Configuring and Querying RADIUS Information
Setting the Global RADIUS Configuration
Setting the Global RADIUS Configuration
POST http://<IP_Address>/api/mo/sys/userext/radiusext.json
{
"aaaRadiusEp": {
"attributes": {
"key": "aabbccd",
"keyEnc": "7",
"timeout": "60",
"retries": "5",
"srcIf": "eth1/2"
}}}
{
imdata": []
}
<System>
<userext-items>
<radiusext-items>
<key>aabbccd</key>
<keyEnc>7</keyEnc>
<retries>5</retries>
<srcIf>eth1/2</srcIf>
<timeout>60</timeout>
</radiusext-items>
</userext-items>
</System>
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ip radius source-interface eth1/2radius-server retransmit 5radius-server timeout 60radius-server key 7 aabbccd
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Querying Global RADIUS Configuration
Querying Global RADIUS Configuration
GET http://<IP_Address>/api/node/mo/sys/userext/radiusext.json
{
"totalCount": "1",
"imdata": [
{
"aaaRadiusEp": {
"attributes": {
"childAction": "",
"descr": "",
"dn": "sys/userext/radiusext",
"lcOwn": "local",
"modTs": "2015-07-07T00:28:07.039+00:00",
"monPolDn": "uni/fabric/monfab-default",
"name": "",
"ownerKey": "",
"ownerTag": "",
"retries": "1",
"srcIf": "unspecified",
"status": "",
"timeout": "5",
"uid": "0"
}}}]}
The /sys/userext/ object contains a radiusext object that contains the global RADIUS configuration for the switch. Using this object, you can query the global RADIUS configuration.
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Setting RADIUS Server Configuration
Setting RADIUS Server Configuration
POST http://<IP_Address>/api/mo/sys/userext/radiusext.json
{
"aaaUserEp": {
"children": [
{
"aaaRadiusEp": {
"attributes": {
"key": "aabbccd",
"keyEnc": "7",
"retries": "5",
"srcIf": "eth1/2",
"timeout": "60"
}}}]}}
{
imdata": []
}
<System>
<userext-items>
<radiusext-items>
<key>aabbccd</key>
<keyEnc>7</keyEnc>
<retries>5</retries>
<srcIf>eth1/2</srcIf>
<timeout>60</timeout>
</radiusext-items>
</userext-items>
</System>
If RADIUS is configured on the switch, the /sys/userext/radiusext/object contains one or more radiusprovider objects that contain RADIUS server configuration information. You can specify a server object and set the configuration for it.
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
ip radius source-interface eth1/2radius-server retransmit 5radius-server timeout 60radius-server key 7 aabbccd
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Querying RADIUS Server Configuration
Querying RADIUS Server Configuration
GET http://<IP_Address>/api/node/mo/sys/radiusext/radiusprovider-5.6.7.8.json
{
"aaaRadiusEp": {
"attributes": {
"key": "aabbccd",
"keyEnc": "7",
"timeout": "60",
"retries": "5",
"srcIf": "eth1/2"
}}}
If RADIUS is configured on the switch, the /sys/userext/radiusext/object contains one or more radiusprovider objects that contain RADIUS server configuration information. You can query these objects to retrieve RADIUS server configurations.
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Specifying a Password Secure Mode and Userpassphrase Length
Specifying a Password Secure Mode and Userpassphrase Length
POST http://<IP_Address>/api/mo/sys/userext.json
{
"aaaUserEp": {
"attributes": {
"pwdMaxLength": "127",
"pwdMinLength": "4",
"pwdSecureMode": "yes"
}}}
{
imdata": []
}
<System>
<userext-items>
<pwdMaxLength>127</pwdMaxLength>
<pwdMinLength>4</pwdMinLength>
<pwdSecureMode>yes</pwdSecureMode>
</userext-items>
</System>
By posting a request to a RADIUS provider object, you can configure RADIUS password attributes, such as password secure mode and the length of the userpassphrase.
password secure-modeuserpassphrase min-length 4 max-length 127
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Configuring Password Recovery
Configuring Password Recovery
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"aaaUserEp": {
"attributes": {
"svcPwdRecovery": "yes"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<svcPwdRecovery>yes</svcPwdRecovery>
</userext-items>
</System>
Note: This example was added in Release Cisco NX-OS Release 7.0(3)I7(2).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
service password-recovery
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Disabling Password Recovery
Disabling Password Recovery
POST http://<mgmt0_IP>/api/mo/sys.json
{
"topSystem": {
"children": [
{
"aaaUserEp": {
"attributes": {
"svcPwdRecovery": "no"
}}}]}}
{
imdata:[]
}
<System>
<userext-items>
<svcPwdRecovery>no</svcPwdRecovery>
</userext-items>
</System>
Note: This example was added in Release Cisco NX-OS Release 7.0(3)I7(2).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
no service password-recovery
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Deleting a RADIUS Provider
Deleting a RADIUS Provider
DELETE http://<IP_Address>/api/node/mo/sys/userext/radiusext/radiusprovider-5.6.7.8.json
{
imdata": []
}
If RADIUS is configured on the switch, the /sys/userext/radiusext/object contains one or more radiusprovider objects that contain RADIUS server configuration information. You can delete a provider object, which deletes its configuration.
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Setting the IPv4 or IPv6 Address or Hostname for a RADIUS Server
Setting the IPv4 or IPv6 Address or Hostname for a RADIUS Server
POST http://<IP_Address>/api/node/mo/sys/userext/radiusext/radiusprovider.json
{
"aaaRadiusEp": {
"children": [
{
"aaaRadiusProvider": {
"attributes": {
"name": "192.168.10.1"
}}}]}}
{
"imdata": []
}
<System>
<userext-items>
<radiusext-items>
<radiusprovider-items>
<RadiusProvider-list>
<name>192.168.10.1</name>
</RadiusProvider-list>
</radiusprovider-items>
</radiusext-items>
</userext-items>
</System>
Specifies the IPv4 address (can also be an IPv6 address or hostname) for a RADIUS server to use for authentication.
CLI Commands
The CLI command below is the equivalent of the payload example displayed in the pane on the right.
radius-server host 192.168.10.1
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Setting a Pre-Shared Key for All RADIUS Servers
Setting a Preshared Key for All RADIUS Servers
POST http://<IP_Address>/api/mo/sys/userext/radiusext.json
{
"aaaRadiusEp": {
"attributes": {
"key": "QsEfThUkO",
"keyEnc": "0"
}}}
{
"imdata": []
}
<System>
<userext-items>
<radiusext-items>
<key>QsEfThUkO</key>
<keyEnc>0</keyEnc>
</radiusext-items>
</userext-items>
</System>
Specifies a RADIUS key for all RADIUS servers. You can specify that the key-value is in clear text format (0), is type-6 encrypted (6), or is type-7 encrypted (7). The Cisco NX-OS software encrypts a clear text key before saving it to the running configuration. The default format is clear text. The maximum length is 63 characters.
By default, no RADIUS key is configured.
CLI Commands
The CLI command below is the equivalent of the payload example displayed in the pane on the right.
radius-server key 0 QsEfThUkO
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Setting the Retransmission Count for All RADIUS Servers
Setting the Retransmission Count for All RADIUS Servers
POST http://<IP_Address>/api/node/mo/sys/userext/radiusext.json
{
"aaaRadiusEp": {
"attributes": {
"retries": "3"
}}}
{
"imdata": []
}
<System>
<userext-items>
<radiusext-items>
<key>QsEfThUkO</key>
<keyEnc>0</keyEnc>
</radiusext-items>
</userext-items>
</System>
Specifies the retransmission count for all RADIUS servers. The default retransmission count is 1 and the range is from 0 to 5.
CLI Commands
The CLI command below is the equivalent of the payload example displayed in the pane on the right.
radius-server retransmit 3
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Setting the Interval for Which a Router Waits for a Server Host to Reply
Setting the Interval for Which a Router Waits for a Server Host to Reply
POST http://<IP_Address>/api/node/mo/sys/userext/radiusext.json
{
"aaaRadiusEp": {
"attributes": {
"timeout": "60"
}}}
{
"imdata": []
}
<System>
<userext-items>
<radiusext-items>
<timeout>60</timeout>
</radiusext-items>
</userext-items>
</System>
Specifies the transmission timeout interval for RADIUS servers. The default timeout interval is 5 seconds and the range is from 1 to 60 seconds.
CLI Commands
The CLI command below is the equivalent of the payload example displayed in the pane on the right.
radius-server timeout 60
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
Configuring the Global Source Interface for All RADIUS Server Groups Configured on the Device
Configuring the Global Source Interface for All RADIUS Server Groups Configured on the Device
POST http://<IP_Address>/api/node/mo/sys/userext/radiusext.json
{
"aaaRadiusEp": {
"attributes": {
"srcIf": "lo0"
}}}
{
"imdata": []
}
<System>
<userext-items>
<radiusext-items>
<srcIf>lo0</srcIf>
</radiusext-items>
</userext-items>
</System>
Configures the global source interface for all RADIUS server groups configured on the device.
CLI Commands
The CLI command below is the equivalent of the payload example displayed in the pane on the right.
ip radius source-interface loopback0
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html