System

System configuration encompasses fundamental device-level settings that control core operational behaviors including hostname identification, IP and IPv6 routing enablement, domain name resolution, login security controls, and HTTP/HTTPS server parameters for management access. It provides comprehensive control over essential network services such as multicast routing, source routing, domain lookup, and authentication methods while supporting both local and AAA-based authentication mechanisms for management interfaces. System configuration is critical for establishing the basic operational foundation of network devices, ensuring proper identification, connectivity, security posture, and management accessibility across the network infrastructure.

Diagram

Classes

configuration (iosxe.devices)

Name	Type	Constraint	Mandatory	Default Value
system	Class	`[system]`	No

system (iosxe.devices.configuration)

Name	Type	Constraint	Mandatory
hostname	String	Regex: `^[^\s]*$`	No
ip_bgp_community_new_format	Boolean	`true`, `false`	No
ip_routing	Boolean	`true`, `false`	No
ipv6_unicast_routing	Boolean	`true`, `false`	No
mtu	Integer	min: `1500`, max: `9198`	No
ip_source_route	Boolean	`true`, `false`	No
ip_domain_lookup	Boolean	`true`, `false`	No
ip_domain_name	String	Regex: `^[^\s]*$`	No
login_delay	Integer	min: `1`, max: `10`	No
login_on_failure	Boolean	`true`, `false`	No
login_on_failure_log	Boolean	`true`, `false`	No
login_on_success	Boolean	`true`, `false`	No
login_on_success_log	Boolean	`true`, `false`	No
ip_multicast_routing	Boolean	`true`, `false`	No
multicast_routing_switch	Boolean	`true`, `false`	No
ip_multicast_routing_distributed	Boolean	`true`, `false`	No
multicast_routing_vrfs	List	`[multicast_routing_vrfs]`	No
access_session_mac_move_deny	Boolean	`true`, `false`	No
archive	Class	`[archive]`	No
boot_system_bootfiles	List	String	No
boot_system_flash_files	List	String	No
cisp_enable	Boolean	`true`, `false`	No
control_plane_service_policy_input	String		No
diagnostic_bootup_level	Choice	`complete`, `minimal`	No
enable_secret	String		No
enable_secret_level	Integer	min: `0`, max: `255`	No
enable_secret_type	Choice	`0`, `4`, `5`, `8`, `9`	No
epm_logging	Boolean	`true`, `false`	No
ip_domain_lookup_source_interface_type	Choice	`Loopback`, `Vlan`, `GigabitEthernet`, `TwoGigabitEthernet`, `FiveGigabitEthernet`, `TenGigabitEthernet`, `TwentyFiveGigabitEthernet`, `FortyGigabitEthernet`, `HundredGigabitEthernet`	No
ip_domain_lookup_source_interface_id	String		No
ip_forward_protocol_nd	Boolean	`true`, `false`	No
ip_name_servers	List	String	No
ip_name_servers_vrf	List	`[ip_name_servers_vrf]`	No
ip_radius_source_interface_type	Choice	`Loopback`, `Vlan`, `GigabitEthernet`, `TwoGigabitEthernet`, `FiveGigabitEthernet`, `TenGigabitEthernet`, `TwentyFiveGigabitEthernet`, `FortyGigabitEthernet`, `HundredGigabitEthernet`	No
ip_radius_source_interface_id	String		No
ip_radius_source_interface_vrf	String		No
ip_scp_server_enable	Boolean	`true`, `false`	No
ssh	Class	`[ssh]`	No
ip_tacacs_source_interface_type	Choice	`Loopback`, `Vlan`, `GigabitEthernet`, `TwoGigabitEthernet`, `FiveGigabitEthernet`, `TenGigabitEthernet`, `TwentyFiveGigabitEthernet`, `FortyGigabitEthernet`, `HundredGigabitEthernet`	No
ip_tacacs_source_interface_id	String		No
ip_sla	Class	`[ip_sla]`	No
ip_tacacs_source_interface_vrf	String		No
memory_free_low_watermark_processor	Integer	min: `1`, max: `3994575`	No
pnp_profiles	List	`[pnp_profiles]`	No
redundancy	Boolean	`true`, `false`	No
redundancy_mode	Choice	`none`, `rpr`, `rpr-plus`, `sso`	No
transceiver_type_all_monitoring	Boolean	`true`, `false`	No
http	Class	`[http]`	No
ip_hosts	List	`[ip_hosts]`	No
subscriber_templating	Boolean	`true`, `false`	No
call_home_contact_email	String		No
call_home_cisco_tac_1_profile_active	Boolean	`true`, `false`	No
call_home_cisco_tac_1_destination_transport_method	Choice	`email`, `http`	No
ip_ftp_passive	Boolean	`true`, `false`	No
tftp_source_interface_type	Choice	`Loopback`, `GigabitEthernet`	No
tftp_source_interface_id	String		No
multilink_ppp_bundle_name	String		No
ip_nbar_classification_dns_classify_by_domain	Boolean	`true`, `false`	No
track_objects	List	`[track_objects]`	No
ip_multicast_route_limit	Integer	min: `1`, max: `2147483647`	No
ip_domain_list_names	List	String	No
ip_domain_list_vrf_domain	String		No
ip_domain_list_vrf	String		No
ethernet_cfm_alarm_config_delay	Integer	min: `2500`, max: `30000`	No
ethernet_cfm_alarm_config_reset	Integer	min: `2500`, max: `30000`	No
standby_redirects	Choice	`none`, `enable`, `disable`	No
security_passwords_min_length	Integer	min: `1`, max: `16`	No

multicast_routing_vrfs (iosxe.devices.configuration.system)

Name	Type	Constraint	Mandatory	Default Value
vrf	String	Regex: `^[^\s]*$`	Yes
distributed	Boolean	`true`, `false`	No

archive (iosxe.devices.configuration.system)

Name	Type	Constraint	Mandatory
log_config_logging_enable	Boolean	`true`, `false`	No
log_config_logging_size	Integer	min: `1`, max: `1000`	No
maximum	Integer	min: `1`, max: `14`	No
path	String		No
time_period	Integer	min: `1`, max: `525600`	No
write_memory	Boolean	`true`, `false`	No

ip_name_servers_vrf (iosxe.devices.configuration.system)

Name	Type	Constraint	Mandatory	Default Value
vrf	String		Yes
servers	List	String	No

ssh (iosxe.devices.configuration.system)

Name	Type	Constraint	Mandatory
authentication_retries	Integer	min: `0`, max: `5`	No
source_interface_type	Choice	`Loopback`, `Vlan`, `GigabitEthernet`, `TwoGigabitEthernet`, `FiveGigabitEthernet`, `TenGigabitEthernet`, `TwentyFiveGigabitEthernet`, `FortyGigabitEthernet`, `HundredGigabitEthernet`	No
source_interface_id	String		No
time_out	Integer	min: `1`, max: `120`	No
version	Choice	`2`	No

ip_sla (iosxe.devices.configuration.system)

Name	Type	Constraint	Mandatory	Default Value
entries	List	`[entries]`	No
schedules	List	`[schedules]`	No

pnp_profiles (iosxe.devices.configuration.system)

Name	Type	Constraint	Mandatory
name	String		Yes
transport_https_ipv4_ipv4_address	String		No
transport_https_ipv4_port	Integer	min: `1`, max: `65535`	No

http (iosxe.devices.configuration.system)

Name	Type	Constraint	Mandatory
access_class	Integer	min: `1`, max: `99`	No
active_session_modules	String	Regex: `^[^\s]*$`	No
secure_active_session_modules	String	Regex: `^[^\s]*$`	No
max_connections	Integer	min: `1`, max: `50`	No
authentication_aaa	Boolean	`true`, `false`	No
authentication_aaa_exec_authorization	String	Regex: `^[^\s]*$`	No
authentication_aaa_login_authentication	String	Regex: `^[^\s]*$`	No
authentication_aaa_command_authorizations	List	`[authentication_aaa_command_authorizations]`	No
authentication_local	Boolean	`true`, `false`	No
server	Boolean	`true`, `false`	No
secure_server	Boolean	`true`, `false`	No
secure_trustpoint	String	Regex: `^[^\s]*$`	No
tls_version	Choice	`TLSv1.0`, `TLSv1.1`, `TLSv1.2`, `TLSv1.3`	No
client_secure_trustpoint	String	Regex: `^[^\s]*$`	No
client_source_interface_type	Choice	`Loopback`, `Vlan`, `GigabitEthernet`, `FiveGigabitEthernet`, `TenGigabitEthernet`, `FortyGigabitEthernet`, `HundredGigabitEthernet`, `PortChannel`	No
client_source_interface_id	String		No

ip_hosts (iosxe.devices.configuration.system)

Name	Type	Constraint	Mandatory
name	String		Yes
ips	List	IP	Yes
vrf	String		No

track_objects (iosxe.devices.configuration.system)

Name	Type	Constraint	Mandatory
number	Integer	min: `1`, max: `1000`	Yes
ip_sla_number	Integer	min: `1`, max: `2147483647`	No
ip_sla_reachability	Boolean	`true`, `false`	No

entries (iosxe.devices.configuration.system.ip_sla)

Name	Type	Mandatory
number	Integer	Yes
icmp_echo_destination	String	No
icmp_echo_source_ip	String	No

schedules (iosxe.devices.configuration.system.ip_sla)

Name	Type	Constraint	Mandatory
entry_number	Integer		Yes
life	Integer		No
start_time_now	Boolean	`true`, `false`	No

authentication_aaa_command_authorizations (iosxe.devices.configuration.system.http)

Name	Type	Constraint	Mandatory	Default Value
level	Integer	min: `0`, max: `15`	Yes
name	String	Regex: `^[^\s]*$`	No

By configuring system-level parameters, you establish the operational foundation, security, and management accessibility for your network devices.

System Parameters

Key Components:

Hostname (hostname): Sets the device’s hostname for identification.
IP Routing (ip_routing), IPv6 Routing (ipv6_unicast_routing): Enables IP and IPv6 routing capabilities.
Domain Name and Lookup (ip_domain_name, ip_domain_lookup): Configures domain name and enables DNS lookup.
Source Routing (ip_source_route): Enables or disables IP source routing.
BGP Community Format (ip_bgp_community_new_format): Enables new-format BGP community strings.
Login Controls (login_delay, login_on_failure, login_on_failure_log, login_on_success, login_on_success_log): Configures login security and logging.
Multicast Routing (ip_multicast_routing, ip_multicast_routing_distributed, multicast_routing_switch): Enables multicast routing features.
MTU (mtu): Sets the device’s maximum transmission unit (MTU).
HTTP/HTTPS Server (http): Configures HTTP/HTTPS server settings, authentication, access control, and security parameters.

Key Parameters Briefly Explained:

hostname: Device name.
ip_routing, ipv6_unicast_routing: Enable routing.
ip_domain_name, ip_domain_lookup: Domain name and DNS lookup.
ip_source_route: Source routing.
ip_bgp_community_new_format: BGP community format.
login_delay, login_on_failure, login_on_failure_log, login_on_success, login_on_success_log: Login controls.
ip_multicast_routing, ip_multicast_routing_distributed, multicast_routing_switch: Multicast routing.
mtu: MTU setting.
http: HTTP/HTTPS server and authentication.

You can use these system parameters to establish device identity, enable routing, configure management access, and enforce security policies. Adjusting these parameters lets you tailor device behavior and management for your network’s operational needs.

Sample Configuration

The following configuration describes how to set up system parameters on a Cisco IOS-XE device, including hostname, routing, domain name, login controls, multicast routing, and HTTP/HTTPS server settings.

hostname router1-xe
ip bgp-community new-format
ip routing
ipv6 unicast-routing
ip source-route
ip domain-lookup
ip domain-name router1_domain
login delay 2
login on-failure
login on-failure log
login on-success
login on-success log
ip multicast-routing
ip multicast-routing distributed
ip http access-class 10
ip http active-session-modules restconf
ip http secure-active-session-modules restconf
ip http max-connections 25
ip http authentication local
ip http server
ip http secure-server
ip http secure-trustpoint router1_trustpoint
ip http tls-version TLSv1.2
ip http client secure-trustpoint router1_trustpoint
ip http client source-interface Loopback0

Example YAML Code

The following YAML code sets up system parameters on IOS-XE devices, showing local and AAA authentication for HTTP, and switch-specific settings.

iosxe:
  devices:
    - name: Router1
      configuration:
        system:
          hostname: router1-xe
          ip_bgp_community_new_format: true
          ip_routing: true
          ipv6_unicast_routing: true
          ip_source_route: true
          ip_domain_lookup: true
          ip_domain_name: router1_domain
          login_delay: 2
          login_on_failure: true
          login_on_failure_log: true
          login_on_success: true
          login_on_success_log: true
          ip_multicast_routing: true
          ip_multicast_routing_distributed: true
          http:
            access_class: 10
            active_session_modules: restconf
            secure_active_session_modules: restconf
            max_connections: 25
            authentication_local: true
            server: true
            secure_server: true
            secure_trustpoint: router1_trustpoint
            tls_version: TLSv1.2
            client_secure_trustpoint: router1_trustpoint
            client_source_interface: Loopback0

    - name: Router2
      configuration:
        system:
          hostname: router2-xe
          ip_bgp_community_new_format: true
          ip_routing: true
          ipv6_unicast_routing: true
          ip_source_route: true
          ip_domain_lookup: true
          ip_domain_name: router2_domain
          login_delay: 2
          login_on_failure: true
          login_on_failure_log: true
          login_on_success: true
          login_on_success_log: true
          ip_multicast_routing: true
          ip_multicast_routing_distributed: true
          http:
            access_class: 20
            active_session_modules: restconf
            secure_active_session_modules: restconf
            max_connections: 50
            authentication_aaa: true
            authentication_aaa_exec_authorization: test_author_group
            authentication_aaa_login_authentication: test_authen_group
            authentication_aaa_command_authorizations:
              - level: 15
                name:  test1
            server: true
            secure_server: true
            secure_trustpoint: router2_trustpoint
            tls_version: TLSv1.2
            client_secure_trustpoint: router2_trustpoint
            client_source_interface: Loopback1

    - name: Switch1
      configuration:
        system:
          hostname: switch1-xe
          ip_bgp_community_new_format: true
          ip_routing: true
          mtu: 1600
          ipv6_unicast_routing: true
          ip_source_route: true
          ip_domain_lookup: true
          ip_domain_name: switch1_domain
          login_delay: 2
          login_on_failure: true
          login_on_failure_log: true
          login_on_success: true
          login_on_success_log: true
          multicast_routing_switch: true
          http:
            access_class: 30
            active_session_modules: restconf
            secure_active_session_modules: restconf
            max_connections: 100
            authentication_local: true
            server: true
            secure_server: true
            secure_trustpoint: switch1_trustpoint
            tls_version: TLSv1.2
            client_secure_trustpoint: switch1_trustpoint
            client_source_interface: Loopback2