NX-API
NX-API configuration manages the NX-API (NX-OS Programmable Interface) settings on NX-OS devices. NX-API provides a RESTful interface for device management. Settings include HTTP/HTTPS ports, VRF binding, idle timeout, SSL/TLS certificate and cipher configuration, client certificate authentication, and SUDI (Secure Unique Device Identifier) support.
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”system (nxos.devices.configuration)
Section titled “system (nxos.devices.configuration)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| nxapi | Class | [nxapi] | No |
nxapi (nxos.devices.configuration.system)
Section titled “nxapi (nxos.devices.configuration.system)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| http_port | Integer | min: -1, max: 65535 | No | |
| https_port | Integer | min: -1, max: 65535 | No | |
| vrf | String | No | ||
| idle_timeout | Integer | min: 1, max: 1440 | No | |
| certificate_enable | Boolean | true, false | No | |
| certificate_httpscrt | String | No | ||
| certificate_httpskey | String | No | ||
| certificate_httpskey_passphrase | String | No | ||
| certificate_trustpoint | String | No | ||
| ssl_protocols | String | No | ||
| ssl_ciphers_weak | Boolean | true, false | No | |
| client_cert_auth | Choice | off, optional, strict, two-step | No | |
| sudi | Boolean | true, false | No |
Examples
Section titled “Examples”Example 1: Basic NX-API with HTTPS on management VRF
nxos: devices: - name: LEAF1 configuration: feature: nxapi: true system: nxapi: https_port: 443 vrf: management idle_timeout: 10Example 2: NX-API with custom SSL certificate and restricted ciphers
nxos: devices: - name: SPINE1 configuration: feature: nxapi: true system: nxapi: https_port: 443 vrf: management idle_timeout: 30 certificate_enable: true certificate_httpscrt: "bootflash:server.crt" certificate_httpskey: "bootflash:server.key" ssl_protocols: "TLSv1.2" ssl_ciphers_weak: falseExample 3: NX-API with client certificate authentication
nxos: devices: - name: LEAF2 configuration: feature: nxapi: true system: nxapi: https_port: 443 vrf: management client_cert_auth: strict certificate_trustpoint: my-trustpoint sudi: true