AAA Settings
Location in GUI:
Admin » AAA » Authentication » AAA
Diagram
Classes
aaa (apic.fabric_policies)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| remote_user_login_policy | Choice | assign-default-role, no-login | No | no-login |
| default_fallback_check | Boolean | true, false | No | false |
| default_realm | Choice | local, tacacs, ldap, radius | No | local |
| default_login_domain | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| console_realm | Choice | local, tacacs, ldap, radius | No | local |
| console_login_domain | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| management_settings | Class | [management_settings] | No | |
| security_domains | List | [security_domains] | No |
management_settings (apic.fabric_policies.aaa)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| password_strength_check | Boolean | true, false | No | false |
| password_strength_profile | Class | [password_strength_profile] | No | |
| password_change_during_interval | Boolean | true, false | No | true |
| password_change_count | Integer | min: 0, max: 10 | No | 2 |
| password_change_interval | Integer | min: 0, max: 745 | No | 48 |
| password_no_change_interval | Integer | min: 0, max: 745 | No | 24 |
| password_history_count | Integer | min: 0, max: 15 | No | 5 |
| web_token_timeout | Integer | min: 300, max: 9600 | No | 600 |
| web_token_max_validity | Integer | min: 4, max: 24 | No | 24 |
| web_session_idle_timeout | Integer | min: 600, max: 65525 | No | 1200 |
| include_refresh_session_records | Boolean | true, false | No | true |
| enable_login_block | Boolean | true, false | No | false |
| login_block_duration | Integer | min: 1, max: 1440 | No | 60 |
| login_max_failed_attempts | Integer | min: 1, max: 15 | No | 5 |
| login_max_failed_attempts_window | Integer | min: 1, max: 720 | No | 5 |
security_domains (apic.fabric_policies.aaa)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| restricted_rbac_domain | Boolean | true, false | No | false |
password_strength_profile (apic.fabric_policies.aaa.management_settings)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| password_mininum_length | Integer | min: 8, max: 64 | No | 8 |
| password_maximum_length | Integer | min: 8, max: 64 | No | 64 |
| password_strength_test_type | Choice | default, custom | No | default |
| password_class_flags | List | Choice[digits, lowercase, specialchars, uppercase] | No |
Examples
apic:
fabric_policies:
aaa:
remote_user_login_policy: no-login
default_fallback_check: true
default_realm: local
console_realm: tacacs
console_login_domain: tacacs
security_domains:
- name: SEC1
restricted_rbac_domain: true
management_settings:
password_strength_check: true
password_strength_profile:
password_mininum_length: 8
password_maximum_length: 64
password_strength_test_type: default
password_class_flags:
- digits
- lowercase
- uppercase
password_change_during_interval: true
password_change_count: 2
password_change_interval: 48
password_no_change_interval: 24
password_history_count: 5
web_token_timeout: 600
web_token_max_validity: 24
web_session_idle_timeout: 1200
include_refresh_session_records: true
enable_login_block: false
login_block_duration: 60
login_max_failed_attempts: 5
login_max_failed_attempts_window: 5