aam aaa-policy

Configure the AAA policy. The Authorization, Authentication, Audit (AAA) policy combines the authentication type and authorization policy to help manage user access to applications using Authentication and Authorization.

aaa-policy Specification

Type Collection
Object Key(s) name
Collection Name aaa-policy-list
Collection URI /axapi/v3/aam/aaa-policy/
Element Name aaa-policy
Element URI /axapi/v3/aam/aaa-policy/{name}
Element Attributes aaa-policy_attributes
Statistics Data URI /axapi/v3/aam/aaa-policy/{name}/stats
Schema aaa-policy schema

Operations Allowed:

Operation Method URI Payload

Create Object

POST

/axapi/v3/aam/aaa-policy/

aaa-policy Attributes

Create List

POST

/axapi/v3/aam/aaa-policy/

aaa-policy Attributes

Get Object

GET

/axapi/v3/aam/aaa-policy/{name}

aaa-policy Attributes

Get List

GET

/axapi/v3/aam/aaa-policy/

aaa-policy-list

Modify Object

POST

/axapi/v3/aam/aaa-policy/{name}

aaa-policy Attributes

Replace Object

PUT

/axapi/v3/aam/aaa-policy/{name}

aaa-policy Attributes

Replace List

PUT

/axapi/v3/aam/aaa-policy/

aaa-policy-list

Delete Object

DELETE

/axapi/v3/aam/aaa-policy/{name}

aaa-policy Attributes

Get Stats

GET

/axapi/v3/aam/aaa-policy/{name}/stats

stats data

aaa-policy-list

aaa-policy-list is JSON List of aaa-policy Attributes

aaa-policy-list : [

aaa-policy Attributes

aaa-rule-list

Description: aaa-rule-list is a JSON List . Please see below for aaa-rule-list

Type: List

Reference Object: /axapi/v3/aam/aaa-policy/{name}/aaa-rule/{index}

name

Description: This command allows you to specify the AAA policy name that you want to use for authentication checking.

Type: string

Required: Yes

sampling-enable

Description: sampling-enable is a JSON List . Please see below for sampling-enable

Type: List

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

aaa-rule-list

Specification
Type list
Block object keys

access-list

Description: access-list is a JSON Block . Please see below for l1047_access-list

Type: Object

action

Description: ‘allow’: Allow traffic that matches this rule; ‘deny’: Deny traffic that matches this rule;

Type: string

Supported Values: allow, deny

authentication-template

Description: Specify authentication template name to bind to the AAA rule

Type: string

Reference Object: /axapi/v3/aam/authentication/template

authorize-policy

Description: Specify authorization policy to bind to the AAA rule

Type: string

Reference Object: /axapi/v3/aam/authorization/policy

domain-name

Description: Specify domain name to bind to the AAA rule (ex: a10networks.com, www.a10networks.com)

Type: string

Format: string-rlx

host

Description: host is a JSON List . Please see below for l1047_host

Type: List

index

Description: Specify AAA rule index

Type: number

Range: 1-256

match-encoded-uri

Description: Enable URL decoding for URI matching

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

port

Description: Specify port number for aaa-rule, default is 0 for all port numbers

Type: number

Range: 1-65535

sampling-enable

Description: sampling-enable is a JSON List . Please see below for sampling-enable

Type: List

uri

Description: uri is a JSON List . Please see below for l1047_uri

Type: List

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

aaa-rule-list.sampling-enable

Specification
Type list
Block object keys

counters1

Description: ‘all’: all; ‘total_count’: total_count; ‘hit_count’: hit_count;

Type: string

Supported Values: all, total_count, hit_count

aaa-rule-list.uri

Specification
Type list
Block object keys

match-type

Description: ‘contains’: Match URI if request URI contains specified URI; ‘ends-with’: Match URI if request URI ends with specified URI; ‘equals’: Match URI if request URI equals specified URI; ‘starts-with’: Match URI if request URI starts with specified URI;

Type: string

Supported Values: contains, ends-with, equals, starts-with

uri-str

Description: Specify URI string

Type: string

Format: string-rlx

aaa-rule-list.host

Specification
Type list
Block object keys

host-match-type

Description: ‘contains’: Match HOST if request HTTP HOST header contains specified hostname; ‘ends-with’: Match HOST if request HTTP HOST header ends with specified hostname; ‘equals’: Match HOST if request HTTP HOST header equals specified hostname; ‘starts-with’: Match HOST if request HTTP HOST header starts with specified hostname;

Type: string

Supported Values: contains, ends-with, equals, starts-with

host-str

Description: Specify URI string

Type: string

Format: string-rlx

aaa-rule-list.access-list

Specification
Type object

acl-id

Description: ACL id

Type: number

Range: 1-199

Mutual Exclusion: acl-id and acl-name are mutually exclusive

Reference Object: /axapi/v3/access-list/standard

acl-name

Description: ‘ip-name’: Apply an IP named access list; ‘ipv6-name’: Apply an IPv6 named access list;

Type: string

Supported Values: ip-name, ipv6-name

Mutual Exclusion: acl-name and acl-id are mutually exclusive

name

Description: Specify Named Access List

Type: string

Required: Yes

sampling-enable

Specification
Type list
Block object keys

counters1

Description: ‘all’: all; ‘req’: Request; ‘req-reject’: Request Rejected; ‘req-auth’: Request Matching Authentication Template; ‘req-allow’: Request Allowed; ‘req-skip’: Request Skipped; ‘error’: Error;

Type: string

Supported Values: all, req, req-reject, req-auth, req-allow, req-skip, error

stats data

Counter Size Description
req 8 Request
req-auth 8 Request Matching Authentication Template
req-allow 8 Request Allowed
req-skip 8 Request Skipped
error 8 Error
req-reject 8 Request Rejected