Configuring AAA in Broadcom sonic

Configuring AAA in Broadcom sonic

AAA Authentication Fail through

  • Description: Configures AAA authentication fail through. 

  • Syntax: 

                  aaa authentication failthrough <enable> 
 

  • Parameters: 

  • enable: Enable or disable the feature. 

  • Example: 

sonic(config)# aaa authentication failthrough enable 


 AAA Authentication for Console

  • Description: Configures AAA login authentication for console access. 

  • Syntax: 

aaa authentication login console local 
no aaa authentication login console local 
 

AAA Authentication Login Default 

  • Description: Configures the default login authentication list.  

  • Syntax: 

aaa authentication login default { { [ group { { [ ldap [ local ] ] } | { [ radius [ local ] ] } | { [ tacacs+ [ local ] ] } } ] } | { [ local { [ group { [ ldap ] | [ radius ] | [ tacacs+ ] } ] } ] } } 
no aaa authentication login default 
 

  • Example: 


sonic(config)# aaa authentication login default group tacacs+ local 

 
Configuring Authorization: - 

 AAA Authorization Commands Default 

  • Description: Configures AAA command authorization to use TACACS+. 


  • Syntax: 

aaa authorization commands default { { group { tacacs+ [ local ] } } | local } 
no aaa authorization commands default 
 

  • Example: 

sonic(config)# aaa authorization commands default group tacacs+ local 
 

AAA Authorization Login Default 

  • Description: Configures login authorization to use LDAP. 

  • Syntax: 

aaa authorization login default { { [ group ldap ] } | [ local ] } 
no aaa authorization login default 
 

  • Example: 

sonic(config)# aaa authorization login default group ldap 


AAA Name-Service Configuration 

  • Description: Configures various AAA name services to use LDAP. 

 

  1. AAA Name-Service Group 

  • Syntax: 

aaa name-service group { { [ group ldap ] } | [ local ] | [ login ] } 
no aaa name-service group 
 

  • Example: 

sonic(config)# aaa name-service group group ldap 
 

  1. AAA Name-Service Netgroup 

  • Syntax: 

aaa name-service netgroup { { [ group ldap ] } | [ local ] } 
no aaa name-service netgroup 
 

  • Example: 

sonic(config)# aaa name-service netgroup group ldap 
 

 

  1. AAA Name-Service Passwd 

  • Syntax: 

aaa name-service passwd { { [ group ldap ] } | [ local ] | [ login ] } 
no aaa name-service passwd 
 

  • Example: 

sonic(config)# aaa name-service passwd group ldap 
 

  1. AAA Name-Service Shadow 

  • Syntax: 

aaa name-service shadow { { [ group ldap ] } | [ local ] | [ login ] } 
no aaa name-service shadow 
 

  • Example: 

sonic(config)# aaa name-service shadow group ldap 

  1. AAA Name-Service Sudoers 

  • Syntax: 

aaa name-service sudoers { { [ group ldap ] } | [ local ] } 
no aaa name-service sudoers 
 

  • Example: 

sonic(config)# aaa name-service sudoers group ldap 
 

  1. AAA Server Radius Dynamic Authorization 

  • Description: Enables dynamic authorization server functionality. 

  • Syntax: 

aaa server radius dynamic-author 
no aaa server radius dynamic-author 
 

  • Example: 

sonic-cli# configure terminal 
sonic-cli(config)# aaa server radius dynamic-author 
 

 

 


    • Related Articles

    • DHCP Snooping configuration on Broadcom Sonic

      Enabling DHCP Snooping Command: ip dhcp snooping This command enables DHCP Snooping globally on the device, helping monitor and block unauthorized DHCP servers. Disable DHCP snooping sonic-cli# configure terminal sonic-cli(config)# no ip dhcp ...

    • IP Helper Configuration on Broadcom SoNiC

      1. To Display IP helper global information Command: show ip forward-protocol 2. To Displays IP helper server addresses configured on interface Command: show ip helper-address [ <iface> ] 3.To Display IP helper packet counters and statistics on ...

    • Syslog server configuration in Broadcom SoNiC

      1. To Configure remote syslog server to forward syslog messages Command: logging server <host> [ message-type { audit | auditd-system | event | log } ] [ remote-port <vrport> ] [ protocol { tcp | tls | udp } ] [ source-interface { Ethernet | Loopback ...

    • Border Gateway Protocol- FAQ (Broadcom SoNiC)

      1. How do I configure BGP hold and keepalive timers? Use timers <keepalive> <hold>. 2. How do I enable BGP in SONiC? Use router bgp <AS_number> to enter BGP configuration mode. 3. What does neighbor mean in BGP configuration? neighbor defines the IP ...

    • Creating and Modifying VLANs on Broadcom SONiC

      Creating a New VLAN To create a new VLAN, use the following command: sudo config vlan add vlan-id vlan-id: Specify the ID for the new VLAN (e.g., 10, 20, etc.). Deleting an Existing VLAN To delete an existing VLAN, execute the command below: sudo ...