2.6. aaa¶
Note
requires a Product License.
Configuration data for aaa servers.
vsr running config# system aaa
2.6.1. local-authentication¶
Tell if the local authentication should be tried anyway when it failed remotely, if it should be tried only if the remote server did not answer or if it should be always done for root and be tried only when the remote server is unreachable for non root users. If unset, default is always.
vsr running config# system aaa
vsr running aaa# local-authentication LOCAL-AUTHENTICATION
|
Description |
|---|---|
always |
Always try local authentication. |
always-for-root |
Always do local authentication for root. Try local authentication only if remote servers are unreachable for non root users. |
fallback |
Try local authentication only if remote servers are unreachable. |
2.6.2. tacacs¶
List of tacacs servers on the system.
vsr running config# system aaa tacacs <uint32>
<uint32> |
Order for TACACS+ servers. They will be reached by increasing order value. |
address (mandatory)¶
TACACS+ server IPv4 or IPv6 address.
vsr running config# system aaa tacacs <uint32>
vsr running tacacs <uint32># address ADDRESS
ADDRESS |
An IPv4 or IPv6 address. |
port¶
Port number to reach the TACACS server.
vsr running config# system aaa tacacs <uint32>
vsr running tacacs <uint32># port <uint16>
- Default value
49
secret (mandatory)¶
TACACS+ client/server shared secret. The # and space characters are not allowed and the string should not exceed 63 characters.
vsr running config# system aaa tacacs <uint32>
vsr running tacacs <uint32># secret <string>
timeout¶
Timeout before trying to reach another TACACS+ server.
vsr running config# system aaa tacacs <uint32>
vsr running tacacs <uint32># timeout <uint8>
- Default value
3
vrf¶
The VRF from which the TACACS+ server will be joined.
vsr running config# system aaa tacacs <uint32>
vsr running tacacs <uint32># vrf VRF
VRF |
The vrf name. |
- Default value
main
2.6.3. radius¶
The list of RADIUS servers.
vsr running config# system aaa radius <uint32>
<uint32> |
Order for RADIUS servers. They will be reached by increasing order value. |
address (mandatory)¶
RADIUS server IPv4 or IPv6 address.
vsr running config# system aaa radius <uint32>
vsr running radius <uint32># address ADDRESS
ADDRESS |
An IPv4 or IPv6 address. |
port¶
Port number to reach the RADIUS server.
vsr running config# system aaa radius <uint32>
vsr running radius <uint32># port <uint16>
- Default value
1812
secret (mandatory)¶
RADIUS client/server shared secret.
vsr running config# system aaa radius <uint32>
vsr running radius <uint32># secret <string>
timeout¶
Timeout before trying to reach another RADIUS server.
vsr running config# system aaa radius <uint32>
vsr running radius <uint32># timeout <uint8>
- Default value
3
source¶
RADIUS IPv4 or IPv6 source address.
vsr running config# system aaa radius <uint32>
vsr running radius <uint32># source SOURCE
SOURCE |
An IPv4 or IPv6 address. |
vrf¶
The VRF from which the RADIUS server will be joined.
vsr running config# system aaa radius <uint32>
vsr running radius <uint32># vrf VRF
VRF |
The vrf name. |
- Default value
main