EasyManuals Logo

Cisco CRS-1 - Carrier Routing System Router Configuration Guide

Cisco CRS-1 - Carrier Routing System Router
232 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #20 background imageLoading...
Page #20 background image
Configuring AAA Services on Cisco IOS XR Software
Information About Configuring AAA Services
SC-14
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
OL-20382-01
Whereas, in administration EXEC mode, a user needs to be associated to both admin and system (read)
task IDs and operations, as shown in the following example:
RP/0/RP0/CPU0:router# admin
RP/0/RP0/CPU0:router(admin)# show redundancy
Task IDs for TACACS+ and RADIUS Authenticated Users
Cisco IOS XR AAA provides the following means of assigning task permissions for users authenticated
with the TACACS+ and RADIUS methods:
Specify the text version of the task map directly in the configuration file of the external TACACS+
and RADIUS servers.
See the “Task Maps” section for more details.
Specify the privilege level in the configuration file of the external TACACS+ and RADIUS servers.
See the “Privilege Level Mapping” section for more details.
Create a local user with the same username as the user authenticating with the TACACS+ and
RADIUS methods.
Specify, by configuration, a default task group whose permissions are applied to any user
authenticating with the TACACS+ and RADIUS methods.
Task Maps
For users who are authenticated using an external TACACS+ server and RADIUS server, Cisco IOS XR
AAA supports a method to define task IDs remotely.
Format of the Task String
The task string in the configuration file of the TACACS+ server consists of tokens delimited by a comma
(,). Each token contains either a task ID name and its permissions or the user group to include for this
particular user, as shown in the following example:
task = “permissions:taskid name, #usergroup name, ...
Note Cisco IOS XR allows you to specify task IDs as an attribute in the external RADIUS or TACACS+
server. If the server is also shared by non-Cisco
IOS XR systems, these attributes are marked as optional
as indicated by the server documentation. For example, CiscoSecure ACS and the freeware TACACS+
server from Cisco require an asterisk (*) instead of an equal sign (=) before the attribute value for
optional attributes. If you want to configure attributes as optional, refer to the TACACS+ server
documentation.

Table of Contents

Other manuals for Cisco CRS-1 - Carrier Routing System Router

Preview: Administration Guide
Administration Guide436 pages
Preview: Troubleshooting Guide
Troubleshooting Guide264 pages
Preview: Migration Guide
Migration Guide250 pages
Preview: Getting Started Guide
Getting Started Guide289 pages
Preview: Api Guide
Api Guide127 pages
Preview: Hardware Installation Guide
Hardware Installation Guide104 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco CRS-1 - Carrier Routing System Router and is the answer not in the manual?

Cisco CRS-1 - Carrier Routing System Router Specifications

General IconGeneral
BrandCisco
ModelCRS-1 - Carrier Routing System Router
CategoryNetwork Router
LanguageEnglish

Related product manuals