Command Line Reference
User Access And Authentication
AAA Configuration
9 min
aaa configuration aaa configuration show aaa show aaa \[command] show aaa \[purpose] view the authentication, authorization and billing settings configured in the network node \[view] system view \[use cases] sonic# show aaa aaa accounting command local (default) aaa authentication login local (default) aaa authentication failthrough false (default) aaa authorization command local (default) show tacacs status show tacacs status \[command] show tacacs status \[purpose] display the tacacs server status \[view] system view \[use cases] sonic# show tacacs status server ip status \ 192 168 0 78 online aaa accounting command aaa accounting command \[command] aaa accounting command {tacacs+|local|default} \[purpose] configure aaa billing method \[parameter] true 330,331#4283c7 unhandled content type #4283c7 unhandled content type unhandled content type unhandled content type #d8e5f5 unhandled content type #d8e5f5 unhandled content type unhandled content type unhandled content type \[view] system configuration view \[notes] tacacs+ and local can be used individually or in combination \[use cases] sonic(config)# aaa accounting command local tacacs+ aaa authentication failthrough {enable|default} aaa authentication failthrough {enable|default} \[command] aaa authentication failthrough {enable|default} no aaa authentication failthrough enable \[purpose] enable fail through \[parameter] default default enable enable \[view] system configuration view \[notes] this command is useful when the user has multiple tacacs + servers configured and the user has tacacs+ authentication enabled when an authentication request to the first server fails, this configuration allows the request to continue to the next server when this configuration is enabled, the authentication process will continue through all servers configured if this option is disabled and the authentication request fails on the first server, the authentication process will stop and logins will be disabled \[use cases] sonic(config)# aaa authentication failthrough enable aaa authentication fallback {enable|default} aaa authentication fallback {enable|default} \[command] aaa authentication fallback {enable|default} no aaa authentication fallback enable \[purpose] enable fallback \[parameter] default default enable enable \[view] system configuration view \[notes] when enabled, this command will fall back to local authentication when tacacs + authentication fails \[use cases] sonic(config)# aaa authentication fallback enable aaa authentication login aaa authentication login \[command] aaa authentication login {tacacs+|local|default} \[purpose] configure aaa login authentication method \[parameter] true 141,520#4283c7 unhandled content type #4283c7 unhandled content type unhandled content type unhandled content type #d8e5f5 unhandled content type #d8e5f5 unhandled content type unhandled content type unhandled content type \[view] system configuration view \[notes] tacacs+ and local as optional parameter, can be configured separately or combined \[use cases] sonic(config)# aaa authentication login tacacs+,local aaa authorization command aaa authorization command \[command] aaa authentication command {tacacs+|local|default} \[purpose] configure the aaa command authentication method \[parameter] true 141,520 left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 1 1 unhandled content type left #d8e5f5 1 1 unhandled content type \[view] system configuration view \[notes] tacacs+ and local as optional parameter, can be configured separately or combined \[use cases] sonic(config)# aaa authentication command tacacs+,local
