aaa commands

configure 
   —  aaa 
      —  apply-groups reference
      —  apply-groups-exclude reference
      —  radius 
         —  coa-port number
         —  server-policy named-item 
            —  acct-on-off 
               —  apply-groups reference
               —  apply-groups-exclude reference
               —  oper-state-change 
            —  apply-groups reference
            —  apply-groups-exclude reference
            —  description description
            —  servers 
               —  access-algorithm keyword
               —  buffering 
                  —  acct-interim 
                     —  lifetime number
                     —  max number
                     —  min number
                  —  acct-start 
                     —  lifetime number
                     —  max number
                     —  min number
                  —  acct-stop 
                     —  lifetime number
                     —  max number
                     —  min number
               —  hold-down-time number
               —  ipv6-source-address ipv6-address
               —  retry-count number
               —  router-instance string
               —  server number 
                  —  apply-groups reference
                  —  apply-groups-exclude reference
                  —  server-name named-item
               —  source-address ipv4-address
               —  stickiness boolean
               —  timeout number

aaa command descriptions

aaa


	Synopsis	Enter the aaa context
	Context	configure aaa
	Tree	aaa
	Description	Commands in this context configure authentication, authorization, and accounting.
	Introduced	25.3.R2
	Platforms	7705 SAR Gen 2

radius


	Synopsis	Enter the radius context
	Context	configure aaa radius
	Tree	radius
	Introduced	25.3.R2
	Platforms	7705 SAR Gen 2

coa-port number


	Synopsis	RADIUS listening port for CoA and Disconnect messages
	Context	configure aaa radius coa-port number
	Tree	coa-port
	Description	This command configures the system-wide UDP port number that RADIUS is listening on for CoA and Disconnect messages.
	Range	1647 \| 1700 \| 1812 \| 3799
	Default	3799
	Introduced	25.3.R2
	Platforms	7705 SAR Gen 2

server-policy [name] named-item


	Synopsis	Enter the server-policy list instance
	Context	configure aaa radius server-policy named-item
	Tree	server-policy
	Description	Commands in this context create a RADIUS server policy. A RADIUS server policy can be used in: radius-proxy, for applications like EAP authentication for WIFI access authentication policy, for Enhanced Subscriber Management authentication RADIUS accounting policy, for Enhanced Subscriber Management accounting dynamic data service RADIUS accounting AAA route downloader
	Max. instances	32
	Introduced	25.3.R2
	Platforms	7705 SAR Gen 2

[name] named-item


	Synopsis	RADIUS server policy name
	Context	configure aaa radius server-policy named-item
	Tree	server-policy
	String length	1 to 32
	Notes	This element is part of a list key.
	Introduced	25.3.R2
	Platforms	7705 SAR Gen 2

acct-on-off


	Synopsis	Enable the acct-on-off context
	Context	configure aaa radius server-policy named-item acct-on-off
	Tree	acct-on-off
	Description	Commands in this context control the sending of Accounting-On and Accounting-Off messages and the acct-on-off oper-state of the radius-server-policy: acct-on-off: enables the sending of Accounting-On and Accounting-Off messages for this radius-server-policy. The acct-on-off oper-state is always not blocked. acct-on-off oper-state-change: enables the sending of Accounting-On and Accounting-Off messages for this radius-server-policy. The acct-on-off oper-state is function of the Accounting-response received for the Accounting-On and Accounting-Off. Optionally, sets the acct-on-off oper-state of the acct-on-off-group. acct-on-off monitor: no Accounting-On and Accounting-Off messages are sent for this radius-server-policy. The acct-on-off oper-state is inherited from the acct-on-off-group.
	Introduced	25.3.R2
	Platforms	7705 SAR Gen 2

oper-state-change


	Synopsis	Enable the oper-state-change context
	Context	configure aaa radius server-policy named-item acct-on-off oper-state-change
	Tree	oper-state-change
	Notes	The following elements are part of a choice: monitor or oper-state-change.
	Introduced	25.3.R2
	Platforms	7705 SAR Gen 2

description description


	Synopsis	Text description
	Context	configure aaa radius server-policy named-item description description
	Tree	description
	String length	1 to 80
	Introduced	25.3.R2
	Platforms	7705 SAR Gen 2

servers


	Synopsis	Enter the servers context
	Context	configure aaa radius server-policy named-item servers
	Tree	servers
	Description	Commands in this context configure RADIUS server policy command options.
	Introduced	25.3.R2
	Platforms	7705 SAR Gen 2

access-algorithm keyword


	Synopsis	Algorithm to select a RADIUS server from the pool
	Context	configure aaa radius server-policy named-item servers access-algorithm keyword
	Tree	access-algorithm
	Options	direct, round-robin, hash-based
	Default	direct
	Introduced	25.3.R2
	Platforms	7705 SAR Gen 2

buffering


	Synopsis	Enter the buffering context
	Context	configure aaa radius server-policy named-item servers buffering
	Tree	buffering
	Introduced	25.3.R2
	Platforms	7705 SAR Gen 2

acct-interim


	Synopsis	Enable the acct-interim context
	Context	configure aaa radius server-policy named-item servers buffering acct-interim
	Tree	acct-interim
	Description	Commands in this context enable RADIUS accounting interim update message buffering. The message is stored in the buffer, a lifetime timer is started and the message is sent to the RADIUS server If after retrytimeout seconds no RADIUS accounting response is received for the interim update then a new attempt to send the message is started after minimum[(min-val2n), max-val] seconds. Repeat step 2 until one of the following occurs: a RADIUS accounting response is received the lifetime of the buffered message expires a new RADIUS accounting interim-update or a RADIUS accounting stop for the same accounting session ID and radius-server-policy is stored in the buffer the message is manually purged from the message buffer via a clear command The message is purged from the buffer.
	Introduced	25.3.R2
	Platforms	7705 SAR Gen 2

lifetime number


	Synopsis	Time accounting message can be in retransmission buffer
	Context	configure aaa radius server-policy named-item servers buffering acct-interim lifetime number
	Tree	lifetime
	Range	1 to 25
	Units	hours
	Notes	This element is mandatory.
	Introduced	25.3.R2
	Platforms	7705 SAR Gen 2

max number


	Synopsis	Maximum time between accounting message resend attempts
	Context	configure aaa radius server-policy named-item servers buffering acct-interim max number
	Tree	max
	Range	1 to 3600
	Units	seconds
	Notes	This element is mandatory.
	Introduced	25.3.R2
	Platforms	7705 SAR Gen 2

min number


	Synopsis	Minimum time between accounting message resend attempts
	Context	configure aaa radius server-policy named-item servers buffering acct-interim min number
	Tree	min
	Range	1 to 3600
	Units	seconds
	Notes	This element is mandatory.
	Introduced	25.3.R2
	Platforms	7705 SAR Gen 2

acct-start


	Synopsis	Enable the acct-start context
	Context	configure aaa radius server-policy named-item servers buffering acct-start
	Tree	acct-start
	Introduced	25.3.R2
	Platforms	7705 SAR Gen 2

lifetime number


	Synopsis	Time accounting message can be in retransmission buffer
	Context	configure aaa radius server-policy named-item servers buffering acct-start lifetime number
	Tree	lifetime
	Range	1 to 25
	Units	hours
	Notes	This element is mandatory.
	Introduced	25.3.R2
	Platforms	7705 SAR Gen 2

max number


	Synopsis	Maximum time between accounting message resend attempts
	Context	configure aaa radius server-policy named-item servers buffering acct-start max number
	Tree	max
	Range	1 to 3600
	Units	seconds
	Notes	This element is mandatory.
	Introduced	25.3.R2
	Platforms	7705 SAR Gen 2

min number


	Synopsis	Minimum time between accounting message resend attempts
	Context	configure aaa radius server-policy named-item servers buffering acct-start min number
	Tree	min
	Range	1 to 3600
	Units	seconds
	Notes	This element is mandatory.
	Introduced	25.3.R2
	Platforms	7705 SAR Gen 2

acct-stop


	Synopsis	Enable the acct-stop context
	Context	configure aaa radius server-policy named-item servers buffering acct-stop
	Tree	acct-stop
	Description	Commands in this context enable RADIUS accounting stop message buffering. The message is stored in the buffer, a lifetime timer is started and the message is sent to the RADIUS server If after retrytimeout seconds no RADIUS accounting response is received for the accounting stop, then a new attempt to send the message is started after minimum[(min-val2n), max-val] seconds. Repeat step 2 until one of the following occurs: a RADIUS accounting response is received the lifetime of the buffered message expires The message is manually purged from the message buffer via a clear command. The message is purged from the buffer.
	Introduced	25.3.R2
	Platforms	7705 SAR Gen 2

lifetime number


	Synopsis	Time accounting message can be in retransmission buffer
	Context	configure aaa radius server-policy named-item servers buffering acct-stop lifetime number
	Tree	lifetime
	Range	1 to 25
	Units	hours
	Notes	This element is mandatory.
	Introduced	25.3.R2
	Platforms	7705 SAR Gen 2

max number


	Synopsis	Maximum time between accounting message resend attempts
	Context	configure aaa radius server-policy named-item servers buffering acct-stop max number
	Tree	max
	Range	1 to 3600
	Units	seconds
	Notes	This element is mandatory.
	Introduced	25.3.R2
	Platforms	7705 SAR Gen 2

min number


	Synopsis	Minimum time between accounting message resend attempts
	Context	configure aaa radius server-policy named-item servers buffering acct-stop min number
	Tree	min
	Range	1 to 3600
	Units	seconds
	Notes	This element is mandatory.
	Introduced	25.3.R2
	Platforms	7705 SAR Gen 2

hold-down-time number


	Synopsis	Hold time before reusing a RADIUS server that was down
	Context	configure aaa radius server-policy named-item servers hold-down-time number
	Tree	hold-down-time
	Description	This command configures the interval during which no new communication attempts are made to a RADIUS server that is marked down to prevent immediately overloading the server when it is starting up. The only exception is when all servers in the authentication policy are marked down; in that case, they will all be used again to prevent failures on new client connections.
	Range	30 to 86400
	Units	seconds
	Default	30
	Introduced	25.3.R2
	Platforms	7705 SAR Gen 2

ipv6-source-address ipv6-address


	Synopsis	Source address for IPv6 RADIUS datagrams
	Context	configure aaa radius server-policy named-item servers ipv6-source-address ipv6-address
	Tree	ipv6-source-address
	Description	This command configures the source address of an IPv6 RADIUS packet. When ipv6-source-address is unconfigured, the system IPv6 address (inband RADIUS server connection) or Boot Option File (BOF) IPv6 address (outband RADIUS server connection) must be configured in order for the RADIUS client to work with an IPv6 RADIUS server. This address is also used in the NAS-IPv6-Address attribute.
	Introduced	25.3.R2
	Platforms	7705 SAR Gen 2

retry-count number


	Synopsis	Number of retries for contacting the RADIUS server
	Context	configure aaa radius server-policy named-item servers retry-count number
	Tree	retry-count
	Description	This command configures the number of times the router attempts to contact the RADIUS server, if not successful the first time.
	Range	1 to 256
	Default	3
	Introduced	25.3.R2
	Platforms	7705 SAR Gen 2

router-instance string


	Synopsis	RADIUS routing instance
	Context	configure aaa radius server-policy named-item servers router-instance string
	Tree	router-instance
	Description	This command specifies the virtual router instance applicable for the set of configured RADIUS servers. This value cannot be changed once a RADIUS server is configured for this policy.
	Introduced	25.3.R2
	Platforms	7705 SAR Gen 2

server [server-index] number


	Synopsis	Enter the server list instance
	Context	configure aaa radius server-policy named-item servers server number
	Tree	server
	Max. instances	32
	Introduced	25.3.R2
	Platforms	7705 SAR Gen 2

[server-index] number


	Synopsis	RADIUS server index
	Context	configure aaa radius server-policy named-item servers server number
	Tree	server
	Range	1 to 16
	Notes	This element is part of a list key.
	Introduced	25.3.R2
	Platforms	7705 SAR Gen 2

server-name named-item


	Synopsis	RADIUS server name
	Context	configure aaa radius server-policy named-item servers server number server-name named-item
	Tree	server-name
	String length	1 to 32
	Notes	This element is mandatory.
	Introduced	25.3.R2
	Platforms	7705 SAR Gen 2

source-address ipv4-address


	Synopsis	Source address of RADIUS messages
	Context	configure aaa radius server-policy named-item servers source-address ipv4-address
	Tree	source-address
	Description	This command configures the source address of the RADIUS packet. The system IP address must be configured in order for the RADIUS client to work. The system IP address must only be configured if the source-address is not specified. When the no source-address command is executed, the source address is determined at the moment the request is sent. This address is also used in the NAS-IP-Address attribute; over there it is set to the system IP address if no source-address was given. See "Configuring a System Interface" in the 7705 SAR Gen 2 Router Configuration Guide.
	Introduced	25.3.R2
	Platforms	7705 SAR Gen 2

stickiness boolean


	Synopsis	Allow stickiness in a multi-server application
	Context	configure aaa radius server-policy named-item servers stickiness boolean
	Tree	stickiness
	Default	true
	Introduced	25.3.R2
	Platforms	7705 SAR Gen 2

timeout number


	Synopsis	Time until the next retry to the RADIUS server
	Context	configure aaa radius server-policy named-item servers timeout number
	Tree	timeout
	Range	1 to 340
	Units	seconds
	Default	5
	Introduced	25.3.R2
	Platforms	7705 SAR Gen 2