System

System configuration encompasses fundamental device-level settings that control core operational behaviors including hostname identification, IP and IPv6 routing enablement, domain name resolution, login security controls, and HTTP/HTTPS server parameters for management access. It provides comprehensive control over essential network services such as multicast routing, source routing, domain lookup, and authentication methods while supporting both local and AAA-based authentication mechanisms for management interfaces. System configuration is critical for establishing the basic operational foundation of network devices, ensuring proper identification, connectivity, security posture, and management accessibility across the network infrastructure.

Diagram

Classes

configuration (iosxe.devices)

Name	Type	Constraint	Mandatory	Default Value
system	Class	`[system]`	No

system (iosxe.devices.configuration)

Name	Type	Constraint	Mandatory
hostname	String	Regex: `^[^\s]*$`	No
ip_bgp_community_new_format	Boolean	`true`, `false`	No
ip_routing	Boolean	`true`, `false`	No
ipv6_unicast_routing	Boolean	`true`, `false`	No
mtu	Integer	min: `1500`, max: `9198`	No
ip_source_route	Boolean	`true`, `false`	No
ip_domain_lookup	Boolean	`true`, `false`	No
ip_domain_name	String	Regex: `^[^\s]*$`	No
login_delay	Integer	min: `1`, max: `10`	No
login_on_failure	Boolean	`true`, `false`	No
login_on_failure_log	Boolean	`true`, `false`	No
login_on_success	Boolean	`true`, `false`	No
login_on_success_log	Boolean	`true`, `false`	No
ip_multicast_routing	Boolean	`true`, `false`	No
multicast_routing_switch	Boolean	`true`, `false`	No
ip_multicast_routing_distributed	Boolean	`true`, `false`	No
multicast_routing_vrfs	List	`[multicast_routing_vrfs]`	No
access_session_mac_move_deny	Boolean	`true`, `false`	No
archive	Class	`[archive]`	No
boot_system_bootfiles	List	String	No
boot_system_flash_files	List	String	No
cisp_enable	Boolean	`true`, `false`	No
control_plane_service_policy_input	String		No
diagnostic_bootup_level	Choice	`complete`, `minimal`	No
enable_secret	String		No
enable_secret_level	Integer	min: `0`, max: `255`	No
enable_secret_type	Choice	`0`, `4`, `5`, `8`, `9`	No
epm_logging	Boolean	`true`, `false`	No
ip_domain_lookup_source_interface_type	Choice	`Loopback`, `Vlan`, `GigabitEthernet`, `TwoGigabitEthernet`, `FiveGigabitEthernet`, `TenGigabitEthernet`, `TwentyFiveGigabitEthernet`, `FortyGigabitEthernet`, `HundredGigabitEthernet`	No
ip_domain_lookup_source_interface_id	String		No
ip_forward_protocol_nd	Boolean	`true`, `false`	No
ip_name_servers	List	String	No
ip_name_servers_vrf	List	`[ip_name_servers_vrf]`	No
ip_radius_source_interface_type	Choice	`Loopback`, `Vlan`, `GigabitEthernet`, `TwoGigabitEthernet`, `FiveGigabitEthernet`, `TenGigabitEthernet`, `TwentyFiveGigabitEthernet`, `FortyGigabitEthernet`, `HundredGigabitEthernet`	No
ip_radius_source_interface_id	String		No
ip_radius_source_interface_vrf	String		No
ip_scp_server_enable	Boolean	`true`, `false`	No
ssh	Class	`[ssh]`	No
ip_tacacs_source_interface_type	Choice	`Loopback`, `Vlan`, `GigabitEthernet`, `TwoGigabitEthernet`, `FiveGigabitEthernet`, `TenGigabitEthernet`, `TwentyFiveGigabitEthernet`, `FortyGigabitEthernet`, `HundredGigabitEthernet`	No
ip_tacacs_source_interface_id	String		No
ip_tacacs_source_interface_vrf	String		No
memory_free_low_watermark_processor	Integer	min: `1`, max: `3994575`	No
pnp_profiles	List	`[pnp_profiles]`	No
redundancy	Boolean	`true`, `false`	No
redundancy_mode	Choice	`none`, `rpr`, `rpr-plus`, `sso`	No
transceiver_type_all_monitoring	Boolean	`true`, `false`	No
http	Class	`[http]`	No

multicast_routing_vrfs (iosxe.devices.configuration.system)

Name	Type	Constraint	Mandatory	Default Value
vrf	String	Regex: `^[^\s]*$`	Yes
distributed	Boolean	`true`, `false`	No

archive (iosxe.devices.configuration.system)

Name	Type	Constraint	Mandatory
log_config_logging_enable	Boolean	`true`, `false`	No
log_config_logging_size	Integer	min: `1`, max: `1000`	No
maximum	Integer	min: `1`, max: `14`	No
path	String		No
time_period	Integer	min: `1`, max: `525600`	No
write_memory	Boolean	`true`, `false`	No

ip_name_servers_vrf (iosxe.devices.configuration.system)

Name	Type	Constraint	Mandatory	Default Value
vrf	String		Yes
servers	List	String	No

ssh (iosxe.devices.configuration.system)

Name	Type	Constraint	Mandatory
authentication_retries	Integer	min: `0`, max: `5`	No
source_interface_type	Choice	`Loopback`, `Vlan`, `GigabitEthernet`, `TwoGigabitEthernet`, `FiveGigabitEthernet`, `TenGigabitEthernet`, `TwentyFiveGigabitEthernet`, `FortyGigabitEthernet`, `HundredGigabitEthernet`	No
source_interface_id	String		No
time_out	Integer	min: `1`, max: `120`	No
version	Choice	`2`	No

pnp_profiles (iosxe.devices.configuration.system)

Name	Type	Constraint	Mandatory
name	String		Yes
transport_https_ipv4_ipv4_address	String		No
transport_https_ipv4_port	Integer	min: `1`, max: `65535`	No

http (iosxe.devices.configuration.system)

Name	Type	Constraint	Mandatory
access_class	Integer	min: `1`, max: `99`	No
active_session_modules	String	Regex: `^[^\s]*$`	No
secure_active_session_modules	String	Regex: `^[^\s]*$`	No
max_connections	Integer	min: `1`, max: `50`	No
authentication_aaa	Boolean	`true`, `false`	No
authentication_aaa_exec_authorization	String	Regex: `^[^\s]*$`	No
authentication_aaa_login_authentication	String	Regex: `^[^\s]*$`	No
authentication_aaa_command_authorizations	List	`[authentication_aaa_command_authorizations]`	No
authentication_local	Boolean	`true`, `false`	No
server	Boolean	`true`, `false`	No
secure_server	Boolean	`true`, `false`	No
secure_trustpoint	String	Regex: `^[^\s]*$`	No
tls_version	Choice	`TLSv1.0`, `TLSv1.1`, `TLSv1.2`, `TLSv1.3`	No
client_secure_trustpoint	String	Regex: `^[^\s]*$`	No
client_source_interface_type	Choice	`Loopback`, `Vlan`, `GigabitEthernet`, `FiveGigabitEthernet`, `TenGigabitEthernet`, `FortyGigabitEthernet`, `HundredGigabitEthernet`, `PortChannel`	No
client_source_interface_id	String		No

authentication_aaa_command_authorizations (iosxe.devices.configuration.system.http)

Name	Type	Constraint	Mandatory	Default Value
level	Integer	min: `0`, max: `15`	Yes
name	String	Regex: `^[^\s]*$`	No

Examples

Example-1 : In the below example, it uses local as the HTTP authentication method.

iosxe:
  devices:
    - name: Router1
      configuration:
        system:
          hostname: router1-xe
          ip_bgp_community_new_format: true
          ip_routing: true
          ipv6_unicast_routing: true
          ip_source_route: true
          ip_domain_lookup: true
          ip_domain_name: router1_domain
          login_delay: 2
          login_on_failure: true
          login_on_failure_log: true
          login_on_success: true
          login_on_success_log: true
          ip_multicast_routing: true
          ip_multicast_routing_distributed: true
          http:
            access_class: 10
            active_session_modules: restconf
            secure_active_session_modules: restconf
            max_connections: 25
            authentication_local: true
            server: true
            secure_server: true
            secure_trustpoint: router1_trustpoint
            tls_version: TLSv1.2
            client_secure_trustpoint: router1_trustpoint
            client_source_interface: Loopback0

Example-2 : In the below example, the router instead uses AAA for HTTP authentication.

iosxe:
  devices:
    - name: Router2
      configuration:
        system:
          hostname: router2-xe
          ip_bgp_community_new_format: true
          ip_routing: true
          ipv6_unicast_routing: true
          ip_source_route: true
          ip_domain_lookup: true
          ip_domain_name: router2_domain
          login_delay: 2
          login_on_failure: true
          login_on_failure_log: true
          login_on_success: true
          login_on_success_log: true
          ip_multicast_routing: true
          ip_multicast_routing_distributed: true
          http:
            access_class: 20
            active_session_modules: restconf
            secure_active_session_modules: restconf
            max_connections: 50
            authentication_aaa: true
            authentication_aaa_exec_authorization: test_author_group
            authentication_aaa_login_authentication: test_authen_group
            authentication_aaa_command_authorizations:
              - level: 15
                name:  test1
            server: true
            secure_server: true
            secure_trustpoint: router2_trustpoint
            tls_version: TLSv1.2
            client_secure_trustpoint: router2_trustpoint
            client_source_interface: Loopback1

Example-3 : In the below example, the device is a switch instead of a router. This is significant for the multicast_routing_switch and MTU configurations.

iosxe:
  devices:
    - name: Switch1
      configuration:
        system:
          hostname: switch1-xe
          ip_bgp_community_new_format: true
          ip_routing: true
          mtu: 1600
          ipv6_unicast_routing: true
          ip_source_route: true
          ip_domain_lookup: true
          ip_domain_name: switch1_domain
          login_delay: 2
          login_on_failure: true
          login_on_failure_log: true
          login_on_success: true
          login_on_success_log: true
          multicast_routing_switch: true
          http:
            access_class: 30
            active_session_modules: restconf
            secure_active_session_modules: restconf
            max_connections: 100
            authentication_local: true
            server: true
            secure_server: true
            secure_trustpoint: switch1_trustpoint
            tls_version: TLSv1.2
            client_secure_trustpoint: switch1_trustpoint
            client_source_interface: Loopback2