aam aaa-policy¶

AAM AAA policy configuration

aaa-policy Specification¶

Parameter Value

Type Collection

Object Key(s) name

Collection Name aaa-policy-list

Collection URI /axapi/v3/aam/aaa-policy

Element Name aaa-policy

Element URI /axapi/v3/aam/aaa-policy/{name}

Element Attributes aaa-policy_attributes

Partition Visibility shared

Statistics Data URI /axapi/v3/aam/aaa-policy/{name}/stats

Schema aaa-policy schema

Operations Allowed:

Operation	Method	URI	Payload
Create Object	POST	/axapi/v3/aam/aaa-policy	aaa-policy attributes
POST /axapi/v3/aam/aaa-policy/ Payload: { "aaa-policy": { "name": "a", "user-tag": "a" } }
Create List	POST	/axapi/v3/aam/aaa-policy	aaa-policy attributes
Get Object	GET	/axapi/v3/aam/aaa-policy/{name}	aaa-policy attributes
GET /axapi/v3/aam/aaa-policy/a Reponse: { "aaa-policy": { "name": "a", "uuid": "cada1138-4f4f-11ee-bde4-3768133b9b1a", "user-tag": "a", "a10-url": "/axapi/v3/aam/aaa-policy/a" } }
Get List	GET	/axapi/v3/aam/aaa-policy	aaa-policy-list
Modify Object	POST	/axapi/v3/aam/aaa-policy/{name}	aaa-policy attributes
Replace Object	PUT	/axapi/v3/aam/aaa-policy/{name}	aaa-policy attributes
PUT /axapi/v3/aam/aaa-policy/a Payload: { "aaa-policy": { "name": "a", "user-tag": "abcd" } }
Replace List	PUT	/axapi/v3/aam/aaa-policy	aaa-policy-list
Delete Object	DELETE	/axapi/v3/aam/aaa-policy/{name}	aaa-policy attributes
DELETE /axapi/v3/aam/aaa-policy/a Reponse: { "response": { "http-status": 200, "status": "OK", "msg": "Success" } }

aaa-policy-list¶

aaa-policy-list is JSON List of aaa-policy attributes

aaa-policy-list : [

{ aaa-policy attributes },

{ aaa-policy attributes },

…

]

aaa-policy attributes¶

aaa-rule-list

Type: List

Reference Object: /axapi/v3/aam/aaa-policy/{name}/aaa-rule/{index}

name

Description Specify AAA policy name

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

packet-capture-template

Description Name of the packet capture template to be bind with this object

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/visibility/packet-capture/object-templates/aam-aaa-policy-tmpl

sampling-enable

Type: List

user-tag

Description Customized tag

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

aaa-rule-list¶

Specification Value

Type list

Block object keys

access-list

Description: access-list is a JSON Block. Please see below for aaa-rule-list_access-list

Type: Object

action

Description ‘allow’: Allow traffic that matches this rule; ‘deny’: Deny traffic that matches this rule;

Type: string

Supported Values: allow, deny

auth-failure-bypass

Description Forward client request even though authentication has failed

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

authentication-template

Description Specify authentication template name to bind to the AAA rule

Type: string

Maximum Length: 127 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/aam/authentication/template

authorize-policy

Description Specify authorization policy to bind to the AAA rule

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/aam/authorization/policy

captcha-authz-policy

Description Specify authorization policy for CAPTCHA (Authorization policy name)

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/aam/authorization/policy

domain-name

Description Specify domain name to bind to the AAA rule (ex: a10networks.com, www.a10networks.com)

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

domain-whitelist

Description Specify the AC type class-list for the domain-whitelist

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/class-list

host

Type: List

index

Description Specify AAA rule index

Type: number

Range: 1-256

match-encoded-uri

Description Enable URL decoding for URI matching

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

port

Description Specify port number for aaa-rule, default is 0 for all port numbers

Type: number

Range: 1-65535

sampling-enable

Type: List

uri

Type: List

user-agent

Type: List

user-tag

Description Customized tag

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

aaa-rule-list_sampling-enable¶

Specification Value

Type list

Block object keys

counters1

Description ‘all’: all; ‘total_count’: some help string; ‘hit_deny’: some help string; ‘hit_auth’: some help string; ‘hit_bypass’: some help string; ‘failure_bypass’: some help string;

Type: string

Supported Values: all, total_count, hit_deny, hit_auth, hit_bypass, failure_bypass

aaa-rule-list_uri¶

Specification Value

Type list

Block object keys

match-type

Description ‘contains’: Match URI if request URI contains specified URI; ‘ends-with’: Match URI if request URI ends with specified URI; ‘equals’: Match URI if request URI equals specified URI; ‘starts-with’: Match URI if request URI starts with specified URI;

Type: string

Supported Values: contains, ends-with, equals, starts-with

uri-str

Description Specify URI string

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

aaa-rule-list_user-agent¶

Specification Value

Type list

Block object keys

user-agent-match-type

Description ‘contains’: Match request User-Agent header if it contains specified string; ‘ends-with’: Match request User-Agent header if it ends with specified string; ‘equals’: Match request User-Agent header if it equals specified string; ‘starts-with’: Match request User-Agent header if it starts with specified string;

Type: string

Supported Values: contains, ends-with, equals, starts-with

user-agent-str

Description Specify request User-Agent string

Type: string

Format: string-rlx

Maximum Length: 511 characters

Maximum Length: 1 characters

aaa-rule-list_host¶

Specification Value

Type list

Block object keys

host-match-type

Description ‘contains’: Match HOST if request HTTP HOST header contains specified hostname; ‘ends-with’: Match HOST if request HTTP HOST header ends with specified hostname; ‘equals’: Match HOST if request HTTP HOST header equals specified hostname; ‘starts-with’: Match HOST if request HTTP HOST header starts with specified hostname;

Type: string

Supported Values: contains, ends-with, equals, starts-with

host-str

Description Specify URI string

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

aaa-rule-list_access-list¶

Specification Value

Type object

acl-id

Description ACL id

Type: number

Range: 1-199

Mutual Exclusion: acl-id and acl-name are mutually exclusive

Reference Object: /axapi/v3/access-list/standard

acl-name

Description ‘ip-name’: Apply an IP named access list; ‘ipv6-name’: Apply an IPv6 named access list;

Type: string

Supported Values: ip-name, ipv6-name

Mutual Exclusion: acl-name and acl-id are mutually exclusive

name

Description Specify Named Access List

Type: string

Maximum Length: 16 characters

Maximum Length: 1 characters

sampling-enable¶

Specification Value

Type list

Block object keys

counters1

Description ‘all’: all; ‘req’: Request; ‘req-reject’: Request Rejected; ‘req-auth’: Request Matching Authentication Template; ‘req-bypass’: Request Bypassed; ‘req-skip’: Request Skipped; ‘error’: Error; ‘failure-bypass’: Auth Failure Bypass;

Type: string

Supported Values: all, req, req-reject, req-auth, req-bypass, req-skip, error, failure-bypass