Command Line Reference
Security Configuration
AAA
24 min
aaa aaa view aaa view table 1 aaa view table 1 aaa view command purpose show aaa display aaa configuration show aaa show aaa \[command] show aaa \[purpose] display aaa configuration \[view] privileged user view \[use cases] sonic# show aaa aaa accounting command local (default) aaa authentication login local (default) aaa authentication failthrough false (default) aaa authorization command local (default) aaa config aaa config table 2 aaa config table 2 aaa config command purpose aaa authentication mode failthrough {enable|disable|default} configure authentication failthrough feature of aaa aaa authentication mode login {tacacs+|local|tacacs+,local|local,tacacs+|radius,local|local,radius|radius|default} set authentication mode of aaa aaa accounting mode {tacacs+|local|tacacs+,local|local,tacacs+|default} set accounting mode of aaa aaa authentication mode failthrough {enable|disable|default} aaa authentication mode failthrough {enable|disable|default} \[command] aaa authentication mode failthrough {enable|disable|default} \[purpose] configure authentication failthrough feature of aaa \[view] global configuration view \[notes] this feature is disabled by default when it is enabled, during multi level authentication, if the first level of authentication fails, it will continue to the second level otherwise, it will end directly \[use cases] sonic# configure sonic(config)# aaa authentication mode failthrough enable aaa authentication mode login {tacacs+|local|tacacs+,local|local,tacacs+|radius,local|local,radius|radius|default} aaa authentication mode login {tacacs+|local|tacacs+,local|local,tacacs+|radius,local|local,radius|radius|default} \[command] aaa authentication mode login { tacacs+ | local | tacacs+,local | local,tacacs+ | radius,local | local,radius | radius | default } \[purpose] set authentication mode of aaa \[view] global configuration view \[notes] the default mode is local the comma separated patterns indicate multi level authentication \[use cases] sonic# configure sonic(config)# aaa authentication mode login tacacs+,local aaa accounting mode {tacacs+|local|tacacs+,local|local,tacacs+|default} aaa accounting mode {tacacs+|local|tacacs+,local|local,tacacs+|default} \[command] aaa accounting mode { tacacs+ | local | tacacs+,local | local,tacacs+ | default } \[purpose] set accounting mode of aaa \[view] global configuration view \[notes] the default mode is local the comma separated patterns indicate multi level accounting \[use cases] sonic# configure sonic(config)# aaa accounting mode tacacs+ radius radius radius view radius view table 3 radius view table 3 radius view command purpose show radius display radius configuration show radius show radius \[command] show radius \[purpose] display radius configuration \[view] privileged user view \[use cases] sonic# show radius radius global auth type pap (default) radius global retransmit 3 (default) radius global timeout 5 (default) radius global passkey \<empty string> (default) radius config radius config table 4 radius config table 4 radius config command purpose radius server server ip \[ priority priority|port port number|use mgmt vrf ] shared secret configure a radius server radius nasip ip address configure nasip address radius server radius server server ip \[priority priority |port port number |use mgmt vrf] shared secret \[command] radius server server ip \[ priority priority | port port number | use mgmt vrf ] shared secret \[purpose] configure a radius server \[parameters] parameter description server ip radius server ip address port number specify the port number to be used, ranging from 1 65535, with a default value of 1812 \[view] global configuration view \[notes] you will be prompted to enter the key after the command is entered run command no radius server server ip to delete radius server configuration \[use cases] sonic# configure sonic(config)# radius server 10 250 0 244 shared secret radius nasip radius nasip ip address \[command] radius nasip ip address \[purpose] configure the nas ip address of the radius \[parameters] parameter description ip address nas ip address, supports ipv4 or ipv6, default address is 127 0 0 1 \[view] global configuration view \[notes] run no radius nasip to restore the nasip address of the radius to its default value \[use cases] sonic# configure sonic(config)# radius nasip 1 1 1 1 tacacs+ tacacs+ tacacs+ view tacacs+ view table 5 tacacs+ view table 5 tacacs+ view command purpose show tacacs display tacacs configuration show tacacs show tacacs \[command] show tacacs \[purpose] display tacacs configuration \[view] privileged user view \[use cases] sonic# show tacacs tacplus global auth type pap (default) tacplus global timeout 5 (default) tacplus global passkey \<empty string> (default) tacacs+ config tacacs+ config table 6 tacacs+ config table 6 tacacs+ config command purpose tacacs server authtype {chap|pap|mschap|login} specify the authentication type of the tacacs server tacacs server default {authtype|passkey|timeout} restore to the default tacacs configuration tacacs server passkey configure the global key for tacacs tacacs server cipher ciphertext configure the global key for tacacs with ciphertext tacacs server timeout interval configure the global timeout for tacacs tacacs server server ip \[ cipher ciphertext | timeout interval | key | auth type type | port tcp port | pri priority | use mgmt vrf ] configure a tacacs server tacacs server authtype {chap|pap|mschap|login} tacacs server authtype {chap|pap|mschap|login} \[command] tacacs server authtype { chap|pap|mschap|login } \[purpose] specify the authentication type of the tacacs server \[view] global configuration view \[use cases] sonic# configure sonic(config)# tacacs server authtype chap tacacs server default {authtype|passkey|timeout} tacacs server default {authtype|passkey|timeout} \[command] tacacs server default { authtype|passkey|timeout } \[purpose] restore to the default tacacs configuration \[view] global configuration view \[use cases] sonic# configure sonic(config)# tacacs server default authtype tacacs server passkey tacacs server passkey \[command] tacacs server passkey \[purpose] configure the global key for tacacs \[view] global configuration view \[use cases] sonic# configure sonic(config)# tacacs server passkey please enter passkey sonic(config)# tacacs server cipher tacacs server cipher ciphertext \[command] tacacs server cipher ciphertext \[purpose] configure the global key for tacacs with ciphertext \[parameters] parameter description ciphertext the passkey of ciphertext \[view] global configuration view \[use cases] sonic# configure sonic(config)# tacacs server cipher u2fsdgvkx1/k50xacc66gpxcarr94pu8i3huspusk7u= tacacs server timeout tacacs server timeout interval \[command] tacacs server timeout interval \[purpose] configure the global timeout for tacacs \[parameters] parameter description interval specify the interval in seconds the range is from 0 to 60 \[view] global configuration view \[use cases] sonic# configure sonic(config)# tacacs server timeout 60 tacacs server tacacs server server ip \[cipher ciphertext |timeout interval |key|auth type type |port tcp port |pri priority |use mgmt vrf] \[command] tacacs server server ip \[ cipher ciphertext | timeout interval | key | auth type type | port tcp port | pri priority | use mgmt vrf ] \[purpose] configure a tacacs server \[parameters] parameter description server ip tacacs server ip address ciphertext the passkey of ciphertext interval specify the interval in seconds the default is 5 type specify the authentication type optional chap, pap, mschap, login tcp port specify the tcp port number, the default is 49 and the range is \[1,65535] priority specify the priority, the default is 1 \[view] global configuration view \[notes] run command no tacacs server a b c d to delete the tacacs server \[use cases] sonic# configure sonic(config)# tacacs server 10 250 0 244 timeout 5 key auth type chap port 2 pri 2 use mgmt vrf please enter passkey sonic(config)#
