Configuring AAA Services on Cisco IOS XR Software
How to Configure AAA Services
SC-39
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
OL-20382-01
What to Do Next
After configuring TACACS+ server groups, define method lists by configuring authentication,
authorization, and accounting. (See the
“Configuring AAA Method Lists” section.)
Configuring AAA Method Lists
AAA data may be stored in a variety of data sources. AAA configuration uses method lists to define an
order of preference for the source of AAA data. AAA may define more than one method list and
applications (such as login) can choose one of them. For example, console and aux ports may use one
method list and the vty ports may use another. If a method list is not specified, the application tries to
use a default method list.
This section contains the following procedures:
• Configuring Authentication Method Lists, page SC-40 (required)
• Configuring Authorization Method Lists, page SC-42 (required)
• Configuring Accounting Method Lists, page SC-46 (required)
Step 4
Repeat Step 3 for every external server to be added to
the server group named in Step 2.
—
Step 5
end
or
commit
Example:
RP/0/RP0/CPU0:router(config-sg-tacacs+)# end
or
RP/0/RP0/CPU0:router(config-sg-tacacs+)# commit
Saves configuration changes.
• When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
–
Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
–
Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
–
Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Step 6
show tacacs server-groups
Example:
RP/0/RP0/CPU0:router# show tacacs server-groups
(Optional) Displays information about each TACACS+
server group that is configured in the system.
Command or Action Purpose
To Next Page
Loading...
Need help?
General
