Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

aaa

Syntax

Hierarchy Level

Description

Specify that extended authentication is performed in addition to IKE Phase 1 authentication for remote users trying to access a VPN tunnel. This authentication can be through Extended Authentication (XAuth) or Extensible Authentication Protocol (EAP). Include a previously created access profile, configured with the edit access profile statement, to specify the access profile to be used for authentication information.

Options

access-profile profile-name

Name of the previously created access profile to use for extended authentication for remote users trying to access a VPN.
config-payload-password

Specify common client password for IKEv2 configuration payload with 1 to 128 characters.
client

Specify an AAA client uername and password for each configured authenticator that is allowed to request authentications for supplicants.

  • password—AAA client password with 1 to 128 characters.

  • username—AAA client username with 1 to 128 characters.
no-push-to-identity-management

(Optional) Specify the option to prevent pushing of the connection states to the identity management server.
use-routing-instance-address

Specify an AAA address from pool configured in routing-instance of type virtual-router.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 15.1X49-D80.

config-payload-password option added in Junos OS Release 20.1R1.

no-push-to-identity-management option added in Junos OS Release 24.4R1.

Related Documentation