pyaoscx.access_security module¶
-
pyaoscx.access_security.
clear_port_access_clients_limit
(port_name, **kwargs)¶ Perform GET and PUT calls to clear a port’s limit of maximum allowed number of authorized clients.
Parameters: - port_name – Alphanumeric name of Port
- kwargs – keyword s: requests.session object with loaded cookie jar keyword url: URL in main() function
Returns: True if successful, False otherwise
-
pyaoscx.access_security.
clear_ubt_client_vlan
(**kwargs)¶ Perform GET and PUT calls to clear the reserved VLAN for tunneled clients.
Parameters: kwargs – keyword s: requests.session object with loaded cookie jar keyword url: URL in main() function Returns: True if successful, False otherwise
-
pyaoscx.access_security.
configure_dot1x_interface
(port_name, auth_enable=True, cached_reauth_enable=True, cached_reauth_period=None, discovery_period=None, eapol_timeout=None, max_requests=None, max_retries=None, quiet_period=None, reauth_enable=True, reauth_period=None, **kwargs)¶ Perform a POST call to set 802.1x authentication on a port.
Parameters: - port_name – Alphanumeric name of the Port on which the trust mode is to be set
- auth_enable – True if 802.1x is to be enabled on the port, false otherwise. Defaults to True if not specified.
- cached_reauth_enable – True if cached reauthentication is to be enabled on the port, false otherwise. Defaults to True if not specified.
- cached_reauth_period – Time in seconds during which cached reauthentication is allowed on the port. Defaults to nothing if not specified.
- discovery_period – Time period(in seconds) to wait before an EAPOL request identity frame re-transmission on an 802.1X enabled port with no authenticated client. Applicable for 802.1X only. Defaults to nothing if not specified.
- eapol_timeout – Time period(in seconds) to wait for a response from a client before retransmitting an EAPOL PDU. If the value is not set the time period is calculated as per RFC 2988. Defaults to nothing if not specified.
- max_requests – Number of EAPOL requests to supplicant before authentication fails. Applicable for 802.1X only. Defaults to nothing if not specified.
- max_retries – Number of authentication attempts before authentication fails. Defaults to nothing if not specified.
- quiet_period – Time period(in seconds) to wait before processing an authentication request from a client that failed authentication. Defaults to nothing if not specified.
- reauth_enable – True if periodic reauthentication is to be enabled on the port, false otherwise. Defaults to True if not specified.
- reauth_period – Time period(in seconds) to enforce periodic re-authentication of clients. Defaults to nothing if not specified.
- kwargs – keyword s: requests.session object with loaded cookie jar keyword url: URL in main() function
Returns: True if successful, False otherwise
-
pyaoscx.access_security.
configure_mac_auth_interface
(port_name, auth_enable=True, cached_reauth_enable=True, cached_reauth_period=None, discovery_period=None, max_retries=None, quiet_period=None, reauth_enable=True, reauth_period=None, **kwargs)¶ Perform a POST call to set MAC authentication on a port.
Parameters: - port_name – Alphanumeric name of the Port on which the trust mode is to be set
- auth_enable – True if authentication is to be enabled on the port, false otherwise. Defaults to True if not specified.
- cached_reauth_enable – True if cached reauthentication is to be enabled on the port, false otherwise. Defaults to True if not specified.
- cached_reauth_period – Time in seconds during which cached reauthentication is allowed on the port. Defaults to nothing if not specified.
- discovery_period – Time period(in seconds) to wait before an EAPOL request identity frame re-transmission on an 802.1X enabled port with no authenticated client. Applicable for 802.1X only. Defaults to nothing if not specified.
- max_retries – Number of authentication attempts before authentication fails. Defaults to nothing if not specified.
- quiet_period – Time period(in seconds) to wait before processing an authentication request from a client that failed authentication. Defaults to nothing if not specified.
- reauth_enable – True if periodic reauthentication is to be enabled on the port, false otherwise. Defaults to True if not specified.
- reauth_period – Time period(in seconds) to enforce periodic re-authentication of clients. Defaults to nothing if not specified.
- kwargs – keyword s: requests.session object with loaded cookie jar keyword url: URL in main() function
Returns: True if successful, False otherwise
-
pyaoscx.access_security.
create_port_access_role
(role_name, desc=None, gateway_zone=None, ubt_gateway_role=None, vlan_mode=None, vlan_tag=None, vlan_trunks=None, **kwargs)¶ Perform a POST call to create a port access role
Parameters: - role_name – Alphanumeric name of port access role
- desc – Optional description for role. Defaults to nothing if not specified.
- gateway_zone – Gateway zone associated with this role. Defaults to nothing if not specified.
- ubt_gateway_role – Role to be assigned to tunneled clients on the UBT cluster side. Defaults to nothing if not specified.
- vlan_mode – VLAN mode should be one of “access,” “native-tagged,” “native-untagged,” or “trunk.” Defaults to nothing if not specified.
- vlan_tag – The untagged VLAN to which users of this access role has to be assigned to.
- vlan_trunks – The tagged VLAN(s) to which users of this access role has to be assigned to.
- kwargs – keyword s: requests.session object with loaded cookie jar keyword url: URL in main() function
Returns: True if successful, False otherwise
-
pyaoscx.access_security.
create_radius_host_config
(vrf_name, host, default_group_priority=1, groups=[], passkey=None, **kwargs)¶ Perform a POST call to set the RADIUS server host.
Parameters: - vrf_name – Alphanumeric name of VRF through which the RADIUS server is reachable
- host – IPv4/IPv6 address or FQDN of the RADIUS server
- default_group_priority – Integer priority within the default RADIUS server group. All RADIUS servers will be added to this default group. The priority must be at least 1, and defaults to 1 if not specified.
- groups – Optional list of additional RADIUS server groups to which this server will be added. Defaults to empty list if not specified.
- passkey – Optional passkey to be used between RADIUS client and server for authentication.
Returns: True if successful, False otherwise
-
pyaoscx.access_security.
create_ubt_zone
(zone_name, vrf_name, enable=True, pri_ctrlr_ip_addr=None, backup_ctrlr_ip_addr=None, sac_heartbeat_interval=1, uac_keepalive_interval=60, papi_security_key=None, **kwargs)¶ Perform a POST call to create User-Based-Tunneling (UBT) zone on a VRF
Parameters: - zone_name – Alphanumeric name of UBT zone
- vrf_name – Alphanumeric name of VRF
- enable – True if UBT functionality to be enabled on this zone, False otherwise. Default to True if not specified.
- pri_ctrlr_ip_addr – IP address of primary controller node. Defaults to nothing if not specified.
- backup_ctrlr_ip_addr – IP address of backup controller node. Defaults to nothing if not specified.
- sac_heartbeat_interval – Time interval (in seconds) between successive heartbeat messages to the switch anchor node. Defaults to 1 if not specified.
- uac_keepalive_interval – Time interval (in seconds) between successive keep-alive messages sent to the user anchor node. Defaults to 60 if not specified.
- papi_security_key – Shared security key used to encrypt UBT PAPI messages exchanged between the switch and the controller cluster corresponding to this zone. Defaults to nothing if not specified.
- kwargs – keyword s: requests.session object with loaded cookie jar keyword url: URL in main() function
Returns: True if successful, False otherwise
-
pyaoscx.access_security.
delete_radius_host_config
(vrf_name, host, udp_port=1812, **kwargs)¶ Perform a DELETE call to remove the RADIUS server host.
Parameters: - vrf_name – Alphanumeric name of VRF through which the RADIUS server is reachable
- host – IPv4/IPv6 address or FQDN of the RADIUS server
- udp_port – UDP port number used for authentication. Defaults to 1812 if not specified.
Returns: True if successful, False otherwise
-
pyaoscx.access_security.
enable_disable_dot1x_globally
(enable=True, **kwargs)¶ Perform GET and PUT calls to either enable or disable 802.1X globally
Parameters: - enable – True if 802.1x to be enabled globally, False if 802.1x to be disabled globally. Defaults to True if not specified.
- kwargs – keyword s: requests.session object with loaded cookie jar keyword url: URL in main() function
Returns: True if successful, False otherwise
-
pyaoscx.access_security.
enable_disable_mac_auth_globally
(enable=True, **kwargs)¶ Perform GET and PUT calls to either enable or disable MAC authentication globally
Parameters: - enable – True if MAC authentication to be enabled globally, False if MAC authentication to be disabled globally. Defaults to True if not specified.
- kwargs – keyword s: requests.session object with loaded cookie jar keyword url: URL in main() function
Returns: True if successful, False otherwise
-
pyaoscx.access_security.
enable_disable_port_security_globally
(enable=True, **kwargs)¶ Perform GET and PUT calls to either enable or disable port security globally
Parameters: - enable – True if port security to be enabled globally, False if port security to be disabled globally. Defaults to True if not specified.
- kwargs – keyword s: requests.session object with loaded cookie jar keyword url: URL in main() function
Returns: True if successful, False otherwise
-
pyaoscx.access_security.
get_all_auth_methods_interface
(port_name, **kwargs)¶ Perform a GET call to get a list/dict of all authentication methods on a port
Parameters: - port_name – Alphanumeric name of the Port
- kwargs – keyword s: requests.session object with loaded cookie jar keyword url: URL in main() function
Returns: List/dictionary containing all authentication methods on the port
-
pyaoscx.access_security.
remove_auth_method_interface
(port_name, auth_method, **kwargs)¶ Perform a DELETE call to remove an authentication method from a port
Parameters: - port_name – Alphanumeric name of the Port on which the authentication method is to be removed
- auth_method – Authentication method to be removed from the Port. Should be either “802.1x” or “mac-auth”
- kwargs – keyword s: requests.session object with loaded cookie jar keyword url: URL in main() function
Returns: True if successful, False otherwise
-
pyaoscx.access_security.
remove_port_access_role
(role_name, **kwargs)¶ Perform a DELETE call to delete a port access role
Parameters: - role_name – Alphanumeric name of port access role
- kwargs – keyword s: requests.session object with loaded cookie jar keyword url: URL in main() function
Returns: True if successful, False otherwise
-
pyaoscx.access_security.
remove_source_ip_ubt
(vrf_name, **kwargs)¶ Perform GET and PUT calls to remove the source IP address for UBT on a VRF.
Parameters: - vrf_name – Alphanumeric name of VRF
- kwargs – keyword s: requests.session object with loaded cookie jar keyword url: URL in main() function
Returns: True if successful, False otherwise
-
pyaoscx.access_security.
remove_ubt_zone
(vrf_name, **kwargs)¶ Perform a DELETE call to delete the User-Based-Tunneling (UBT) zone on a VRF
Parameters: - vrf_name – Alphanumeric name of VRF
- kwargs – keyword s: requests.session object with loaded cookie jar keyword url: URL in main() function
Returns: True if successful, False otherwise
-
pyaoscx.access_security.
set_port_access_clients_limit
(port_name, clients_limit, **kwargs)¶ Perform GET and PUT calls to set a port’s maximum allowed number of authorized clients.
Parameters: - port_name – Alphanumeric name of Port
- clients_limit – Numeric ID of VLAN to add to trunk port
- kwargs – keyword s: requests.session object with loaded cookie jar keyword url: URL in main() function
Returns: True if successful, False otherwise
-
pyaoscx.access_security.
set_source_ip_ubt
(vrf_name, source_ip, **kwargs)¶ Perform GET and PUT calls to set the source IP address for UBT on a VRF.
Parameters: - vrf_name – Alphanumeric name of VRF
- source_ip – IP address for UBT
- kwargs – keyword s: requests.session object with loaded cookie jar keyword url: URL in main() function
Returns: True if successful, False otherwise
-
pyaoscx.access_security.
set_ubt_client_vlan
(vlan_id, **kwargs)¶ Perform GET and PUT calls to set the reserved VLAN for tunneled clients.
Parameters: - vlan_id – Numeric ID of VLAN
- kwargs – keyword s: requests.session object with loaded cookie jar keyword url: URL in main() function
Returns: True if successful, False otherwise