Cisco Content Hub - TACACS and RADIUS Support APIs

TACACS Support APIs
RADIUS Support APIs

TACACS Support APIs

Table 1. TACACS Support APIs
Action	Method	Payload Required	API
To configure TACACS server	POST	Yes	/api/config/security_servers/tacacs-server/
To configure TACACS server	PUT	Yes	/api/config/security_servers/tacacs-server/
To configure TACACS server	DELETE	No	/api/config/security_servers/tacacs-server/
To view TACACS server configuration	GET	No	/api/config/security_servers/tacacs-server/

Example: POST TACACS Server
Example: PUT TACACS Server
Example: GET TACACS Server API
Example: DELETE TACACS Server

Example: POST TACACS Server


curl -k -v -u "admin:cisco123" -H Accept:application/vnd.yang.data+xml -H Content-

Type:application/vnd.yang.data+json -X POST

https://209.165.201.1/api/config/security_servers/tacacs-server -d '{"host":

{"server":"5.5.5.5", "secret": {"key": "0", "shared-secret": "heyworld", "admin-priv": "14",

"oper-priv": "10"}}}'
* Hostname was NOT found in DNS cache
*   Trying 209.165.201.1...
* Connected to 209.165.201.1 (209.165.201.1) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
*        subject: CN=Cisco-Enterprise-NFVIS-Self-Signed-Certificate
*        start date: 2017-01-13 23:47:41 GMT
*        expire date: 2027-01-11 23:47:41 GMT
*        issuer: CN=Cisco-Enterprise-NFVIS-Self-Signed-Certificate
*        SSL certificate verify result: self signed certificate (18), continuing anyway.
* Server auth using Basic with user 'admin'
> POST /api/config/security_servers/tacacs-server HTTP/1.1
> Authorization: Basic YWRtaW46Y2lzY28xMjM=
> User-Agent: curl/7.35.0
> Host: 209.165.201.1
> Accept:application/vnd.yang.data+xml
> Content-Type:application/vnd.yang.data+json
> Content-Length: 122
>
* upload completely sent off: 122 out of 122 bytes
< HTTP/1.1 201 Created
* Server nginx/1.10.1 is not blacklisted
< Server: nginx/1.10.1
< Date: Mon, 27 Feb 2017 18:14:46 GMT
< Content-Type: text/html
< Content-Length: 0
< Location: https://209.165.201.1/api/config/security_servers/tacacs-server/host/5.5.5.5
< Connection: keep-alive
< Last-Modified: Mon, 27 Feb 2017 18:14:46 GMT
< Cache-Control: private, no-cache, must-revalidate, proxy-revalidate
< Etag: 1488-219286-189602
< Pragma: no-cache
<

Example: PUT TACACS Server


curl -k -v -u "admin:cisco123" -H Accept:application/vnd.yang.data+xml -H Content-

Type:application/vnd.yang.data+json -X PUT

https://209.165.201.1/api/config/security_servers/tacacs-server/host/5.5.5.5 -d '{"host":

{"server":"5.5.5.5", "secret": {"shared-secret":"helloworld", "admin-priv": "15"}}}'
* Hostname was NOT found in DNS cache
*   Trying 209.165.201.1...
* Connected to 209.165.201.1 (209.165.201.1) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
*        subject: CN=Cisco-Enterprise-NFVIS-Self-Signed-Certificate
*        start date: 2017-01-13 23:47:41 GMT
*        expire date: 2027-01-11 23:47:41 GMT
*        issuer: CN=Cisco-Enterprise-NFVIS-Self-Signed-Certificate
*        SSL certificate verify result: self signed certificate (18), continuing anyway.
* Server auth using Basic with user 'admin'
> PUT /api/config/security_servers/tacacs-server/host/5.5.5.5 HTTP/1.1
> Authorization: Basic YWRtaW46Y2lzY28xMjM=
> User-Agent: curl/7.35.0
> Host: 209.165.201.1
> Accept:application/vnd.yang.data+xml
> Content-Type:application/vnd.yang.data+json
> Content-Length: 92
>
* upload completely sent off: 92 out of 92 bytes
< HTTP/1.1 204 No Content
* Server nginx/1.10.1 is not blacklisted
< Server: nginx/1.10.1
< Date: Mon, 27 Feb 2017 18:20:13 GMT
< Content-Type: text/html
< Content-Length: 0
< Connection: keep-alive
< Last-Modified: Mon, 27 Feb 2017 18:20:13 GMT
< Cache-Control: private, no-cache, must-revalidate, proxy-revalidate
< Etag: 1488-219613-571277
< Pragma: no-cache
<

Example: GET TACACS Server API


curl -k -v -u "admin:cisco123" -H Accept:application/vnd.yang.data+xml -H Content-Type:application/vnd.yang.data+json -X 
GET https://209.165.201.1/api/config/security_servers/tacacs-server?deep
* Hostname was NOT found in DNS cache
*   Trying 209.165.201.1...
* Connected to 209.165.201.1 (209.165.201.1) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
*        subject: CN=Cisco-Enterprise-NFVIS-Self-Signed-Certificate
*        start date: 2017-01-13 23:47:41 GMT
*        expire date: 2027-01-11 23:47:41 GMT
*        issuer: CN=Cisco-Enterprise-NFVIS-Self-Signed-Certificate
*        SSL certificate verify result: self signed certificate (18), continuing anyway.
* Server auth using Basic with user 'admin'
> GET /api/config/security_servers/tacacs-server?deep HTTP/1.1
> Authorization: Basic YWRtaW46Y2lzY28xMjM=
> User-Agent: curl/7.35.0
> Host: 209.165.201.1
> Accept:application/vnd.yang.data+xml
> Content-Type:application/vnd.yang.data+json
>
< HTTP/1.1 200 OK
* Server nginx/1.10.1 is not blacklisted
< Server: nginx/1.10.1
< Date: Mon, 27 Feb 2017 18:07:49 GMT
< Content-Type: application/vnd.yang.data+xml
< Transfer-Encoding: chunked
< Connection: keep-alive
< Last-Modified: Fri, 24 Feb 2017 01:13:51 GMT
< Cache-Control: private, no-cache, must-revalidate, proxy-revalidate
< Etag: 1487-898831-958028
< Pragma: no-cache
<

<tacacs-server xmlns="http://www.cisco.com/ns/test/security" xmlns:y="http://tail-

f.com/ns/rest"  xmlns:security="http://www.cisco.com/ns/test/security">
  <host>
    <server>2.2.2.2</server>
    <secret>
      <key>0</key>
      <shared-secret>tac22</shared-secret>
    </secret>
  </host>
  <host>
    <server>3.3.3.3</server>
    <secret>
      <key>0</key>
      <shared-secret>tac22</shared-secret>
    </secret>
  </host>
  <host>
    <server>1.1.1.1</server>
    <secret>
      <key>0</key>
      <shared-secret>tac22</shared-secret>
    </secret>
  </host>
</tacacs-server>

Example: DELETE TACACS Server


curl -k -v -u "admin:cisco123" -H Accept:application/vnd.yang.data+xml -H Content-

Type:application/vnd.yang.data+json -X DELETE

https://209.165.201.1/api/config/security_servers/tacacs-server/host/5.5.5.5
* Hostname was NOT found in DNS cache
*   Trying 209.165.201.1...
* Connected to 209.165.201.1 (209.165.201.1) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
*        subject: CN=Cisco-Enterprise-NFVIS-Self-Signed-Certificate
*        start date: 2017-01-13 23:47:41 GMT
*        expire date: 2027-01-11 23:47:41 GMT
*        issuer: CN=Cisco-Enterprise-NFVIS-Self-Signed-Certificate
*        SSL certificate verify result: self signed certificate (18), continuing anyway.
* Server auth using Basic with user 'admin'
> DELETE /api/config/security_servers/tacacs-server/host/5.5.5.5 HTTP/1.1
> Authorization: Basic YWRtaW46Y2lzY28xMjM=
> User-Agent: curl/7.35.0
> Host: 209.165.201.1
> Accept:application/vnd.yang.data+xml
> Content-Type:application/vnd.yang.data+json
>
< HTTP/1.1 204 No Content
* Server nginx/1.10.1 is not blacklisted
< Server: nginx/1.10.1
< Date: Mon, 27 Feb 2017 18:21:30 GMT
< Content-Type: text/html
< Content-Length: 0
< Connection: keep-alive
< Last-Modified: Mon, 27 Feb 2017 18:21:30 GMT
< Cache-Control: private, no-cache, must-revalidate, proxy-revalidate
< Etag: 1488-219690-404414
< Pragma: no-cache

RADIUS Support APIs

Table 2. RADIUS Support APIs
Action	Method	Payload Required	API
To configure RADIUS server	POST	Yes	/api/config/security_servers/radius-server/
To update configurations on RADIUS server	PUT	Yes	/api/config/security_servers/radius-server/
To delete configurations on RADIUS server	DELETE	No	/api/config/security_servers/radius-server/
To view RADIUS server configuration	GET	No	/api/config/security_servers/radius-server/

Example: GET RADIUS Server
Example: POST RADIUS Server
Example: PUT RADIUS Server
Example: DELETE RADIUS Server

Example: GET RADIUS Server


curl -k -v -u "admin:admin" -H Accept:application/vnd.yang.data+xml -H Content-
Type:application/vnd.yang.data+json -X GET
https://209.165.201.1/api/config/security_servers/radius-server?deep

Example: POST RADIUS Server


curl -k -v -u "admin:admin" -H Accept:application/vnd.yang.data+xml -H Content-
Type:application/vnd.yang.data+json -X POST
https://209.165.201.1/api/config/security_servers/radius-server -d '{"host":
{"server":"5.5.5.5", "secret": {"key": "0", "shared-secret": "heyworld", "admin-priv": "14",
"oper-priv": "10"}}}'

Example: PUT RADIUS Server


curl -k -v -u "admin:cisco123" -H Accept:application/vnd.yang.data+xml -H Content-
Type:application/vnd.yang.data+json -X PUT
https://209.165.201.1/api/config/security_servers/radius-server/host/5.5.5.5 -d '{"host":
{"server":"5.5.5.5", "secret": {"shared-secret":"helloworld", "admin-priv": "15"}}}'

Example: DELETE RADIUS Server


curl -k -v -u "admin:cisco123" -H Accept:application/vnd.yang.data+xml -H Content-
Type:application/vnd.yang.data+json -X DELETE
https://209.165.201.1/api/config/security_servers/radius-server/host/5.5.5.5

API Reference for Cisco Enterprise Network Function Virtualization Infrastructure Software

TACACS and RADIUS Support APIs

TACACS Support APIs

Example: POST TACACS Server

Example: PUT TACACS Server

Example: GET TACACS Server API

Example: DELETE TACACS Server

RADIUS Support APIs

Example: GET RADIUS Server

Example: POST RADIUS Server

Example: PUT RADIUS Server

Example: DELETE RADIUS Server