Fortinet white logo
Fortinet white logo

CLI Reference

config vpn ssl settings

config vpn ssl settings

Configure SSL VPN.

config vpn ssl settings
    Description: Configure SSL VPN.
    set reqclientcert [enable|disable]
    set sslv3 [enable|disable]
    set tlsv1-0 [enable|disable]
    set tlsv1-1 [enable|disable]
    set tlsv1-2 [enable|disable]
    set banned-cipher [RSA|DH|...]
    set ssl-big-buffer [enable|disable]
    set ssl-insert-empty-fragment [enable|disable]
    set https-redirect [enable|disable]
    set ssl-client-renegotiation [disable|enable]
    set force-two-factor-auth [enable|disable]
    set unsafe-legacy-renegotiation [enable|disable]
    set servercert {string}
    set algorithm [high|medium|...]
    set idle-timeout {integer}
    set auth-timeout {integer}
    set login-attempt-limit {integer}
    set login-block-time {integer}
    set login-timeout {integer}
    set dtls-hello-timeout {integer}
    config tunnel-ip-pools
        Description: Names of the IPv4 IP Pool firewall objects that define the IP addresses reserved for remote clients.
        edit <name>
        next
    end
    config tunnel-ipv6-pools
        Description: Names of the IPv6 IP Pool firewall objects that define the IP addresses reserved for remote clients.
        edit <name>
        next
    end
    set dns-suffix {var-string}
    set dns-server1 {ipv4-address}
    set dns-server2 {ipv4-address}
    set wins-server1 {ipv4-address}
    set wins-server2 {ipv4-address}
    set ipv6-dns-server1 {ipv6-address}
    set ipv6-dns-server2 {ipv6-address}
    set ipv6-wins-server1 {ipv6-address}
    set ipv6-wins-server2 {ipv6-address}
    set route-source-interface [enable|disable]
    set url-obscuration [enable|disable]
    set http-compression [enable|disable]
    set http-only-cookie [enable|disable]
    set deflate-compression-level {integer}
    set deflate-min-data-size {integer}
    set port {integer}
    set port-precedence [enable|disable]
    set auto-tunnel-static-route [enable|disable]
    set header-x-forwarded-for [pass|add|...]
    config source-interface
        Description: SSL VPN source interface of incoming traffic.
        edit <name>
        next
    end
    config source-address
        Description: Source address of incoming traffic.
        edit <name>
        next
    end
    set source-address-negate [enable|disable]
    config source-address6
        Description: IPv6 source address of incoming traffic.
        edit <name>
        next
    end
    set source-address6-negate [enable|disable]
    set default-portal {string}
    config authentication-rule
        Description: Authentication rule for SSL VPN.
        edit <id>
            config source-interface
                Description: SSL VPN source interface of incoming traffic.
                edit <name>
                next
            end
            config source-address
                Description: Source address of incoming traffic.
                edit <name>
                next
            end
            set source-address-negate [enable|disable]
            config source-address6
                Description: IPv6 source address of incoming traffic.
                edit <name>
                next
            end
            set source-address6-negate [enable|disable]
            config users
                Description: User name.
                edit <name>
                next
            end
            config groups
                Description: User groups.
                edit <name>
                next
            end
            set portal {string}
            set realm {string}
            set client-cert [enable|disable]
            set cipher [any|high|...]
            set auth [any|local|...]
        next
    end
    set dtls-tunnel [enable|disable]
    set check-referer [enable|disable]
    set http-request-header-timeout {integer}
    set http-request-body-timeout {integer}
end

config vpn ssl settings

Parameter

Description

Type

Size

reqclientcert

Enable to require client certificates for all SSL-VPN users.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

sslv3

sslv3

option

-

Option

Description

enable

enable

disable

disable

tlsv1-0

Enable/disable TLSv1.0.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

tlsv1-1

Enable/disable TLSv1.1.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

tlsv1-2

Enable/disable TLSv1.2.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

banned-cipher

Select one or more cipher technologies that cannot be used in SSL-VPN negotiations.

option

-

Option

Description

RSA

Ban the use of cipher suites using RSA key.

DH

Ban the use of cipher suites using DH.

DHE

Ban the use of cipher suites using authenticated ephemeral DH key agreement.

ECDH

Ban the use of cipher suites using ECDH key exchange.

ECDHE

Ban the use of cipher suites using authenticated ephemeral ECDH key agreement.

DSS

Ban the use of cipher suites using DSS authentication.

ECDSA

Ban the use of cipher suites using ECDSA authentication.

AES

Ban the use of cipher suites using either 128 or 256 bit AES.

AESGCM

Ban the use of cipher suites AES in Galois Counter Mode (GCM).

CAMELLIA

Ban the use of cipher suites using either 128 or 256 bit CAMELLIA.

3DES

Ban the use of cipher suites using triple DES

SHA1

Ban the use of cipher suites using SHA1.

SHA256

Ban the use of cipher suites using SHA256.

SHA384

Ban the use of cipher suites using SHA384.

STATIC

Ban the use of cipher suites using static keys.

ssl-big-buffer

Disable using the big SSLv3 buffer feature to save memory and force higher security.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

ssl-insert-empty-fragment

Enable/disable insertion of empty fragment.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

https-redirect

Enable/disable redirect of port 80 to SSL-VPN port.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

ssl-client-renegotiation

Enable to allow client renegotiation by the server if the tunnel goes down.

option

-

Option

Description

disable

Abort any SSL connection that attempts to renegotiate.

enable

Allow a SSL client to renegotiate.

force-two-factor-auth

Enable to force two-factor authentication for all SSL-VPNs.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

unsafe-legacy-renegotiation

Enable/disable unsafe legacy re-negotiation.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

servercert

Name of the server certificate to be used for SSL-VPNs.

string

Maximum length: 35

algorithm

Force the SSL-VPN security level. High allows only high. Medium allows medium and high. Low allows any.

option

-

Option

Description

high

High algorithms.

medium

High and medium algorithms.

default

default

low

All algorithms.

idle-timeout

SSL VPN disconnects if idle for specified time in seconds.

integer

Minimum value: 0 Maximum value: 259200

auth-timeout

SSL-VPN authentication timeout.

integer

Minimum value: 0 Maximum value: 259200

login-attempt-limit

SSL VPN maximum login attempt times before block.

integer

Minimum value: 0 Maximum value: 4294967295

login-block-time

Time for which a user is blocked from logging in after too many failed login attempts.

integer

Minimum value: 0 Maximum value: 4294967295

login-timeout

SSLVPN maximum login timeout.

integer

Minimum value: 10 Maximum value: 180

dtls-hello-timeout

SSLVPN maximum DTLS hello timeout.

integer

Minimum value: 10 Maximum value: 60

dns-suffix

DNS suffix used for SSL-VPN clients.

var-string

Maximum length: 253

dns-server1

DNS server 1.

ipv4-address

Not Specified

dns-server2

DNS server 2.

ipv4-address

Not Specified

wins-server1

WINS server 1.

ipv4-address

Not Specified

wins-server2

WINS server 2.

ipv4-address

Not Specified

ipv6-dns-server1

IPv6 DNS server 1.

ipv6-address

Not Specified

ipv6-dns-server2

IPv6 DNS server 2.

ipv6-address

Not Specified

ipv6-wins-server1

IPv6 WINS server 1.

ipv6-address

Not Specified

ipv6-wins-server2

IPv6 WINS server 2.

ipv6-address

Not Specified

route-source-interface

Enable to allow SSL-VPN sessions to bypass routing and bind to the incoming interface.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

url-obscuration

Enable to obscure the host name of the URL of the web browser display.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

http-compression

Enable to allow HTTP compression over SSL-VPN tunnels.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

http-only-cookie

Enable/disable SSL-VPN support for HttpOnly cookies.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

deflate-compression-level

Compression level (0~9).

integer

Minimum value: 0 Maximum value: 9

deflate-min-data-size

Minimum amount of data that triggers compression.

integer

Minimum value: 200 Maximum value: 65535

port

SSL-VPN access port.

integer

Minimum value: 1 Maximum value: 65535

port-precedence

Enable means that if SSL-VPN connections are allowed on an interface admin GUI connections are blocked on that interface.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

auto-tunnel-static-route

Enable to auto-create static routes for the SSL-VPN tunnel IP addresses.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

header-x-forwarded-for

Forward the same, add, or remove HTTP header.

option

-

Option

Description

pass

Forward the same HTTP header.

add

Add the HTTP header.

remove

Remove the HTTP header.

source-address-negate

Enable/disable negated source address match.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

source-address6-negate

Enable/disable negated source IPv6 address match.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

default-portal

Default SSL VPN portal.

string

Maximum length: 35

dtls-tunnel

Enable DTLS to prevent eavesdropping, tampering, or message forgery.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

check-referer

Enable/disable verification of referer field in HTTP request header.

option

-

Option

Description

enable

Enable verification of referer field in HTTP request header.

disable

Disable verification of referer field in HTTP request header.

http-request-header-timeout

SSL-VPN session is disconnected if an HTTP request header is not received within this time.

integer

Minimum value: 0 Maximum value: 4294967295

http-request-body-timeout

SSL-VPN session is disconnected if an HTTP request body is not received within this time.

integer

Minimum value: 0 Maximum value: 4294967295

config tunnel-ip-pools

Parameter

Description

Type

Size

name

Address name.

string

Maximum length: 64

config tunnel-ipv6-pools

Parameter

Description

Type

Size

name

Address name.

string

Maximum length: 64

config source-interface

Parameter

Description

Type

Size

name

Interface name.

string

Maximum length: 35

config source-interface

Parameter

Description

Type

Size

name

Interface name.

string

Maximum length: 35

config source-address

Parameter

Description

Type

Size

name

Address name.

string

Maximum length: 64

config source-address

Parameter

Description

Type

Size

name

Address name.

string

Maximum length: 64

config source-address6

Parameter

Description

Type

Size

name

IPv6 address name.

string

Maximum length: 64

config source-address6

Parameter

Description

Type

Size

name

IPv6 address name.

string

Maximum length: 64

config authentication-rule

Parameter

Description

Type

Size

id

ID.

integer

Minimum value: 0 Maximum value: 4294967295

source-address-negate

Enable/disable negated source address match.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

source-address6-negate

Enable/disable negated source IPv6 address match.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

portal

SSL VPN portal.

string

Maximum length: 35

realm

SSL VPN realm.

string

Maximum length: 35

client-cert

Enable/disable SSL VPN client certificate restrictive.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

cipher

SSL VPN cipher strength.

option

-

Option

Description

any

Any cipher strength.

high

High cipher strength (>= 168 bits).

medium

Medium cipher strength (>= 128 bits).

auth

SSL VPN authentication method restriction.

option

-

Option

Description

any

Any

local

Local

radius

RADIUS

tacacs+

TACACS+

ldap

LDAP

config source-interface

Parameter

Description

Type

Size

name

Interface name.

string

Maximum length: 35

config source-interface

Parameter

Description

Type

Size

name

Interface name.

string

Maximum length: 35

config source-address

Parameter

Description

Type

Size

name

Address name.

string

Maximum length: 64

config source-address

Parameter

Description

Type

Size

name

Address name.

string

Maximum length: 64

config source-address6

Parameter

Description

Type

Size

name

IPv6 address name.

string

Maximum length: 64

config source-address6

Parameter

Description

Type

Size

name

IPv6 address name.

string

Maximum length: 64

config users

Parameter

Description

Type

Size

name

User name.

string

Maximum length: 64

config groups

Parameter

Description

Type

Size

name

Group name.

string

Maximum length: 64

config vpn ssl settings

config vpn ssl settings

Configure SSL VPN.

config vpn ssl settings
    Description: Configure SSL VPN.
    set reqclientcert [enable|disable]
    set sslv3 [enable|disable]
    set tlsv1-0 [enable|disable]
    set tlsv1-1 [enable|disable]
    set tlsv1-2 [enable|disable]
    set banned-cipher [RSA|DH|...]
    set ssl-big-buffer [enable|disable]
    set ssl-insert-empty-fragment [enable|disable]
    set https-redirect [enable|disable]
    set ssl-client-renegotiation [disable|enable]
    set force-two-factor-auth [enable|disable]
    set unsafe-legacy-renegotiation [enable|disable]
    set servercert {string}
    set algorithm [high|medium|...]
    set idle-timeout {integer}
    set auth-timeout {integer}
    set login-attempt-limit {integer}
    set login-block-time {integer}
    set login-timeout {integer}
    set dtls-hello-timeout {integer}
    config tunnel-ip-pools
        Description: Names of the IPv4 IP Pool firewall objects that define the IP addresses reserved for remote clients.
        edit <name>
        next
    end
    config tunnel-ipv6-pools
        Description: Names of the IPv6 IP Pool firewall objects that define the IP addresses reserved for remote clients.
        edit <name>
        next
    end
    set dns-suffix {var-string}
    set dns-server1 {ipv4-address}
    set dns-server2 {ipv4-address}
    set wins-server1 {ipv4-address}
    set wins-server2 {ipv4-address}
    set ipv6-dns-server1 {ipv6-address}
    set ipv6-dns-server2 {ipv6-address}
    set ipv6-wins-server1 {ipv6-address}
    set ipv6-wins-server2 {ipv6-address}
    set route-source-interface [enable|disable]
    set url-obscuration [enable|disable]
    set http-compression [enable|disable]
    set http-only-cookie [enable|disable]
    set deflate-compression-level {integer}
    set deflate-min-data-size {integer}
    set port {integer}
    set port-precedence [enable|disable]
    set auto-tunnel-static-route [enable|disable]
    set header-x-forwarded-for [pass|add|...]
    config source-interface
        Description: SSL VPN source interface of incoming traffic.
        edit <name>
        next
    end
    config source-address
        Description: Source address of incoming traffic.
        edit <name>
        next
    end
    set source-address-negate [enable|disable]
    config source-address6
        Description: IPv6 source address of incoming traffic.
        edit <name>
        next
    end
    set source-address6-negate [enable|disable]
    set default-portal {string}
    config authentication-rule
        Description: Authentication rule for SSL VPN.
        edit <id>
            config source-interface
                Description: SSL VPN source interface of incoming traffic.
                edit <name>
                next
            end
            config source-address
                Description: Source address of incoming traffic.
                edit <name>
                next
            end
            set source-address-negate [enable|disable]
            config source-address6
                Description: IPv6 source address of incoming traffic.
                edit <name>
                next
            end
            set source-address6-negate [enable|disable]
            config users
                Description: User name.
                edit <name>
                next
            end
            config groups
                Description: User groups.
                edit <name>
                next
            end
            set portal {string}
            set realm {string}
            set client-cert [enable|disable]
            set cipher [any|high|...]
            set auth [any|local|...]
        next
    end
    set dtls-tunnel [enable|disable]
    set check-referer [enable|disable]
    set http-request-header-timeout {integer}
    set http-request-body-timeout {integer}
end

config vpn ssl settings

Parameter

Description

Type

Size

reqclientcert

Enable to require client certificates for all SSL-VPN users.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

sslv3

sslv3

option

-

Option

Description

enable

enable

disable

disable

tlsv1-0

Enable/disable TLSv1.0.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

tlsv1-1

Enable/disable TLSv1.1.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

tlsv1-2

Enable/disable TLSv1.2.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

banned-cipher

Select one or more cipher technologies that cannot be used in SSL-VPN negotiations.

option

-

Option

Description

RSA

Ban the use of cipher suites using RSA key.

DH

Ban the use of cipher suites using DH.

DHE

Ban the use of cipher suites using authenticated ephemeral DH key agreement.

ECDH

Ban the use of cipher suites using ECDH key exchange.

ECDHE

Ban the use of cipher suites using authenticated ephemeral ECDH key agreement.

DSS

Ban the use of cipher suites using DSS authentication.

ECDSA

Ban the use of cipher suites using ECDSA authentication.

AES

Ban the use of cipher suites using either 128 or 256 bit AES.

AESGCM

Ban the use of cipher suites AES in Galois Counter Mode (GCM).

CAMELLIA

Ban the use of cipher suites using either 128 or 256 bit CAMELLIA.

3DES

Ban the use of cipher suites using triple DES

SHA1

Ban the use of cipher suites using SHA1.

SHA256

Ban the use of cipher suites using SHA256.

SHA384

Ban the use of cipher suites using SHA384.

STATIC

Ban the use of cipher suites using static keys.

ssl-big-buffer

Disable using the big SSLv3 buffer feature to save memory and force higher security.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

ssl-insert-empty-fragment

Enable/disable insertion of empty fragment.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

https-redirect

Enable/disable redirect of port 80 to SSL-VPN port.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

ssl-client-renegotiation

Enable to allow client renegotiation by the server if the tunnel goes down.

option

-

Option

Description

disable

Abort any SSL connection that attempts to renegotiate.

enable

Allow a SSL client to renegotiate.

force-two-factor-auth

Enable to force two-factor authentication for all SSL-VPNs.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

unsafe-legacy-renegotiation

Enable/disable unsafe legacy re-negotiation.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

servercert

Name of the server certificate to be used for SSL-VPNs.

string

Maximum length: 35

algorithm

Force the SSL-VPN security level. High allows only high. Medium allows medium and high. Low allows any.

option

-

Option

Description

high

High algorithms.

medium

High and medium algorithms.

default

default

low

All algorithms.

idle-timeout

SSL VPN disconnects if idle for specified time in seconds.

integer

Minimum value: 0 Maximum value: 259200

auth-timeout

SSL-VPN authentication timeout.

integer

Minimum value: 0 Maximum value: 259200

login-attempt-limit

SSL VPN maximum login attempt times before block.

integer

Minimum value: 0 Maximum value: 4294967295

login-block-time

Time for which a user is blocked from logging in after too many failed login attempts.

integer

Minimum value: 0 Maximum value: 4294967295

login-timeout

SSLVPN maximum login timeout.

integer

Minimum value: 10 Maximum value: 180

dtls-hello-timeout

SSLVPN maximum DTLS hello timeout.

integer

Minimum value: 10 Maximum value: 60

dns-suffix

DNS suffix used for SSL-VPN clients.

var-string

Maximum length: 253

dns-server1

DNS server 1.

ipv4-address

Not Specified

dns-server2

DNS server 2.

ipv4-address

Not Specified

wins-server1

WINS server 1.

ipv4-address

Not Specified

wins-server2

WINS server 2.

ipv4-address

Not Specified

ipv6-dns-server1

IPv6 DNS server 1.

ipv6-address

Not Specified

ipv6-dns-server2

IPv6 DNS server 2.

ipv6-address

Not Specified

ipv6-wins-server1

IPv6 WINS server 1.

ipv6-address

Not Specified

ipv6-wins-server2

IPv6 WINS server 2.

ipv6-address

Not Specified

route-source-interface

Enable to allow SSL-VPN sessions to bypass routing and bind to the incoming interface.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

url-obscuration

Enable to obscure the host name of the URL of the web browser display.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

http-compression

Enable to allow HTTP compression over SSL-VPN tunnels.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

http-only-cookie

Enable/disable SSL-VPN support for HttpOnly cookies.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

deflate-compression-level

Compression level (0~9).

integer

Minimum value: 0 Maximum value: 9

deflate-min-data-size

Minimum amount of data that triggers compression.

integer

Minimum value: 200 Maximum value: 65535

port

SSL-VPN access port.

integer

Minimum value: 1 Maximum value: 65535

port-precedence

Enable means that if SSL-VPN connections are allowed on an interface admin GUI connections are blocked on that interface.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

auto-tunnel-static-route

Enable to auto-create static routes for the SSL-VPN tunnel IP addresses.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

header-x-forwarded-for

Forward the same, add, or remove HTTP header.

option

-

Option

Description

pass

Forward the same HTTP header.

add

Add the HTTP header.

remove

Remove the HTTP header.

source-address-negate

Enable/disable negated source address match.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

source-address6-negate

Enable/disable negated source IPv6 address match.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

default-portal

Default SSL VPN portal.

string

Maximum length: 35

dtls-tunnel

Enable DTLS to prevent eavesdropping, tampering, or message forgery.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

check-referer

Enable/disable verification of referer field in HTTP request header.

option

-

Option

Description

enable

Enable verification of referer field in HTTP request header.

disable

Disable verification of referer field in HTTP request header.

http-request-header-timeout

SSL-VPN session is disconnected if an HTTP request header is not received within this time.

integer

Minimum value: 0 Maximum value: 4294967295

http-request-body-timeout

SSL-VPN session is disconnected if an HTTP request body is not received within this time.

integer

Minimum value: 0 Maximum value: 4294967295

config tunnel-ip-pools

Parameter

Description

Type

Size

name

Address name.

string

Maximum length: 64

config tunnel-ipv6-pools

Parameter

Description

Type

Size

name

Address name.

string

Maximum length: 64

config source-interface

Parameter

Description

Type

Size

name

Interface name.

string

Maximum length: 35

config source-interface

Parameter

Description

Type

Size

name

Interface name.

string

Maximum length: 35

config source-address

Parameter

Description

Type

Size

name

Address name.

string

Maximum length: 64

config source-address

Parameter

Description

Type

Size

name

Address name.

string

Maximum length: 64

config source-address6

Parameter

Description

Type

Size

name

IPv6 address name.

string

Maximum length: 64

config source-address6

Parameter

Description

Type

Size

name

IPv6 address name.

string

Maximum length: 64

config authentication-rule

Parameter

Description

Type

Size

id

ID.

integer

Minimum value: 0 Maximum value: 4294967295

source-address-negate

Enable/disable negated source address match.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

source-address6-negate

Enable/disable negated source IPv6 address match.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

portal

SSL VPN portal.

string

Maximum length: 35

realm

SSL VPN realm.

string

Maximum length: 35

client-cert

Enable/disable SSL VPN client certificate restrictive.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

cipher

SSL VPN cipher strength.

option

-

Option

Description

any

Any cipher strength.

high

High cipher strength (>= 168 bits).

medium

Medium cipher strength (>= 128 bits).

auth

SSL VPN authentication method restriction.

option

-

Option

Description

any

Any

local

Local

radius

RADIUS

tacacs+

TACACS+

ldap

LDAP

config source-interface

Parameter

Description

Type

Size

name

Interface name.

string

Maximum length: 35

config source-interface

Parameter

Description

Type

Size

name

Interface name.

string

Maximum length: 35

config source-address

Parameter

Description

Type

Size

name

Address name.

string

Maximum length: 64

config source-address

Parameter

Description

Type

Size

name

Address name.

string

Maximum length: 64

config source-address6

Parameter

Description

Type

Size

name

IPv6 address name.

string

Maximum length: 64

config source-address6

Parameter

Description

Type

Size

name

IPv6 address name.

string

Maximum length: 64

config users

Parameter

Description

Type

Size

name

User name.

string

Maximum length: 64

config groups

Parameter

Description

Type

Size

name

Group name.

string

Maximum length: 64