System configuration encompasses fundamental device-level settings that control core operational behaviors including hostname identification, IP and IPv6 routing enablement, domain name resolution, login security controls, and HTTP/HTTPS server parameters for management access. It provides comprehensive control over essential network services such as multicast routing, source routing, domain lookup, and authentication methods while supporting both local and AAA-based authentication mechanisms for management interfaces. System configuration is critical for establishing the basic operational foundation of network devices, ensuring proper identification, connectivity, security posture, and management accessibility across the network infrastructure.
Diagram Classes configuration (iosxe.devices) Name Type Constraint Mandatory Default Value system Class [system]
No
system (iosxe.devices.configuration) Name Type Constraint Mandatory Default Value hostname String Regex: ^[^\s]*$
No ip_bgp_community_new_format Boolean true
, false
No ip_routing Boolean true
, false
No ipv6_unicast_routing Boolean true
, false
No mtu Integer min: 1500
, max: 9198
No ip_source_route Boolean true
, false
No ip_domain_lookup Boolean true
, false
No ip_domain_name String Regex: ^[^\s]*$
No login_delay Integer min: 1
, max: 10
No login_on_failure Boolean true
, false
No login_on_failure_log Boolean true
, false
No login_on_success Boolean true
, false
No login_on_success_log Boolean true
, false
No ip_multicast_routing Boolean true
, false
No multicast_routing_switch Boolean true
, false
No ip_multicast_routing_distributed Boolean true
, false
No multicast_routing_vrfs List [multicast_routing_vrfs]
No access_session_mac_move_deny Boolean true
, false
No archive Class [archive]
No boot_system_bootfiles List String No boot_system_flash_files List String No cisp_enable Boolean true
, false
No control_plane_service_policy_input String No diagnostic_bootup_level Choice complete
, minimal
No enable_secret String No enable_secret_level Integer min: 0
, max: 255
No enable_secret_type Choice 0
, 4
, 5
, 8
, 9
No epm_logging Boolean true
, false
No ip_domain_lookup_source_interface_type Choice Loopback
, Vlan
, GigabitEthernet
, TwoGigabitEthernet
, FiveGigabitEthernet
, TenGigabitEthernet
, TwentyFiveGigabitEthernet
, FortyGigabitEthernet
, HundredGigabitEthernet
No ip_domain_lookup_source_interface_id String No ip_forward_protocol_nd Boolean true
, false
No ip_name_servers List String No ip_name_servers_vrf List [ip_name_servers_vrf]
No ip_radius_source_interface_type Choice Loopback
, Vlan
, GigabitEthernet
, TwoGigabitEthernet
, FiveGigabitEthernet
, TenGigabitEthernet
, TwentyFiveGigabitEthernet
, FortyGigabitEthernet
, HundredGigabitEthernet
No ip_radius_source_interface_id String No ip_radius_source_interface_vrf String No ip_scp_server_enable Boolean true
, false
No ssh Class [ssh]
No ip_tacacs_source_interface_type Choice Loopback
, Vlan
, GigabitEthernet
, TwoGigabitEthernet
, FiveGigabitEthernet
, TenGigabitEthernet
, TwentyFiveGigabitEthernet
, FortyGigabitEthernet
, HundredGigabitEthernet
No ip_tacacs_source_interface_id String No ip_tacacs_source_interface_vrf String No memory_free_low_watermark_processor Integer min: 1
, max: 3994575
No pnp_profiles List [pnp_profiles]
No redundancy Boolean true
, false
No redundancy_mode Choice none
, rpr
, rpr-plus
, sso
No transceiver_type_all_monitoring Boolean true
, false
No http Class [http]
No
multicast_routing_vrfs (iosxe.devices.configuration.system) Name Type Constraint Mandatory Default Value vrf String Regex: ^[^\s]*$
Yes distributed Boolean true
, false
No
archive (iosxe.devices.configuration.system) Name Type Constraint Mandatory Default Value log_config_logging_enable Boolean true
, false
No log_config_logging_size Integer min: 1
, max: 1000
No maximum Integer min: 1
, max: 14
No path String No time_period Integer min: 1
, max: 525600
No write_memory Boolean true
, false
No
ip_name_servers_vrf (iosxe.devices.configuration.system) Name Type Constraint Mandatory Default Value vrf String Yes servers List String No
ssh (iosxe.devices.configuration.system) Name Type Constraint Mandatory Default Value authentication_retries Integer min: 0
, max: 5
No source_interface_type Choice Loopback
, Vlan
, GigabitEthernet
, TwoGigabitEthernet
, FiveGigabitEthernet
, TenGigabitEthernet
, TwentyFiveGigabitEthernet
, FortyGigabitEthernet
, HundredGigabitEthernet
No source_interface_id String No time_out Integer min: 1
, max: 120
No version Choice 2
No
pnp_profiles (iosxe.devices.configuration.system) Name Type Constraint Mandatory Default Value name String Yes transport_https_ipv4_ipv4_address String No transport_https_ipv4_port Integer min: 1
, max: 65535
No
http (iosxe.devices.configuration.system) Name Type Constraint Mandatory Default Value access_class Integer min: 1
, max: 99
No active_session_modules String Regex: ^[^\s]*$
No secure_active_session_modules String Regex: ^[^\s]*$
No max_connections Integer min: 1
, max: 50
No authentication_aaa Boolean true
, false
No authentication_aaa_exec_authorization String Regex: ^[^\s]*$
No authentication_aaa_login_authentication String Regex: ^[^\s]*$
No authentication_aaa_command_authorizations List [authentication_aaa_command_authorizations]
No authentication_local Boolean true
, false
No server Boolean true
, false
No secure_server Boolean true
, false
No secure_trustpoint String Regex: ^[^\s]*$
No tls_version Choice TLSv1.0
, TLSv1.1
, TLSv1.2
, TLSv1.3
No client_secure_trustpoint String Regex: ^[^\s]*$
No client_source_interface_type Choice Loopback
, Vlan
, GigabitEthernet
, FiveGigabitEthernet
, TenGigabitEthernet
, FortyGigabitEthernet
, HundredGigabitEthernet
, PortChannel
No client_source_interface_id String No
authentication_aaa_command_authorizations (iosxe.devices.configuration.system.http) Name Type Constraint Mandatory Default Value level Integer min: 0
, max: 15
Yes name String Regex: ^[^\s]*$
No
Examples Example-1 : In the below example, it uses local as the HTTP authentication method.
ip_bgp_community_new_format : true
ipv6_unicast_routing : true
ip_domain_name : router1_domain
login_on_failure_log : true
login_on_success_log : true
ip_multicast_routing : true
ip_multicast_routing_distributed : true
active_session_modules : restconf
secure_active_session_modules : restconf
authentication_local : true
secure_trustpoint : router1_trustpoint
client_secure_trustpoint : router1_trustpoint
client_source_interface : Loopback0
Example-2 : In the below example, the router instead uses AAA for HTTP authentication.
ip_bgp_community_new_format : true
ipv6_unicast_routing : true
ip_domain_name : router2_domain
login_on_failure_log : true
login_on_success_log : true
ip_multicast_routing : true
ip_multicast_routing_distributed : true
active_session_modules : restconf
secure_active_session_modules : restconf
authentication_aaa_exec_authorization : test_author_group
authentication_aaa_login_authentication : test_authen_group
authentication_aaa_command_authorizations :
secure_trustpoint : router2_trustpoint
client_secure_trustpoint : router2_trustpoint
client_source_interface : Loopback1
Example-3 : In the below example, the device is a switch instead of a router. This is significant for the multicast_routing_switch
and MTU configurations.
ip_bgp_community_new_format : true
ipv6_unicast_routing : true
ip_domain_name : switch1_domain
login_on_failure_log : true
login_on_success_log : true
multicast_routing_switch : true
active_session_modules : restconf
secure_active_session_modules : restconf
authentication_local : true
secure_trustpoint : switch1_trustpoint
client_secure_trustpoint : switch1_trustpoint
client_source_interface : Loopback2