aaa
- system aaa
- SDE
M10-Smart
M2
RS420
AAA subsystem
- system aaa authorization
- SDE
M10-Smart
M2
RS420
Authorization parameters
- system aaa authorization privilege-map
- SDE
M10-Smart
M2
RS420
Privilege level to role mapping
- system aaa authorization privilege-map radius
- SDE
M10-Smart
M2
RS420
RADIUS privilege level
- system aaa authorization privilege-map radius privileged
- SDE
M10-Smart
M2
RS420
RADIUS privileged user privilege level
- system aaa authorization privilege-map radius privileged role <id>
- SDE
M10-Smart
M2
RS420
- Values
id – Mapped role
- system aaa authorization privilege-map radius standard
- SDE
M10-Smart
M2
RS420
RADIUS standard user privilege level
- system aaa authorization privilege-map radius standard role <id>
- SDE
M10-Smart
M2
RS420
- Values
id – Mapped role
- system aaa authorization privilege-map tacacs <u32>
- SDE
M10-Smart
M2
RS420
TACACS privilege level
- Values
u32 – Privilege level (0-15)
- Instances
Multiple
- Required
- system aaa authorization privilege-map tacacs <u32> role <id>
- SDE
M10-Smart
M2
RS420
- Values
id – Mapped role for privilege level
- system aaa group
- SDE
M10-Smart
M2
RS420
AAA server group parameters
- system aaa group radius <id>
- SDE
M10-Smart
M2
RS420
- Values
id – RADIUS AAA server group parameters
- Instances
Multiple
- Required
- system aaa group radius <id> local-vrf <id>
- SDE
M10-Smart
M2
RS420
Server group VRF
- Reference
- system aaa group radius <id> server <id>
- SDE
M10-Smart
M2
RS420
RADIUS server
- Reference
- Instances
Multiple
- system aaa group radius <id> server <id> priority <u32>
- SDE
M10-Smart
M2
RS420
Server priority (lowest first)
- Values
u32 – Server priority (1-255)
- system aaa group tacacs <id>
- SDE
M10-Smart
M2
RS420
- Values
id – TACACS AAA server group parameters
- Instances
Multiple
- Required
- system aaa group tacacs <id> local-vrf <id>
- SDE
M10-Smart
M2
RS420
Server group VRF
- Reference
- system aaa group tacacs <id> server <id>
- SDE
M10-Smart
M2
RS420
Add a server to the group
- Reference
- Instances
Multiple
- system aaa group tacacs <id> server <id> priority <u32>
- SDE
M10-Smart
M2
RS420
Server priority (lowest first)
- Values
u32 – Server priority (1-255)
- system aaa list <id>
- SDE
M10-Smart
M2
RS420
AAA list parameters
- Values
id – AAA list name
- Instances
Multiple
- system aaa list <id> method <u32>
- SDE
M10-Smart
M2
RS420
- Values
u32 – AAA method
- Instances
Unique
- system aaa list <id> method <u32> group
- SDE
M10-Smart
M2
RS420
AAA server group
- Instances
Unique
- system aaa list <id> method <u32> group radius <id>
- SDE
M10-Smart
M2
RS420
RADIUS server group
- Reference
- system aaa list <id> method <u32> group tacacs <id>
- SDE
M10-Smart
M2
RS420
TACACS server group
- Reference
- system aaa list <id> method <u32> local
- SDE
M10-Smart
M2
RS420
Local user database
- system aaa server
- SDE
M10-Smart
M2
RS420
AAA server parameters
- system aaa server radius <id>
- SDE
M10-Smart
M2
RS420
- Values
id – RADIUS server parameters
- Instances
Multiple
- Required
- Required
- system aaa server radius <id> accounting-port <u32>
- SDE
M10-Smart
M2
RS420
Accounting port
- Values
u32 – Numeric IP port (1-65535)
- system aaa server radius <id> address <ipv4|ipv6|fqdn>
- SDE
M10-Smart
M2
RS420
RADIUS server parameters configuration
- Values
ipv4 – RADIUS server IPv4 address
ipv6 – RADIUS server IPv6 address
fqdn – RADIUS server hostname
- system aaa server radius <id> encrypted-key <password>
- SDE
M10-Smart
M2
RS420
- Values
password – Encrypted key
- system aaa server radius <id> key <txt>
- SDE
M10-Smart
M2
RS420
- Values
txt – Shared secret key These characters are allowed to be used for setting the shared key: alphanumeric characters: a-z A-Z 0-9 special characters: - + & ! @ # $ %% ^ * ( ) , . : _ It is recommended to use single quotes (’) for setting the shared-secret key. If special characters are being used, then single quotes are mandatory
- system aaa server radius <id> local-address <ipv4|ipv6>
- SDE
M10-Smart
M2
RS420
Source IP address used to initiate connection
- Values
ipv4 – IPv4 source address
ipv6 – IPv6 source address
- Local IP address
- system aaa server radius <id> port <u32>
- SDE
M10-Smart
M2
RS420
Authentication port
- Values
u32 – Numeric IP port (1-65535)
- system aaa server radius <id> timeout <u32>
- SDE
M10-Smart
M2
RS420
Session timeout
- Values
u32 – Session timeout in seconds (1-30)
- system aaa server radius <id> vpn
- SDE
M10-Smart
M2
RS420
VPN-specific parameters
- system aaa server radius <id> vpn ipsec
- SDE
M10-Smart
M2
RS420
IPSec-specific parameters
- system aaa server radius <id> vpn ipsec preference <u32>
- SDE
M10-Smart
M2
RS420
Specific priority of this server This value allows (or denies) using another RADIUS server if the one which is being configured becomes unresponsive. A reachable server automatically gets a priority in between 110 and 210 (proportionally, higher is better). But be aware that a value higher than 110 will mark the server as a reachable even if it is not.
- Values
u32 – Fair selection based on server load (0)
u32 – Prefer this server, as long as it is completely unloaded (1)
u32 – Prefer this server, unless more than half of the sockets are in use (50)
u32 – Always prefer this server, unless no sockets are currently available (99)
u32 – Always prefer the server, unless it gets unreachable (101)
u32 – Always use this server, even if it gets unreachable [DANGEROUS] (110-210)
u32 – Allowed priority values (0-210)
- system aaa server radius <id> vpn ipsec sockets <u32>
- SDE
M10-Smart
M2
RS420
Pre-allocated sockets to use A single RADIUS client port can handle only one concurrent authentication session. Defining multiple client ports can help doing parallel authentication in high load scenarios. Notice that the higher this value is the higher the resources used are. Each server will have this amount of sockets, be careful changing this setting (10 servers with 5 sockets each one = 50 pre-allocated sockets)
- Values
u32 – Pre-allocated sockets per each server (1-1024)
- system aaa server radius <id> vpn ipsec sockets <u32> nas-identifier <id>
- SDE
M10-Smart
M2
RS420
- Values
id – Identification used against the RADIUS server These characters are allowed to be used when defining the identifier:
- system aaa server tacacs <id>
- SDE
M10-Smart
M2
RS420
- Values
id – RADIUS server parameters
- Instances
Multiple
- Required
- Required
- system aaa server tacacs <id> address <ipv4|ipv6|fqdn>
- SDE
M10-Smart
M2
RS420
Server address
- Values
ipv4 – TACACS server IPv4 address
ipv6 – TACACS server IPv6 address
fqdn – TACACS server hostname
- system aaa server tacacs <id> encrypted-key <password>
- SDE
M10-Smart
M2
RS420
- Values
password – Encrypted key
- system aaa server tacacs <id> key <txt>
- SDE
M10-Smart
M2
RS420
- Values
txt – Shared secret key These characters are allowed to be used for setting the shared key: alphanumeric characters: a-z A-Z 0-9 special characters: - + & ! @ # $ %% ^ * ( ) , . : _ It is recommended to use single quotes (’) for setting the shared-secret key. If special characters are being used, then single quotes are mandatory
- system aaa server tacacs <id> local-address <ipv4|ipv6>
- SDE
M10-Smart
M2
RS420
Source IP address used to initiate connection
- Values
ipv4 – IPv4 source address
ipv6 – IPv6 source address
- Local IP address
- Instances
Multiple
- system aaa server tacacs <id> port <u32>
- SDE
M10-Smart
M2
RS420
Authentication port
- Values
u32 – Numeric IP port (1-65535)
- system aaa server tacacs <id> protocol <id>
- SDE
M10-Smart
M2
RS420
- Values
id – Protocol type
- system aaa server tacacs <id> service <id>
- SDE
M10-Smart
M2
RS420
- Values
id – Service type