AAA Configuration
show aaa
Section titled “show aaa”[Command] show aaa
[Purpose] View the authentication, authorization and billing settings configured in the network node
[View] System view
[Use Cases]
sonic# show aaaAAA accounting command local (default)AAA authentication login local (default)AAA authentication failthrough False (default)AAA authorization command local (default)show tacacs status
Section titled “show tacacs status”[Command] show tacacs status
[Purpose] Display the TACACS server status
[View] System view
[Use Cases]
sonic# show tacacs statusSERVER IP STATUS------------ --------192.168.0.78 onlineaaa accounting command
Section titled “aaa accounting command”[Command] aaa accounting command {tacacs+|local|default}
[Purpose] Configure AAA billing method
[Parameter]
| Parameter | Description |
|---|---|
| tacacs+ | Command billing with TACACS+ |
| local | Local Billing |
| default | Reset back to default values, local billing |
[View] System configuration view
[Notes] Tacacs+ and local can be used individually or in combination.
[Use Cases]
sonic(config)# aaa accounting command local tacacs+aaa authentication failthrough {enable|default}
Section titled “aaa authentication failthrough {enable|default}”[Command] aaa authentication failthrough {enable|default}
no aaa authentication failthrough enable
[Purpose] Enable fail-through
[Parameter]
default Default
enable Enable
[View] System configuration view
[Notes] This command is useful when the user has multiple tacacs + servers configured and the user has tacacs+ authentication enabled. When an authentication request to the first server fails, this configuration allows the request to continue to the next server. When this configuration is enabled, the authentication process will continue through all servers configured. If this option is disabled and the authentication request fails on the first server, the authentication process will stop and logins will be disabled.
[Use Cases]
sonic(config)# aaa authentication failthrough enableaaa authentication fallback {enable|default}
Section titled “aaa authentication fallback {enable|default}”[Command] aaa authentication fallback {enable|default}
no aaa authentication fallback enable
[Purpose] Enable fallback
[Parameter]
default Default
enable Enable
[View] System configuration view
[Notes] When enabled, this command will fall back to local authentication when tacacs + authentication fails.
[Use Cases]
sonic(config)# aaa authentication fallback enableaaa authentication login
Section titled “aaa authentication login”[Command] aaa authentication login {tacacs+|local|default}
[Purpose] Configure aaa login authentication method
[Parameter]
| Parameter | Description |
|---|---|
| tacacs+ | Remote authentication based on tacacs + |
| local | Using Local Authentication |
| default | Reset back to the default value to enable local authentication only |
[View] System configuration view
[Notes] Tacacs+ and local as optional parameter, can be configured separately or combined.
[Use Cases]
sonic(config)# aaa authentication login tacacs+,localaaa authorization command
Section titled “aaa authorization command”[Command] aaa authentication command {tacacs+|local|default}
[Purpose] Configure the aaa command authentication method
[Parameter]
| Parameter | Description |
|---|---|
| tacacs+ | Using tacacs + for command authentication |
| local | Command Local Authentication |
| default | Reset back to default values, local forensics |
[View] System configuration view
[Notes] Tacacs+ and local as optional parameter, can be configured separately or combined.
[Use Cases]
sonic(config)# aaa authentication command tacacs+,local