Configuring AAA Policies (SRC CLI)

Tasks to configure AAA policies are:

Configuring AAA Policy Lists

To configure AAA policy lists:

  1. From configuration mode, create a policy list. For example, to create a policy list called l1 within a policy group called tiered_aaa:
    user@host# edit policies group tiered_aaa list l1
  2. Specify the type of policy list.
    [edit policies group tiered_aaa list l1] user@host# set role aaa
  3. Specify where the policy is applied on the device.
    [edit policies group tiered_aaa list l1] user@host# set applicability both

Configuring AAA Policy Rules

To configure AAA policy rules:

  1. From configuration mode, create a policy rule inside a policy list that has already been created and configured. For example, to create a policy rule called r1 within policy list l1:
    user@host# edit policies group tiered_aaa list l1 rule r1
  2. Specify the type of policy rule.
    [edit policies group tiered_aaa list l1 rule r1] user@host# set type aaa

Configuring Template Activation Actions

Use this action to activate service templates for RADIUS-enabled devices. You can configure template activation actions for AAA policy rules.

The template name and parameters are listed in the SIC service templates.

Note: We recommend that the user_ipMask and user_ipAddress runtime parameters be avoided for activate-on-login services.

Use the following configuration statements to configure a template activation action:

policies group name list name rule name template-activation name { template-name template-name;description description;}
policies group name list name rule name template-activation name variables name { value value;type type;}

To configure a template activation action:

  1. From configuration mode, enter the template activation action configuration. For example, in this procedure, ta is the name of the template activation action.
    user@host# edit policies group tiered_aaa list l1 rule r1 template-activation ta
  2. Enter the template name to activate.
    [edit policies group tiered_aaa list l1 rule r1 template-activation ta] user@host# set template-name template-name
  3. (Optional) Enter a description for the template activation action.
    [edit policies group tiered_aaa list l1 rule r1 template-activation ta] user@host# set description description
  4. From configuration mode, enter the parameters used by the template.
    user@host# edit policies group tiered_aaa list l1 rule r1 template-activation ta variables name

    For example:

    user@host# edit policies group tiered_aaa list l1 rule r1 template-activation ta variables upstreamBandwidth
  5. (Optional) Configure the value for the variable.
    [edit policies group tiered_aaa list l1 rule r1 template-activation ta variables name] user@host# set value value

    For example:

    [edit policies group tiered_aaa list l1 rule r1 template-activation ta variables upstreamBandwidth] user@host# set value rateParameter
  6. (Optional) Configure the variable type. Variable types are mapped to parameter types.
    [edit policies group tiered_aaa list l1 rule r1 template-activation ta variables name] user@host# set type type

    For example:

    [edit policies group tiered_aaa list l1 rule r1 template-activation ta variables upstreamBandwidth] user@host# set type rate

Related Documentation