Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
371
Views
2
Helpful
3
Replies

TACACS Profile - API for common task type

lanagna
Level 1
Level 1

‎03-14-2024 09:55 AM

Hi Team, 

Looking for Ansible API for the particular "Common Task type" to set as Nexus and by default it will choose Shell using API 

cisco.ise.tacacs_profile, but couldn't able to find the API for the Nexus setup as per the below snip.
 
lanagna_0-1710435277662.png

Please help me with the exact API or reference link

 

1 person had this problem
0 Helpful
3 Replies 3

Greg Gibbs
Cisco Employee
Cisco Employee

‎03-14-2024 03:28 PM

There is no such for those 'Common Task Types'. You would need to select the Raw View tab and build your API calls based on that data.

Example:
{
"TacacsProfile": {
"id": "e09c3a20-e250-11ee-a3a8-1296ee463e27",
"name": "Nexus_RO",
"description": "",
"sessionAttributes": {
"sessionAttributeList": [
{
"type": "OPTIONAL",
"name": "shell:roles",
"value": "\"network-operator\""
}
]
},
"link": {
"rel": "self",
"href": "https://ise32-3.ise.trappedunderise.com:9060/ers/config/tacacsprofile/e09c3a20-e250-11ee-a3a8-1296ee463e27",
"type": "application/json"
}
}
}

thomas
Cisco Employee
Cisco Employee

‎03-14-2024 04:01 PM

The easiest way to do this is to configure it in the GUI like you have done then perform a GET on the respective API object (tacacsprofile) to see what the REST object looks like:

curl  --include  --insecure  --location \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --user $ISE_REST_USERNAME:$ISE_REST_PASSWORD \
  --request GET https://$ISE_HOSTNAME/ers/config/tacacsprofile/name/ReadOnly

{
  "TacacsProfile" : {
    "id" : "a8696100-e255-11ee-a872-5600453c2db2",
    "name" : "ReadOnly",
    "description" : "",
    "sessionAttributes" : {
      "sessionAttributeList" : [ {
        "type" : "OPTIONAL",
        "name" : "shell:roles",
        "value" : "\"network-operator\""
      } ]
    },
    "link" : {
      "rel" : "self",
      "href" : "https://198.18.133.27/ers/config/tacacsprofile/name/ReadOnly",
      "type" : "application/json"
    }
  }
}

You can then use that data to figure out what values to use in the respective cisco.ise.tacacs_profile module:

- name: Create TACACS Profile `ReadOnly` 
  cisco.ise.tacacs_profile:
    ise_hostname: "{{ise_hostname}}"
    ise_username: "{{ise_username}}"
    ise_password: "{{ise_password}}"
    ise_verify: "{{ise_verify}}"
    state: present
    description: string
    name: ReadOnly
    sessionAttributes:
      sessionAttributeList:
      - name: "shell:roles"
        type: OPTIONAL
        value: "\"network-operator\""

 

lanagna
Level 1
Level 1

‎03-20-2024 12:49 PM

Thanks @thomas @Greg Gibbs for the inputs. Let me check on the same.

0 Helpful
Customers Also Viewed These Support Documents