CLI Commands

Authentication commands

aaa authentication rest

Syntax

aaa authentication rest login {local | radius | tacacs} [local| tacacs | none]

Usage:aaa authentication rest {enable | login} <primary-method> [<backup-method>]

Description

Configure authentication mechanism used to control REST access to a switch.

Authorization commands

aaa authorization rest-uri

Syntax

aaa authorization rest-uri [local | radius | none | tacacs]

Usage:

[no] aaa authorization rest-uri {radius | local | tacacs | auto | none}
 [no] aaa authorization rest-uri access-level {manager | all}

Description

Configure rest-uri authorization. For each rest-uri issued by the user, an authorization request is sent to the server. rest-uri authorization can be applied to all rest-uris or only manager-level rest-uris.

aaa authorization group

Syntax

aaa authorization group <ASCII-STR> uri-seq <SEQ-RANGE> match-uri <URI-STR>
match-json <JSON-STR> uri-access
{[put | post | get | delete | all] [permit | deny] log}

Usage:

[no] aaa authorization group <GROUPNAME> <SEQ-NUM>
              match-command <COMMAND> {deny | permit} [log]
[no] aaa authorization group <GROUPNAME> uri-seq <SEQ-NUM>
              match-uri <URI-STR> match-json <JSON-STR> uri-access <ACCESS>
              {deny | permit} [log]

Description

Create or remove an authorization rule.

aaa authentication local-user

Syntax

aaa authentication local-user <USERNAME> {{ group <GROUPNAME>       
 password {plaintext|sha1|sha256 <PASSWORD>}}           
 | {aging-period <aging-time>} |                        
 {min-pwd-length <length>} | 
 {clear-password-history}

Parameters

local-user <USERNAME>: The local user being added to the authorization group. The username can be up to 16 characters. The username must not contain spaces and is case-sensitive.
group <GROUPNAME>: Name of the authorization group to which the local user belongs. The group must be an existing group.
password {plaintext|sha1|sha256 <PASSWORD>}: The password can have a maximum of 16 characters. It must not contain spaces and is case-sensitive. The default is plaintext.
aging-period <aging-time>: The password aging time.
min-pwd-length <length>: The password minimum length.
clear-password-history: Clear the password history for a user.

Usage:

[no] aaa authentication local-user <USERNAME> {{ group <GROUPNAME>       
 password {plaintext|sha1|sha256 <PASSWORD>}}           
 | {aging-period <aging-time>} |                        
 {min-pwd-length <length>} | 
 {clear-password-history}}

Description

Create or remove a local user account.

Accounting commands

aaa accounting rest-uri

Syntax

aaa accounting rest-uri {[stop-only | interim-update] [radius | tacacs]} server-group <ASCII-STR>

Usage

[no] aaa accounting {exec | network | system | commands | rest-uri}
         {start-stop | stop-only | intermim-update}
         {radius | syslog | tacacs}
[no] aaa accounting update periodic <Minutes>
[no] aaa accounting suppress null-username
 aaa accounting session-id {unique | common}

Description

Configure the accounting service on the device. Accounting can be configured for EXEC sessions, network connection, commands, rest-uri and system. The accounting data is collected by a RADIUS, SYSLOG, or TACACS+ server. Network accounting is not supported through TACACS+ and SYSLOG. session-id accounting is not supported for TACACS+.