Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
347
Views
0
Helpful
1
Replies

Facing issue with service model with LIST construct

kbarve
Cisco Employee
Cisco Employee

‎07-10-2017 10:33 AM - edited ‎03-01-2019 03:55 AM

I am using CISCO ISO NED and trying to build a service model for 802.1x access policy configuration

Facing issue with "radius r1 server-ip 1.1.1.1 secret 111 auth-port 1 ".

In yang model i have defined radius as a list

list radius {

    tailf:cli-suppress-mode;

    leaf server-name {

      tailf:info "Specify name for radius server";

      mandatory true;

      type string;

    }

    leaf server-ip {

       tailf:info "Specify a RADIUS server <Hostname or A.B.C.D>";

       mandatory true;

       type inet:ipv4-address {

         pattern "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+";

       }

    }

    leaf auth-port {

       tailf:info "Specify UDP port for RADIUS authentication server";

       mandatory true;

       type uint16;

     }

    leaf secret {

       tailf:info "Specify encryption key for Radius Server";

       mandatory true;

       type string;

     }

   }

Issue is: multiple entries of radius server do get created but the values that i pass for the leaves are getting appended.  Show below in the output.

admin@ncs(config)# services switch-access-policy s2 radius-source-interface-type FastEthernet radius-source-interface-name 0/1 device SWITCH-0

admin@ncs(config-switch-access-policy-s2)# radius r1 server-ip 1.1.1.1 secret 111 auth-port 1                                          

admin@ncs(config-switch-access-policy-s2)# radius r2 server-ip 2.2.2.2 secret 112 auth-port 2                                         

admin@ncs(config-switch-access-policy-s2)# commit dry-run outformat native

native {                     

    device {

        name SWITCH-0

        data aaa new-model

             aaa authentication dot1x default group radius

             aaa authorization network default group radius

             ip radius source-interface FastEthernet0/1

             dot1x system-auth-control

             radius server r1

              address ipv4 1.1.1.12.2.2.2 auth-port 12

              key 111112

             !

             radius server r2

              address ipv4 1.1.1.12.2.2.2 auth-port 12

              key 111112

             !

    }

}

Can someone plz let me know the solution?

Labels:
0 Helpful
1 Reply 1

lmanor
Cisco Employee
Cisco Employee

‎07-11-2017 12:32 PM

Agree'd, strange behavior...

One thing that I did notice is that your list does not have a 'key' statement. Is this intended?

If this is a config list I believe a 'key' statement is needed:

list radius {

    tailf:cli-suppress-mode;

    key "server-name";

    leaf server-name {

      tailf:info "Specify name for radius server";

      mandatory true;

      type string;

    }

...

}

0 Helpful
Customers Also Viewed These Support Documents