close

keyboard_arrow_left

Table of Contents Expand all

Introduction
Get Started
play_arrow Apstra GUI
- Log in to Apstra GUI
- Reset Apstra GUI Admin Password
play_arrow Blueprints and Dashboard
- Create Datacenter Blueprint
- Blueprint Summaries and Dashboard
- Delete Datacenter Blueprint
play_arrow Analytics (Blueprints)
- Analytics Introduction
- play_arrow Dashboards
- play_arrow Anomalies
  - Anomalies (Analytics)
- play_arrow Widgets
- play_arrow Probes
- play_arrow Predefined Reports (Tech Preview)
- play_arrow Root Causes
  - Root Causes
play_arrow Staged (Datacenter Blueprints)
- Blueprint-Wide Search
- play_arrow Physical
- play_arrow Virtual
  - play_arrow Virtual Networks
  - play_arrow Routing Zones
  - Static Routes (Virtual)
  - Protocol Sessions (Virtual)
  - play_arrow Virtual Infrastructure
  - play_arrow Statistics
- play_arrow Policies
  - play_arrow Endpoints
  - Security Policies
  - Interface Policies
  - Routing Policies
  - Routing Zone (VRF) Constraints
  - play_arrow Routing Zone Policy (4.2.0)
    - Optimize Routing Zone Resource Usage (4.2.0)
- play_arrow Data Center Interconnect (DCI)
- play_arrow Catalog
  - play_arrow Logical Devices
    - Export Logical Device
  - play_arrow Interface Maps
    - Import Interface Map
    - Delete Interface Map (Blueprint)
  - play_arrow Property Sets
  - play_arrow Configlets
  - play_arrow AAA Servers
    - AAA Servers (Datacenter Blueprint)
  - play_arrow Tags
- play_arrow Tasks
  - Tasks (Datacenter) Staged
- play_arrow Connectivity Templates
- play_arrow Fabric Settings (4.2.1)
  - play_arrow Fabric Policy (4.2.1)
    - Update Fabric MTU (4.2.1)
    - Optimize Routing Zone Resource Usage (4.2.1)
  - play_arrow Severity Preferences (4.2.1)
    - Update Severity Preferences
- play_arrow Fabric Settings (4.2.0)
  - play_arrow Fabric Policy (4.2.0)
    - Enable IPv6 Applications
    - Update Fabric MTU (4.2.0)
  - play_arrow Virtual Network Policy (4.2.0)
    - Virtual Network Policy Introduction
    - Update Virtual Network Policy
  - play_arrow Anti-Affinity Policy (4.2.0)
    - Anti-Affinity Policy
  - play_arrow Validation Policy (4.2.0)
    - Update Validation Policy (Severity Preference)
- BGP Route Tagging
play_arrow Staged (Freeform Blueprints)
- Freeform Introduction
- play_arrow Blueprints
- play_arrow Physical
- play_arrow Resource Management
  - Resource Management Introduction (Freeform)
  - play_arrow Blueprint Resources
  - play_arrow Allocation Groups
    - Create Allocation Group (Freeform)
  - play_arrow Local Pools
    - Create Local Pool (Freeform)
    - Create Local Pool Generator (Freeform)
- play_arrow Catalog
  - play_arrow Config Templates
  - play_arrow Device Profiles
    - Import Device Profile (Freeform)
    - Delete Device Profile (Freeform Blueprint)
  - play_arrow Property Sets
  - play_arrow Tags
- play_arrow Tasks
  - Tasks - Staged (Freeform)
play_arrow Uncommitted (Blueprints)
- Uncommitted Introduction
- Commit / Revert Changes to Blueprint
play_arrow Active (Datacenter Blueprints)
- Active (Datacenter Blueprint)
- play_arrow Topology (Active)
- Nodes (Active)
- Links (Active)
- Racks (Active)
- Pods (Active)
- Query
- Anomalies (Service)
play_arrow Time Voyager (Blueprints)
- Time Voyager Introduction
- Roll Back Blueprint Revision
- Keep Blueprint Revision
- Change Number of Saved Blueprint Revisions
- Update Blueprint Revision Description
- Delete Blueprint Revision
play_arrow Devices
- Device Configuration Lifecycle
- play_arrow Managed Devices
- play_arrow System Agents
- play_arrow Pristine Config
  - Edit Pristine Config
  - Update Pristine Config from Device
- play_arrow Telemetry
  - Device Telemetry Services
  - All Telemetry Services
  - play_arrow Telemetry Service Registry
    - Service Registry
  - Telemetry Streaming
  - Route Anomalies for a Host - Example
  - Juniper Telemetry Commands
  - Cisco Telemetry Commands
  - Arista Telemetry Commands
  - Linux Server Telemetry Command
  - Debugging Telemetry
  - Extensible Telemetry Guide
- play_arrow Apstra ZTP
- play_arrow Device Profiles
play_arrow Design
- play_arrow Logical Devices
- play_arrow Interface Maps
- play_arrow Rack Types
- play_arrow Templates
- play_arrow Config Templates
  - Config Templates (Freeform Design)
- play_arrow Configlets (Datacenter)
- play_arrow Property Sets (Datacenter)
- play_arrow TCP/UDP Ports
- play_arrow Tags
play_arrow Resources
- Resources Introduction
- ASNs
- VNIs
- Integers
- IPv4 Addresses
- IPv6 Addresses
play_arrow Analytics
- play_arrow Apstra Flow
  - Apstra Flow Introduction
  - System Requirements
  - play_arrow Dashboards
    - Apstra Flow Dashboards
  - play_arrow Supported Flow Records
  - play_arrow Flow Enrichment
  - play_arrow Monitor Flow Data
    - Metrics
  - play_arrow Configuration Reference
  - play_arrow API
    - API Endpoints Options
  - play_arrow Additional Documentation
  - play_arrow Knowledge Base
play_arrow External Systems (RBAC Providers)
- play_arrow Providers
- play_arrow Provider Role Mapping
play_arrow Platform
- play_arrow User / Role Management
  - User / Role Management Introduction
  - play_arrow Users
  - play_arrow Roles
- play_arrow Security
- Syslog Configuration (Platform)
- Receivers (Platform)
- Global Statistics (Platform)
- Event Log (Audit Log)
- play_arrow Apstra VM Clusters
- play_arrow Developers
- play_arrow Technical Support
- Check Apstra Versions and Patent Numbers
Favorites & User
play_arrow Apstra Server Management
- Apstra Server Introduction
- Monitor Apstra Server via CLI
- Restart Apstra Server
- Reset Apstra Server VM Password
- Reinstall Apstra Server
- Apstra Database Overview
- Back up Apstra Database
- Restore Apstra Database
- Reset Apstra Database
- Migrate Apstra Database
- Replace SSL Certificate on Apstra Server with Signed One
- Replace SSL Certificate on Apstra Server with Self-Signed One
- Change Apstra Server Hostname
Apstra CLI Utility
play_arrow Guides
- 5-Stage Clos Architecture
- Juniper EVPN Support
- Intent-Based Analytics with apstra-cli Utility
- AOSOM-Streaming Guide
play_arrow References
- play_arrow Feature Matrix
  - Apstra 4.2.1 Feature Matrix
  - Apstra 4.2.0 Feature Matrix
- play_arrow Devices
- play_arrow Analytics
- Configlet Examples (Design)
- play_arrow Apstra CLI Commands
  - Apstra CLI Commands
- Apstra EVPN Support Addendum
- Apstra Server Configuration File
- Graph
- Juniper Apstra Technology Preview

list Table of Contents

English

AAA Servers (Datacenter Blueprint)

Release: Juniper Apstra 4.2

date_range 07-Feb-24

arrow_backward

arrow_forward

AAA Servers Overview

AAA servers are used with interface policies. AAA servers include the following details:

Parameter	Description
Label	To identify the AAA server
Server Type	RADIUS 802.1x - If an 802.1x policy is bound to at least one interface on a switch, all defined AAA RADIUS 802.1x servers will be added to that switch. The server is not rendered unless it is needed. RADIUS COA (Change of Authorization) - Used by switches to enable Dynamic Authorization Server (DAS) requests from RADIUS servers. This enables the switch to 'trust' the given RADIUS server to do assign dynamic VLANs after authentication instead of during auth. All RADIUS COA implementations are hard-coded to auth port 3799.
Hostname
Auth Ports
Accounting Port	optional

From the blueprint, navigate to Staged > Catalog > AAA Servers to go to the AAA servers catalog. You can create, clone, edit, and delete AAA servers.

Create AAA Server

From the blueprint, navigate to Staged > Catalog > AAA Servers and click Create AAA Server.
Enter a label, select the server type (RADIUS 802.1x, RADIUS COA), enter a hostname, key, auth port, and (optional) accounting port.
Click Create to stage the server and return to the table view.

Edit AAA Server

From the blueprint, navigate to Staged > Catalog > AAA Servers and click the Edit button for the AAA server to edit.
Make your changes, then click Update to stage the update and return to the table view.

Delete AAA Server

From the blueprint, navigate to Staged > Catalog > AAA Servers and click the Delete button for the AAA server to delete.
Click Delete to stage the deletion and return to the table view.

Configure AAA RADIUS Server

Configuring AAA RADIUS servers are external to Apstra software. The example below shows the files to configure for FreeRADIUS.

/etc/freeradius/clients.conf -- has credentials for each switch

content_copy zoom_out_map
client Arista-7280SR-48C6-1 {
    shortname = Arista-7280SR-48C6-1
    ipaddr    = 172.20.191.10
    secret    = testing123
    nastype   = other
}

/etc/freeradius/users -- has users and MAC addresses to authenticate. Tunnel-Private-Group-Id shows a dynamic VLAN ID, which is optional.

content_copy zoom_out_map
leaf1-server1 ClearText-Password := "password"

"52:54:00:37:d5:e1" Cleartext-Password := "52:54:00:37:d5:e1"
    Tunnel-Type = VLAN,
    Tunnel-Medium-Type = IEEE-802,
    Tunnel-Private-Group-Id = "50"

This example shows a simple credential; when you configure you may use any EAP method that both the client and RADIUS server support.

Configure Client Supplicant

Configuring client supplicant is external to Apstra software. The following is an example for wpa_supplicant.

/etc/wpa_supplicant/aos_wpa_supplicant.conf

content_copy zoom_out_map
# Ansible managed
ctrl_interface=/var/run/wpa_supplicant
# Default version is 0 - ensure we're using modern protocols.
eapol_version=2
# Don't scan for wifi.
ap_scan=0
# Hosts will be configured to authenticate with usernames that match their
# Slicer DUT name, configured in radius_server playbook.
network={
    key_mgmt=IEEE8021X
    eap=TTLS MD5
    identity="leaf1-server1"
    anonymous_identity="leaf1-server1"
    password="password"
    phase1="auth=MD5"
    phase2="auth=PAP password=password"
    eapol_flags=0
}

arrow_backward PREVIOUS Delete Configlet (Blueprint)

NEXT arrow_forward Tags (Datacenter Blueprint)

Juniper Apstra 4.2.2 / 4.2.1 / 4.2.0 User Guide

ON THIS PAGE