AAA Settings
Location in GUI: Admin » AAA » Authentication » AAA
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”aaa (apic.fabric_policies)
Section titled “aaa (apic.fabric_policies)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| remote_user_login_policy | Choice | assign-default-role, no-login | No | no-login |
| default_fallback_check | Boolean | true, false | No | false |
| default_realm | Choice | local, tacacs, ldap, radius | No | local |
| default_login_domain | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| console_realm | Choice | local, tacacs, ldap, radius | No | local |
| console_login_domain | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| management_settings | Class | [management_settings] | No | |
| security_domains | List | [security_domains] | No |
management_settings (apic.fabric_policies.aaa)
Section titled “management_settings (apic.fabric_policies.aaa)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| password_strength_check | Boolean | true, false | No | false |
| password_strength_profile | Class | [password_strength_profile] | No | |
| password_change_during_interval | Boolean | true, false | No | true |
| password_change_count | Integer | min: 0, max: 10 | No | 2 |
| password_change_interval | Integer | min: 0, max: 745 | No | 48 |
| password_no_change_interval | Integer | min: 0, max: 745 | No | 24 |
| password_history_count | Integer | min: 0, max: 15 | No | 5 |
| web_token_timeout | Integer | min: 300, max: 9600 | No | 600 |
| web_token_max_validity | Integer | min: 4, max: 24 | No | 24 |
| web_session_idle_timeout | Integer | min: 60, max: 65525 | No | 1200 |
| include_refresh_session_records | Boolean | true, false | No | true |
| enable_login_block | Boolean | true, false | No | false |
| login_block_duration | Integer | min: 1, max: 1440 | No | 60 |
| login_max_failed_attempts | Integer | min: 1, max: 15 | No | 5 |
| login_max_failed_attempts_window | Integer | min: 1, max: 720 | No | 5 |
security_domains (apic.fabric_policies.aaa)
Section titled “security_domains (apic.fabric_policies.aaa)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| restricted_rbac_domain | Boolean | true, false | No | false |
password_strength_profile (apic.fabric_policies.aaa.management_settings)
Section titled “password_strength_profile (apic.fabric_policies.aaa.management_settings)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| password_mininum_length | Integer | min: 8, max: 64 | No | 8 |
| password_maximum_length | Integer | min: 8, max: 64 | No | 64 |
| password_strength_test_type | Choice | default, custom | No | default |
| password_class_flags | List | Choice[digits, lowercase, specialchars, uppercase] | No |
Examples
Section titled “Examples”apic: fabric_policies: aaa: remote_user_login_policy: no-login default_fallback_check: true default_realm: local console_realm: tacacs console_login_domain: tacacs security_domains: - name: SEC1 restricted_rbac_domain: true management_settings: password_strength_check: true password_strength_profile: password_mininum_length: 8 password_maximum_length: 64 password_strength_test_type: default password_class_flags: - digits - lowercase - uppercase password_change_during_interval: true password_change_count: 2 password_change_interval: 48 password_no_change_interval: 24 password_history_count: 5 web_token_timeout: 600 web_token_max_validity: 24 web_session_idle_timeout: 1200 include_refresh_session_records: true enable_login_block: false login_block_duration: 60 login_max_failed_attempts: 5 login_max_failed_attempts_window: 5