Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3284
Views
0
Helpful
6
Replies

Can't obtain authentication token from Nexus 9000 Switch with Postman

Go to solution
oslopez
Level 1
Level 1

‎03-05-2021 01:52 PM

Hello everyone,

I'm learning to use the NX-API REST via Postman. Currently I'm in the process of obtaining an authentication token from the NX9k switch following the below steps:

Capture.JPG  Since the switch I'm reaching uses TACACS as a method of authentication I assign "name" and "pwd" with my Tacacs credentials.

However, once I hit the SEND button I get the following error:

Capture2.JPG

(The actual Switch IP address is 10.18.1.2)

I tried the same steps in another switch with uses no TACACS but the default admin/admin credentials, however I got the same error.

Could you advise on why the connection is getting refused?

As mentioned, the Switch uses TACACS for authentication and the feature nxapi has been added.

 

Thank you.

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
oslopez
Level 1
Level 1
In response to oslopez

‎03-30-2021 07:52 AM

Well, I just wrote a Python script and I was able to login without any issue, so I would say this is a Postman issue. My goal is to eventually write Python scripts to manage/configure Cisco gear, therefore I will ditch Postman and will focus on Python scripting.

 

Thank you.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni

‎03-06-2021 08:32 AM

HI @oslopez 

You are talking about NXAPI, however you are using ACI API login.

If you have your N9K switch running in NXOS mode, have a look here: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/6-x/programmability/guide/b_Cisco_Nexus_9000_Series_NX-OS_Programmability_Guide/b_Cisco_Nexus_9000_Series_NX-OS_Programmability_Guide_chapter_011.html

If you have an ACI fabric, use the APIC IP to login.

 

Stay safe,

Sergiu

 

0 Helpful

Go to solution
oslopez
Level 1
Level 1
In response to Sergiu.Daniluk

‎03-08-2021 08:00 AM - edited ‎03-08-2021 08:01 AM

Hi msdaniluk,

In fact, what I'm following is a lab at Ciscolive : 

http://opennxos.ciscolive.com/pod0/labs/lab3/lab3-m2

Already completed previous modules but currently I'm stuck at Module 2: Postman - NX-API REST with the error mentioned.

As far as I'm concerned, this lab is based on a N9K switch, not an ACI fabric, That's why I'm using a N9K switch. Already was able to access the Sandbox, but I'd like to get more proficient using Postman, that's why I'm trying to go through the authentication process.

 

 

Thanks for your help. 

 

 

 

 

0 Helpful

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni
In response to oslopez

‎03-08-2021 11:42 AM - edited ‎03-08-2021 11:42 AM

Hello,

So it seems NXAPI REST is using same DME logic to access MO objects as in ACI. And curious enough is still called APIC Cookie ^_^.

Try this:

{
  "aaaUser" : {
    "attributes" : {
      "name" : "apic:TacacsDomain\\username",
      "pwd" : "password"
    }
  }
}

NOTE: I haven't tested it as I do not have a tacacs in the lab.

 

Stay safe,

Sergiu

0 Helpful

Go to solution
oslopez
Level 1
Level 1
In response to Sergiu.Daniluk

‎03-08-2021 12:56 PM

I don't have the Tacacs domain but I used the actual IP address of the Tacacs server along with my Tacacs UN and PW

"name" : "apic:<ip address of Tacacs server>\\username

But unfortunately I'm still getting the same error

0 Helpful

Go to solution
oslopez
Level 1
Level 1
In response to oslopez

‎03-30-2021 07:52 AM

Well, I just wrote a Python script and I was able to login without any issue, so I would say this is a Postman issue. My goal is to eventually write Python scripts to manage/configure Cisco gear, therefore I will ditch Postman and will focus on Python scripting.

 

Thank you.

0 Helpful

Go to solution
DMYTROLUKINYKH18058
Level 1
Level 1

‎12-01-2023 09:14 AM

I have the same issue, but I noticed that if you pass your creds in .xml request instead of json, it works, and you will receive your token back. You may notice that some tutorials show that json is working, but when you r trying same thing, json won't work. My assumption is that when the version NXOS changes, the organization of the authentication tree on the device may be changed too, so it is no longer matching the body that you trying to pass; i.e. it is no longer 

{

    "aaaUser":{

        "attributes":{

            "name":{{username}},

            "pwd":{{password}}

        }

    }

}

 

The way I made it work on my side, I sshed into my nexus os device, did a show version, checked what is the NXOS version (in my example it was NXOS: version 10.3(3) [Feature Release] ), then I went to this link that I found on Reddit: https://developer.cisco.com/site/cisco-nexus-nx-api-references/ , and here I looked for the documentation for my version 10.3, and found the authentication section. The authentication section has recommended to use xml: 

DMYTROLUKINYKH18058_0-1701450804435.png

Then I simply changed my postman request to the following: 

DMYTROLUKINYKH18058_1-1701450848974.png

Now it is working. 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents