AAA
此内容尚不支持你的语言。
AAA View
Section titled “AAA View”Table 1 AAA View
| Command | Purpose |
|---|---|
| show aaa | Display AAA configuration. |
show aaa
Section titled “show aaa”[Command] show aaa
[Purpose] Display AAA configuration.
[View] Privileged User View
[Use Cases]
sonic# show aaaAAA accounting command local (default)AAA authentication login local (default)AAA authentication failthrough False (default)AAA authorization command local (default)AAA Config
Section titled “AAA Config”Table 2 AAA Config
| Command | Purpose |
|---|---|
| aaa authentication-mode failthrough {enable|disable|default} | Configure authentication failthrough feature of AAA. |
| aaa authentication-mode login {tacacs+|local|tacacs+,local|local,tacacs+|radius,local|local,radius|radius|default} | Set authentication mode of AAA. |
| aaa accounting-mode {tacacs+|local|tacacs+,local|local,tacacs+|default} | Set accounting mode of AAA. |
aaa authentication-mode failthrough {enable|disable|default}
Section titled “aaa authentication-mode failthrough {enable|disable|default}”[Command] aaa authentication-mode failthrough {enable|disable|default}
[Purpose] Configure authentication failthrough feature of AAA.
[View] Global Configuration View
[Notes] This feature is disabled by default. When it is enabled, during multi-level authentication, if the first level of authentication fails, it will continue to the second level. Otherwise, it will end directly.
[Use Cases]
sonic# configuresonic(config)# aaa authentication-mode failthrough enableaaa authentication-mode login {tacacs+|local|tacacs+,local|local,tacacs+|radius,local|local,radius|radius|default}
Section titled “aaa authentication-mode login {tacacs+|local|tacacs+,local|local,tacacs+|radius,local|local,radius|radius|default}”[Command] aaa authentication-mode login {tacacs+|local|tacacs+,local|local,tacacs+|radius,local|local,radius|radius|default}
[Purpose] Set authentication mode of AAA.
[View] Global Configuration View
[Notes] The default mode is local. The comma separated patterns indicate multi-level authentication.
[Use Cases]
sonic# configuresonic(config)# aaa authentication-mode login tacacs+,localaaa accounting-mode {tacacs+|local|tacacs+,local|local,tacacs+|default}
Section titled “aaa accounting-mode {tacacs+|local|tacacs+,local|local,tacacs+|default}”[Command] aaa accounting-mode {tacacs+|local|tacacs+,local|local,tacacs+|default}
[Purpose] Set accounting mode of AAA.
[View] Global Configuration View
[Notes] The default mode is local. The comma separated patterns indicate multi-level accounting.
[Use Cases]
sonic# configuresonic(config)# aaa accounting-mode tacacs+RADIUS
Section titled “RADIUS”RADIUS View
Section titled “RADIUS View”Table 3 RADIUS View
| Command | Purpose |
|---|---|
| show radius | Display RADIUS configuration. |
show radius
Section titled “show radius”[Command] show radius
[Purpose] Display RADIUS configuration.
[View] Privileged User View
[Use Cases]
sonic# show radiusRADIUS global auth_type pap (default)RADIUS global retransmit 3 (default)RADIUS global timeout 5 (default)RADIUS global passkey <EMPTY_STRING> (default)RADIUS Config
Section titled “RADIUS Config”Table 4 RADIUS Config
| Command | Purpose |
|---|---|
| radius server server-ip [priority priority|port port_number|use-mgmt-vrf] shared-secret | Configure a RADIUS server. |
| radius nasip ip address | Configure nasip address. |
radius server
Section titled “radius server”[Command] radius server server-ip [priority priority|port port_number|use-mgmt-vrf] shared-secret
[Purpose] Configure a RADIUS server.
[Parameters]
| Parameter | Description |
|---|---|
| server-ip | RADIUS Server IP address. |
| port_number | Specify the port number to be used, ranging from 1-65535, with a default value of 1812. |
[View] Global Configuration View
[Notes] You will be prompted to enter the key after the command is entered. Run command no radius server server-ip to delete RADIUS server configuration.
[Use Cases]
sonic# configuresonic(config)# radius server 10.250.0.244 shared-secretradius nasip
Section titled “radius nasip”[Command] radius nasip ip_address
[Purpose] Configure the NAS-IP address of the RADIUS.
[Parameters]
| Parameter | Description |
|---|---|
| ip_address | NAS-IP address, supports IPv4 or IPv6, default address is 127.0.0.1. |
[View] Global Configuration View
[Notes] Run no radius nasip to restore the nasip address of the radius to its default value
[Use Cases]
sonic# configuresonic(config)# radius nasip 1.1.1.1TACACS+
Section titled “TACACS+”TACACS+ View
Section titled “TACACS+ View”Table 5 TACACS+ View
| Command | Purpose |
|---|---|
| show tacacs | Display TACACS configuration. |
show tacacs
Section titled “show tacacs”[Command] show tacacs
[Purpose] Display TACACS configuration.
[View] Privileged User View
[Use Cases]
sonic# show tacacsTACPLUS global auth_type pap (default)TACPLUS global timeout 5 (default)TACPLUS global passkey <EMPTY_STRING> (default)Table 6 TACACS+ Config
| Command | Purpose |
|---|---|
| tacacs-server authtype {chap|pap|mschap|login} | Specify the authentication type of the TACACS server. |
| tacacs-server default {authtype|passkey|timeout} | Restore to the default TACACS configuration. |
| tacacs-server passkey | Configure the global key for TACACS. |
| tacacs-server cipher ciphertext | Configure the global key for TACACS with ciphertext. |
| tacacs-server timeout interval | Configure the global timeout for TACACS. |
| tacacs-server server-ip [cipher ciphertext|timeout interval|key|auth-type type|port tcp_port|pri priority|use-mgmt-vrf] | Configure a TACACS server. |
tacacs-server authtype {chap|pap|mschap|login}
Section titled “tacacs-server authtype {chap|pap|mschap|login}”[Command] tacacs-server authtype {chap|pap|mschap|login}
[Purpose] Specify the authentication type of the TACACS server.
[View] Global Configuration View
[Use Cases]
sonic# configuresonic(config)# tacacs-server authtype chap[Command] tacacs-server default {authtype|passkey|timeout}
[Purpose] Restore to the default TACACS configuration.
[View] Global Configuration View
[Use Cases]
sonic# configuresonic(config)# tacacs-server default authtypetacacs-server passkey
Section titled “tacacs-server passkey”[Command] tacacs-server passkey
[Purpose] Configure the global key for TACACS.
[View] Global Configuration View
[Use Cases]
sonic# configuresonic(config)# tacacs-server passkeyPlease enter passkey:sonic(config)#tacacs-server cipher
Section titled “tacacs-server cipher”[Command] tacacs-server cipher ciphertext
[Purpose] Configure the global key for TACACS with ciphertext.
[Parameters]
| Parameter | Description |
|---|---|
| ciphertext | The passkey of ciphertext. |
[View] Global Configuration View
[Use Cases]
sonic# configuresonic(config)# tacacs-server cipher U2FsdGVkX1/k50xAcc66gpXcarr94pu8i3HUSpUsK7U=[Command] tacacs-server timeout interval
[Purpose] Configure the global timeout for TACACS.
[Parameters]
| Parameter | Description |
|---|---|
| interval | Specify the interval in seconds. The range is from 0 to 60. |
[View] Global Configuration View
[Use Cases]
sonic# configuresonic(config)# tacacs-server timeout 60tacacs-server
Section titled “tacacs-server”[Command] tacacs-server server-ip [cipher ciphertext|timeout interval|key|auth-type type|port tcp_port|pri priority|use-mgmt-vrf]
[Purpose] Configure a TACACS server.
[Parameters]
| Parameter | Description |
|---|---|
| server-ip | TACACS Server IP address. |
| ciphertext | The passkey of ciphertext. |
| interval | Specify the interval in seconds. The default is 5. |
| type | Specify the authentication type. Optional chap, pap, mschap, login. |
| tcp_port | Specify the TCP port number, the default is 49.and the range is [1,65535]. |
| priority | Specify the priority, the default is 1. |
[View] Global Configuration View
[Notes] Run command no tacacs-server A.B.C.D to delete the TACACS server.
[Use Cases]
sonic# configuresonic(config)# tacacs-server 10.250.0.244 timeout 5 key auth-type chap port 2 pri 2 use-mgmt-vrfPlease enter passkey:sonic(config)#