pyaoscx.access_security module

pyaoscx.access_security.clear_port_access_clients_limit(port_name, **kwargs)

Perform GET and PUT calls to clear a port’s limit of maximum allowed number of authorized clients.

Parameters:
  • port_name – Alphanumeric name of Port
  • kwargs – keyword s: requests.session object with loaded cookie jar keyword url: URL in main() function
Returns:

True if successful, False otherwise
pyaoscx.access_security.clear_ubt_client_vlan(**kwargs)

Perform GET and PUT calls to clear the reserved VLAN for tunneled clients.

Parameters:kwargs – keyword s: requests.session object with loaded cookie jar keyword url: URL in main() function
Returns:True if successful, False otherwise
pyaoscx.access_security.configure_dot1x_interface(port_name, auth_enable=True, cached_reauth_enable=True, cached_reauth_period=None, discovery_period=None, eapol_timeout=None, max_requests=None, max_retries=None, quiet_period=None, reauth_enable=True, reauth_period=None, **kwargs)

Perform a POST call to set 802.1x authentication on a port.

Parameters:
  • port_name – Alphanumeric name of the Port on which the trust mode is to be set
  • auth_enable – True if 802.1x is to be enabled on the port, false otherwise. Defaults to True if not specified.
  • cached_reauth_enable – True if cached reauthentication is to be enabled on the port, false otherwise. Defaults to True if not specified.
  • cached_reauth_period – Time in seconds during which cached reauthentication is allowed on the port. Defaults to nothing if not specified.
  • discovery_period – Time period(in seconds) to wait before an EAPOL request identity frame re-transmission on an 802.1X enabled port with no authenticated client. Applicable for 802.1X only. Defaults to nothing if not specified.
  • eapol_timeout – Time period(in seconds) to wait for a response from a client before retransmitting an EAPOL PDU. If the value is not set the time period is calculated as per RFC 2988. Defaults to nothing if not specified.
  • max_requests – Number of EAPOL requests to supplicant before authentication fails. Applicable for 802.1X only. Defaults to nothing if not specified.
  • max_retries – Number of authentication attempts before authentication fails. Defaults to nothing if not specified.
  • quiet_period – Time period(in seconds) to wait before processing an authentication request from a client that failed authentication. Defaults to nothing if not specified.
  • reauth_enable – True if periodic reauthentication is to be enabled on the port, false otherwise. Defaults to True if not specified.
  • reauth_period – Time period(in seconds) to enforce periodic re-authentication of clients. Defaults to nothing if not specified.
  • kwargs – keyword s: requests.session object with loaded cookie jar keyword url: URL in main() function
Returns:

True if successful, False otherwise
pyaoscx.access_security.configure_mac_auth_interface(port_name, auth_enable=True, cached_reauth_enable=True, cached_reauth_period=None, discovery_period=None, max_retries=None, quiet_period=None, reauth_enable=True, reauth_period=None, **kwargs)

Perform a POST call to set MAC authentication on a port.

Parameters:
  • port_name – Alphanumeric name of the Port on which the trust mode is to be set
  • auth_enable – True if authentication is to be enabled on the port, false otherwise. Defaults to True if not specified.
  • cached_reauth_enable – True if cached reauthentication is to be enabled on the port, false otherwise. Defaults to True if not specified.
  • cached_reauth_period – Time in seconds during which cached reauthentication is allowed on the port. Defaults to nothing if not specified.
  • discovery_period – Time period(in seconds) to wait before an EAPOL request identity frame re-transmission on an 802.1X enabled port with no authenticated client. Applicable for 802.1X only. Defaults to nothing if not specified.
  • max_retries – Number of authentication attempts before authentication fails. Defaults to nothing if not specified.
  • quiet_period – Time period(in seconds) to wait before processing an authentication request from a client that failed authentication. Defaults to nothing if not specified.
  • reauth_enable – True if periodic reauthentication is to be enabled on the port, false otherwise. Defaults to True if not specified.
  • reauth_period – Time period(in seconds) to enforce periodic re-authentication of clients. Defaults to nothing if not specified.
  • kwargs – keyword s: requests.session object with loaded cookie jar keyword url: URL in main() function
Returns:

True if successful, False otherwise
pyaoscx.access_security.create_port_access_role(role_name, desc=None, gateway_zone=None, ubt_gateway_role=None, vlan_mode=None, vlan_tag=None, vlan_trunks=None, **kwargs)

Perform a POST call to create a port access role

Parameters:
  • role_name – Alphanumeric name of port access role
  • desc – Optional description for role. Defaults to nothing if not specified.
  • gateway_zone – Gateway zone associated with this role. Defaults to nothing if not specified.
  • ubt_gateway_role – Role to be assigned to tunneled clients on the UBT cluster side. Defaults to nothing if not specified.
  • vlan_mode – VLAN mode should be one of “access,” “native-tagged,” “native-untagged,” or “trunk.” Defaults to nothing if not specified.
  • vlan_tag – The untagged VLAN to which users of this access role has to be assigned to.
  • vlan_trunks – The tagged VLAN(s) to which users of this access role has to be assigned to.
  • kwargs – keyword s: requests.session object with loaded cookie jar keyword url: URL in main() function
Returns:

True if successful, False otherwise
pyaoscx.access_security.create_radius_host_config(vrf_name, host, default_group_priority=1, groups=[], passkey=None, **kwargs)

Perform a POST call to set the RADIUS server host.

Parameters:
  • vrf_name – Alphanumeric name of VRF through which the RADIUS server is reachable
  • host – IPv4/IPv6 address or FQDN of the RADIUS server
  • default_group_priority – Integer priority within the default RADIUS server group. All RADIUS servers will be added to this default group. The priority must be at least 1, and defaults to 1 if not specified.
  • groups – Optional list of additional RADIUS server groups to which this server will be added. Defaults to empty list if not specified.
  • passkey – Optional passkey to be used between RADIUS client and server for authentication.
Returns:

True if successful, False otherwise
pyaoscx.access_security.create_ubt_zone(zone_name, vrf_name, enable=True, pri_ctrlr_ip_addr=None, backup_ctrlr_ip_addr=None, sac_heartbeat_interval=1, uac_keepalive_interval=60, papi_security_key=None, **kwargs)

Perform a POST call to create User-Based-Tunneling (UBT) zone on a VRF

Parameters:
  • zone_name – Alphanumeric name of UBT zone
  • vrf_name – Alphanumeric name of VRF
  • enable – True if UBT functionality to be enabled on this zone, False otherwise. Default to True if not specified.
  • pri_ctrlr_ip_addr – IP address of primary controller node. Defaults to nothing if not specified.
  • backup_ctrlr_ip_addr – IP address of backup controller node. Defaults to nothing if not specified.
  • sac_heartbeat_interval – Time interval (in seconds) between successive heartbeat messages to the switch anchor node. Defaults to 1 if not specified.
  • uac_keepalive_interval – Time interval (in seconds) between successive keep-alive messages sent to the user anchor node. Defaults to 60 if not specified.
  • papi_security_key – Shared security key used to encrypt UBT PAPI messages exchanged between the switch and the controller cluster corresponding to this zone. Defaults to nothing if not specified.
  • kwargs – keyword s: requests.session object with loaded cookie jar keyword url: URL in main() function
Returns:

True if successful, False otherwise
pyaoscx.access_security.delete_radius_host_config(vrf_name, host, udp_port=1812, **kwargs)

Perform a DELETE call to remove the RADIUS server host.

Parameters:
  • vrf_name – Alphanumeric name of VRF through which the RADIUS server is reachable
  • host – IPv4/IPv6 address or FQDN of the RADIUS server
  • udp_port – UDP port number used for authentication. Defaults to 1812 if not specified.
Returns:

True if successful, False otherwise
pyaoscx.access_security.enable_disable_dot1x_globally(enable=True, **kwargs)

Perform GET and PUT calls to either enable or disable 802.1X globally

Parameters:
  • enable – True if 802.1x to be enabled globally, False if 802.1x to be disabled globally. Defaults to True if not specified.
  • kwargs – keyword s: requests.session object with loaded cookie jar keyword url: URL in main() function
Returns:

True if successful, False otherwise
pyaoscx.access_security.enable_disable_mac_auth_globally(enable=True, **kwargs)

Perform GET and PUT calls to either enable or disable MAC authentication globally

Parameters:
  • enable – True if MAC authentication to be enabled globally, False if MAC authentication to be disabled globally. Defaults to True if not specified.
  • kwargs – keyword s: requests.session object with loaded cookie jar keyword url: URL in main() function
Returns:

True if successful, False otherwise
pyaoscx.access_security.enable_disable_port_security_globally(enable=True, **kwargs)

Perform GET and PUT calls to either enable or disable port security globally

Parameters:
  • enable – True if port security to be enabled globally, False if port security to be disabled globally. Defaults to True if not specified.
  • kwargs – keyword s: requests.session object with loaded cookie jar keyword url: URL in main() function
Returns:

True if successful, False otherwise
pyaoscx.access_security.get_all_auth_methods_interface(port_name, **kwargs)

Perform a GET call to get a list/dict of all authentication methods on a port

Parameters:
  • port_name – Alphanumeric name of the Port
  • kwargs – keyword s: requests.session object with loaded cookie jar keyword url: URL in main() function
Returns:

List/dictionary containing all authentication methods on the port
pyaoscx.access_security.remove_auth_method_interface(port_name, auth_method, **kwargs)

Perform a DELETE call to remove an authentication method from a port

Parameters:
  • port_name – Alphanumeric name of the Port on which the authentication method is to be removed
  • auth_method – Authentication method to be removed from the Port. Should be either “802.1x” or “mac-auth”
  • kwargs – keyword s: requests.session object with loaded cookie jar keyword url: URL in main() function
Returns:

True if successful, False otherwise
pyaoscx.access_security.remove_port_access_role(role_name, **kwargs)

Perform a DELETE call to delete a port access role

Parameters:
  • role_name – Alphanumeric name of port access role
  • kwargs – keyword s: requests.session object with loaded cookie jar keyword url: URL in main() function
Returns:

True if successful, False otherwise
pyaoscx.access_security.remove_source_ip_ubt(vrf_name, **kwargs)

Perform GET and PUT calls to remove the source IP address for UBT on a VRF.

Parameters:
  • vrf_name – Alphanumeric name of VRF
  • kwargs – keyword s: requests.session object with loaded cookie jar keyword url: URL in main() function
Returns:

True if successful, False otherwise
pyaoscx.access_security.remove_ubt_zone(vrf_name, **kwargs)

Perform a DELETE call to delete the User-Based-Tunneling (UBT) zone on a VRF

Parameters:
  • vrf_name – Alphanumeric name of VRF
  • kwargs – keyword s: requests.session object with loaded cookie jar keyword url: URL in main() function
Returns:

True if successful, False otherwise
pyaoscx.access_security.set_port_access_clients_limit(port_name, clients_limit, **kwargs)

Perform GET and PUT calls to set a port’s maximum allowed number of authorized clients.

Parameters:
  • port_name – Alphanumeric name of Port
  • clients_limit – Numeric ID of VLAN to add to trunk port
  • kwargs – keyword s: requests.session object with loaded cookie jar keyword url: URL in main() function
Returns:

True if successful, False otherwise
pyaoscx.access_security.set_source_ip_ubt(vrf_name, source_ip, **kwargs)

Perform GET and PUT calls to set the source IP address for UBT on a VRF.

Parameters:
  • vrf_name – Alphanumeric name of VRF
  • source_ip – IP address for UBT
  • kwargs – keyword s: requests.session object with loaded cookie jar keyword url: URL in main() function
Returns:

True if successful, False otherwise
pyaoscx.access_security.set_ubt_client_vlan(vlan_id, **kwargs)

Perform GET and PUT calls to set the reserved VLAN for tunneled clients.

Parameters:
  • vlan_id – Numeric ID of VLAN
  • kwargs – keyword s: requests.session object with loaded cookie jar keyword url: URL in main() function
Returns:

True if successful, False otherwise