Cisco DCNM Web Services API Guide, Release 4.0
AaaApp Service
Downloads: This chapterpdf (PDF - 228.0KB) The complete bookPDF (PDF - 6.48MB) | Feedback

AaaApp Service

Table Of Contents

AaaApp Service

Information About AaaApp Service

bindNetworkInterfaceToAaaServerGroups

bindNetworkInterfaceToGlobalRadiusServerSetting

bindNetworkInterfaceToGlobalTacacsServerSetting

createAaaServerGroups

createAccountingRulesInNetworkElement

createAuthenticationRulesInNetworkElement

createAuthorizationRulesInNetworkElement

createGlobalAaaServers

deleteAaaServerGroups

deleteAccountingRules

deleteAuthenticationRules

deleteAuthorizationRules

deleteGlobalAaaServers

disableAaa

disableTacacs

enableAaa

enableTacacs

getAaaServerGroups

getAaaServerGroupsInNetworkElement

getAaaStateOfNetworkElements

getAccountingRules

getAccountingRulesInNetworkElement

getAuthenticationRules

getAuthenticationRulesInNetworkElement

getAuthorizationRules

getAuthorizationRulesInNetworkElement

getGlobalAaaServerSettings

getGlobalAaaServers

getGlobalAaaServersForGroupAaaServers

getGlobalAaaServersInNetworkElement

getGlobalRadiusServerSettings

getGlobalRadiusServersInNetworkElement

getGlobalTacacsServerSettings

getGlobalTacacsServersInNetworkElement

getRadiusServerGroupsInNetworkElement

getTacacsServerGroupsInNetworkElement

getTacacsStateOfNetworkElements

modifyAaaServerGroups

modifyAccountingRules

modifyAuthenticationRules

modifyAuthorizationRules

modifyGlobalAaaServerSetting

modifyGlobalAaaServers

unbindNetworkInterfaceFromAaaServerGroups

unbindNetworkInterfaceFromGlobalRadiusServerSettings

unbindNetworkInterfaceFromGlobalTacacsServerSettings


AaaApp Service


This chapter describes the DCNM web services' API methods for the AaaApp service.

Information About AaaApp Service

Authentication, Authorization, and Accounting (AAA) services provide the primary framework to set up access control on a router or access server. Access control allows you to control who is allowed access to a network server and what services they are allowed to access.

Authentication is the process of identifying an individual user, usually based on a username and password.

Authorization is the process of granting or denying a user access to network resources once the user has been authenticated through the username and password. The amount of information and the amount of services that the user has access to depends on the user's authorization level.

Accounting is the process of keeping track of a user's activity while accessing the network resources, including the amount of time spent in the network, the services accessed, and the amount of data transferred during the session.

The API categories are as follows:

Query/Get APIs—Query data from the persistent database.

Create APIs—Create new AAA servers and AAA rules.

Modify APIs—Modify basic attributes of existing AAA servers and AAA rules

Delete APIs—Delete existing AAA servers and AAA rules

Enable and Disable APIs—Enable and disable AAA feature or TACACS in the device

This chapter contains APIs for the following features:

AAA Rules

AAA Server Groups

bindNetworkInterfaceToAaaServerGroups

Assigns a network interface to one or more AAA server groups as source interface. If server group has an existing source interface association, this new interface association will overwrite the existing association.

ValidationException is thrown if any of the following situations occurs:

If neInstanceNameId or aaaServerGrpInstanceNameIdColis null

If aaaServerGrpInstanceNameIdCol collection contains an element that is null or the collection is empty or it is not type AaaServerGroup InstanceNameId

If AAA is disabled in the given network element which is running Cisco IOS.

If the given server type is Tacacs+ and Tacacs+ is disabled in the given network element which is running Cisco NX-OS.

If network interface and AAA server groups are not from the same network element.

IntegrityException is thrown if any of the following situations occurs:

If the object for the given networkInterfaceInstanceNameId doesn't exist in the device.

If the objects for the given aaaServerGrpInstanceNameIdCol doesn't exist in the device.

Parameters

opContext—Operational context

aaaServerGrpInstanceNameIdCol—list of InstanceNameId of the AaaServerGroup for which the source interface needs to be assigned

networkInterfaceInstanceNameId—InstanceNameId of the network interface.

Return Value

void

bindNetworkInterfaceToGlobalRadiusServerSetting

Assigns a network interface as the source interface for the globally configured RADIUS servers in a network element. If global RADIUS server has an existing source interface association, this new interface association will overwrite the existing association.

ValidationException is thrown if any of the following situations occurs:

If networkInterfaceInstanceNameIdis null

If aaaServerGrpInstanceNameIdCol is not type AaaServerGroup InstanceNameId

If AAA is disabled in the given network element which is running Cisco IOS.

IntegrityException is thrown if any of the following situations occurs:

If the object for the given networkInterfaceInstanceNameId doesn't exist in the device.

Parameters

opContext—Operational context

networkInterfaceInstanceNameId—InstanceNameId of the network interface.

Return Value

void

bindNetworkInterfaceToGlobalTacacsServerSetting

Assigns a network interface as the source interface for the globally configured TACACS server settings in a network element. If global TACACS server setting has an existing source interface association, this new interface association will overwrite the existing association.

ValidationException is thrown if any of the following situations occurs:

If networkInterfaceInstanceNameIdis null

If aaaServerGrpInstanceNameIdCol is not type AaaServerGroup InstanceNameId

If AAA is disabled in the given network element which is running Cisco IOS.

If TACACS is disabled in the given network element which is running Cisco NX-OS.

IntegrityException is thrown if any of the following situations occurs:

If the object for the given networkInterfaceInstanceNameId doesn't exist in the device.

Parameters

opContext—Operational context

networkInterfaceInstanceNameId—InstanceNameId of the network interface.

Return Value

void

createAaaServerGroups

Creates one or more AAA server groups and its associated Group AAA servers in a network element. If any Group server that is not configured as a global server, It will create Global servers respected to group servers.

ValidationException is thrown if any of the following situations occurs:

If the neInstanceNameId is null or it is not a valid network element InstanceNameId.

If the aaaServerGrpCol is null.

If the aaaServerGrpCol contains one or more null element, or the collection is empty

If aaaServerGrpCol collection contains an element that is not of type AaaServerGroup.

If AAA is disabled in the given network element which is running Cisco IOS.

If the given AAA server Group is Tacacs+ server and Tacacs+ is disabled in the given network element which is running Cisco NX-OS.

PropertiesException is thrown if any of the following situations occurs:

If AAA Server Group is not valid.

Example:

Server Group name is null

IntegrityException is thrown if any of the following situations occurs:

If the Server Group with the same name already exist in the device.

Parameters

opContext—Operational context

neInstanceNameId—InstanceNameId of the Network Element where the AAA Server Groups needs to be created.

aaaServerGrpCol—List of AaaServerGroup objects that needs to be created.

Return Value

The List of InstanceNameId of the AaaServerGroup objects that gets created by this method.

createAccountingRulesInNetworkElement

Creates one or more accounting rules in a network element.

ValidationException is thrown if any of the following situations occurs:

If AAA is disabled in the given network element which is running Cisco IOS.

If the acRuleCol is null.

If the acRuleCol contains one or more null element, or the collection is empty

If the neInstanceNameId is null or it is not a valid network element InstanceNameId.

If any of the given rule doesn't have a method

If the device is running Cisco IOS, and any of the given rule has more than 4 methods

If the given network element is running Cisco NX-OS, and any of the given rule has more than 10 methods

PropertiesException is thrown if any of the following situations occurs:

If Accounting Rule is not valid.

Example:

Rule name is null

IntegrityException is thrown if any of the following situations occurs:

If the accounting rule with the same name and service already exist in the device.

If a method uses server groups, then those server group references should be available. Also, that server group must be present in the database.

Parameters

opContext—Operational context

neInstanceNameId—InstanceNameId of the Network Element in where the accounting rules needs to be created.

acRuleCol—List of AccountingRule objects that needs to be created.

Return Value

The List of InstanceNameId of the AccountingRule objects that gets created by this method.

createAuthenticationRulesInNetworkElement

Creates one or more authentication rules in a network element.

ValidationException is thrown if any of the following situations occurs:

If AAA is disabled in the given network element which is running Cisco IOS.

If the atRuleCol is null.

If the atRuleCol contains one or more null element, or the collection is empty

If the neInstanceNameId is null or it is not a valid network element InstanceNameId.

If any of the given rule doesn't have a method

If the given network element is running Cisco IOS, and any of the given rule has more than 4 methods

If the given network element is running Cisco NX-OS and any of the given rule has more than 10 methods

PropertiesException is thrown if any of the following situations occurs:

If Authentication Rule is not valid.

Example:

Rule name is null

IntegrityException is thrown if any of the following situations occurs:

If the authentication rule with the same name and service already exist in the device.

If a method uses server groups, then those server group references should be available. Also, that server group must be present in the database.

Parameters

opContext—Operational context

neInstanceNameId—InstanceNameId of the Network Element where the authentication rules needs to be created.

atRuleCol—List of AuthenticationRule objects that needs to be created.

Return Value

The List of InstanceNameId of the AuthenticationRule objects that gets created by this method.

createAuthorizationRulesInNetworkElement

Creates one or more authorization rules in a network element.

ValidationException is thrown if any of the following situations occurs:

If AAA is disabled in the given network element which is running Cisco IOS.

If the given network element is running Cisco NX-OS.

If the arRuleCol is null.

If the arRuleCol contains one or more null element, or the collection is empty

If the neInstanceNameId is null or it is not a valid network element InstanceNameId.

If any of the given rule doesn't have a method

If the given network element is running Cisco IOS, and any of the given rule has more than 4 methods

If the given network element is running Cisco NX-OS, and any of the given rule has more than 10 methods

PropertiesException is thrown if any of the following situations occurs:

If Authorization Rule is not valid.

Example:

Rule name is null

IntegrityException is thrown if any of the following situations occurs:

If the authorization rule with the same name and service already exist in the device.

If a method uses server groups, then those server group references should be available. Also, that server group must be present in the database.

Parameters

opContext—Operational context

neInstanceNameId—InstanceNameId of the Network Element in where the authorization rules needs to be created.

arRuleCol—List of AuthorizationRule objects that needs to be created.

Return Value

The List of InstanceNameId of the AuthorizationRule objects that gets created by this method.

createGlobalAaaServers

Creates one or more AAA servers globally in a network element.

ValidationException is thrown if any of the following situations occurs:

If the neInstanceNameId is null or it is not a valid network element InstanceNameId.

If the aaaServerCol is null.

If the aaaServerCol contains one or more null element, or the collection is empty

If aaaServerCol collection contains an element that is not of type GlobalAaaServer.

If AAA is disabled in the given network element which is running Cisco IOS.

If the given AAA server is Tacacs+ server and Tacacs+ is disabled in the given network element which is running Cisco NX-OS.

PropertiesException is thrown if any of the following situations occurs:

If Global AAA Server is not valid.

Example:

Server host name and Ip Address is null

IntegrityException is thrown if any of the following situations occurs:

If the AAA server with the same name, authentication port and accounting port already exist in the device globally.

Parameters

opContext—Operational context

neInstanceNameId—InstanceNameId of the Network Element where the global AAA servers needs to be created.

aaaServerCol—List of GlobalAaaServer objects that needs to be created.

Return Value

The List of InstanceNameId of the GlobalAaaServer objects that gets created by this method.

deleteAaaServerGroups

Deletes one or more AAA Server groups from a network element.

ValidationException is thrown if any of the following situations occurs:

If AAA is disabled in the given network element which is running Cisco IOS.

If the aaaServerGrpInstanceNameIdCol is null.

If the aaaServerGrpInstanceNameIdCol contains one or more null element, or the collection is empty

If aaaServerGrpInstanceNameIdCol collection contains an element that is not of type AaaServerGroup InstanceNameId.

If any of the given AAA server group is associated with AAA rules.

IntegrityException is thrown if any of the following situations occurs:

If the given AaaServerGroup doesn't exist in the device.

Parameters

opContext—Operational context

aaaServerGrpInstanceNameIdCol—Instance name ID of one or more AaaServerGroup objects that needs to be deleted.

Return Value

void

deleteAccountingRules

Deletes one or more accounting rules from the network element.

ValidationException is thrown if any of the following situations occurs:

If AAA is disabled in the given network element which is running Cisco IOS.

If the acRuleInstanceNameIdCol is null.

If the acRuleInstanceNameIdCol contains one or more null element, or the collection is empty

If acRuleInstanceNameIdCol collection contains an element that is not of type AccountingRule InstanceNameId.

IntegrityException is thrown if any of the following situations occurs:

If the given accounting rule doesn't exist in the device.

Parameters

opContext—Operational context

acRuleInstanceNameIdCol—Instance name ID of one or more AccountingRule objects that needs to be deleted.

Return Value

void

deleteAuthenticationRules

Deletes one or more authentication rules from the network element.

ValidationException is thrown if any of the following situations occurs:

If AAA is disabled in the given network element which is running Cisco IOS.

If the atRuleInstanceNameIdCol is null.

If the atRuleInstanceNameIdCol contains one or more null element, or the collection is empty

If atRuleInstanceNameIdCol collection contains an element that is not of type AuthenticationRule InstanceNameId.

IntegrityException is thrown if any of the following situations occurs:

If the given authentication rule doesn't exist in the device.

Parameters

opContext—Operational context

atRuleInstanceNameIdCol—Instance name ID of one or more AuthenticationRule objects that needs to be deleted.

Return Value

void

deleteAuthorizationRules

Deletes one or more authorization rules from the network element.

ValidationException is thrown if any of the following situations occurs:

If AAA is disabled in the given network element which is running Cisco IOS.

If the arRuleInstanceNameIdCol is null.

If the arRuleInstanceNameIdCol contains one or more null element, or the collection is empty

If arRuleInstanceNameIdCol collection contains an element that is not of type AuthorizationRule InstanceNameId.

IntegrityException is thrown if any of the following situations occurs:

If the given authorization rule doesn't exist in the device.

Parameters

opContext—Operational context

arRuleInstanceNameIdCol—Instance name ID of one or more AuthorizationRule objects that needs to be deleted.

Return Value

void

deleteGlobalAaaServers

Deletes one or more Global AAA Servers from a network element.

ValidationException is thrown if any of the following situations occurs:

If AAA is disabled in the given network element which is running Cisco IOS.

If the aaaServerInstanceNameIdCol is null.

If the aaaServerInstanceNameIdCol contains one or more null element, or the collection is empty

If aaaServerInstanceNameIdCol collection contains an element that is not of type GlobalAaaServer InstanceNameId.

If group servers exist with the same IpAddress/HostName of any of the given global servers

IntegrityException is thrown if any of the following situations occurs:

If the given GlobalAaaServer doesn't exist in the device.

Parameters

opContext—Operational context

aaaServerInstanceNameIdCol—Instance name ID of one or more GlobalAaaServer objects that needs to be deleted.

Return Value

void

disableAaa

Disables AAA on one or more network element. This API is applicable only for devices running Cisco IOS, and not applicable for Cisco NX-OS.

ValidationException is thrown if any of the following situations occurs:

If the neInstanceNameIdCol is null.

If the neInstanceNameIdCol contains one or more null element, or the collection is empty or it is not type InstanceNameId.

If the given network element is running Cisco NX-OS.

Parameters

opContext—Operational context

neInstanceNameIdCol—list of InstanceNameId of the Network Element for which the AAA should be disabled

Return Value

void

disableTacacs

Disables TACACS+ on one or more network element. This API is applicable only for Cisco NX-OS and not for devices running Cisco IOS.

ValidationException is thrown if any of the following situations occurs:

If the neInstanceNameIdCol is null.

If the neInstanceNameIdCol contains one or more null element, or the collection is empty or it is not type InstanceNameId.

If the given network element is running Cisco IOS.

Parameters

opContext—Operational context

neInstanceNameIdCol—list of InstanceNameId of the Network Element for which Tacacs+ should be disabled

Return Value

void

enableAaa

Enables AAA on one or more network elements. Given the instance name ID of one or more network elements, AAA will be enabled on those elements. This API can be used to enable AAA for Cisco IOS devices. This API is not applicable for Cisco NX-OS.

ValidationException is thrown if any of the following situations occurs:

If the neInstanceNameIdCol is null.

If the neInstanceNameIdCol contains one or more null element, or the collection is empty or it is not type InstanceNameId.

If the given network element is running Cisco NX-OS.

Parameters

opContext—Operational context

neInstanceNameIdCol—list of InstanceNameId of the Network Element for which the AAA should be enabled

Return Value

void

enableTacacs

Enables TACACS+ on one or more network elements. Given the instance name ID of one or more network elements, TACACS+ will be enabled on those elements. This API is only applicable for Cisco NX-OS, and not for Cisco IOS.

ValidationException is thrown if any of the following situations occurs:

If the neInstanceNameIdCol is null.

If the neInstanceNameIdCol contains one or more null element, or the collection is empty or it is not type InstanceNameId.

If the given network element is running Cisco IOS.

Parameters

opContext—Operational context

neInstanceNameIdCol—list of InstanceNameId of the Network Element for which Tacacs+ should be enabled

Return Value

void

getAaaServerGroups

Returns one or more AAA server groups. Given the instance ID of one or more AAA server groups, returns the corresponding AAA server group objects.

ValidationException is thrown if any of the following situations occurs:

If grpInstanceNameIdCol collection contains an element that is null or the collection is empty or it is not type InstanceNameId

if the argument passed is null or it is not a valid AAA server group InstanceNameId.

If AAA is disabled in the given network element which is running Cisco IOS.

Parameters

opContext—Operational context

grpInstanceNameIdCol—InstanceNameId of the one or more AAA server group objects.

Return Value

The AAA server groups for the given AAA server group InstanceNameIds. The returned list will contain the list of AaaServerGroup instances.

Following associations will be there for an AAA server groups:

Group AAA servers association.

If the server group has any source interface association, then it will be available. But if the network interface has some other associations, then all those associations will be cleared.

All other associations will be cleared.

getAaaServerGroupsInNetworkElement

Returns AAA server groups that are configured in a network element. Given the instance name ID of a network element, returns a list of AAA server groups.

ValidationException is thrown if any of the following situations occurs:

if the argument passed is null or it is not a valid network element InstanceNameId.

If AAA is disabled in the given network element which is running Cisco IOS.

Parameters

opContext—Operational context

neInstanceNameId—InstanceNameId of the Network Element for which the AAA server groups are required

Return Value

The AAA server groups present in the given network element. The returned list will contain the list of AaaServerGroup instances.

Following associations will be there for an AAA server groups:

Group AAA servers association.

If the server group has any source interface association, then it will be available. But if the network interface has some other associations, then all those associations will be cleared.

All other associations will be cleared.

getAaaStateOfNetworkElements

Returns state of AAA whether AAA is enabled or disabled in a list of network elements. Given the list of instance name IDs of the network elements, returns the list of Boolean values.

ValidationException is thrown if any of the following situations occurs:

If neInstanceNameIdCol collection contains an element that is null or the collection is empty or it is not type InstanceNameId.

if the argument passed is null or it is not a valid network element InstanceNameId.

Parameters

opContext—Operational context

neInstanceNameIdCol—InstanceNameId of the one or more Network Element for which the AAA state is required

Return Value

The returned list will contain Boolean instances.

Boolean value TRUE represents AAA is enabled in the given network element.

Boolean value FALSE represents AAA is disabled in the given network element.

getAccountingRules

Returns one or more accounting rules. Given the instance ID of one or more accounting rules, returns the corresponding accounting rule objects.

ValidationException is thrown if any of the following situations occurs:

If neInstanceNameIdCol collection contains an element that is null or the collection is empty or it is not type InstanceNameId

if the argument passed is null or it is not a valid accounting rule InstanceNameId.

If AAA is disabled in the given network element which is running Cisco IOS.

Parameters

opContext—Operational context

acRuleInstanceNameIdCol—InstanceNameId of the one or more accounting rule objects.

Return Value

The accounting rules for the given accounting rule InstanceNameIds. The returned list will contain the list of AccountingRule instances.

Following associations will be there for an accounting rule:

accounting methods (AccountingMethod)

If accounting methods uses server groups, then those server group references will be available. But in that server group, all it's references will be cleared.

getAccountingRulesInNetworkElement

Returns accounting rules configured in a network element. Given the instance ID of a network element, returns a list of accounting rules.

ValidationException is thrown if any of the following situations occurs:

if the argument passed is null or it is not a valid network element InstanceNameId.

If AAA is disabled in the given network element which is running Cisco IOS.

Parameters

opContext—Operational context

neInstanceNameId—InstanceNameId of the Network Element for which the accounting rules are required

Return Value

The accounting rules present in the given network element. The returned list will contain the list of AccountingRule instances.

Following associations will be there for an accounting rule:

accounting methods(AccountingMethod)

If accounting methods uses server groups, then those server group references will be available. But in that server group, all it's references will be cleared.

getAuthenticationRules

Returns one or more authentication rules. Given the instance ID of one or more authentication rules, returns the corresponding authentication rule objects.

ValidationException is thrown if any of the following situations occurs:

If neInstanceNameIdCol collection contains an element that is null or the collection is empty or it is not type InstanceNameId

if the argument passed is null or it is not a valid authentication rule InstanceNameId.

If AAA is disabled in the given network element which is running Cisco IOS.

Parameters

opContext—Operational context

atRuleInstanceNameIdCol—InstanceNameId of the one or more authentication rule objects.

Return Value

The authentication rules for the given authentication rule InstanceNameIds. The returned list will contain the list of AuthenticationRule instances.

Following associations will be there for an authentication rule:

authentication methods(AuthenticationMethod)

If authentication methods uses server groups, then those server group references will be available. But in that server group, all it's references will be cleared.

getAuthenticationRulesInNetworkElement

Returns authentication rules configured in a network element. Given the instance name ID of a network element, returns a list of authentication rules.

ValidationException is thrown if any of the following situations occurs:

if the argument passed is null or it is not a valid network element InstanceNameId.

If AAA is disabled in the given network element which is running Cisco IOS.

Parameters

opContext—Operational context

neInstanceNameId—InstanceNameId of the Network Element for which the authentication rules are required

Return Value

The authentication rules present in the given network element. The returned list will contain the list of AuthenticationRule instances.

Following associations will be there for an authentication rule:

authentication methods(AuthenticationMethod)

If authentication methods uses server groups, then those server group references will be available. But in that server group, all it's references will be cleared.

getAuthorizationRules

Returns one or more authorization rules. Given the instance ID of one or more authorization rules, returns the corresponding authorization rule objects.

ValidationException is thrown if any of the following situations occurs:

If neInstanceNameIdCol collection contains an element that is null or the collection is empty or it is not type InstanceNameId

if the argument passed is null or it is not a valid authorization rule InstanceNameId.

If AAA is disabled in the given network element which is running Cisco IOS.

Parameters

opContext—Operational context

arRuleInstanceNameIdCol—InstanceNameId of the one or more authorization rule objects.

Return Value

The authorization rules for the given authorization rule InstanceNameIds. The returned list will contain the list of AuthorizationRule instances.

Following associations will be there for an authorization rule:

authorization methods (AuthorizationMethod)

If authorization methods uses server groups, then those server group references will be available. But in that server group, all it's references will be cleared.

getAuthorizationRulesInNetworkElement

Returns authorization rules configured in a network element. Given the instance name ID of a network element, returns a list of authorization rules.

ValidationException is thrown if any of the following situations occurs:

if the argument passed is null or it is not a valid network element InstanceNameId.

If AAA is disabled in the given network element which is running Cisco IOS.

If the given network element is running Cisco NX-OS.

Parameters

opContext—Operational context

neInstanceNameId—InstanceNameId of the Network Element for which the authorization rules are required

Return Value

The authorization rules present in the given network element. The returned list will contain the list of AuthorizationRule instances.

Following associations will be there for an authorization rule:

authorization methods (AuthorizationMethod)

If authorization methods uses server groups, then those server group references will be available. But in that server group, all it's references will be cleared.

getGlobalAaaServerSettings

Returns one or more global radius/tacacs server settings. Given the instance ID of one or more global radius/tacacs server settings, returns the corresponding global radius/tacacs server settings.

ValidationException is thrown if any of the following situations occurs:

If settingInstanceNameIdCol collection contains an element that is null or the collection is empty or it is not type InstanceNameId

if the argument passed is null or it is not a valid global AAA server setting InstanceNameId.

If AAA is disabled in the given network element which is running Cisco IOS.

Parameters

opContext—Operational context

grpInstanceNameIdCol—InstanceNameId of the one or more global AAA server objects.

Return Value

The global radius/tacacs server settings for the given AAA server InstanceNameIds. The returned list will contain the list of GlobalAaaServerSetting instances.

All its associations will be cleared.

getGlobalAaaServers

Returns one or more AAA servers that are configured globally. Given the instance ID of one or more AAA servers, returns the corresponding AAA server objects.

ValidationException is thrown if any of the following situations occurs:

If serverInstanceNameIdCol collection contains an element that is null or the collection is empty or it is not type InstanceNameId

if the argument passed is null or it is not a valid Global AAA server InstanceNameId.

If AAA is disabled in the given network element which is running Cisco IOS.

Parameters

opContext—Operational context

grpInstanceNameIdCol—InstanceNameId of the one or more global AAA server objects.

Return Value

The global AAA servers for the given AAA server InstanceNameIds. The returned list will contain the list of GlobalAaaServer instances.

All its associations will be cleared.

getGlobalAaaServersForGroupAaaServers

Returns AAA servers that are configured globally respect to given group AAA servers. Given the instance name ID of a Group AAA servers, returns a list of AAA servers configured globally.

ValidationException is thrown if any of the following situations occurs:

if the argument passed is null or it is not a valid group AAA server InstanceNameId.

If AAA is disabled in the given network element which is running Cisco IOS.

Parameters

opContext—Operational context

groupServerInstanceNameIds—InstanceNameIds of the GroupAaaServer for which the AAA servers are required

Return Value

The AAA servers configured globally respect to the given server group The returned list will contain the list of GlobalAaaServer instances.

All its associations will be cleared.

getGlobalAaaServersInNetworkElement

Returns AAA servers that are configured globally in a network element. Given the instance name ID of a network element, returns a list of AAA servers configured globally.

ValidationException is thrown if any of the following situations occurs:

if the argument passed is null or it is not a valid network element InstanceNameId.

If AAA is disabled in the given network element which is running Cisco IOS.

Parameters

opContext—Operational context

neInstanceNameId—InstanceNameId of the Network Element for which the AAA servers are required

Return Value

The AAA servers configured globally in the given network element The returned list will contain the list of GlobalAaaServer instances.

All its associations will be cleared.

getGlobalRadiusServerSettings

Returns the device level RADIUS Server settings for one or more network elements. Given the instance name ID of one or more network elements, returns the corresponding global AAA server settings object for those network elements.

ValidationException is thrown if any of the following situations occurs:

If AAA is disabled in the given network element which is running Cisco IOS.

If neInstanceNameIdCol collection contains an element that is null or the collection is empty or it is not type InstanceNameId

Parameters

opContext—Operational context

neInstanceNameIdCol—list of InstanceNameId of the Network Element for which the RADIUS server settings are required

Return Value

The RADIUS server settings configured globally in the given network element. The returned list will contain the list of GlobalAaaServerSetting instances of type RADIUS.

Following associations will be there for an AAA server groups:

Source Interface association.But if the network interface has some other associations, then all those associations will be cleared.

getGlobalRadiusServersInNetworkElement

Returns RADIUS servers that are configured globally in a network element. Given the instance name ID of a network element, returns a list of AAA servers of type RADIUS.

ValidationException is thrown if any of the following situations occurs:

if the argument passed is null or it is not a valid network element InstanceNameId.

If AAA is disabled in the given network element which is running Cisco IOS.

Parameters

opContext—Operational context

neInstanceNameId—InstanceNameId of the Network Element for which the RADIUS servers are required

Return Value

The RADIUS servers configured globally in the given network element The returned list will contain the list of GlobalAaaServer instances of type RADIUS.

All its associations will be cleared.

getGlobalTacacsServerSettings

Returns the device level TACACS+ Server settings for one or more network elements. Given the instance name ID of one or more network elements, returns the corresponding global AAA server settings object for those network elements.

ValidationException is thrown if any of the following situations occurs:

If neInstanceNameIdCol collection contains an element that is null or the collection is empty or it is not type InstanceNameId

If AAA is disabled in the given network element which is running Cisco IOS.

Parameters

opContext—Operational context

neInstanceNameIdCol—list of InstanceNameId of the Network Element for which the TACACS+ server settings are required

Return Value

The TACACS+ server settings configured globally in the given network element. The returned list will contain the list of GlobalAaaServerSetting instances of type TACACS+.

Following associations will be there for an AAA server groups:

Source Interface association.But if the network interface has some other associations, then all those associations will be cleared.

getGlobalTacacsServersInNetworkElement

Returns TACACS+ servers that are configured globally in a network element. Given the instance name ID of a network element, returns a list of AAA servers of type TACACS+.

ValidationException is thrown if any of the following situations occurs:

if the argument passed is null or it is not a valid network element InstanceNameId.

If AAA is disabled in the given network element which is running Cisco IOS.

If TACACS+ is disabled in the given network element which is running Cisco NX-OS.

Parameters

opContext—Operational context

neInstanceNameId—InstanceNameId of the Network Element for which the TACACS+ servers are required

Return Value

The TACACS+ servers configured globally in the given network element The returned list will contain the list of GlobalAaaServer instances of type TACACS+.

All its associations will be cleared.

getRadiusServerGroupsInNetworkElement

Returns AAA server groups of type RADIUS that are configured in a network element. Given the instance name ID of a network element, returns a list of AAA server groups of type RADIUS.

ValidationException is thrown if any of the following situations occurs:

if the argument passed is null or it is not a valid network element InstanceNameId.

If AAA is disabled in the given network element which is running Cisco IOS.

Parameters

opContext—Operational context

neInstanceNameId—InstanceNameId of the Network Element for which the RADIUS server groups are required

Return Value

The RADIUS server groups present in the given network element. The returned list will contain the list of AaaServerGroup instances of type RADIUS.

Following associations will be there for an AAA server groups:

Group AAA servers association.

If the server group has any source interface association, then it will be available. But if the network interface has some other associations, then all those associations will be cleared.

All other associations will be cleared.

getTacacsServerGroupsInNetworkElement

Returns AAA server groups of type TACACS+ that are configured in a network element. Given the instance name ID of a network element, returns a list of AAA server groups of type TACACS+. Following associations will be available:

ValidationException is thrown if any of the following situations occurs:

if the argument passed is null or it is not a valid network element InstanceNameId.

If AAA is disabled in the given network element which is running Cisco IOS.

If TACACS+ is disabled in the given network element which is running Cisco NX-OS

Parameters

opContext—Operational context

neInstanceNameId—InstanceNameId of the Network Element for which the TACACS+ server groups are required

Return Value

The TACACS+ server groups present in the given network element. The returned list will contain the list of AaaServerGroup instances of type TACACS+.

Following associations will be there for an AAA server groups:

Group AAA servers association.

If the server group has any source interface association, then it will be available. But if the network interface has some other associations, then all those associations will be cleared.

All other associations will be cleared.

getTacacsStateOfNetworkElements

Returns state of Tacacs+ service whether Tacacs+ is enabled or disabled in a list of network elements. Given the list of instance name IDs of the network elements, returns a list of Boolean values.

ValidationException is thrown if any of the following situations occurs:

If neInstanceNameIdCol collection contains an element that is null or the collection is empty or it is not type InstanceNameId.

if the argument passed is null or it is not a valid network element InstanceNameId.

Parameters

opContext—Operational context

neInstanceNameIdCol—InstanceNameId of the one or more Network Element for which the Tacacs+ state is required

Return Value

The returned list will contain Boolean instances.

Boolean value TRUE indicates Tacacs+ is enabled in the given network element.

Boolean value FALSE indicates Tacacs+ is disabled in the given network element.

modifyAaaServerGroups

Modifies one or more existing AAA Server groups in a network element.

ValidationException is thrown if any of the following situations occurs:

If the aaaServerCol is null.

If the aaaServerCol contains one or more null element, or the collection is empty

If AAA is disabled in the given network element which is running Cisco IOS.

If the given AAA server is Tacacs+ server and Tacacs+ is disabled in the given network element which is running Cisco NX-OS.

PropertiesException is thrown if any of the following situations occurs:

If AAA server is not valid.

Example:

Server host name and Ip Address is updated

IntegrityException is thrown if any of the following situations occurs:

If the given AAA Server doesn't exist globally in the device.

*

If the Group AAA Servers that are associated with Server Group except private servers are not configured globally.

Parameters

opContext—Operational context

aaaServerGrpCol—List of modified AaaServerGroup objects that will replace the existing objects.

Return Value

void

modifyAccountingRules

Modifies one or more existing accounting rules in a network element.

ValidationException is thrown if any of the following situations occurs:

If AAA is disabled in the given network element which is running Cisco IOS.

If the acRuleCol is null.

If the acRuleCol contains one or more null element, or the collection is empty

If any of the given rule doesn't have a method

If the device is running Cisco IOS, and any of the given rule has more than 4 methods

If the given network element is running Cisco NX-OS, and any of the given rule has more than 10 methods

PropertiesException is thrown if any of the following situations occurs:

If Accounting Rule is not valid.

Example:

Rule name is updated

IntegrityException is thrown if any of the following situations occurs:

If the accounting rule doesn't exist in the device.

If a method uses server groups, then those server group references should be available. Also, that server group must be present in the database.

Parameters

opContext—Operational context

acRuleCol—List of modified AccountingRule objects that will replace the existing objects.

Return Value

void

modifyAuthenticationRules

Modifies one or more existing authentication rules in a network element.

ValidationException is thrown if any of the following situations occurs:

If AAA is disabled in the given network element which is running Cisco IOS.

If the atRuleCol is null.

If the atRuleCol contains one or more null element, or the collection is empty

If any of the given rule doesn't have a method

If the device is running Cisco IOS, and any of the given rule has more than 4 methods

If the given network element is running Cisco NX-OS, and any of the given rule has more than 10 methods

PropertiesException is thrown if any of the following situations occurs:

If Authentication Rule is not valid.

Example:

Rule name is updated

IntegrityException is thrown if any of the following situations occurs:

If the given authentication rule doesn't exist in the device.

If a method uses server groups, then those server group references should be available. Also, that server group must be present in the database.

Parameters

opContext—Operational context

atRuleCol—List of modified AuthenticationRule objects that will replace the existing objects.

Return Value

void

modifyAuthorizationRules

Modifies one or more existing authorization rules in a network element.

ValidationException is thrown if any of the following situations occurs:

If AAA is disabled in the given network element which is running Cisco IOS.

If the given network element is running Cisco NX-OS.

If the arRuleCol is null.

If the arRuleCol contains one or more null element, or the collection is empty

If any of the given rule doesn't have a method

If the device is running Cisco IOS, and any of the given rule has more than 4 methods

PropertiesException is thrown if any of the following situations occurs:

If Authorization Rule is not valid.

Example:

Rule name is updated

IntegrityException is thrown if any of the following situations occurs:

If the authorization rule doesn't exist in the device.

If a method uses server groups, then those server group references should be available. Also, that server group must be present in the database.

Parameters

opContext—Operational context

arRuleCol—List of modified AuthorizationRule objects that will replace the existing objects.

Return Value

void

modifyGlobalAaaServerSetting

Modifies one or more existing global AAA Server setting in a network element.

ValidationException is thrown if any of the following situations occurs:

If the neInstanceNameId is null or it is not type InstanceNameId.

If the setting is null.

If AAA is disabled in the given network element which is running Cisco IOS.

If the given server type is Tacacs+ and Tacacs+ is disabled in the given network element which is running Cisco NX-OS.

Parameters

opContext—Operational context

neInstanceNameId—InstanceNameId of the Network Element for which the Global AAA server settings are required

setting—Modified GlobalAaaServerSetting object that will replace the existing objects.

type—Type of the server (Radius/Tacacs) ServerType

Return Value

void

modifyGlobalAaaServers

Modifies one or more existing Global AAA Servers in a network element.

ValidationException is thrown if any of the following situations occurs:

If the aaaServerCol is null.

If the aaaServerCol contains one or more null element, or the collection is empty

If AAA is disabled in the given network element which is running Cisco IOS.

If the given AAA server is Tacacs+ server and Tacacs+ is disabled in the given network element which is running Cisco NX-OS.

PropertiesException is thrown if any of the following situations occurs:

If AAA server is not valid.

Example:

Server host name and Ip Address is updated

IntegrityException is thrown if any of the following situations occurs:

If the given AAA Server doesn't exist globally in the device.

Parameters

opContext—Operational context

aaaServerCol—List of modified GlobalAaaServer objects that will replace the existing objects.

Return Value

void

unbindNetworkInterfaceFromAaaServerGroups

Clears the source interface association from the given AAA server groups. If the AAA server groups passed to this API has any source interface association, then those associations will be removed. If they don't have any interface associations, then this API will simply ignore those server groups.

ValidationException is thrown if any of the following situations occurs:

If aaaServerGroupInstanceNameIdColis null

If aaaServerGroupInstanceNameIdCol collection contains an element that is null or the collection is empty or it is not type AaaServerGroup InstanceNameId

If AAA is disabled in the given network element which is running Cisco IOS.

If the given server type is Tacacs+ and Tacacs+ is disabled in the given network element which is running Cisco NX-OS.

IntegrityException is thrown if any of the following situations occurs:

If the objects for the given aaaServerGrpInstanceNameIdCol doesn't exist in the device.

Parameters

opContext—Operational context

aaaServerGroupInstanceNameIdCol—list of InstanceNameId of the AaaServerGroup for which the source interface needs to be removed

Return Value

void

unbindNetworkInterfaceFromGlobalRadiusServerSettings

Clears the source interface association from the Radius server's global setting of a given network element. If the setting does not have any interface association, then this API will simply ignore that network element.

ValidationException is thrown if any of the following situations occurs:

If neInstanceNameIdis null

If AAA is disabled in the given network element which is running Cisco IOS.

IntegrityException is thrown if any of the following situations occurs:

If the object for the given neInstanceNameId doesn't exist in the Database.

Parameters

opContext—Operational context

neInstanceNameId—InstanceNameId of the Network Element.

Return Value

void

unbindNetworkInterfaceFromGlobalTacacsServerSettings

Clears the source interface association from the Tacacs server's global setting of a given network element. If the setting does not have any interface association, then this API will simply ignore that network element.

ValidationException is thrown if any of the following situations occurs:

If neInstanceNameIdis null

If AAA is disabled in the given network element which is running Cisco IOS.

If TACACS is disabled in the given network element which is running Cisco NX-OS.

IntegrityException is thrown if any of the following situations occurs:

If the object for the given neInstanceNameId doesn't exist in the Database.

Parameters

opContext—Operational context

neInstanceNameId—InstanceNameId of the Network Element.

Return Value

void