Skip to content
Network as Code

AAA

Diagram

Diagram

Classes

configuration (iosxe.devices)

NameTypeConstraintMandatoryDefault Value
aaaClass[aaa]No

aaa (iosxe.devices.configuration)

NameTypeConstraintMandatoryDefault Value
new_modelBooleantrue, falseNo
session_idChoicecommon, uniqueNo
radius_dynamic_authorBooleantrue, falseNo
radius_dynamic_author_clientsList[radius_dynamic_author_clients]No
radius_groupsList[radius_groups]No
tacacs_groupsList[tacacs_groups]No
accountingClass[accounting]No
authenticationClass[authentication]No
authorizationClass[authorization]No
radiusClass[radius]No
tacacs_serversList[tacacs_servers]No
usernamesList[usernames]No

radius_dynamic_author_clients (iosxe.devices.configuration.aaa)

NameTypeConstraintMandatoryDefault Value
ipIPYes
key_typeChoice0, 6, 7No
keyStringNo

radius_groups (iosxe.devices.configuration.aaa)

NameTypeConstraintMandatoryDefault Value
nameStringYes
server_namesListStringNo
source_interface_typeChoiceLoopback, Vlan, GigabitEthernet, TwoGigabitEthernet, FiveGigabitEthernet, TenGigabitEthernet, TwentyFiveGigabitEthernet, FortyGigabitEthernet, HundredGigabitEthernetNo
source_interface_idStringNo

tacacs_groups (iosxe.devices.configuration.aaa)

NameTypeConstraintMandatoryDefault Value
nameStringYes
server_namesListStringNo
source_interface_typeChoiceLoopback, Vlan, GigabitEthernet, TwoGigabitEthernet, FiveGigabitEthernet, TenGigabitEthernet, TwentyFiveGigabitEthernet, FortyGigabitEthernet, HundredGigabitEthernetNo
source_interface_idStringNo

accounting (iosxe.devices.configuration.aaa)

NameTypeConstraintMandatoryDefault Value
update_newinfo_periodicIntegerNo
system_guarantee_firstBooleantrue, falseNo
identitiesList[identities]No
identity_default_start_stop_groupsListStringNo
execsList[execs]No
networksList[networks]No

authentication (iosxe.devices.configuration.aaa)

NameTypeConstraintMandatoryDefault Value
loginsList[logins]No
dot1xsList[dot1xs]No
dot1x_defaultsListAny[String or Choice[local]]No

authorization (iosxe.devices.configuration.aaa)

NameTypeConstraintMandatoryDefault Value
execsList[execs]No
networksList[networks]No

radius (iosxe.devices.configuration.aaa)

NameTypeConstraintMandatoryDefault Value
attributesList[attributes]No
dead_criteria_timeIntegermin: 1, max: 120No
dead_criteria_triesIntegermin: 1, max: 100No
deadtimeIntegermin: 1, max: 1440No
serversList[servers]No

tacacs_servers (iosxe.devices.configuration.aaa)

NameTypeConstraintMandatoryDefault Value
nameStringYes
ipIPYes
timeoutIntegermin: 1, max: 1000No
keyStringNo

usernames (iosxe.devices.configuration.aaa)

NameTypeConstraintMandatoryDefault Value
nameStringYes
privilegeIntegermin: 0, max: 15No
descriptionStringNo
password_encryptionChoice0, 6, 7No
passwordStringNo
secret_encryptionChoice0, 5, 8, 9No
secretStringNo

identities (iosxe.devices.configuration.aaa.accounting)

NameTypeConstraintMandatoryDefault Value
nameStringYes
start_stop_broadcastBooleantrue, falseNo
start_stop_group_broadcastBooleantrue, falseNo
start_stop_group_loggerBooleantrue, falseNo
start_stop_groupsListStringNo
identity_default_start_stop_groupsListStringNo

execs (iosxe.devices.configuration.aaa.accounting)

NameTypeConstraintMandatoryDefault Value
nameStringYes
start_stop_groupsListStringNo

networks (iosxe.devices.configuration.aaa.accounting)

NameTypeConstraintMandatoryDefault Value
nameStringYes
start_stop_groupsListStringNo

logins (iosxe.devices.configuration.aaa.authentication)

NameTypeConstraintMandatoryDefault Value
nameStringYes
methodsListAny[String or Choice[none, line, enable, local]]No

dot1xs (iosxe.devices.configuration.aaa.authentication)

NameTypeConstraintMandatoryDefault Value
nameStringYes
methodsListAny[String or Choice[local, cache, radius]]No

execs (iosxe.devices.configuration.aaa.authorization)

NameTypeConstraintMandatoryDefault Value
nameStringYes
methodsListAny[String or Choice[local, radius, tacacs, if_authenticated]]No

networks (iosxe.devices.configuration.aaa.authorization)

NameTypeConstraintMandatoryDefault Value
nameStringYes
methodsListAny[String or Choice[local]]No

attributes (iosxe.devices.configuration.aaa.radius)

NameTypeConstraintMandatoryDefault Value
numberStringYes
access_request_includeBooleantrue, falseNo
attribute_31_parametersList[attribute_31_parameters]No
send_attributesListStringNo

servers (iosxe.devices.configuration.aaa.radius)

NameTypeConstraintMandatoryDefault Value
nameStringYes
ipIPYes
authentication_portIntegermin: 0, max: 65534No
accounting_portIntegermin: 0, max: 65534No
timeoutIntegermin: 1, max: 1000No
retransmitIntegermin: 0, max: 100No
keyStringNo
automate_tester_usernameStringNo
automate_tester_ignore_acct_portBooleantrue, falseNo
automate_tester_probe_on_configBooleantrue, falseNo
pac_keyStringNo
pac_key_encryptionChoice0, 6, 7No

attribute_31_parameters (iosxe.devices.configuration.aaa.radius.attributes)

NameTypeConstraintMandatoryDefault Value
calling_station_idChoicemac, sendNo
id_mac_formatChoiceietfNo
id_mac_lu_caseChoicelower-case, upper-caseNo
id_send_nas_port_detailBooleantrue, falseNo
id_send_mac_onlyBooleantrue, falseNo

Examples

iosxe:
  devices:
    - name: Device1
      configuration:
        aaa: