Command Line Reference
Security Configuration
AAA
24 min
aaa aaa view aaa view table 1 aaa view table 1 aaa view true 329,329#4283c7 unhandled content type #4283c7 unhandled content type unhandled content type unhandled content type show aaa show aaa \[command] show aaa \[purpose] display aaa configuration \[view] privileged user view \[use cases] sonic# show aaa aaa accounting command local (default) aaa authentication login local (default) aaa authentication failthrough false (default) aaa authorization command local (default) aaa config aaa config table 2 aaa config table 2 aaa config true 441,217#4283c7 unhandled content type #4283c7 unhandled content type unhandled content type unhandled content type #d8e5f5 unhandled content type #d8e5f5 unhandled content type unhandled content type unhandled content type aaa authentication mode failthrough {enable|disable|default} aaa authentication mode failthrough {enable|disable|default} \[command] aaa authentication mode failthrough {enable|disable|default} \[purpose] configure authentication failthrough feature of aaa \[view] global configuration view \[notes] this feature is disabled by default when it is enabled, during multi level authentication, if the first level of authentication fails, it will continue to the second level otherwise, it will end directly \[use cases] sonic# configure sonic(config)# aaa authentication mode failthrough enable aaa authentication mode login {tacacs+|local|tacacs+,local|local,tacacs+|radius,local|local,radius|radius|default} aaa authentication mode login {tacacs+|local|tacacs+,local|local,tacacs+|radius,local|local,radius|radius|default} \[command] aaa authentication mode login { tacacs+ | local | tacacs+,local | local,tacacs+ | radius,local | local,radius | radius | default } \[purpose] set authentication mode of aaa \[view] global configuration view \[notes] the default mode is local the comma separated patterns indicate multi level authentication \[use cases] sonic# configure sonic(config)# aaa authentication mode login tacacs+,local aaa accounting mode {tacacs+|local|tacacs+,local|local,tacacs+|default} aaa accounting mode {tacacs+|local|tacacs+,local|local,tacacs+|default} \[command] aaa accounting mode { tacacs+ | local | tacacs+,local | local,tacacs+ | default } \[purpose] set accounting mode of aaa \[view] global configuration view \[notes] the default mode is local the comma separated patterns indicate multi level accounting \[use cases] sonic# configure sonic(config)# aaa accounting mode tacacs+ radius radius radius view radius view table 3 radius view table 3 radius view true 329,329#4283c7 unhandled content type #4283c7 unhandled content type unhandled content type unhandled content type show radius show radius \[command] show radius \[purpose] display radius configuration \[view] privileged user view \[use cases] sonic# show radius radius global auth type pap (default) radius global retransmit 3 (default) radius global timeout 5 (default) radius global passkey \<empty string> (default) radius config radius config table 4 radius config table 4 radius config true 430,228#4283c7 unhandled content type #4283c7 unhandled content type unhandled content type unhandled content type #d8e5f5 unhandled content type #d8e5f5 unhandled content type radius server radius server server ip \[priority priority |port port number |use mgmt vrf] shared secret \[command] radius server server ip \[ priority priority | port port number | use mgmt vrf ] shared secret \[purpose] configure a radius server \[parameters] true 183,475#4283c7 unhandled content type #4283c7 unhandled content type unhandled content type unhandled content type #d8e5f5 unhandled content type #d8e5f5 unhandled content type \[view] global configuration view \[notes] you will be prompted to enter the key after the command is entered run command no radius server server ip to delete radius server configuration \[use cases] sonic# configure sonic(config)# radius server 10 250 0 244 shared secret radius nasip radius nasip ip address \[command] radius nasip ip address \[purpose] configure the nas ip address of the radius \[parameters] true 143,515#4283c7 unhandled content type #4283c7 unhandled content type unhandled content type unhandled content type \[view] global configuration view \[notes] run no radius nasip to restore the nasip address of the radius to its default value \[use cases] sonic# configure sonic(config)# radius nasip 1 1 1 1 tacacs+ tacacs+ tacacs+ view tacacs+ view table 5 tacacs+ view table 5 tacacs+ view true 329,329#4283c7 unhandled content type #4283c7 unhandled content type unhandled content type unhandled content type show tacacs show tacacs \[command] show tacacs \[purpose] display tacacs configuration \[view] privileged user view \[use cases] sonic# show tacacs tacplus global auth type pap (default) tacplus global timeout 5 (default) tacplus global passkey \<empty string> (default) tacacs+ config tacacs+ config table 6 tacacs+ config table 6 tacacs+ config true 412,246#4283c7 unhandled content type #4283c7 unhandled content type unhandled content type unhandled content type #d8e5f5 unhandled content type #d8e5f5 unhandled content type unhandled content type unhandled content type #d8e5f5 unhandled content type #d8e5f5 unhandled content type unhandled content type unhandled content type #d8e5f5 unhandled content type #d8e5f5 unhandled content type tacacs server authtype {chap|pap|mschap|login} tacacs server authtype {chap|pap|mschap|login} \[command] tacacs server authtype { chap|pap|mschap|login } \[purpose] specify the authentication type of the tacacs server \[view] global configuration view \[use cases] sonic# configure sonic(config)# tacacs server authtype chap tacacs server default {authtype|passkey|timeout} tacacs server default {authtype|passkey|timeout} \[command] tacacs server default { authtype|passkey|timeout } \[purpose] restore to the default tacacs configuration \[view] global configuration view \[use cases] sonic# configure sonic(config)# tacacs server default authtype tacacs server passkey tacacs server passkey \[command] tacacs server passkey \[purpose] configure the global key for tacacs \[view] global configuration view \[use cases] sonic# configure sonic(config)# tacacs server passkey please enter passkey sonic(config)# tacacs server cipher tacacs server cipher ciphertext \[command] tacacs server cipher ciphertext \[purpose] configure the global key for tacacs with ciphertext \[parameters] true 329,329#4283c7 unhandled content type #4283c7 unhandled content type unhandled content type unhandled content type \[view] global configuration view \[use cases] sonic# configure sonic(config)# tacacs server cipher u2fsdgvkx1/k50xacc66gpxcarr94pu8i3huspusk7u= tacacs server timeout tacacs server timeout interval \[command] tacacs server timeout interval \[purpose] configure the global timeout for tacacs \[parameters] true 161,497#4283c7 unhandled content type #4283c7 unhandled content type unhandled content type unhandled content type \[view] global configuration view \[use cases] sonic# configure sonic(config)# tacacs server timeout 60 tacacs server tacacs server server ip \[cipher ciphertext |timeout interval |key|auth type type |port tcp port |pri priority |use mgmt vrf] \[command] tacacs server server ip \[ cipher ciphertext | timeout interval | key | auth type type | port tcp port | pri priority | use mgmt vrf ] \[purpose] configure a tacacs server \[parameters] true 142,516#4283c7 unhandled content type #4283c7 unhandled content type unhandled content type unhandled content type #d8e5f5 unhandled content type #d8e5f5 unhandled content type unhandled content type unhandled content type #d8e5f5 unhandled content type #d8e5f5 unhandled content type unhandled content type unhandled content type #d8e5f5 unhandled content type #d8e5f5 unhandled content type \[view] global configuration view \[notes] run command no tacacs server a b c d to delete the tacacs server \[use cases] sonic# configure sonic(config)# tacacs server 10 250 0 244 timeout 5 key auth type chap port 2 pri 2 use mgmt vrf please enter passkey sonic(config)#
