Configuring AAA Policies (SRC CLI)
Tasks to configure AAA policies are:
Configuring AAA Policy Lists
To configure AAA policy lists:
- From configuration mode, create a policy list. For example,
to create a policy list called l1 within a policy group called tiered_aaa: user@host# edit policies group tiered_aaa list l1
- Specify the type of policy list. [edit policies group tiered_aaa list l1]user@host# set role aaa
- Specify where the policy is applied on the device. [edit policies group tiered_aaa list l1]user@host# set applicability both
Configuring AAA Policy Rules
To configure AAA policy rules:
- From configuration mode, create a policy rule inside a
policy list that has already been created and configured. For example,
to create a policy rule called r1 within policy list l1:user@host# edit policies group tiered_aaa list l1 rule r1
- Specify the type of policy rule. [edit policies group tiered_aaa list l1 rule r1]user@host# set type aaa
Configuring Template Activation Actions
Use this action to activate service templates for RADIUS-enabled devices. You can configure template activation actions for AAA policy rules.
The template name and parameters are listed in the SIC service templates.
We recommend that the user_ipMask and user_ipAddress runtime parameters be avoided for activate-on-login services.
Use the following configuration statements to configure a template activation action:
policies group name list name rule name template-activation name {
template-name template-name;
description description;
}
policies group name list name rule name template-activation name variables name {
value value;
type type;
}
To configure a template activation action:
- From configuration mode, enter the template activation
action configuration. For example, in this procedure, ta is the name
of the template activation action. user@host# edit policies group tiered_aaa list l1 rule r1 template-activation ta
- Enter the template name to activate. [edit policies group tiered_aaa list l1 rule r1 template-activation ta]user@host# set template-name template-name
- (Optional) Enter a description for the template activation
action. [edit policies group tiered_aaa list l1 rule r1 template-activation ta]user@host# set description description
- From configuration mode, enter the parameters used by
the template. user@host# edit policies group tiered_aaa list l1 rule r1 template-activation ta variables name
For example:
user@host# edit policies group tiered_aaa list l1 rule r1 template-activation ta variables upstreamBandwidth - (Optional) Configure the value for the variable. [edit policies group tiered_aaa list l1 rule r1 template-activation ta variables name]user@host# set value value
For example:
[edit policies group tiered_aaa list l1 rule r1 template-activation ta variables upstreamBandwidth]user@host# set value rateParameter - (Optional) Configure the variable type. Variable types
are mapped to parameter types. [edit policies group tiered_aaa list l1 rule r1 template-activation ta variables name]user@host# set type type
For example:
[edit policies group tiered_aaa list l1 rule r1 template-activation ta variables upstreamBandwidth]user@host# set type rate