Configuring TACACS+
Setting TACACS+ Configuration Data
Setting TACACS+ Configuration Data
POST http://<IP_Address>/api/mo/sys/userext.json
{
"aaaUserEp": {
"children": [
{
"aaaTacacsPlusEp": {
"attributes": {
"deadtime": "10",
"key": "fewhg",
"keyEnc": "7",
"timeout": "20"
}}}]}}
{
imdata": []
}
<System>
<userext-items>
<tacacsext-items>
<deadtime>10</deadtime>
<key>fewhg</key>
<keyEnc>7</keyEnc>
<timeout>20</timeout>
</tacacsext-items>
</userext-items>
</System>
The aaaUser object contains an aaaTacacsPlusEp object that contains general TACACS+ information. By posting data to the tacacsext.json object, you can set this information.
CLI Commands
The CLI commands and options listed below are the equivalent to the payload example displayed in the pane on the right.
Posting this data is equivalent to issuing several tacacs-server commands, for example
tacacs-server key 7 fewhgtacacs-server deadtime 10tacacs-server timeout 20
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaUserEp | sys/userext |
| aaaTacacsPlusEp | sys/userext/tacacsext |
aaaTacacsPlusEp Properties
The following table contains information about the aaaTacacsPlusEp properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| deadtime | aaa:TimeMin (scalar:Uint32) | Duration for which non-reachable server is skipped | RANGE: [0 , 1440] DEFAULT: 0 |
| key | aaa:EncKey (string:Basic) | Global TACACS\+ server shared secret | MAX SIZE: 240 |
| keyEnc | aaa:KeyEnc (scalar:Enum8) | Default key encryption | SELECTION: 0 - 0 6 - 6 7 - 7 DEFAULT: 0 |
| timeout | aaa:TimeSec (scalar:Uint32) | The amount of time between authentication attempts. | RANGE: [1 , 60] DEFAULT: 5 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring the TACACS+ Global Dead-Time Interval
Configuring the TACACS+ Global Dead-Time Interval
POST http://<IP_Address>/api/mo/sys/userext.json
{
"aaaUserEp": {
"children": [
{
"aaaTacacsPlusEp": {
"attributes": {
"deadtime": "15"
}}}]}}
{
imdata": []
}
<System>
<userext-items>
<tacacsext-items>
<deadtime>15</deadtime>
</tacacsext-items>
</userext-items>
</System>
Specifies the number of minutes before the Cisco NX-OS device checks a TACACS+ server that was previously unresponsive. The default value is 0 minutes, and the valid range is from 0 to 1440 minutes.
CLI Commands
The CLI command below is the equivalent of the payload example displayed in the pane on the right.
tacacs-server deadtime 15
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaUserEp | sys/userext |
| aaaTacacsPlusEp | sys/userext/tacacsext |
aaaTacacsPlusEp Properties
The following table contains information about the aaaTacacsPlusEp properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| deadtime | aaa:TimeMin (scalar:Uint32) | Duration for which non-reachable server is skipped | RANGE: [0 , 1440] DEFAULT: 0 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Querying TACACS+ Configuration Data
Querying TACACS+ Configuration Data
GET http://<IP_Address>/api/node/mo/sys/userext/tacacsext.json
{
"totalCount": "1",
"imdata": [
{
"aaaTacacsPlusEp": {
"attributes": {
"childAction": "",
"deadtime": "10",
"descr": "",
"directedReq": "no",
"dn": "sys/userext/tacacsext",
"lcOwn": "local",
"modTs": "2015-02-02T12:56:13.788+00:00",
"monPolDn": "uni/fabric/monfab-default",
"name": "",
"ownerKey": "",
"ownerTag": "",
"retries": "1",
"srcIf": "unspecified",
"status": "",
"timeout": "20",
"uid": "0"
}}}]}
The aaaUser object contains an aaaTacacsPlusEp object that contains general TACACS+ information. By querying the tacacsext.json object, you can obtain this information.
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaTacacsPlusEp | sys/userext/tacacsext |
aaaTacacsPlusEp Properties
The following table contains information about the aaaTacacsPlusEp properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| childAction | mo:ModificationChildAction scalar:Bitmask32 | Delete or ignore. For internal use only. | SELECTION:
|
| deadtime | aaa:TimeMin (scalar:Uint32) | Duration for which non-reachable server is skipped | RANGE: [0 , 1440] DEFAULT: 0 |
| descr | pol:Descr | Description of the specified attribute | |
| directedReq | NA | NA | NA |
| dn | reference:BinRef | A tag or metadata is a non-hierarchical keyword or term assigned to the fabric module. | |
| lcOwn | NA | NA | NA |
| modTs | mo:TStamp (scalar:Date) | The time when this object was last modified. | SELECTION: 0 - never DEFAULT: never |
| monPolDn | reference:BinRef | The monitoring policy attached to this observable object. | |
| name | pol:ObjName (naming:Name256) | Object name | MAX SIZE: 64 |
| ownerKey | naming:Descr (string:Basic) | The key for enabling clients to own their data for entity correlation. | MAX SIZE: 128 |
| ownerTag | naming:Descr1024 (string:Basic) | A tag for enabling clients to add their own data. For example, to indicate who created this object. | MAX SIZE: 64 |
| retries | aaa:Retries (scalar:Uint32) | The number of attempts that the authentication method is tried. | RANGE: [0 , 5] DEFAULT: 1 |
| srcIf | nw:IfId (base:IfIndex) | Source Interface | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
| status | mo:ModificationStatus (scalar:Bitmask32) | The upgrade status. This property is for internal use only. | SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced |
| timeout | aaa:TimeSec (scalar:Uint32) | The amount of time between authentication attempts. | RANGE: [1 , 60] DEFAULT: 5 |
| uid | scalar:Uint16 | A unique identifier for this object. |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Setting TACACS+ Provider Information
Setting TACACS+ Provider Information
POST http://<IP_Address>/api/mo/sys/userext/tacacsext.json
{
"aaaTacacsPlusEp": {
"children": [
{
"aaaTacacsPlusProvider": {
"attributes": {
"key": "test",
"keyEnc": "7",
"name": "tns",
"port": "50"
}}}]}}
{
imdata": []
}
<System>
<userext-items>
<tacacsext-items>
<tacacsplusprovider-items>
<TacacsPlusProvider-list>
<name>tns</name>
<key>test</key>
<keyEnc>7</keyEnc>
<port>50</port>
</TacacsPlusProvider-list>
</tacacsplusprovider-items>
</tacacsext-items>
</userext-items>
</System>
Specifies a secret key for a specific TACACS+ server. You can specify that the key-value is in clear text format (0), is type-6 encrypted (6), or is type-7 encrypted (7). The Cisco NX-OS software encrypts a clear text key before saving it to the running configuration. The default format is clear text. The maximum length is 63 characters.
This secret key is used instead of the global secret key.
This example also specifies the TCP port to use for TACACS+ messages to the server. The default TCP port is 49. The range is from 1 to 65535.
The aaaUser object contains a tacacsplusprovider-tns object that contains TACACS+ provider configuration data. Using an POST method, you can set the TACACS+ provider settings for a switch.
CLI Commands
The CLI command below is the equivalent of the payload example displayed in the pane on the right.
tacacs-server host tns key 7 test port 50
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaTacacsPlusEp | sys/userext/tacacsext |
| aaaTacacsPlusProvider | sys/userext/tacacsext/tacacsplusprovider-{[name]} |
aaaTacacsPlusProvider Properties
The following table contains information about the aaaTacacsPlusProvider properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| key | aaa:EncKey (string:Basic) | A password for the AAA provider database. | MAX SIZE: 240 |
| keyEnc | aaa:KeyEnc (scalar:Enum8) | Default key encryption | SELECTION: 0 - 0 6 - 6 7 - 7 DEFAULT: inherit-from-global |
| name | pol:ObjName (naming:Name256) | Object name | MAX SIZE: 64 |
| port | aaa:Port (scalar:Uint32) | The service port number for the TACACS\+ service. | RANGE: [1 , 65535] DEFAULT: 49 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting TACACS+ Provider Information
Deleting TACACS+ Provider Information
HTTP DELETE http://IP_Address/api/node/mo/sys/userext/tacacsext/tacacsplusprovider-tns.json
{
imdata": []
}
Deletes TACACS+ provider information.
The aaaUser object contains a tacacsplusprovider-tns object that contains TACACS+ provider configuration data. Using an HTTP DELETE call, you can delete the TACACS+ provider settings for a switch.
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
Querying TACACS+ Provider Information
Querying TACACS+ Provider Information
GET http://<IP_Address>/api/node/mo/sys/userext/tacacsext/tacacsplusprovider-tns.json
{
"totalCount": "1",
"imdata": [
{
"aaaTacacsPlusProvider": {
"attributes": {
"authProtocol": "pap",
"childAction": "",
"descr": "",
"dn": "sys/userext/tacacsext/tacacsplusprovider-tns",
"epgDn": "",
"keySet": "no",
"lcOwn": "local",
"modTs": "2015-07-01T21:13:04.711+00:00",
"monPolDn": "uni/fabric/monfab-default",
"monitorServer": "disabled",
"monitoringUser": "test",
"name": "tns",
"operState": "inoperable",
"ownerKey": "",
"ownerTag": "",
"port": "49",
"retries": "inherit-from-global",
"snmpIndex": "0",
"status": "",
"timeout": "0",
"uid": "0",
"vrfName": ""
}}}]}
The aaaUser object contains a tacacsplusprovider-tns object that contains TACACS+ provider configuration data. Using an HTTP GET method, you can return the TACACS+ provider settings for a switch.
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaTacacsPlusProvider | sys/userext/tacacsext/tacacsplusprovider-{[name]} |
aaaTacacsPlusProvider Properties
The following table contains information about the aaaTacacsPlusProvider properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| authProtocol | aaa:authenticationProtocol (scalar:Enum8) | The TACACS\+ authentication protocol. | SELECTION: 0 - pap 1 - chap 2 - mschap 3 - mschapv2 4 - ascii DEFAULT: pap |
| childAction | mo:ModificationChildAction scalar:Bitmask32 | Delete or ignore. For internal use only. | SELECTION:
|
| descr | pol:Descr | Description of the specified attribute | |
| dn | reference:BinRef | A tag or metadata is a non-hierarchical keyword or term assigned to the fabric module. | |
| epgDn | reference:BinRef | Management EpG dn | |
| keySet | scalar:Bool | NO COMMENTS | SELECTION:
|
| lcOwn | NA | NA | NA |
| modTs | mo:TStamp (scalar:Date) | The time when this object was last modified. | SELECTION: 0 - never DEFAULT: never |
| monPolDn | reference:BinRef | The monitoring policy attached to this observable object. | |
| monitorServer | aaa:MonitorServerType scalar:Enum8 | SELECTION:
| |
| monitoringUser | aaa:MonitoringUserType (string:Basic) | Periodic Server Monitoring Username | MAX SIZE: 31 DEFAULT: test |
| name | pol:ObjName (naming:Name256) | Object name | MAX SIZE: 64 |
| operState | aaa:ProviderState scalar:Enum8 | The current state of the provider. | SELECTION:
|
| ownerKey | naming:Descr (string:Basic) | The key for enabling clients to own their data for entity correlation. | MAX SIZE: 128 |
| ownerTag | naming:Descr1024 (string:Basic) | A tag for enabling clients to add their own data. For example, to indicate who created this object. | MAX SIZE: 64 |
| port | aaa:Port (scalar:Uint32) | The service port number for the TACACS\+ service. | RANGE: [1 , 65535] DEFAULT: 49 |
| retries | aaa:Retries (scalar:Uint32) | RANGE: [0 , 5] DEFAULT: inherit-from-global | |
| snmpIndex | aaa:ProviderSnmpIndex (scalar:Uint32) | RANGE: [0, 4294967295] | |
| status | mo:ModificationStatus (scalar:Bitmask32) | The upgrade status. This property is for internal use only. | SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced |
| timeout | aaa:TimeSec (scalar:Uint32) | The amount of time between authentication attempts. | RANGE: [0 , 60] DEFAULT: 0 |
| uid | scalar:Uint16 | A unique identifier for this object. | |
| vrfName | l3:VrfName string:Basic | The VRF to which this client group belongs. |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Querying TACACS+ Provider Group Information
Querying TACACS+ Provider Group Information
GET http://<IP_address>/api/mo/sys/userext/tacacsext/tacacsplusprovidergroup-TAC1.json
{
"totalCount": "1",
"imdata": [
{
"aaaTacacsPlusProviderGroup": {
"attributes": {
"childAction": "",
"deadtime": "0",
"descr": "",
"dn": "sys/userext/tacacsext/tacacsplusprovidergroup-TAC1",
"modTs": "2017-12-20T18:34:56.938+00:00",
"name": "TAC1",
"ownerKey": "",
"ownerTag": "",
"persistentOnReload": "true",
"snmpIndex": "0",
"srcIf": "unspecified",
"status": "",
"uid": "0",
"vrf": "default"
}}}]}
The /sys/userext object contains a tacacsplusprovidergroup-tac1 object that contains TACACS+ Provider group configuration. Using an HTTP GET request, you can retrieve the configuration information for this object.
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaTacacsPlusProviderGroup | sys/userext/tacacsext/tacacsplusprovidergroup-{[name]} |
aaaTacacsPlusProviderGroup Properties
The following table contains information about the aaaTacacsPlusProviderGroup properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| childAction | mo:ModificationChildAction scalar:Bitmask32 | Delete or ignore. For internal use only. | SELECTION:
|
| deadtime | aaa:ProviderGroupDeadtime (scalar:Uint32) | Duration for which non-reachable server is skipped | RANGE: [0 , 1440] DEFAULT: 0 |
| descr | pol:Descr | Description of the specified attribute | |
| dn | reference:BinRef | A tag or metadata is a non-hierarchical keyword or term assigned to the fabric module. | |
| modTs | mo:TStamp (scalar:Date) | The time when this object was last modified. | SELECTION: 0 - never DEFAULT: never |
| name | pol:ObjName (naming:Name256) | Object name | RANGE: [0 , 127] |
| ownerKey | naming:Descr (string:Basic) | The key for enabling clients to own their data for entity correlation. | MAX SIZE: 128 |
| ownerTag | naming:Descr1024 (string:Basic) | A tag for enabling clients to add their own data. For example, to indicate who created this object. | MAX SIZE: 64 |
| persistentOnReload | mo:Persistent scalar:Enum8 | NO COMMENTS | SELECTION:
|
| snmpIndex | aaa:ProviderGroupSnmpIndex (scalar:Uint32) | RANGE: [0, 4294967295] | |
| srcIf | nw:IfId (base:IfIndex) | Source Interface | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
| status | mo:ModificationStatus (scalar:Bitmask32) | The upgrade status. This property is for internal use only. | SELECTION: 2 - created 4 - modified 8 - deleted 16 - replaced |
| uid | scalar:Uint16 | A unique identifier for this object. | |
| vrf | l3:VrfName (string:Basic) | VRF | A sequence of characters DEFAULT: default |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting TACACS+ Provider Group Reference Information
Deleting TACACS+ Provider Group Reference Information
HTTP DELETE http://<IP_Address>/api/node/mo/sys/userext/tacacsext/tacacsplusprovidergroup-tac1/providerref-tns.json
{
imdata": []
}
This deletes TACACS+ provider group reference information.
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Querying TACACS+ Provider Group Reference Information
Getting TACACS+ Provider Group Reference Information
GET http://<IP_Address>/api/node/mo/sys/userext/tacacsext/tacacsplusprovidergroup-tac1/providerref-tns.json
{
"totalCount": "0",
"imdata": []
}
The /sys/userext object contains a tacacsplusprovidergroup-tac1 reference object that contains TACACS+ Provider group reference configuration. Using an HTTP GET request, you can retrieve the configuration information for this object.
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
Setting a TACACS+ Key for All TACACS+ Servers
Setting a TACACS+ Key for All TACACS+ Servers
POST http://<IP_Address>/api/mo/sys/userext.json
{
"aaaUserEp": {
"children": [
{
"aaaTacacsPlusEp": {
"attributes": {
"key": "QsEfThUkO",
"keyEnc": "0"
}}}]}}
{
"imdata": []
}
<System>
<userext-items>
<tacacsext-items>
<key>QsEfThUkO</key>
<keyEnc>0</keyEnc>
</tacacsext-items>
</userext-items>
</System>
Specifies a TACACS+ key for all TACACS+ servers.
CLI Commands
The CLI command below is the equivalent of the payload example displayed in the pane on the right.
tacacs-server key 0 QsEfThUkO
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaUserEp | sys/userext |
| aaaTacacsPlusEp | sys/userext/tacacsext |
aaaTacacsPlusEp Properties
The following table contains information about the aaaTacacsPlusEp properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| key | aaa:EncKey (string:Basic) | Global TACACS\+ server shared secret | MAX SIZE: 240 |
| keyEnc | aaa:KeyEnc (scalar:Enum8) | Default key encryption | SELECTION: 0 - 0 6 - 6 7 - 7 DEFAULT: 0 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Setting the Timeout Interval for TACACS+ Servers
Setting the Timeout Interval for TACACS+ Servers
POST http://<IP_Address>/api/mo/sys/userext.json
{
"aaaUserEp": {
"children": [
{
"aaaTacacsPlusEp": {
"attributes": {
"timeout": "10"
}}}]}}
{
"imdata": []
}
<System>
<userext-items>
<tacacsext-items>
<timeout>10</timeout>
</tacacsext-items>
</userext-items>
</System>
Specifies the global TACACS+ server timeout period in seconds.
CLI Commands
The CLI command below is the equivalent of the payload example displayed in the pane on the right.
tacacs-server timeout 10
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaUserEp | sys/userext |
| aaaTacacsPlusEp | sys/userext/tacacsext |
aaaTacacsPlusEp Properties
The following table contains information about the aaaTacacsPlusEp properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| timeout | aaa:TimeSec (scalar:Uint32) | The amount of time between authentication attempts. | RANGE: [1 , 60] DEFAULT: 5 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring the Global Source Interface for All TACACS+ Server Groups Configured on a Device
Configuring the Global Source Interface for All TACACS+ Server Groups Configured on a Device
POST http://<IP_Address>/api/node/mo/sys/userext.json
{
"aaaUserEp": {
"children": [
{
"aaaTacacsPlusEp": {
"attributes": {
"srcIf": "mgmt0"
}}}]}}
{
"imdata": []
}
<System>
<userext-items>
<tacacsext-items>
<srcIf>mgmt0</srcIf>
</tacacsext-items>
</userext-items>
</System>
Specifies the source interface to be used to reach the TACACS+ server.
CLI Commands
The CLI command below is the equivalent of the payload example displayed in the pane on the right.
ip tacacs source-interface mgmt 0
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaUserEp | sys/userext |
| aaaTacacsPlusEp | sys/userext/tacacsext |
aaaTacacsPlusEp Properties
The following table contains information about the aaaTacacsPlusEp properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| srcIf | nw:IfId (base:IfIndex) | Source Interface | Must match first field in the output of `show intf brief`. Example: Eth1/1 or Vlan100 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring a TACACS+ Server with a Clear Text Encryption, the Timeout Period, and Single Connection
Configuring a TACACS+ Server with a Clear Text Encryption, the Timeout Period, and Single Connection
POST http://<mgmt0_IP>/api/mo/sys/userext/tacacsext.json
{
"aaaTacacsPlusEp": {
"children": [
{
"aaaTacacsPlusProvider": {
"attributes": {
"key": "<s0>",
"keyEnc": "0",
"name": "1.2.3.4",
"port": "1",
"singleConnection": "yes",
"timeout": "1"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<tacacsext-items>
<tacacsplusprovider-items>
<TacacsPlusProvider-list>
<name>1.2.3.4</name>
<key><s0></key>
<keyEnc>0</keyEnc>
<port>1</port>
<singleConnection>yes</singleConnection>
<timeout>1</timeout>
</TacacsPlusProvider-list>
</tacacsplusprovider-items>
</tacacsext-items>
</userext-items>
</System>
Note: This example was added in Release 9.2(2).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
tacacs-server host 1.2.3.4 key 0 <s0> port 1 timeout 1 single-connection
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaTacacsPlusEp | sys/userext/tacacsext |
| aaaTacacsPlusProvider | sys/userext/tacacsext/tacacsplusprovider-{[name]} |
aaaTacacsPlusProvider Properties
The following table contains information about the aaaTacacsPlusProvider properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| key | aaa:EncKey (string:Basic) | A password for the AAA provider database. | MAX SIZE: 240 |
| keyEnc | aaa:KeyEnc (scalar:Enum8) | Default key encryption | SELECTION: 0 - 0 6 - 6 7 - 7 DEFAULT: inherit-from-global |
| name | pol:ObjName (naming:Name256) | Object name | MAX SIZE: 64 |
| port | aaa:Port (scalar:Uint32) | The service port number for the TACACS\+ service. | RANGE: [1 , 65535] DEFAULT: 49 |
| singleConnection | aaa:Boolean (scalar:Enum8) | TACACS\+ single connection mode enabled | SELECTION: 0 - no 1 - yes DEFAULT: no |
| timeout | aaa:TimeSec (scalar:Uint32) | The amount of time between authentication attempts. | RANGE: [0 , 60] DEFAULT: 0 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting a TACACS+ Server with a Clear Text Encryption, the Timeout Period, and Single Connection
Deleting a TACACS+ Server with a Clear Text Encryption, the Timeout Period, and Single Connection
POST http://<mgmt0_IP>/api/mo/sys/userext/tacacsext.json
{
"aaaTacacsPlusEp": {
"children": [
{
"aaaTacacsPlusProvider": {
"attributes": {
"key": "",
"keyEnc": "0",
"name": "1.2.3.4",
"port": "49",
"singleConnection": "no",
"timeout": "0"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<tacacsext-items>
<tacacsplusprovider-items>
<TacacsPlusProvider-list>
<name>1.2.3.4</name>
<key></key>
<keyEnc>0</keyEnc>
<port>49</port>
<singleConnection>no</singleConnection>
<timeout>0</timeout>
</TacacsPlusProvider-list>
</tacacsplusprovider-items>
</tacacsext-items>
</userext-items>
</System>
Note: This example was added in Release 9.2(2).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
no tacacs-server host 1.2.3.4 key 0 <s0> port 1 timeout 1 single-connection
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaTacacsPlusEp | sys/userext/tacacsext |
| aaaTacacsPlusProvider | sys/userext/tacacsext/tacacsplusprovider-{[name]} |
aaaTacacsPlusProvider Properties
The following table contains information about the aaaTacacsPlusProvider properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| key | aaa:EncKey (string:Basic) | A password for the AAA provider database. | MAX SIZE: 240 |
| keyEnc | aaa:KeyEnc (scalar:Enum8) | Default key encryption | SELECTION: 0 - 0 6 - 6 7 - 7 DEFAULT: inherit-from-global |
| name | pol:ObjName (naming:Name256) | Object name | MAX SIZE: 64 |
| port | aaa:Port (scalar:Uint32) | The service port number for the TACACS\+ service. | RANGE: [1 , 65535] DEFAULT: 49 |
| singleConnection | aaa:Boolean (scalar:Enum8) | TACACS\+ single connection mode enabled | SELECTION: 0 - no 1 - yes DEFAULT: no |
| timeout | aaa:TimeSec (scalar:Uint32) | The amount of time between authentication attempts. | RANGE: [0 , 60] DEFAULT: 0 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring a TACACS+ Server with a Type-6 Encryption, the Timeout Period, and Single Connection
Configuring Type-6 Encryption, the Timeout Period, and Single Connection
POST http://<mgmt0_IP>/api/mo/sys/userext/tacacsext.json
{
"aaaTacacsPlusEp": {
"children": [
{
"aaaTacacsPlusProvider": {
"attributes": {
"key": "<s6>",
"keyEnc": "6",
"name": "2.3.4.5",
"port": "1",
"singleConnection": "yes",
"timeout": "1"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<tacacsext-items>
<tacacsplusprovider-items>
<TacacsPlusProvider-list>
<name>2.3.4.5</name>
<key><s6></key>
<keyEnc>6</keyEnc>
<port>1</port>
<singleConnection>yes</singleConnection>
<timeout>1</timeout>
</TacacsPlusProvider-list>
</tacacsplusprovider-items>
</tacacsext-items>
</userext-items>
</System>
Note: This example was added in Release 9.2(2).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
tacacs-server host 2.3.4.5 key 6 <s6> port 1 timeout 1 single-connection
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaTacacsPlusEp | sys/userext/tacacsext |
| aaaTacacsPlusProvider | sys/userext/tacacsext/tacacsplusprovider-{[name]} |
aaaTacacsPlusProvider Properties
The following table contains information about the aaaTacacsPlusProvider properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| key | aaa:EncKey (string:Basic) | A password for the AAA provider database. | MAX SIZE: 240 |
| keyEnc | aaa:KeyEnc (scalar:Enum8) | Default key encryption | SELECTION: 0 - 0 6 - 6 7 - 7 DEFAULT: inherit-from-global |
| name | pol:ObjName (naming:Name256) | Object name | MAX SIZE: 64 |
| port | aaa:Port (scalar:Uint32) | The service port number for the TACACS\+ service. | RANGE: [1 , 65535] DEFAULT: 49 |
| singleConnection | aaa:Boolean (scalar:Enum8) | TACACS\+ single connection mode enabled | SELECTION: 0 - no 1 - yes DEFAULT: no |
| timeout | aaa:TimeSec (scalar:Uint32) | The amount of time between authentication attempts. | RANGE: [0 , 60] DEFAULT: 0 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting a TACACS+ Server with a Type-6 Encryption, the Timeout Period, and Single Connection
Deleting a TACACS+ Server with a Type-6 Encryption, the Timeout Period, and Single Connection
POST http://<mgmt0_IP>/api/mo/sys/userext/tacacsext.json
{
"aaaTacacsPlusEp": {
"children": [
{
"aaaTacacsPlusProvider": {
"attributes": {
"key": "",
"keyEnc": "0",
"name": "2.3.4.5",
"port": "49",
"singleConnection": "no",
"timeout": "0"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<tacacsext-items>
<tacacsplusprovider-items>
<TacacsPlusProvider-list>
<name>2.3.4.5</name>
<key></key>
<keyEnc>0</keyEnc>
<port>49</port>
<singleConnection>no</singleConnection>
<timeout>0</timeout>
</TacacsPlusProvider-list>
</tacacsplusprovider-items>
</tacacsext-items>
</userext-items>
</System>
Note: This example was added in Release 9.2(2).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
no tacacs-server host 2.3.4.5 key 6 <s6> port 1 timeout 1 single-connection
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaTacacsPlusEp | sys/userext/tacacsext |
| aaaTacacsPlusProvider | sys/userext/tacacsext/tacacsplusprovider-{[name]} |
aaaTacacsPlusProvider Properties
The following table contains information about the aaaTacacsPlusProvider properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| key | aaa:EncKey (string:Basic) | A password for the AAA provider database. | MAX SIZE: 240 |
| keyEnc | aaa:KeyEnc (scalar:Enum8) | Default key encryption | SELECTION: 0 - 0 6 - 6 7 - 7 DEFAULT: inherit-from-global |
| name | pol:ObjName (naming:Name256) | Object name | MAX SIZE: 64 |
| port | aaa:Port (scalar:Uint32) | The service port number for the TACACS\+ service. | RANGE: [1 , 65535] DEFAULT: 49 |
| singleConnection | aaa:Boolean (scalar:Enum8) | TACACS\+ single connection mode enabled | SELECTION: 0 - no 1 - yes DEFAULT: no |
| timeout | aaa:TimeSec (scalar:Uint32) | The amount of time between authentication attempts. | RANGE: [0 , 60] DEFAULT: 0 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring a TACACS+ Server with a Type-7 Encryption, the Timeout Period, and Single Connection
Configuring a TACACS+ Server with a Type-7 Encryption, the Timeout Period, and Single Connection
POST http://<mgmt0_IP>/api/mo/sys/userext/tacacsext.json
{
"aaaTacacsPlusEp": {
"children": [
{
"aaaTacacsPlusProvider": {
"attributes": {
"key": "dxg123",
"keyEnc": "7",
"name": "1.2.3.4",
"port": "1",
"singleConnection": "yes",
"timeout": "1"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<tacacsext-items>
<tacacsplusprovider-items>
<TacacsPlusProvider-list>
<name>1.2.3.4</name>
<key>dxg123</key>
<keyEnc>7</keyEnc>
<port>1</port>
<singleConnection>yes</singleConnection>
<timeout>1</timeout>
</TacacsPlusProvider-list>
</tacacsplusprovider-items>
</tacacsext-items>
</userext-items>
</System>
Note: This example was added in Release 9.2(2).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
tacacs-server host 1.2.3.4 key 7 "dxg123" port 1 timeout 1 single-connection
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaTacacsPlusEp | sys/userext/tacacsext |
| aaaTacacsPlusProvider | sys/userext/tacacsext/tacacsplusprovider-{[name]} |
aaaTacacsPlusProvider Properties
The following table contains information about the aaaTacacsPlusProvider properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| key | aaa:EncKey (string:Basic) | A password for the AAA provider database. | MAX SIZE: 240 |
| keyEnc | aaa:KeyEnc (scalar:Enum8) | Default key encryption | SELECTION: 0 - 0 6 - 6 7 - 7 DEFAULT: inherit-from-global |
| name | pol:ObjName (naming:Name256) | Object name | MAX SIZE: 64 |
| port | aaa:Port (scalar:Uint32) | The service port number for the TACACS\+ service. | RANGE: [1 , 65535] DEFAULT: 49 |
| singleConnection | aaa:Boolean (scalar:Enum8) | TACACS\+ single connection mode enabled | SELECTION: 0 - no 1 - yes DEFAULT: no |
| timeout | aaa:TimeSec (scalar:Uint32) | The amount of time between authentication attempts. | RANGE: [0 , 60] DEFAULT: 0 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting a TACACS+ Server with a Type-6 Encryption, the Timeout Period, and Single Connection
Deleting a TACACS+ Server with a Type-6 Encryption, the Timeout Period, and Single Connection
POST http://<mgmt0_IP>/api/mo/sys/userext/tacacsext.json
{
"aaaTacacsPlusEp": {
"children": [
{
"aaaTacacsPlusProvider": {
"attributes": {
"key": "",
"keyEnc": "0",
"name": "1.2.3.4",
"port": "49",
"singleConnection": "no",
"timeout": "0"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<tacacsext-items>
<tacacsplusprovider-items>
<TacacsPlusProvider-list>
<name>1.2.3.4</name>
<key></key>
<keyEnc>0</keyEnc>
<port>49</port>
<singleConnection>no</singleConnection>
<timeout>0</timeout>
</TacacsPlusProvider-list>
</tacacsplusprovider-items>
</tacacsext-items>
</userext-items>
</System>
Note: This example was added in Release 9.2(2).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
no tacacs-server host 1.2.3.4 key 7 "dxg123" port 1 timeout 1 single-connection
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaTacacsPlusEp | sys/userext/tacacsext |
| aaaTacacsPlusProvider | sys/userext/tacacsext/tacacsplusprovider-{[name]} |
aaaTacacsPlusProvider Properties
The following table contains information about the aaaTacacsPlusProvider properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| key | aaa:EncKey (string:Basic) | A password for the AAA provider database. | MAX SIZE: 240 |
| keyEnc | aaa:KeyEnc (scalar:Enum8) | Default key encryption | SELECTION: 0 - 0 6 - 6 7 - 7 DEFAULT: inherit-from-global |
| name | pol:ObjName (naming:Name256) | Object name | MAX SIZE: 64 |
| port | aaa:Port (scalar:Uint32) | The service port number for the TACACS\+ service. | RANGE: [1 , 65535] DEFAULT: 49 |
| singleConnection | aaa:Boolean (scalar:Enum8) | TACACS\+ single connection mode enabled | SELECTION: 0 - no 1 - yes DEFAULT: no |
| timeout | aaa:TimeSec (scalar:Uint32) | The amount of time between authentication attempts. | RANGE: [0 , 60] DEFAULT: 0 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring the TACACS Server Timeout Period
Configuring the TACACS Server Timeout Period
POST http://<mgmt0_IP>/api/mo/sys/userext/tacacsext.json
{
"aaaTacacsPlusEp": {
"children": [
{
"aaaTacacsPlusProvider": {
"attributes": {
"key": "SampleString_123",
"keyEnc": "7",
"name": "HostName",
"port": "28472",
"timeout": "18"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<tacacsext-items>
<tacacsplusprovider-items>
<TacacsPlusProvider-list>
<name>HostName</name>
<key>SampleString_123</key>
<keyEnc>7</keyEnc>
<port>28472</port>
<timeout>18</timeout>
</TacacsPlusProvider-list>
</tacacsplusprovider-items>
</tacacsext-items>
</userext-items>
</System>
Note: This example was added in Release 9.3(1).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
tacacs-server host HostName key 7 SampleString_123 port 28472 timeout 18
aaaTacacsPlusProvider Properties
The following table contains information about the aaaTacacsPlusProvider properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| key | aaa:EncKey (string:Basic) | A password for the AAA provider database. | MAX SIZE: 240 |
| keyEnc | aaa:KeyEnc (scalar:Enum8) | Default key encryption | SELECTION: 0 - 0 6 - 6 7 - 7 DEFAULT: inherit-from-global |
| name | pol:ObjName (naming:Name256) | Object name | MAX SIZE: 64 |
| port | aaa:Port (scalar:Uint32) | The service port number for the TACACS\+ service. | RANGE: [1 , 65535] DEFAULT: 49 |
| timeout | aaa:TimeSec (scalar:Uint32) | The amount of time between authentication attempts. | RANGE: [0 , 60] DEFAULT: 0 |
Related Documentation
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaTacacsPlusEp | sys/userext/tacacsext |
| aaaTacacsPlusProvider | sys/userext/tacacsext/tacacsplusprovider-{[name]} |
aaaTacacsPlusProvider Properties
The following table contains information about the aaaTacacsPlusProvider properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| key | aaa:EncKey (string:Basic) | A password for the AAA provider database. | MAX SIZE: 240 |
| keyEnc | aaa:KeyEnc (scalar:Enum8) | Default key encryption | SELECTION: 0 - 0 6 - 6 7 - 7 DEFAULT: inherit-from-global |
| name | pol:ObjName (naming:Name256) | Object name | MAX SIZE: 64 |
| port | aaa:Port (scalar:Uint32) | The service port number for the TACACS\+ service. | RANGE: [1 , 65535] DEFAULT: 49 |
| timeout | aaa:TimeSec (scalar:Uint32) | The amount of time between authentication attempts. | RANGE: [0 , 60] DEFAULT: 0 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring the Time Interval for Monitoring the Server (for Test Packets)
Configuring the Time Interval for Monitoring the Server (for Test Packets)
POST http://<mgmt0_IP>/api/mo/sys/userext/tacacsext.json
{
"aaaTacacsPlusEp": {
"children": [
{
"aaaTacacsServerMonitor": {
"attributes": {
"idleTime": "1",
"name": "SampleString_123",
"passwordType": "0",
"pwd": "SampleString_123"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<tacacsext-items>
<tacacsservermonitor-items>
<idleTime>1</idleTime>
<name>SampleString_123</name>
<passwordType>0</passwordType>
<pwd>SampleString_123</pwd>
</tacacsservermonitor-items>
</tacacsext-items>
</userext-items>
</System>
Note: This example was added in Release 9.3(1).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
tacacs-server test username SampleString_123 password 0 SampleString_123 idle-time 1
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaTacacsPlusEp | sys/userext/tacacsext |
| aaaTacacsServerMonitor | sys/userext/tacacsext/tacacsservermonitor |
aaaTacacsServerMonitor Properties
The following table contains information about the aaaTacacsServerMonitor properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| idleTime | aaa:IdleTimer (scalar:Uint16) | Idle timer to monitor tacacs/radius server | RANGE: [0 , 1440] DEFAULT: 0 |
| name | pol:ObjName (naming:Name256) | Name | RANGE: [1 , 32] DEFAULT: test |
| passwordType | aaa:LdapPwdEnc (scalar:Enum8) | Tacacs Server Monitor Password type | SELECTION: 0 - 0 7 - 7 DEFAULT: 0 |
| pwd | aaa:MonitoringPasswordType (aaa:EncKey) | Password | RANGE: [1 , 32] DEFAULT: test |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting the Time Interval for Monitoring the Server (for Test Packets)
Deleting the Time Interval for Monitoring the Server (for Test Packets)
POST http://<mgmt0_IP>/api/mo/sys/userext/tacacsext.json
{
"aaaTacacsPlusEp": {
"children": [
{
"aaaTacacsServerMonitor": {
"attributes": {
"idleTime": "0",
"name": "test",
"passwordType": "0",
"pwd": "test"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<tacacsext-items>
<tacacsservermonitor-items>
<idleTime>0</idleTime>
<name>test</name>
<passwordType>0</passwordType>
<pwd>test</pwd>
</tacacsservermonitor-items>
</tacacsext-items>
</userext-items>
</System>
Note: This example was added in Release 9.3(1).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
no tacacs-server test username SampleString_123 password 0 SampleString_123 idle-time 1
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaTacacsPlusEp | sys/userext/tacacsext |
| aaaTacacsServerMonitor | sys/userext/tacacsext/tacacsservermonitor |
aaaTacacsServerMonitor Properties
The following table contains information about the aaaTacacsServerMonitor properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| idleTime | aaa:IdleTimer (scalar:Uint16) | Idle timer to monitor tacacs/radius server | RANGE: [0 , 1440] DEFAULT: 0 |
| name | pol:ObjName (naming:Name256) | Name | RANGE: [1 , 32] DEFAULT: test |
| passwordType | aaa:LdapPwdEnc (scalar:Enum8) | Tacacs Server Monitor Password type | SELECTION: 0 - 0 7 - 7 DEFAULT: 0 |
| pwd | aaa:MonitoringPasswordType (aaa:EncKey) | Password | RANGE: [1 , 32] DEFAULT: test |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring the Time Interval for Monitoring the Server (for a Host Server)
Configuring the Time Interval for Monitoring the Server (for a Host Server)
POST http://<mgmt0_IP>/api/mo/sys/userext/tacacsext.json
{
"aaaTacacsPlusEp": {
"children": [
{
"aaaTacacsPlusProvider": {
"attributes": {
"monitoringIdleTime": "104",
"monitoringPassword": "SampleString_123",
"monitoringPasswordType": "7",
"monitoringUser": "SampleString_123",
"name": "HostName"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<tacacsext-items>
<tacacsplusprovider-items>
<TacacsPlusProvider-list>
<name>HostName</name>
<monitoringIdleTime>104</monitoringIdleTime>
<monitoringPassword>SampleString_123</monitoringPassword>
<monitoringPasswordType>7</monitoringPasswordType>
<monitoringUser>SampleString_123</monitoringUser>
</TacacsPlusProvider-list>
</tacacsplusprovider-items>
</tacacsext-items>
</userext-items>
</System>
Note: This example was added in Release 9.3(1).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
tacacs-server host HostName test username SampleString_123 password 7 SampleString_123 idle-time 104
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaTacacsPlusEp | sys/userext/tacacsext |
| aaaTacacsPlusProvider | sys/userext/tacacsext/tacacsplusprovider-[HostName] |
aaaTacacsPlusProvider Properties
The following table contains information about the aaaTacacsPlusProvider properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| monitoringIdleTime | aaa:IdleTimer (scalar:Uint16) | Idle timer to monitor tacacs server | RANGE: [0 , 1440] DEFAULT: 0 |
| monitoringPassword | aaa:MonitoringPasswordType (aaa:EncKey) | Periodic Server Monitoring Password | RANGE: [1 , 32] DEFAULT: test |
| monitoringPasswordType | aaa:LdapPwdEnc (scalar:Enum8) | Monitoring password type | SELECTION: 0 - 0 7 - 7 DEFAULT: 0 |
| monitoringUser | aaa:MonitoringUserType (string:Basic) | Periodic Server Monitoring Username | MAX SIZE: 31 DEFAULT: test |
| name | pol:ObjName (naming:Name256) | Name | RANGE: [1 , 32] DEFAULT: test |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting the Time Interval for Monitoring the Server (for a Host Server)
Deleting the Time Interval for Monitoring the Server (for a Host Server)
POST http://<mgmt0_IP>/api/mo/sys/userext/tacacsext.json
{
"aaaTacacsPlusEp": {
"children": [
{
"aaaTacacsPlusProvider": {
"attributes": {
"monitoringIdleTime": "0",
"monitoringPassword": "test",
"monitoringPasswordType": "0",
"monitoringUser": "test",
"name": "HostName"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<tacacsext-items>
<tacacsplusprovider-items>
<TacacsPlusProvider-list>
<name>HostName</name>
<monitoringIdleTime>0</monitoringIdleTime>
<monitoringPassword>test</monitoringPassword>
<monitoringPasswordType>0</monitoringPasswordType>
<monitoringUser>test</monitoringUser>
</TacacsPlusProvider-list>
</tacacsplusprovider-items>
</tacacsext-items>
</userext-items>
</System>
Note: This example was added in Release 9.3(1).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
no tacacs-server host HostName test username SampleString_123 password 7 SampleString_123 idle-time 104
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| aaaTacacsPlusEp | sys/userext/tacacsext |
| aaaTacacsPlusProvider | sys/userext/tacacsext/tacacsplusprovider-[HostName] |
aaaTacacsPlusProvider Properties
The following table contains information about the aaaTacacsPlusProvider properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| monitoringIdleTime | aaa:IdleTimer (scalar:Uint16) | Idle timer to monitor tacacs server | RANGE: [0 , 1440] DEFAULT: 0 |
| monitoringPassword | aaa:MonitoringPasswordType (aaa:EncKey) | Periodic Server Monitoring Password | RANGE: [1 , 32] DEFAULT: test |
| monitoringPasswordType | aaa:LdapPwdEnc (scalar:Enum8) | Monitoring password type | SELECTION: 0 - 0 7 - 7 DEFAULT: 0 |
| monitoringUser | aaa:MonitoringUserType (string:Basic) | Periodic Server Monitoring Username | MAX SIZE: 31 DEFAULT: test |
| name | pol:ObjName (naming:Name256) | Name | RANGE: [1 , 32] DEFAULT: test |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide: