aaa
- system aaa
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
AAA subsystem
- system aaa authorization
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
Authorization parameters
- system aaa authorization privilege-map
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
Privilege level to role mapping
- system aaa authorization privilege-map radius
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
RADIUS privilege level
- system aaa authorization privilege-map radius privileged
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
RADIUS privileged user privilege level
- system aaa authorization privilege-map radius privileged role <id>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
- Values:
id – Mapped role
- system aaa authorization privilege-map radius standard
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
RADIUS standard user privilege level
- system aaa authorization privilege-map radius standard role <id>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
- Values:
id – Mapped role
- system aaa authorization privilege-map tacacs <u32>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
TACACS privilege level
- Values:
u32 – Privilege level (0-15)
- Instances:
Multiple
- Required:
- system aaa authorization privilege-map tacacs <u32> role <id>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
- Values:
id – Mapped role for privilege level
- system aaa group
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
AAA server group parameters
- system aaa group radius <id>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
- Values:
id – RADIUS AAA server group parameters
- Instances:
Multiple
- Required:
- system aaa group radius <id> local-vrf <id>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
Server group VRF
- Reference:
- system aaa group radius <id> server <id>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
RADIUS server
- Reference:
- Instances:
Multiple
- system aaa group radius <id> server <id> priority <u32>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
Server priority (lowest first)
- Values:
u32 – Server priority (1-255)
- system aaa group tacacs <id>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
- Values:
id – TACACS AAA server group parameters
- Instances:
Multiple
- Required:
- system aaa group tacacs <id> local-vrf <id>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
Server group VRF
- Reference:
- system aaa group tacacs <id> server <id>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
Add a server to the group
- Reference:
- Instances:
Multiple
- system aaa group tacacs <id> server <id> priority <u32>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
Server priority (lowest first)
- Values:
u32 – Server priority (1-255)
- system aaa list <id>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
AAA list parameters
- Values:
id – AAA list name
- Instances:
Multiple
- system aaa list <id> method <u32>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
- Values:
u32 – AAA method
- Instances:
Unique
- system aaa list <id> method <u32> group
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
AAA server group
- Instances:
Unique
- system aaa list <id> method <u32> group radius <id>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
RADIUS server group
- Reference:
- system aaa list <id> method <u32> group tacacs <id>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
TACACS server group
- Reference:
- system aaa list <id> method <u32> local
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
Local user database
- system aaa server
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
AAA server parameters
- system aaa server radius <id>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
- Values:
id – RADIUS server parameters
- Instances:
Multiple
- Required:
- Required:
- system aaa server radius <id> accounting-port <u32>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
Accounting port
- Values:
u32 – Numeric IP port (1-65535)
- system aaa server radius <id> address <ipv4|ipv6|fqdn>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
RADIUS server parameters configuration
- Values:
ipv4 – RADIUS server IPv4 address
ipv6 – RADIUS server IPv6 address
fqdn – RADIUS server hostname
- system aaa server radius <id> encrypted-key <password>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
- Values:
password – Encrypted key
- system aaa server radius <id> key <txt>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
- Values:
txt –
Shared secret key
These characters are allowed to be used for setting the shared key: alphanumeric characters: a-z A-Z 0-9 special characters: - + & ! @ # $ %% ^ * ( ) , . : _ It is recommended to use single quotes (’) for setting the shared-secret key. If special characters are being used, then single quotes are mandatory
- system aaa server radius <id> local-address <ipv4|ipv6>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
Source IP address used to initiate connection
- Values:
ipv4 – IPv4 source address
ipv6 – IPv6 source address
- Local IP address:
- system aaa server radius <id> port <u32>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
Authentication port
- Values:
u32 – Numeric IP port (1-65535)
- system aaa server radius <id> timeout <u32>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
Session timeout
- Values:
u32 – Session timeout in seconds (1-30)
- system aaa server radius <id> vpn
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
VPN-specific parameters
- system aaa server radius <id> vpn ipsec
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
IPSec-specific parameters
- system aaa server radius <id> vpn ipsec preference <u32>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
Specific priority of this server
This value allows (or denies) using another RADIUS server if the one which is being configured becomes unresponsive. A reachable server automatically gets a priority in between 110 and 210 (proportionally, higher is better). But be aware that a value higher than 110 will mark the server as a reachable even if it is not.
- Values:
u32 – Fair selection based on server load (0)
u32 – Prefer this server, as long as it is completely unloaded (1)
u32 – Prefer this server, unless more than half of the sockets are in use (50)
u32 – Always prefer this server, unless no sockets are currently available (99)
u32 – Always prefer the server, unless it gets unreachable (101)
u32 – Always use this server, even if it gets unreachable [DANGEROUS] (110-210)
u32 – Allowed priority values (0-210)
- system aaa server radius <id> vpn ipsec sockets <u32>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
Pre-allocated sockets to use
A single RADIUS client port can handle only one concurrent authentication session. Defining multiple client ports can help doing parallel authentication in high load scenarios. Notice that the higher this value is the higher the resources used are. Each server will have this amount of sockets, be careful changing this setting (10 servers with 5 sockets each one = 50 pre-allocated sockets)
- Values:
u32 – Pre-allocated sockets per each server (1-1024)
- system aaa server radius <id> vpn ipsec sockets <u32> nas-identifier <id>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
- Values:
id –
Identification used against the RADIUS server
These characters are allowed to be used when defining the identifier:
- system aaa server tacacs <id>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
- Values:
id – RADIUS server parameters
- Instances:
Multiple
- Required:
- Required:
- system aaa server tacacs <id> address <ipv4|ipv6|fqdn>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
Server address
- Values:
ipv4 – TACACS server IPv4 address
ipv6 – TACACS server IPv6 address
fqdn – TACACS server hostname
- system aaa server tacacs <id> encrypted-key <password>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
- Values:
password – Encrypted key
- system aaa server tacacs <id> key <txt>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
- Values:
txt –
Shared secret key
These characters are allowed to be used for setting the shared key: alphanumeric characters: a-z A-Z 0-9 special characters: - + & ! @ # $ %% ^ * ( ) , . : _ It is recommended to use single quotes (’) for setting the shared-secret key. If special characters are being used, then single quotes are mandatory
- system aaa server tacacs <id> local-address <ipv4|ipv6>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
Source IP address used to initiate connection
- Values:
ipv4 – IPv4 source address
ipv6 – IPv6 source address
- Local IP address:
- Instances:
Multiple
- system aaa server tacacs <id> port <u32>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
Authentication port
- Values:
u32 – Numeric IP port (1-65535)
- system aaa server tacacs <id> protocol <id>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
- Values:
id – Protocol type
- system aaa server tacacs <id> service <id>
- AresC640
Atlas840
M10-Smart
M2
RS420
RXL15000
SDE
- Values:
id – Service type