AAA Servers
Location in GUI: Design » Network Settings » Servers
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”network_settings (catalyst_center)
Section titled “network_settings (catalyst_center)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| aaa_servers | List | [aaa_servers] | No |
aaa_servers (catalyst_center.network_settings)
Section titled “aaa_servers (catalyst_center.network_settings)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Yes | ||
| client_and_endpoint_aaa | Class | [client_and_endpoint_aaa] | No | |
| network_aaa | Class | [network_aaa] | No |
client_and_endpoint_aaa (catalyst_center.network_settings.aaa_servers)
Section titled “client_and_endpoint_aaa (catalyst_center.network_settings.aaa_servers)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| server_type | Choice | ISE, AAA | Yes | |
| protocol | Choice | TACACS, RADIUS | Yes | |
| primary_ip | IP | No | ||
| secondary_ip | IP | No | ||
| pan | IP | No | ||
| shared_secret | String | No |
network_aaa (catalyst_center.network_settings.aaa_servers)
Section titled “network_aaa (catalyst_center.network_settings.aaa_servers)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| server_type | Choice | ISE, AAA | Yes | |
| protocol | Choice | TACACS, RADIUS | Yes | |
| primary_ip | IP | No | ||
| secondary_ip | IP | No | ||
| pan | IP | No | ||
| shared_secret | String | No |
Examples
Section titled “Examples”Example 1: Basic AAA server configuration using ISE with RADIUS protocol for both network device authentication and client/endpoint authentication, deployed with primary server IP for centralized authentication services:
catalyst_center: network_settings: aaa_servers: - name: BASIC_ISE_AAA network_aaa: server_type: ISE protocol: RADIUS primary_ip: 198.18.133.27 client_and_endpoint_aaa: server_type: ISE protocol: RADIUS primary_ip: 198.18.133.27Example 2: Enterprise AAA configuration with high availability setup using primary and secondary ISE servers, including PAN (Primary Administration Node) configuration across European corporate locations:
catalyst_center: network_settings: aaa_servers: - name: ENTERPRISE_ISE_HA network_aaa: server_type: ISE protocol: RADIUS primary_ip: 10.1.100.10 secondary_ip: 10.1.100.11 pan: 10.1.100.5 client_and_endpoint_aaa: server_type: ISE protocol: RADIUS primary_ip: 10.1.100.10 secondary_ip: 10.1.100.11 pan: 10.1.100.5Example 3: Comprehensive multi-protocol AAA deployment demonstrating ISE for RADIUS-based client authentication and traditional AAA server for TACACS+ network device management, with complete redundancy configuration including primary/secondary servers, PAN nodes, and protocol-specific shared secret for TACACS:
catalyst_center: network_settings: aaa_servers: - name: GLOBAL_ISE_RADIUS client_and_endpoint_aaa: server_type: ISE protocol: RADIUS primary_ip: 192.168.10.100 secondary_ip: 192.168.10.101 pan: 192.168.10.50 - name: GLOBAL_TACACS_MGMT network_aaa: server_type: AAA protocol: TACACS primary_ip: 192.168.20.100 secondary_ip: 192.168.20.101 shared_secret: "TacacsMgmtSecret321" - name: BRANCH_SIMPLE_AAA network_aaa: server_type: AAA protocol: RADIUS primary_ip: 172.16.1.10 client_and_endpoint_aaa: server_type: AAA protocol: RADIUS primary_ip: 172.16.1.10Example 4: Site assignment configuration showing how to apply AAA server settings to specific locations in the site hierarchy:
catalyst_center: sites: areas: - name: Corporate Campus parent_name: Global/Americas/USA/California network_settings: aaa_servers: ENTERPRISE_ISE_HA - name: Branch Office parent_name: Global/Americas/USA/Texas network_settings: aaa_servers: BRANCH_SIMPLE_AAA buildings: - name: Data Center parent_name: Global/Europe/Germany/Munich network_settings: aaa_servers: GLOBAL_TACACS_MGMT