AAA
Diagram
Classes
configuration (iosxe.devices)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| aaa | Class | [aaa] | No |
aaa (iosxe.devices.configuration)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| new_model | Boolean | true, false | No | |
| session_id | Choice | common, unique | No | |
| radius_dynamic_author | Boolean | true, false | No | |
| radius_dynamic_author_clients | List | [radius_dynamic_author_clients] | No | |
| radius_groups | List | [radius_groups] | No | |
| tacacs_groups | List | [tacacs_groups] | No | |
| accounting | Class | [accounting] | No | |
| authentication | Class | [authentication] | No | |
| authorization | Class | [authorization] | No | |
| radius | Class | [radius] | No | |
| tacacs_servers | List | [tacacs_servers] | No | |
| usernames | List | [usernames] | No |
radius_dynamic_author_clients (iosxe.devices.configuration.aaa)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| ip | IP | Yes | ||
| key_type | Choice | 0, 6, 7 | No | |
| key | String | No |
radius_groups (iosxe.devices.configuration.aaa)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Yes | ||
| server_names | List | String | No | |
| source_interface_type | Choice | Loopback, Vlan, GigabitEthernet, TwoGigabitEthernet, FiveGigabitEthernet, TenGigabitEthernet, TwentyFiveGigabitEthernet, FortyGigabitEthernet, HundredGigabitEthernet | No | |
| source_interface_id | String | No |
tacacs_groups (iosxe.devices.configuration.aaa)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Yes | ||
| server_names | List | String | No | |
| source_interface_type | Choice | Loopback, Vlan, GigabitEthernet, TwoGigabitEthernet, FiveGigabitEthernet, TenGigabitEthernet, TwentyFiveGigabitEthernet, FortyGigabitEthernet, HundredGigabitEthernet | No | |
| source_interface_id | String | No |
accounting (iosxe.devices.configuration.aaa)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| update_newinfo_periodic | Integer | No | ||
| system_guarantee_first | Boolean | true, false | No | |
| identities | List | [identities] | No | |
| identity_default_start_stop_groups | List | String | No | |
| execs | List | [execs] | No | |
| networks | List | [networks] | No |
authentication (iosxe.devices.configuration.aaa)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| logins | List | [logins] | No | |
| dot1xs | List | [dot1xs] | No | |
| dot1x_defaults | List | Any[String or Choice[local]] | No |
authorization (iosxe.devices.configuration.aaa)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| execs | List | [execs] | No | |
| networks | List | [networks] | No |
radius (iosxe.devices.configuration.aaa)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| attributes | List | [attributes] | No | |
| dead_criteria_time | Integer | min: 1, max: 120 | No | |
| dead_criteria_tries | Integer | min: 1, max: 100 | No | |
| deadtime | Integer | min: 1, max: 1440 | No | |
| servers | List | [servers] | No |
tacacs_servers (iosxe.devices.configuration.aaa)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Yes | ||
| ip | IP | Yes | ||
| timeout | Integer | min: 1, max: 1000 | No | |
| key | String | No | ||
| encryption | Any | 0, 6, 7 | No |
usernames (iosxe.devices.configuration.aaa)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Yes | ||
| privilege | Integer | min: 0, max: 15 | No | |
| description | String | No | ||
| password_encryption | Choice | 0, 6, 7 | No | |
| password | String | No | ||
| secret_encryption | Choice | 0, 5, 8, 9 | No | |
| secret | String | No |
identities (iosxe.devices.configuration.aaa.accounting)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Yes | ||
| start_stop_broadcast | Boolean | true, false | No | |
| start_stop_group_broadcast | Boolean | true, false | No | |
| start_stop_group_logger | Boolean | true, false | No | |
| start_stop_groups | List | String | No | |
| identity_default_start_stop_groups | List | String | No |
execs (iosxe.devices.configuration.aaa.accounting)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Yes | ||
| start_stop_groups | List | String | No |
networks (iosxe.devices.configuration.aaa.accounting)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Yes | ||
| start_stop_groups | List | String | No |
logins (iosxe.devices.configuration.aaa.authentication)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Yes | ||
| methods | List | Any[String or Choice[none, line, enable, local]] | No |
dot1xs (iosxe.devices.configuration.aaa.authentication)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Yes | ||
| methods | List | Any[String or Choice[local, cache, radius]] | No |
execs (iosxe.devices.configuration.aaa.authorization)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Yes | ||
| methods | List | Any[String or Choice[local, radius, tacacs, if_authenticated]] | No |
networks (iosxe.devices.configuration.aaa.authorization)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Yes | ||
| methods | List | Any[String or Choice[local]] | No |
attributes (iosxe.devices.configuration.aaa.radius)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| number | Integer | Yes | ||
| access_request_include | Boolean | true, false | No | |
| attribute_31_parameters | List | [attribute_31_parameters] | No | |
| send_attributes | List | String | No |
servers (iosxe.devices.configuration.aaa.radius)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Yes | ||
| ip | IP | Yes | ||
| authentication_port | Integer | min: 0, max: 65534 | No | |
| accounting_port | Integer | min: 0, max: 65534 | No | |
| timeout | Integer | min: 1, max: 1000 | No | |
| retransmit | Integer | min: 0, max: 100 | No | |
| key | String | No | ||
| automate_tester_username | String | No | ||
| automate_tester_ignore_acct_port | Boolean | true, false | No | |
| automate_tester_probe_on_config | Boolean | true, false | No | |
| pac_key | String | No | ||
| pac_key_encryption | Any | 0, 6, 7 | No |
attribute_31_parameters (iosxe.devices.configuration.aaa.radius.attributes)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| calling_station_id | Choice | mac, send | No | |
| id_mac_format | Choice | ietf | No | |
| id_mac_lu_case | Choice | lower-case, upper-case | No | |
| id_send_nas_port_detail | Boolean | true, false | No | |
| id_send_mac_only | Boolean | true, false | No |
Examples
iosxe: devices: - name: Device1 configuration: aaa: new_model: true authentication: logins: - name: default methods: - local authorization: execs: - name: default methods: - local radius: dead_criteria_time: 1 dead_criteria_tries: 3 deadtime: 10 servers: - name: test1 ip: 192.168.1.1 timeout: 5 key: testkey authentication_port: 220 accounting_port: 221 retransmit: 3 automate_tester_probe_on_config: true automate_tester_ignore_acct_port: true automate_tester_username: test_user pac_key: test_pac pac_key_encryption: 0 attributes: - number: 25 access_request_include: true radius_groups: - name: testgroup1 source_interface_type: GigabitEthernet source_interface_id: 1 tacacs_servers: - name: test1 ip: 192.168.0.1 timeout: 5 encryption: 0 key: testkey