AAA

asternos aaa authentication, authorization, and accounting (aaa) is a framework for controlling access to network resources it provides a way to manage user access and permissions, ensuring that only authorized users can access specific resources asternos support authentication, authorization, and accounting (aaa) for user management with following capabilities for authentication, asternos supports the following methods local authentication radius authentication tacacs+ authentication for authorization, asternos supports the following methods local authorization tacacs+ authorization radius authorization for accounting, asternos supports the following methods local accounting tacacs+ accounting radius accounting modify aaa configuration the following example give a typical aaa configuration use tacacs+ as primary authentication protocol, and local as secondary protocol enable failthrough and fallback for authentication, which will allow local user database to be used if tacacs+ server is unreachable enable debug for authentication, which will log detailed information about authentication attempts use tacacs+ as authorization protocol, and enable auth cmd, which strictly checks user permissions for executing commands via tacacs+ protocol enable debug for authorization, which will log detailed information about authorization attempts use tacacs+ as accounting protocol, which will sending user activity logs to tacacs+ server request example \<config>\<top> \<aaa> \<accounting> \<protocol>tacacs+\</protocol> \</accounting> \<authorization> \<protocol>tacacs+\</protocol> \<auth service>false\</auth service> \<auth cmd>true\</auth cmd> \<debug>true\</debug> \</authorization> \<authentication> \<protocol>tacacs+\</protocol> \<protocol>local\</protocol> \<failthrough>true\</failthrough> \<fallback>true\</fallback> \<debug>true\</debug> \</authentication> \</aaa> \</top>\</config> response example \<rpc reply xmlns="urn\ ietf\ params\ xml\ ns\ netconf\ base 1 0" message id="urn\ uuid\ c0494172 98ab 4056 b83c 8c0df58e3e92"> \<ok/> \</rpc reply> get current aaa configurations request example to get current aaa configurations via get config \<filter type="subtree"> \<top> \<aaa/> \</top> \</filter>""" response example \<data xmlns="urn\ ietf\ params\ xml\ ns\ netconf\ base 1 0"> \<top> \<aaa xmlns="http //asterfusion com/ns/yang/asternos aaa"> \<accounting> \<protocol>tacacs+\</protocol> \</accounting> \<authentication> \<protocol>tacacs+\</protocol> \<protocol>local\</protocol> \<failthrough>true\</failthrough> \<fallback>true\</fallback> \<debug>true\</debug> \</authentication> \<authorization> \<protocol>tacacs+\</protocol> \<auth service>false\</auth service> \<auth cmd>true\</auth cmd> \<debug>true\</debug> \</authorization> \</aaa> \</top> \</data> reset aaa configurations request example to reset aaa configurations to factory default \<config>\<top> \<aaa operation="delete"/> \</top>\</config> response example \<rpc reply xmlns="urn\ ietf\ params\ xml\ ns\ netconf\ base 1 0" message id="urn\ uuid\ fcc97206 be43 444a 8a9c 1d69cc14992f"> \<ok/> \</rpc reply> show aaa status via rpc use show aaa rpc to show current aaa status request example to show current aaa configurations in cli format via rpc show aaa \<show aaa/> response example \<rpc reply xmlns="urn\ ietf\ params\ xml\ ns\ netconf\ base 1 0" message id="urn\ uuid 55a84d56 e32a 4713 87ae 674b4070812f"> \<data xmlns="http //asterfusion com/ns/yang/asternos aaa"> aaa authentication login \['tacacs+', 'local'] aaa authentication failthrough true aaa authentication fallback true aaa authentication debug true aaa authorization command \['tacacs+'] aaa authorization auth cmd true aaa authorization debug true aaa accounting command \['tacacs+'] \</data> \</rpc reply>