• Tag : AAA


How to check configuration commands in Arista switch?

Hello Guys, Anyone can help to guide me how can I see all commited configuration in Arista whitout checking huge log from Arista switch? I am looking for similar command in Arista like cisco has “show configuration commit list”        


RADIUS over TLS provides secure and reliable transport for RADIUS clients. RADIUS over TLS allows RADIUS authentication and accounting data to be passed safely reliably across insecure networks such as the internet. Description RADIUS is mainly used to authenticate remote users utilizing a central database. It functions as a client server protocol, where the radius server maintains a database for users and passwords which is used to authenticate remote users. Conventional RADIUS access requests over UDP are mostly plaintext and eavesdroppers can easily gain access to valuable information travelling over the internet. RADIUS over TLS uses the TCP/IP protocol to...
Continue reading →

ClearPass TACACS+ Authorization with CVP

ClearPass TACACS+ Authorization with CVP Introduction The purpose of this article is to learn how to correctly set up the TACACS+ service in Aruba ClearPass in order to successfully authenticate on the CVP GUI as a network admin. Our goal is to configure ClearPass Policy Manager [CPPM] to send us the cvp-roles=network-admin attribute in the TACACS+ Authorization reply packet. By default this does not happen, because cvp-roles is a custom attribute that has to be added to the TACACS+ dictionary on any type of TACACS+ implementation. Without this, the default role of network-operator will be allocated to the user, that...
Continue reading →


Role-based access control (RBAC) is an approach to regulating access to network resources based on the roles of individual users. Each user has one or more roles. Each role has its own rules which indicate the allowed and denied commands under specified mode. Commands authorization of a user is performed based on these rules. TACACS+ RBAC allows users to configure roles on TACACS servers and rules on switches, which is a much more scalable solution than local RBAC. Roles can be set and modified on the server side once and applied to all switches who connect to the server, instead...
Continue reading →

Common AAA Requirements

This article describes sample configuration for most common AAA requirements. It covers default behavior of EOS and a basic configuration guide with respect to Authentication and Authorization through local, RADIUS and TACACS+. The article also includes sample TACACS+ config files and RADIUS dictionary files. Authentication SSH Authentication To have users locally authenticated, configure by entering the command: Arista(config)#aaa authentication login default local Other methods available are TACACS+ and RADIUS. Console Authentication By default console login will derive authentication method from the command “aaa authentication login default “. To configure authentication method for console login different than the default method, configure:...
Continue reading →

Securing eAPI

Introduction In this article we will talk about a few tips to secure our eAPI access, for example, HTTPS, changing port, certificate, ACL, on-box, AAA, vrf etc. Turning on/off eAPI First of all, the most secure way is turning off eAPI, which is by default. myswitch#configure myswitch(config)#management api http-commands myswitch(config-mgmt-api-http-cmds)#shutdown To turn eAPI on by “no shutdown”, by default the HTTPS protocol is running and HTTP is turned off for secure purpose, because HTTP send user and password in clear text. HTTP can be used by “protocol http”, however, we recommend using HTTPS. Both HTTP and HTTPS can be used concurrently. myswitch#configure terminal myswitch(config)#management api http-commands...
Continue reading →

Using AAA to log all commands from users on Arista EOS

Introduction Some users of Arista Networks EOS may want to log all commands executed on a switch. This article explains how to use AAA without TACACS or RADIUS to provide accounting of all commands to the system log. The log can then be sent off to a syslog server or even sent to Splunk using the Arista EOS splunk extension. For more information about the Splunk app for Arista EOS click here. Setup First, it is important to create a user account for each switch administrator. Without a separate account for each administrator it will be impossible to retain accurate...
Continue reading →

Introduction to Managing EOS Devices – Setting up Management

Note: This article is part of the Introduction to Managing EOS Devices series: https://eos.arista.com/introduction-to-managing-eos-devices/      1) Setting Up Management The following management tools are available on Arista EOS for all platforms: VRF-aware management Telnet and SSH Syslog and Console Logging SNMP Versions 1 and 3 NTP DNS Local and remote user control (AAA) TACACS+, RADIUS sFlow XMPP eAPI   Note: in the following configuration examples, the commands in square brackets are optional: [optional]   1.1) VRF Aware Management As of release 4.10.1, EOS supports the ability to constrain management functions to a VRF. This enables the user to separate management based functions...
Continue reading →


Get every new post on this blog delivered to your Inbox.

Join other followers: