OcNOS-SP : NetConf Command Reference : NetConf Reference : IPI-AAA
IPI-AAA
Configure authentication method rule
Use this attribute to set AAA methods for authentication
Attribute Name: authentication-method-rule
Attribute Type: string
Netconf edit-config payload
<aaa xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-aaa">
<vrfs>
<vrf>
<vrf-name>management</vrf-name>
<config>
<vrf-name>management</vrf-name>
</config>
<authentication-method-rule>LINE</authentication-method-rule> <!-- operation="delete"-->
</vrf>
</vrfs>
</aaa>
Command Syntax
aaa authentication login default (vrf management|) group LINE
Configure vrf name
Use this attribute to set AAA methods for authentication
Attribute Name: authentication-method-rule
Attribute Type: string
Netconf edit-config payload
<aaa xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-aaa">
<vrfs>
<vrf>
<vrf-name>management</vrf-name>
<config>
<vrf-name>management</vrf-name>
</config>
<authentication-method-rule>LINE</authentication-method-rule> <!-- operation="delete"-->
</vrf>
</vrfs>
</aaa>
Command Syntax
aaa authentication login default (vrf management|) local
Configure accounting method rule
Use this attribute to set AAA methods for accounting
Attribute Name: accounting-method-rule
Attribute Type: string
Netconf edit-config payload
<aaa xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-aaa">
<vrfs>
<vrf>
<vrf-name>management</vrf-name>
<config>
<vrf-name>management</vrf-name>
</config>
<accounting-method-rule>LINE</accounting-method-rule> <!-- operation="delete"-->
</vrf>
</vrfs>
</aaa>
Command Syntax
aaa accounting default (vrf management|) group LINE
Configure authorization method rule
Use this attribute to set AAA methods for authorization
Attribute Name: authorization-method-rule
Attribute Type: string
Netconf edit-config payload
<aaa xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-aaa">
<vrfs>
<vrf>
<vrf-name>management</vrf-name>
<config>
<vrf-name>management</vrf-name>
</config>
<authorization-method-rule>LINE</authorization-method-rule> <!-- operation="delete"-->
</vrf>
</vrfs>
</aaa>
Command Syntax
aaa authorization default (vrf management|) group LINE
Configure error enable
This is to enable error message on login failures
Attribute Name: error-enable
Attribute Type: uint8
Netconf edit-config payload
<aaa xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-aaa">
<vrfs>
<vrf>
<vrf-name>management</vrf-name>
<config>
<vrf-name>management</vrf-name>
</config>
</error-enable><!-- operation="delete"-->
</vrf>
</vrfs>
</aaa>
Command Syntax
aaa authentication login error-enable (vrf management|)
Configure enable fallback
VRF Name associated with this instance
Attribute Name: vrf-name
Attribute Type: string
Attribute Name: enable-fallback
Attribute Type: empty
Attribute Name: non-existent
Attribute Type: boolean
Netconf edit-config payload
<aaa xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-aaa">
<vrfs>
<vrf>
<vrf-name>management</vrf-name>
<config>
<vrf-name>management</vrf-name>
</enable-fallback>
<non-existent>true</non-existent>
</config>
</vrf>
</vrfs>
</aaa>
Command Syntax
aaa authentication login default fallback error local (non-existent-user|) (vrf management|)
Configure group type
This is to create server group type
Attribute Name: group-type
Attribute Type: enum (tacacs+|radius)
Netconf edit-config payload
<aaa xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-aaa">
<vrfs>
<vrf>
<vrf-name>management</vrf-name>
<config>
<vrf-name>management</vrf-name>
</config>
<server-groups>
<server-group> <!-- operation="delete"-->
<group-name>WORD</group-name>
<config>
<group-name>WORD</group-name>
<group-type>tacacs+</group-type>
</config>
<group-type>tacacs+</group-type>
</server-group>
</server-groups>
</vrf>
</vrfs>
</aaa>
Command Syntax
aaa group server (tacacs+|radius) WORD (vrf management|)
Configure host address
Use this attribute to add a host address to a server group
Attribute Name: host-address
Attribute Type: union
Netconf edit-config payload
<aaa xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-aaa">
<vrfs>
<vrf>
<vrf-name>management</vrf-name>
<config>
<vrf-name>management</vrf-name>
</config>
<server-groups>
<server-group>
<group-name>WORD</group-name>
<config>
<group-name>WORD</group-name>
<group-type>tacacs+</group-type>
</config>
<group-type>tacacs+</group-type>
<server-addresses>
<server-address> <!-- operation="delete"-->
<host-address>CML_HOSTNAME_T</host-address>
<config>
<host-address>CML_HOSTNAME_T</host-address>
</config>
</server-address>
</server-addresses>
</server-group>
</server-groups>
</vrf>
</vrfs>
</aaa>
Command Syntax
server (A.B.C.D|X:X::X:X|WORD)
Configure group name
Use this attribute to add a host address to a server group
Attribute Name: host-address
Attribute Type: inet:ipv4-address
Netconf edit-config payload
<aaa xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-aaa">
<vrfs>
<vrf>
<vrf-name>management</vrf-name>
<config>
<vrf-name>management</vrf-name>
</config>
<server-groups>
<server-group>
<group-name>WORD</group-name>
<config>
<group-name>WORD</group-name>
<group-type>tacacs+</group-type>
</config>
<group-type>tacacs+</group-type>
<server-addresses>
<server-address>
<host-address>CML_HOSTNAME_T</host-address>
<config>
<host-address>CML_HOSTNAME_T</host-address>
</config>
</server-address>
</server-addresses>
</server-group>
</server-groups>
</vrf>
</vrfs>
</aaa>
Command Syntax
server server
Configure authentication max failure attempts
Use this attribute to set the number of unsuccessful authentication attempts before a user is locked out
Attribute Name: authentication-max-failure-attempts
Attribute Type: uint8
Attribute Range: 1-25
Netconf edit-config payload
<aaa xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-aaa">
<aaa-user>
<config>
<authentication-max-failure-attempts>1</authentication-max-failure-attempts> <!-- operation="delete"-->
</config>
</aaa-user>
</aaa>
Command Syntax
aaa local authentication attempts max-fail <1-25>
Configure local user unlock timeout
Use this attribute to set unlock timeout after local user/s locked out
Attribute Name: local-user-unlock-timeout
Attribute Type: uint16
Attribute Range: 1-3600
Netconf edit-config payload
<aaa xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-aaa">
<aaa-user>
<config>
<local-user-unlock-timeout>1</local-user-unlock-timeout> <!-- operation="delete"-->
</config>
</aaa-user>
</aaa>
Command Syntax
aaa local authentication unlock-timeout <1-3600>
Configure enable
Use this attribute to display AAA debugging information.
Attribute Name: enable
Attribute Type: empty
Netconf edit-config payload
<aaa xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-aaa">
<debug>
<config>
</enable><!-- operation="delete"-->
</config>
</debug>
</aaa>
Command Syntax
debug aaa
debug aaa
Netconf RPC payload
<aaa-terminal-debug-on xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-aaa"/>
Command Syntax
debug aaa
no debug aaa
Netconf RPC payload
<aaa-terminal-debug-off xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-aaa"/>
Command Syntax
no debug aaa
clear aaa local user lockout username USERNAME
Attribute Name: username
Attribute Type: string
Attribute Range: 2-32
Netconf RPC payload
<aaa-clear-local-user-lockout xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-aaa">
<username>USERNAME</username>
</aaa-clear-local-user-lockout>
Command Syntax
clear aaa local user lockout username USERNAME
Last modified date: 08/22/2023