Cisco APIC AAA TACACS+ 通过 CLI 管理?

网络工程 思科
2022-02-25 12:07:25

在 APIC 中,AAA 的实现可以通过以下路径看到:

APIC > ADMIN > AAA > RADIUS Management > RADIUS Providers
APIC > ADMIN > AAA > TACACS+ Management > TACACS+ Providers

在此处输入图像描述

*图片来自https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/basic-config/b_ACI_Config_Guide/b_ACI_Config_Guide_chapter_011.html

什么是等效的命令?我需要通过 SSH获取这些信息,包括、、Host Name数字和设置。DescriptionPortTimeout (sec)

APIC# show aaa ?
 authentication  Show AAA Authentication information
 groups          Show AAA group information
APIC# 

APIC# show aaa authentication ?
 <CR>
APIC# show aaa authentication
Default : radius
Console : radius

APIC# show aaa groups ?
 <CR>
APIC# 

APIC# show aaa groups
Total number of Groups: 2

RadiusGroups : XYZ-RADIUS
TacacsGroups : XYZ-TACACS
LdapGroups   :
1个回答

在 CLI 中,您可以运行以下命令:

APIC# show run aaa group server tacacsplus TACACS
# Command: show running-config aaa group server tacacsplus TACACS
# Time: Wed Apr  1 15:27:27 2020
  aaa group server tacacsplus TACACS
    server SERVER-2 priority 10
    server SERVER-1 priority 5
    exit

APIC# show run tacacs-server host "SERVER-2"
# Command: show running-config tacacs-server host SERVER-2
# Time: Wed Apr  1 15:28:05 2020
  tacacs-server host "SERVER-2"
    exit

您可能会注意到未显示其他参数,例如端口或超时。这是因为它们被设置为默认值。

和往常一样,您可以从 MO 获得这些信息。在 APIC 上运行bash然后执行curl命令:

icurl -g -X GET 'http://localhost:7777/api/node/class/aaaTacacsPlusProvider.json' | jq '.'

对于半径:

icurl -g -X GET 'http://localhost:7777/api/node/class/aaaRadiusProvider.json' | jq '.'

TACACS 的输出:

{
  "totalCount": "2",
  "imdata": [
    {
      "aaaTacacsPlusProvider": {
        "attributes": {
          "annotation": "",
          "authProtocol": "pap",
          "childAction": "",
          "descr": "",
          "dn": "uni/userext/tacacsext/tacacsplusprovider-SERVER-2",
          "epgDn": "",
          "extMngdBy": "",
          "lcOwn": "local",
          "modTs": "2019-02-11T10:23:19.748+03:00",
          "monPolDn": "uni/fabric/monfab-default",
          "monitorServer": "disabled",
          "monitoringUser": "default",
          "name": "SERVER-2",
          "nameAlias": "",
          "operState": "unknown",
          "ownerKey": "",
          "ownerTag": "",
          "port": "49",
          "retries": "1",
          "snmpIndex": "2",
          "status": "",
          "timeout": "5",
          "uid": "15374",
          "vrfName": ""
        }
      }
    },
    {
      "aaaTacacsPlusProvider": {
        "attributes": {
          "annotation": "",
          "authProtocol": "pap",
          "childAction": "",
          "descr": "",
          "dn": "uni/userext/tacacsext/tacacsplusprovider-SERVER-1",
          "epgDn": "",
          "extMngdBy": "",
          "lcOwn": "local",
          "modTs": "2019-02-11T10:23:14.350+03:00",
          "monPolDn": "uni/fabric/monfab-default",
          "monitorServer": "disabled",
          "monitoringUser": "default",
          "name": "SERVER-1",
          "nameAlias": "",
          "operState": "unknown",
          "ownerKey": "",
          "ownerTag": "",
          "port": "49",
          "retries": "1",
          "snmpIndex": "1",
          "status": "",
          "timeout": "5",
          "uid": "15374",
          "vrfName": ""
        }
      }
    }
  ]
}
其它你可能感兴趣的问题
上一篇警告时的光纤 dBm 收发器功率电平 下一篇发生故障转移时,ASA 的管理 IP 地址是否可能不会移动到新的活动 ASA?