aam aaa-policy aaa-rule

Rules of AAA policy

This object allows you to define policy rules. You only have to use the rules that are relevant for your environment. Although authentication templates and authorization policies are not required, they are crucial to creating

an authentication policy. We recommend that you configure at least one template and one policy.

aaa-rule Specification

Type Collection
Object Key(s) index
Collection Name aaa-rule-list
Collection URI /axapi/v3/aam/aaa-policy/{name}/aaa-rule/
Element Name aaa-rule
Element URI /axapi/v3/aam/aaa-policy/{name}/aaa-rule/{index}
Element Attributes aaa-rule_attributes
Statistics Data URI /axapi/v3/aam/aaa-policy/{name}/aaa-rule/{index}/stats
Schema aaa-rule schema

Operations Allowed:

Operation Method URI Payload

Create Object

POST

/axapi/v3/aam/aaa-policy/{name}/aaa-rule/

aaa-rule Attributes

Create List

POST

/axapi/v3/aam/aaa-policy/{name}/aaa-rule/

aaa-rule Attributes

Get Object

GET

/axapi/v3/aam/aaa-policy/{name}/aaa-rule/{index}

aaa-rule Attributes

Get List

GET

/axapi/v3/aam/aaa-policy/{name}/aaa-rule/

aaa-rule-list

Modify Object

POST

/axapi/v3/aam/aaa-policy/{name}/aaa-rule/{index}

aaa-rule Attributes

Replace Object

PUT

/axapi/v3/aam/aaa-policy/{name}/aaa-rule/{index}

aaa-rule Attributes

Replace List

PUT

/axapi/v3/aam/aaa-policy/{name}/aaa-rule/

aaa-rule-list

Delete Object

DELETE

/axapi/v3/aam/aaa-policy/{name}/aaa-rule/{index}

aaa-rule Attributes

Get Stats

GET

/axapi/v3/aam/aaa-policy/{name}/aaa-rule/{index}/stats

stats data

aaa-rule-list

aaa-rule-list is JSON List of aaa-rule Attributes

aaa-rule-list : [

aaa-rule Attributes

access-list

Description: access-list is a JSON Block . Please see below for access-list

Type: Object

action

Description: This command allows you to either allow or deny authentication requests:

Type: string

Supported Values: allow, deny

authentication-template

Description: This command specifies which authentication template to use when an authentication request is received.
Authentication template defines how the user will be authenticated. Authentication template contains the authentication-server profile and login-portal profile. Authorization occurs after the authentication is complete and determines the privileges that are associated with the user who is being authenticated.

Type: string

Reference Object: /axapi/v3/aam/authentication/template

authorize-policy

Description: This command specifies which authentication policy to use when an authentication request is received.
Authorization policy determines whether the user will be allowed to access a web page based on the list of permissions that are associated with a rule. Authorization occurs after the authentication is complete and determines the privileges that are associated with the user who is being authenticated.

Type: string

Reference Object: /axapi/v3/aam/authorization/policy

domain-name

Description: This command allows you to specify a domain name to bind the AAA rule.

Type: string

Format: string-rlx

host

Description: host is a JSON List . Please see below for host

Type: List

index

Description: This variable allows you to define a policy, you must configure at least one of the following rules: Access Control Lists (ACL), Domain, and Uniform resource Identifier (URI).

Type: number

Range: 1-256

Required: Yes

match-encoded-uri

Description: Enable URL decoding for URI matching

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

port

Description: Specify port number for aaa-rule, default is 0 for all port numbers

Type: number

Range: 1-65535

sampling-enable

Description: sampling-enable is a JSON List . Please see below for sampling-enable

Type: List

uri

Description: uri is a JSON List . Please see below for uri

Type: List

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

sampling-enable

Specification
Type list
Block object keys

counters1

Description: ‘all’: all; ‘total_count’: total_count; ‘hit_count’: hit_count;

Type: string

Supported Values: all, total_count, hit_count

uri

Specification
Type list
Block object keys

match-type

Description: ‘contains’: Match URI if request URI contains specified URI; ‘ends-with’: Match URI if request URI ends with specified URI; ‘equals’: Match URI if request URI equals specified URI; ‘starts-with’: Match URI if request URI starts with specified URI;

Type: string

Supported Values: contains, ends-with, equals, starts-with

uri-str

Description: Specify URI string

Type: string

Format: string-rlx

host

Specification
Type list
Block object keys

host-match-type

Description: ‘contains’: Match HOST if request HTTP HOST header contains specified hostname; ‘ends-with’: Match HOST if request HTTP HOST header ends with specified hostname; ‘equals’: Match HOST if request HTTP HOST header equals specified hostname; ‘starts-with’: Match HOST if request HTTP HOST header starts with specified hostname;

Type: string

Supported Values: contains, ends-with, equals, starts-with

host-str

Description: Specify URI string

Type: string

Format: string-rlx

access-list

Specification
Type object

acl-id

Description: This variable allows you to specify the ACL id.

Type: number

Range: 1-199

Mutual Exclusion: acl-id and acl-name are mutually exclusive

Reference Object: /axapi/v3/access-list/standard

acl-name

Description: This command allows you to specify if the IP name access list can originate from an IP ACL or an IPv6 ACL.

Type: string

Supported Values: ip-name, ipv6-name

Mutual Exclusion: acl-name and acl-id are mutually exclusive

name

Description: This command allows you to specify the named lists ACL.

Type: string

stats data

Counter Size Description
total_count 8 total_count
hit_count 8 hit_count