Skip to content

AAA Servers

Location in GUI: Design » Network Settings » Servers

Diagram
NameTypeConstraintMandatoryDefault Value
aaa_serversList[aaa_servers]No

aaa_servers (catalyst_center.network_settings)

Section titled “aaa_servers (catalyst_center.network_settings)”
NameTypeConstraintMandatoryDefault Value
nameStringYes
client_and_endpoint_aaaClass[client_and_endpoint_aaa]No
network_aaaClass[network_aaa]No

client_and_endpoint_aaa (catalyst_center.network_settings.aaa_servers)

Section titled “client_and_endpoint_aaa (catalyst_center.network_settings.aaa_servers)”
NameTypeConstraintMandatoryDefault Value
server_typeChoiceISE, AAAYes
protocolChoiceTACACS, RADIUSYes
primary_ipIPNo
secondary_ipIPNo
panIPNo
shared_secretStringNo

network_aaa (catalyst_center.network_settings.aaa_servers)

Section titled “network_aaa (catalyst_center.network_settings.aaa_servers)”
NameTypeConstraintMandatoryDefault Value
server_typeChoiceISE, AAAYes
protocolChoiceTACACS, RADIUSYes
primary_ipIPNo
secondary_ipIPNo
panIPNo
shared_secretStringNo

Example 1: Basic AAA server configuration using ISE with RADIUS protocol for both network device authentication and client/endpoint authentication, deployed with primary server IP for centralized authentication services:

catalyst_center:
network_settings:
aaa_servers:
- name: BASIC_ISE_AAA
network_aaa:
server_type: ISE
protocol: RADIUS
primary_ip: 198.18.133.27
client_and_endpoint_aaa:
server_type: ISE
protocol: RADIUS
primary_ip: 198.18.133.27

Example 2: Enterprise AAA configuration with high availability setup using primary and secondary ISE servers, including PAN (Primary Administration Node) configuration across European corporate locations:

catalyst_center:
network_settings:
aaa_servers:
- name: ENTERPRISE_ISE_HA
network_aaa:
server_type: ISE
protocol: RADIUS
primary_ip: 10.1.100.10
secondary_ip: 10.1.100.11
pan: 10.1.100.5
client_and_endpoint_aaa:
server_type: ISE
protocol: RADIUS
primary_ip: 10.1.100.10
secondary_ip: 10.1.100.11
pan: 10.1.100.5

Example 3: Comprehensive multi-protocol AAA deployment demonstrating ISE for RADIUS-based client authentication and traditional AAA server for TACACS+ network device management, with complete redundancy configuration including primary/secondary servers, PAN nodes, and protocol-specific shared secret for TACACS:

catalyst_center:
network_settings:
aaa_servers:
- name: GLOBAL_ISE_RADIUS
client_and_endpoint_aaa:
server_type: ISE
protocol: RADIUS
primary_ip: 192.168.10.100
secondary_ip: 192.168.10.101
pan: 192.168.10.50
- name: GLOBAL_TACACS_MGMT
network_aaa:
server_type: AAA
protocol: TACACS
primary_ip: 192.168.20.100
secondary_ip: 192.168.20.101
shared_secret: "TacacsMgmtSecret321"
- name: BRANCH_SIMPLE_AAA
network_aaa:
server_type: AAA
protocol: RADIUS
primary_ip: 172.16.1.10
client_and_endpoint_aaa:
server_type: AAA
protocol: RADIUS
primary_ip: 172.16.1.10

Example 4: Site assignment configuration showing how to apply AAA server settings to specific locations in the site hierarchy:

catalyst_center:
sites:
areas:
- name: Corporate Campus
parent_name: Global/Americas/USA/California
network_settings:
aaa_servers: ENTERPRISE_ISE_HA
- name: Branch Office
parent_name: Global/Americas/USA/Texas
network_settings:
aaa_servers: BRANCH_SIMPLE_AAA
buildings:
- name: Data Center
parent_name: Global/Europe/Germany/Munich
network_settings:
aaa_servers: GLOBAL_TACACS_MGMT