Cisco Nexus 3000 and 9000 Series NX-API REST SDK and API, Release 7.x
NX-OS 7(x)
Setting AAA Authentication Configuration
DME
Copy
POST http://<IP_Address>/api/node/mo/sys/userext/authrealm/defaultauth.json

{
 "aaaDefaultAuth": {
   "attributes": {
      "authProtocol": "pap",
      "childAction": "",
      "descr": "",
      "dn": "sys/userext/authrealm/defaultauth",
      "errEn": "no",
      "fallback": "yes",
      "lcOwn": "local",
      "local": "no",
      "modTs": "2015-04-11T11:20:05.347+00:00",
      "name": "",
      "none": "no",
      "ownerKey": "",
      "ownerTag": "",
      "providerGroup": "tac1",
      "providerGroup2": "",
      "providerGroup3": "",
      "providerGroup4": "",
      "providerGroup5": "",
      "providerGroup6": "",
      "providerGroup7": "",
      "providerGroup8": "",
      "realm": "local",
      "status": "",
      "uid": "0"
}}}

Response
{
    imdata": []
}

Configuring and Querying AAA Information

This section uses payloads and CLIs to demonstrate how to configure AAA.

Setting AAA Authentication Configuration

Setting AAA Authentication Configuration

Enables ASCII authentication. The default is disabled.

The /sys/userext/authrealm.defaultauth object contains AAA configuration for the switch. Using this API you can set AAA authentication configuration on the switch.


CLI Commands

The CLI command below is the equivalent of the payload example displayed in the pane on the right.

aaa authentication login default group tac1

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Querying AAA Authentication Configuration

Querying AAA Authentication Configuration

The /sys/userext/authrealm.defaultauth object contains AAA configuration for the switch. Using this API, you can query AAA authentication configuration on the switch.

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Setting AAA Authorization Configuration (config-commands)

Setting AAA Authorization Configuration (config-commands)

Sets the AAA authorization configuration.

If AAA authorization is configured on the switch, the /sys/userext/authrealm/ object contains one or more authorization objects that enable AAA authorization for the switch. Using this API you can set AAA authorization configuration on the switch.


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

aaa authorization config-commands default group tac1

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Setting AAA Authorization Configuration (commands)

Setting AAA Authorization Configuration (commands)

Configures the command authorization method for specific roles on a TACACS+ server. The commands keyword configures authorization sources for all EXEC commands. The default keyword configures command authorization for a non-console session.

Note: This example was added in Release 7.0(3)I7(2).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

aaa authorization commands default group tac1

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Querying AAA Authorization Configuration

Querying AAA Authorization Configuration

The /sys/userext/authrealm/defaultrealm object contains one or more authorization objects that enable AAA authorization for the switch.
Using this API you can query AAA authorization configuration on the switch.

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Setting AAA Accounting Configuration

Setting AAA Accounting Configuration


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload. Configures the default accounting method.

aaa accounting default group tac1

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Enabling AAA Accounting

Enabling AAA Accounting


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload. Configures the default accounting method.

aaa accounting default local

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Querying AAA Accounting Configuration

Querying AAA Accounting Configuration

The /sys/userext/authrealm.defaultacc object contains AAA accounting configuration for the switch. Using this API you can query the AAA accounting configuration.

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Authorize EXEC Mode Commands

Authorize EXEC Mode Commands

Configures the command authorization method for specific roles on a TACACS+ server. The commands keyword configures authorization sources for all EXEC commands. The default keyword configures command authorization for a non-console session.

The local method uses the local database for accounting.

The default method is local, which is used when no server groups are configured or when all the configured server groups fail to respond.


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

aaa authorization commands default local

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Authorize Configuration Mode Commands

Authorize Configuration Mode Commands

Configures the command authorization method for specific roles on a TACACS+ server.

The commands keyword configures authorization sources for all EXEC commands, and the config-commands keyword configures authorization sources for all configuration commands.


CLI Commands

The CLI command below is the equivalent of the payload example displayed in the pane on the right.

aaa authorization config-commands default local

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring the Default Authentication Method

Configuring the Default Authentication Method

Enables the default authentication.


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

aaa authentication login default local

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Enabling Login Authentication Failure Messages

Enabling Login Authentication Failure Messages


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload. Enables failure messages for login authentication.

aaa authentication login error-enable

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Enabling MS-CHAP Authentication

Enabling MS-CHAP Authentication

Enables MSCHAP or MSCHAP V2 authentication. The default is disabled.

Note: You cannot enable both MSCHAP and MSCHAP V2 on your Cisco NX-OS device.


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

aaa authentication login mschap enable

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Enabling ASCII Authentication

Enabling ASCII Authentication

Enables ASCII authentication. The default is disabled.


CLI Commands

The CLI command below is the equivalent of the payload example displayed in the pane on the right.

aaa authentication login ascii-authentication

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Next