AAA
24 min
aaa \<font color="#1d50a2">aaa view\</font> \<font color="#1d05a2">table 1 aaa view\</font> command purpose show aaa display aaa configuration \<font color="#1d50a2">show aaa\</font> \[command] show aaa \[purpose] display aaa configuration \[view] privileged user view \[use cases] sonic# show aaa aaa accounting command local (default) aaa authentication login local (default) aaa authentication failthrough false (default) aaa authorization command local (default) \<font color="#1d50a2">aaa config\</font> \<font color="#1d05a2">table 2 aaa config\</font> command purpose aaa authentication mode failthrough {enable|disable|default} configure authentication failthrough feature of aaa aaa authentication mode login {tacacs+|local|tacacs+,local|local,tacacs+|radius,local|local,radius|radius|default} set authentication mode of aaa aaa accounting mode {tacacs+|local|tacacs+,local|local,tacacs+|default} set accounting mode of aaa \<font color="#1d50a2">aaa authentication mode failthrough {enable|disable|default}\</font> \[command] aaa authentication mode failthrough {enable|disable|default} \[purpose] configure authentication failthrough feature of aaa \[view] global configuration view \[notes] this feature is disabled by default when it is enabled, during multi level authentication, if the first level of authentication fails, it will continue to the second level otherwise, it will end directly \[use cases] sonic# configure sonic(config)# aaa authentication mode failthrough enable \<font color="#1d50a2">aaa authentication mode login {tacacs+|local|tacacs+,local|local,tacacs+|radius,local|local,radius|radius|default}\</font> \[command] aaa authentication mode login { tacacs+ | local | tacacs+,local | local,tacacs+ | radius,local | local,radius | radius | default } \[purpose] set authentication mode of aaa \[view] global configuration view \[notes] the default mode is local the comma separated patterns indicate multi level authentication \[use cases] sonic# configure sonic(config)# aaa authentication mode login tacacs+,local \<font color="#1d50a2">aaa accounting mode {tacacs+|local|tacacs+,local|local,tacacs+|default}\</font> \[command] aaa accounting mode { tacacs+ | local | tacacs+,local | local,tacacs+ | default } \[purpose] set accounting mode of aaa \[view] global configuration view \[notes] the default mode is local the comma separated patterns indicate multi level accounting \[use cases] sonic# configure sonic(config)# aaa accounting mode tacacs+ \<font color="#1d50a2">radius\</font> \<font color="#1d50a2">radius view\</font> \<font color="#1d05a2">table 3 radius view\</font> command purpose show radius display radius configuration \<font color="#1d50a2">show radius\</font> \[command] show radius \[purpose] display radius configuration \[view] privileged user view \[use cases] sonic# show radius radius global auth type pap (default) radius global retransmit 3 (default) radius global timeout 5 (default) radius global passkey \<empty string> (default) \<font color="#1d50a2">radius config\</font> \<font color="#1d05a2">table 4 radius config\</font> command purpose radius server server ip \[ priority priority|port port number|use mgmt vrf ] shared secret configure a radius server radius nasip ip address configure nasip address \<font color="#1d50a2">radius server \</font> \[command] radius server server ip \[ priority priority | port port number | use mgmt vrf ] shared secret \[purpose] configure a radius server \[parameters] parameter description server ip radius server ip address port number specify the port number to be used, ranging from 1 65535, with a default value of 1812 \[view] global configuration view \[notes] you will be prompted to enter the key after the command is entered run command no radius server server ip to delete radius server configuration \[use cases] sonic# configure sonic(config)# radius server 10 250 0 244 shared secret \<font color="#1d50a2">radius nasip \</font> \[command] radius nasip ip address \[purpose] configure the nas ip address of the radius \[parameters] parameter description ip address nas ip address, supports ipv4 or ipv6, default address is 127 0 0 1 \[view] global configuration view \[notes] run no radius nasip to restore the nasip address of the radius to its default value \[use cases] sonic# configure sonic(config)# radius nasip 1 1 1 1 \<font color="#1d50a2">tacacs+\</font> \<font color="#1d50a2">tacacs+ view\</font> \<font color="#1d05a2">table 5 tacacs+ view\</font> command purpose show tacacs display tacacs configuration \<font color="#1d50a2">show tacacs\</font> \[command] show tacacs \[purpose] display tacacs configuration \[view] privileged user view \[use cases] sonic# show tacacs tacplus global auth type pap (default) tacplus global timeout 5 (default) tacplus global passkey \<empty string> (default) \<font color="#1d50a2">\</font> \<font color="#1d05a2">table 6 tacacs+ config\</font> command purpose tacacs server authtype {chap|pap|mschap|login} specify the authentication type of the tacacs server tacacs server default {authtype|passkey|timeout} restore to the default tacacs configuration tacacs server passkey configure the global key for tacacs tacacs server cipher ciphertext configure the global key for tacacs with ciphertext tacacs server timeout interval configure the global timeout for tacacs tacacs server server ip \[ cipher ciphertext | timeout interval | key | auth type type | port tcp port | pri priority | use mgmt vrf ] configure a tacacs server \<font color="#1d50a2">tacacs server authtype {chap|pap|mschap|login}\</font> \[command] tacacs server authtype { chap|pap|mschap|login } \[purpose] specify the authentication type of the tacacs server \[view] global configuration view \[use cases] sonic# configure sonic(config)# tacacs server authtype chap \<font color="#1d50a2">\</font> \[command] tacacs server default { authtype|passkey|timeout } \[purpose] restore to the default tacacs configuration \[view] global configuration view \[use cases] sonic# configure sonic(config)# tacacs server default authtype \<font color="#1d50a2">tacacs server passkey\</font> \[command] tacacs server passkey \[purpose] configure the global key for tacacs \[view] global configuration view \[use cases] sonic# configure sonic(config)# tacacs server passkey please enter passkey sonic(config)# \<font color="#1d50a2">tacacs server cipher \</font> \[command] tacacs server cipher ciphertext \[purpose] configure the global key for tacacs with ciphertext \[parameters] parameter description ciphertext the passkey of ciphertext \[view] global configuration view \[use cases] sonic# configure sonic(config)# tacacs server cipher u2fsdgvkx1/k50xacc66gpxcarr94pu8i3huspusk7u= \<font color="#1d50a2">\</font> \[command] tacacs server timeout interval \[purpose] configure the global timeout for tacacs \[parameters] parameter description interval specify the interval in seconds the range is from 0 to 60 \[view] global configuration view \[use cases] sonic# configure sonic(config)# tacacs server timeout 60 \<font color="#1d50a2">tacacs server \</font> \[command] tacacs server server ip \[ cipher ciphertext | timeout interval | key | auth type type | port tcp port | pri priority | use mgmt vrf ] \[purpose] configure a tacacs server \[parameters] parameter description server ip tacacs server ip address ciphertext the passkey of ciphertext interval specify the interval in seconds the default is 5 type specify the authentication type optional chap, pap, mschap, login tcp port specify the tcp port number, the default is 49 and the range is \[1,65535] priority specify the priority, the default is 1 \[view] global configuration view \[notes] run command no tacacs server a b c d to delete the tacacs server \[use cases] sonic# configure sonic(config)# tacacs server 10 250 0 244 timeout 5 key auth type chap port 2 pri 2 use mgmt vrf please enter passkey sonic(config)#
