: 0

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring a TACACS+ Server with a Type-7 Encryption, the Timeout Period, and Single Connection

Note: This example was added in Release 9.2(2).

CLI Commands

tacacs-server host 1.2.3.4 key 7 "dxg123" port 1 timeout 1 single-connection

Note: The property information for this example was added in Release 9.3(3).

MO	DN
aaaTacacsPlusEp	sys/userext/tacacsext
aaaTacacsPlusProvider	sys/userext/tacacsext/tacacsplusprovider-{[name]}

aaaTacacsPlusProvider Properties

Property Name	Data Type	Description	Values
key	aaa:EncKey (string:Basic)	A password for the AAA provider database.	MAX SIZE: 240
keyEnc	aaa:KeyEnc (scalar:Enum8)	Default key encryption	SELECTION: 0 - 0 6 - 6 7 - 7 DEFAULT: inherit-from-global
name	pol:ObjName (naming:Name256)	Object name	MAX SIZE: 64
port	aaa:Port (scalar:Uint32)	The service port number for the TACACS\+ service.	RANGE: [1 , 65535] DEFAULT: 49
singleConnection	aaa:Boolean (scalar:Enum8)	TACACS\+ single connection mode enabled	SELECTION: 0 - no 1 - yes DEFAULT: no
timeout	aaa:TimeSec (scalar:Uint32)	The amount of time between authentication attempts.	RANGE: [0 , 60] DEFAULT: 0

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting a TACACS+ Server with a Type-6 Encryption, the Timeout Period, and Single Connection

Note: This example was added in Release 9.2(2).

CLI Commands

no tacacs-server host 1.2.3.4 key 7 "dxg123" port 1 timeout 1 single-connection

Note: The property information for this example was added in Release 9.3(3).

MO	DN
aaaTacacsPlusEp	sys/userext/tacacsext
aaaTacacsPlusProvider	sys/userext/tacacsext/tacacsplusprovider-{[name]}

aaaTacacsPlusProvider Properties

Property Name	Data Type	Description	Values
key	aaa:EncKey (string:Basic)	A password for the AAA provider database.	MAX SIZE: 240
keyEnc	aaa:KeyEnc (scalar:Enum8)	Default key encryption	SELECTION: 0 - 0 6 - 6 7 - 7 DEFAULT: inherit-from-global
name	pol:ObjName (naming:Name256)	Object name	MAX SIZE: 64
port	aaa:Port (scalar:Uint32)	The service port number for the TACACS\+ service.	RANGE: [1 , 65535] DEFAULT: 49
singleConnection	aaa:Boolean (scalar:Enum8)	TACACS\+ single connection mode enabled	SELECTION: 0 - no 1 - yes DEFAULT: no
timeout	aaa:TimeSec (scalar:Uint32)	The amount of time between authentication attempts.	RANGE: [0 , 60] DEFAULT: 0

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring the TACACS Server Timeout Period

Note: This example was added in Release 9.3(1).

CLI Commands

tacacs-server host HostName key 7 SampleString_123 port 28472 timeout 18

aaaTacacsPlusProvider Properties

Property Name	Data Type	Description	Values
key	aaa:EncKey (string:Basic)	A password for the AAA provider database.	MAX SIZE: 240
keyEnc	aaa:KeyEnc (scalar:Enum8)	Default key encryption	SELECTION: 0 - 0 6 - 6 7 - 7 DEFAULT: inherit-from-global
name	pol:ObjName (naming:Name256)	Object name	MAX SIZE: 64
port	aaa:Port (scalar:Uint32)	The service port number for the TACACS\+ service.	RANGE: [1 , 65535] DEFAULT: 49
timeout	aaa:TimeSec (scalar:Uint32)	The amount of time between authentication attempts.	RANGE: [0 , 60] DEFAULT: 0

Related Documentation

Note: The property information for this example was added in Release 9.3(3).

MO	DN
aaaTacacsPlusEp	sys/userext/tacacsext
aaaTacacsPlusProvider	sys/userext/tacacsext/tacacsplusprovider-{[name]}

aaaTacacsPlusProvider Properties

Property Name	Data Type	Description	Values
key	aaa:EncKey (string:Basic)	A password for the AAA provider database.	MAX SIZE: 240
keyEnc	aaa:KeyEnc (scalar:Enum8)	Default key encryption	SELECTION: 0 - 0 6 - 6 7 - 7 DEFAULT: inherit-from-global
name	pol:ObjName (naming:Name256)	Object name	MAX SIZE: 64
port	aaa:Port (scalar:Uint32)	The service port number for the TACACS\+ service.	RANGE: [1 , 65535] DEFAULT: 49
timeout	aaa:TimeSec (scalar:Uint32)	The amount of time between authentication attempts.	RANGE: [0 , 60] DEFAULT: 0

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring the Time Interval for Monitoring the Server (for Test Packets)

Note: This example was added in Release 9.3(1).

CLI Commands

tacacs-server test username SampleString_123 password 0 SampleString_123 idle-time 1

Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
aaaTacacsPlusEp	sys/userext/tacacsext
aaaTacacsServerMonitor	sys/userext/tacacsext/tacacsservermonitor

aaaTacacsServerMonitor Properties

The following table contains information about the aaaTacacsServerMonitor properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
idleTime	aaa:IdleTimer (scalar:Uint16)	Idle timer to monitor tacacs/radius server	RANGE: [0 , 1440] DEFAULT: 0
name	pol:ObjName (naming:Name256)	Name	RANGE: [1 , 32] DEFAULT: test
passwordType	aaa:LdapPwdEnc (scalar:Enum8)	Tacacs Server Monitor Password type	SELECTION: 0 - 0 7 - 7 DEFAULT: 0
pwd	aaa:MonitoringPasswordType (aaa:EncKey)	Password	RANGE: [1 , 32] DEFAULT: test

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting the Time Interval for Monitoring the Server (for Test Packets)

Note: This example was added in Release 9.3(1).

CLI Commands

no tacacs-server test username SampleString_123 password 0 SampleString_123 idle-time 1

Verifying a DME Configuration

MO	DN
aaaTacacsPlusEp	sys/userext/tacacsext
aaaTacacsServerMonitor	sys/userext/tacacsext/tacacsservermonitor

aaaTacacsServerMonitor Properties

Property Name	Data Type	Description	Values
idleTime	aaa:IdleTimer (scalar:Uint16)	Idle timer to monitor tacacs/radius server	RANGE: [0 , 1440] DEFAULT: 0
name	pol:ObjName (naming:Name256)	Name	RANGE: [1 , 32] DEFAULT: test
passwordType	aaa:LdapPwdEnc (scalar:Enum8)	Tacacs Server Monitor Password type	SELECTION: 0 - 0 7 - 7 DEFAULT: 0
pwd	aaa:MonitoringPasswordType (aaa:EncKey)	Password	RANGE: [1 , 32] DEFAULT: test

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring the Time Interval for Monitoring the Server (for a Host Server)

Note: This example was added in Release 9.3(1).

CLI Commands

tacacs-server host HostName test username SampleString_123 password 7 SampleString_123 idle-time 104

Verifying a DME Configuration

MO	DN
aaaTacacsPlusEp	sys/userext/tacacsext
aaaTacacsPlusProvider	sys/userext/tacacsext/tacacsplusprovider-[HostName]

aaaTacacsPlusProvider Properties

Property Name	Data Type	Description	Values
monitoringIdleTime	aaa:IdleTimer (scalar:Uint16)	Idle timer to monitor tacacs server	RANGE: [0 , 1440] DEFAULT: 0
monitoringPassword	aaa:MonitoringPasswordType (aaa:EncKey)	Periodic Server Monitoring Password	RANGE: [1 , 32] DEFAULT: test
monitoringPasswordType	aaa:LdapPwdEnc (scalar:Enum8)	Monitoring password type	SELECTION: 0 - 0 7 - 7 DEFAULT: 0
monitoringUser	aaa:MonitoringUserType (string:Basic)	Periodic Server Monitoring Username	MAX SIZE: 31 DEFAULT: test
name	pol:ObjName (naming:Name256)	Name	RANGE: [1 , 32] DEFAULT: test

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting the Time Interval for Monitoring the Server (for a Host Server)

Note: This example was added in Release 9.3(1).

CLI Commands

no tacacs-server host HostName test username SampleString_123 password 7 SampleString_123 idle-time 104

Verifying a DME Configuration

MO	DN
aaaTacacsPlusEp	sys/userext/tacacsext
aaaTacacsPlusProvider	sys/userext/tacacsext/tacacsplusprovider-[HostName]

aaaTacacsPlusProvider Properties

Property Name	Data Type	Description	Values
monitoringIdleTime	aaa:IdleTimer (scalar:Uint16)	Idle timer to monitor tacacs server	RANGE: [0 , 1440] DEFAULT: 0
monitoringPassword	aaa:MonitoringPasswordType (aaa:EncKey)	Periodic Server Monitoring Password	RANGE: [1 , 32] DEFAULT: test
monitoringPasswordType	aaa:LdapPwdEnc (scalar:Enum8)	Monitoring password type	SELECTION: 0 - 0 7 - 7 DEFAULT: 0
monitoringUser	aaa:MonitoringUserType (string:Basic)	Periodic Server Monitoring Username	MAX SIZE: 31 DEFAULT: test
name	pol:ObjName (naming:Name256)	Name	RANGE: [1 , 32] DEFAULT: test

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html