Skip to content

System

System configuration encompasses fundamental device-level settings that control core operational behaviors including hostname identification, IP and IPv6 routing enablement, domain name resolution, login security controls, and HTTP/HTTPS server parameters for management access. It provides comprehensive control over essential network services such as multicast routing, source routing, domain lookup, and authentication methods while supporting both local and AAA-based authentication mechanisms for management interfaces. System configuration is critical for establishing the basic operational foundation of network devices, ensuring proper identification, connectivity, security posture, and management accessibility across the network infrastructure.

Diagram

Diagram

Classes

configuration (iosxe.devices)

NameTypeConstraintMandatoryDefault Value
systemClass[system]No

system (iosxe.devices.configuration)

NameTypeConstraintMandatoryDefault Value
hostnameStringRegex: ^[^\s]*$No
ip_bgp_community_new_formatBooleantrue, falseNo
ip_routingBooleantrue, falseNo
ipv6_unicast_routingBooleantrue, falseNo
mtuIntegermin: 1500, max: 9198No
ip_source_routeBooleantrue, falseNo
ip_domain_lookupBooleantrue, falseNo
ip_domain_nameStringRegex: ^[^\s]*$No
login_delayIntegermin: 1, max: 10No
login_on_failureBooleantrue, falseNo
login_on_failure_logBooleantrue, falseNo
login_on_successBooleantrue, falseNo
login_on_success_logBooleantrue, falseNo
ip_multicast_routingBooleantrue, falseNo
multicast_routing_switchBooleantrue, falseNo
ip_multicast_routing_distributedBooleantrue, falseNo
multicast_routing_vrfsList[multicast_routing_vrfs]No
access_session_mac_move_denyBooleantrue, falseNo
archiveClass[archive]No
boot_system_bootfilesListStringNo
boot_system_flash_filesListStringNo
cisp_enableBooleantrue, falseNo
control_plane_service_policy_inputStringNo
diagnostic_bootup_levelChoicecomplete, minimalNo
enable_secretStringNo
enable_secret_levelIntegermin: 0, max: 255No
enable_secret_typeChoice0, 4, 5, 8, 9No
epm_loggingBooleantrue, falseNo
ip_domain_lookup_source_interface_typeChoiceLoopback, Vlan, GigabitEthernet, TwoGigabitEthernet, FiveGigabitEthernet, TenGigabitEthernet, TwentyFiveGigabitEthernet, FortyGigabitEthernet, HundredGigabitEthernetNo
ip_domain_lookup_source_interface_idStringNo
ip_forward_protocol_ndBooleantrue, falseNo
ip_name_serversListStringNo
ip_name_servers_vrfList[ip_name_servers_vrf]No
ip_radius_source_interface_typeChoiceLoopback, Vlan, GigabitEthernet, TwoGigabitEthernet, FiveGigabitEthernet, TenGigabitEthernet, TwentyFiveGigabitEthernet, FortyGigabitEthernet, HundredGigabitEthernetNo
ip_radius_source_interface_idStringNo
ip_radius_source_interface_vrfStringNo
ip_scp_server_enableBooleantrue, falseNo
sshClass[ssh]No
ip_tacacs_source_interface_typeChoiceLoopback, Vlan, GigabitEthernet, TwoGigabitEthernet, FiveGigabitEthernet, TenGigabitEthernet, TwentyFiveGigabitEthernet, FortyGigabitEthernet, HundredGigabitEthernetNo
ip_tacacs_source_interface_idStringNo
ip_tacacs_source_interface_vrfStringNo
memory_free_low_watermark_processorIntegermin: 1, max: 3994575No
pnp_profilesList[pnp_profiles]No
redundancyBooleantrue, falseNo
redundancy_modeChoicenone, rpr, rpr-plus, ssoNo
transceiver_type_all_monitoringBooleantrue, falseNo
httpClass[http]No

multicast_routing_vrfs (iosxe.devices.configuration.system)

NameTypeConstraintMandatoryDefault Value
vrfStringRegex: ^[^\s]*$Yes
distributedBooleantrue, falseNo

archive (iosxe.devices.configuration.system)

NameTypeConstraintMandatoryDefault Value
log_config_logging_enableBooleantrue, falseNo
log_config_logging_sizeIntegermin: 1, max: 1000No
maximumIntegermin: 1, max: 14No
pathStringNo
time_periodIntegermin: 1, max: 525600No
write_memoryBooleantrue, falseNo

ip_name_servers_vrf (iosxe.devices.configuration.system)

NameTypeConstraintMandatoryDefault Value
vrfStringYes
serversListStringNo

ssh (iosxe.devices.configuration.system)

NameTypeConstraintMandatoryDefault Value
authentication_retriesIntegermin: 0, max: 5No
source_interface_typeChoiceLoopback, Vlan, GigabitEthernet, TwoGigabitEthernet, FiveGigabitEthernet, TenGigabitEthernet, TwentyFiveGigabitEthernet, FortyGigabitEthernet, HundredGigabitEthernetNo
source_interface_idStringNo
time_outIntegermin: 1, max: 120No
versionChoice2No

pnp_profiles (iosxe.devices.configuration.system)

NameTypeConstraintMandatoryDefault Value
nameStringYes
transport_https_ipv4_ipv4_addressStringNo
transport_https_ipv4_portIntegermin: 1, max: 65535No

http (iosxe.devices.configuration.system)

NameTypeConstraintMandatoryDefault Value
access_classIntegermin: 1, max: 99No
active_session_modulesStringRegex: ^[^\s]*$No
secure_active_session_modulesStringRegex: ^[^\s]*$No
max_connectionsIntegermin: 1, max: 50No
authentication_aaaBooleantrue, falseNo
authentication_aaa_exec_authorizationStringRegex: ^[^\s]*$No
authentication_aaa_login_authenticationStringRegex: ^[^\s]*$No
authentication_aaa_command_authorizationsList[authentication_aaa_command_authorizations]No
authentication_localBooleantrue, falseNo
serverBooleantrue, falseNo
secure_serverBooleantrue, falseNo
secure_trustpointStringRegex: ^[^\s]*$No
tls_versionChoiceTLSv1.0, TLSv1.1, TLSv1.2, TLSv1.3No
client_secure_trustpointStringRegex: ^[^\s]*$No
client_source_interface_typeChoiceLoopback, Vlan, GigabitEthernet, FiveGigabitEthernet, TenGigabitEthernet, FortyGigabitEthernet, HundredGigabitEthernet, PortChannelNo
client_source_interface_idStringNo

authentication_aaa_command_authorizations (iosxe.devices.configuration.system.http)

NameTypeConstraintMandatoryDefault Value
levelIntegermin: 0, max: 15Yes
nameStringRegex: ^[^\s]*$No

Examples

Example-1 : In the below example, it uses local as the HTTP authentication method.

iosxe:
devices:
- name: Router1
configuration:
system:
hostname: router1-xe
ip_bgp_community_new_format: true
ip_routing: true
ipv6_unicast_routing: true
ip_source_route: true
ip_domain_lookup: true
ip_domain_name: router1_domain
login_delay: 2
login_on_failure: true
login_on_failure_log: true
login_on_success: true
login_on_success_log: true
ip_multicast_routing: true
ip_multicast_routing_distributed: true
http:
access_class: 10
active_session_modules: restconf
secure_active_session_modules: restconf
max_connections: 25
authentication_local: true
server: true
secure_server: true
secure_trustpoint: router1_trustpoint
tls_version: TLSv1.2
client_secure_trustpoint: router1_trustpoint
client_source_interface: Loopback0

Example-2 : In the below example, the router instead uses AAA for HTTP authentication.

iosxe:
devices:
- name: Router2
configuration:
system:
hostname: router2-xe
ip_bgp_community_new_format: true
ip_routing: true
ipv6_unicast_routing: true
ip_source_route: true
ip_domain_lookup: true
ip_domain_name: router2_domain
login_delay: 2
login_on_failure: true
login_on_failure_log: true
login_on_success: true
login_on_success_log: true
ip_multicast_routing: true
ip_multicast_routing_distributed: true
http:
access_class: 20
active_session_modules: restconf
secure_active_session_modules: restconf
max_connections: 50
authentication_aaa: true
authentication_aaa_exec_authorization: test_author_group
authentication_aaa_login_authentication: test_authen_group
authentication_aaa_command_authorizations:
- level: 15
name: test1
server: true
secure_server: true
secure_trustpoint: router2_trustpoint
tls_version: TLSv1.2
client_secure_trustpoint: router2_trustpoint
client_source_interface: Loopback1

Example-3 : In the below example, the device is a switch instead of a router. This is significant for the multicast_routing_switch and MTU configurations.

iosxe:
devices:
- name: Switch1
configuration:
system:
hostname: switch1-xe
ip_bgp_community_new_format: true
ip_routing: true
mtu: 1600
ipv6_unicast_routing: true
ip_source_route: true
ip_domain_lookup: true
ip_domain_name: switch1_domain
login_delay: 2
login_on_failure: true
login_on_failure_log: true
login_on_success: true
login_on_success_log: true
multicast_routing_switch: true
http:
access_class: 30
active_session_modules: restconf
secure_active_session_modules: restconf
max_connections: 100
authentication_local: true
server: true
secure_server: true
secure_trustpoint: switch1_trustpoint
tls_version: TLSv1.2
client_secure_trustpoint: switch1_trustpoint
client_source_interface: Loopback2