aaa --- .. osdx:cfgcmd:: system aaa .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE AAA subsystem .. osdx:cfgcmd:: system aaa authorization .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE Authorization parameters .. osdx:cfgcmd:: system aaa authorization privilege-map .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE Privilege level to role mapping .. osdx:cfgcmd:: system aaa authorization privilege-map radius .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE RADIUS privilege level .. osdx:cfgcmd:: system aaa authorization privilege-map radius privileged .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE RADIUS privileged user privilege level .. osdx:cfgcmd:: system aaa authorization privilege-map radius privileged role .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE :arg id: Mapped role .. osdx:cfgcmd:: system aaa authorization privilege-map radius standard .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE RADIUS standard user privilege level .. osdx:cfgcmd:: system aaa authorization privilege-map radius standard role .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE :arg id: Mapped role .. osdx:cfgcmd:: system aaa authorization privilege-map tacacs .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE TACACS privilege level :arg u32: Privilege level (0-15) :instances: Multiple :ref Required: .. osdx:cfgcmd:: system aaa authorization privilege-map tacacs role .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE :arg id: Mapped role for privilege level .. osdx:cfgcmd:: system aaa group .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE AAA server group parameters .. osdx:cfgcmd:: system aaa group radius .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE :arg id: RADIUS AAA server group parameters :instances: Multiple :ref Required: system aaa server radius * .. osdx:cfgcmd:: system aaa group radius local-vrf .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE Server group VRF :ref Reference: system vrf * .. osdx:cfgcmd:: system aaa group radius server .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE RADIUS server :ref Reference: system aaa server radius * :instances: Multiple .. osdx:cfgcmd:: system aaa group radius server priority .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE Server priority (lowest first) :arg u32: Server priority (1-255) .. osdx:cfgcmd:: system aaa group tacacs .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE :arg id: TACACS AAA server group parameters :instances: Multiple :ref Required: system aaa server tacacs * .. osdx:cfgcmd:: system aaa group tacacs cache-time .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE Server group cache expiration time :arg u32: Disable cache (0) :arg u32: Seconds to expiration (1-4294967295) .. osdx:cfgcmd:: system aaa group tacacs local-vrf .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE Server group VRF :ref Reference: system vrf * .. osdx:cfgcmd:: system aaa group tacacs server .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE Add a server to the group :ref Reference: system aaa server tacacs * :instances: Multiple .. osdx:cfgcmd:: system aaa group tacacs server priority .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE Server priority (lowest first) :arg u32: Server priority (1-255) .. osdx:cfgcmd:: system aaa list .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE AAA list parameters :arg id: AAA list name :instances: Multiple .. osdx:cfgcmd:: system aaa list method .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE :arg u32: AAA method :instances: Unique .. osdx:cfgcmd:: system aaa list method group .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE AAA server group :instances: Unique .. osdx:cfgcmd:: system aaa list method group radius .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE RADIUS server group :ref Reference: system aaa group radius * .. osdx:cfgcmd:: system aaa list method group tacacs .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE TACACS server group :ref Reference: system aaa group tacacs * .. osdx:cfgcmd:: system aaa list method local .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE Local user database .. osdx:cfgcmd:: system aaa server .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE AAA server parameters .. osdx:cfgcmd:: system aaa server radius .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE :arg id: RADIUS server parameters :instances: Multiple :ref Required: :ref Required: .. osdx:cfgcmd:: system aaa server radius accounting-port .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE Accounting port :arg u32: Numeric IP port (1-65535) .. osdx:cfgcmd:: system aaa server radius address .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE RADIUS server parameters configuration :arg ipv4: RADIUS server IPv4 address :arg ipv6: RADIUS server IPv6 address :arg fqdn: RADIUS server hostname .. osdx:cfgcmd:: system aaa server radius encrypted-key .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE :arg password: Encrypted key .. osdx:cfgcmd:: system aaa server radius key .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE :arg txt: Shared secret key These characters are allowed to be used for setting the shared key: alphanumeric characters: a-z A-Z 0-9 special characters: - + & ! @ # $ %% ^ * ( ) , . : _ It is recommended to use single quotes (') for setting the shared-secret key. If special characters are being used, then single quotes are mandatory .. osdx:cfgcmd:: system aaa server radius local-address .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE Source IP address used to initiate connection :arg ipv4: IPv4 source address :arg ipv6: IPv6 source address :Local IP address: .. osdx:cfgcmd:: system aaa server radius port .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE Authentication port :arg u32: Numeric IP port (1-65535) .. osdx:cfgcmd:: system aaa server radius timeout .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE Session timeout :arg u32: Session timeout in seconds (1-30) .. osdx:cfgcmd:: system aaa server radius vpn .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE VPN-specific parameters .. osdx:cfgcmd:: system aaa server radius vpn ipsec .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE IPSec-specific parameters .. osdx:cfgcmd:: system aaa server radius vpn ipsec preference .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE Specific priority of this server This value allows (or denies) using another RADIUS server if the one which is being configured becomes unresponsive. A reachable server automatically gets a priority in between 110 and 210 (proportionally, higher is better). But be aware that a value higher than 110 will mark the server as a reachable even if it is not. :arg u32: Fair selection based on server load (0) :arg u32: Prefer this server, as long as it is completely unloaded (1) :arg u32: Prefer this server, unless more than half of the sockets are in use (50) :arg u32: Always prefer this server, unless no sockets are currently available (99) :arg u32: Always prefer the server, unless it gets unreachable (101) :arg u32: Always use this server, even if it gets unreachable [DANGEROUS] (110-210) :arg u32: Allowed priority values (0-210) .. osdx:cfgcmd:: system aaa server radius vpn ipsec sockets .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE Pre-allocated sockets to use A single RADIUS client port can handle only one concurrent authentication session. Defining multiple client ports can help doing parallel authentication in high load scenarios. Notice that the higher this value is the higher the resources used are. Each server *will have* this amount of sockets, be careful changing this setting (10 servers with 5 sockets each one = 50 pre-allocated sockets) :arg u32: Pre-allocated sockets per each server (1-1024) .. osdx:cfgcmd:: system aaa server radius vpn ipsec sockets nas-identifier .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE :arg id: Identification used against the RADIUS server These characters are allowed to be used when defining the identifier: .. osdx:cfgcmd:: system aaa server tacacs .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE :arg id: TACACS server parameters :instances: Multiple :ref Required: :ref Required: .. osdx:cfgcmd:: system aaa server tacacs address .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE Server address :arg ipv4: TACACS server IPv4 address :arg ipv6: TACACS server IPv6 address :arg fqdn: TACACS server hostname .. osdx:cfgcmd:: system aaa server tacacs encrypted-key .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE :arg password: Encrypted key .. osdx:cfgcmd:: system aaa server tacacs key .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE :arg txt: Shared secret key These characters are allowed to be used for setting the shared key: alphanumeric characters: a-z A-Z 0-9 special characters: - + & ! @ # $ %% ^ * ( ) , . : _ It is recommended to use single quotes (') for setting the shared-secret key. If special characters are being used, then single quotes are mandatory .. osdx:cfgcmd:: system aaa server tacacs local-address .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE Source IP address used to initiate connection :arg ipv4: IPv4 source address :arg ipv6: IPv6 source address :Local IP address: :instances: Multiple .. osdx:cfgcmd:: system aaa server tacacs port .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE Authentication port :arg u32: Numeric IP port (1-65535) .. osdx:cfgcmd:: system aaa server tacacs protocol .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE :arg id: Protocol type .. osdx:cfgcmd:: system aaa server tacacs service .. raw:: html AresC640 Atlas840 H5-Rail M10-Smart M2 M20 RS420 RXL15000 SDE :arg id: Service type