Configuring AAA Services on Cisco IOS XR Software
How to Configure AAA Services
SC-44
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
OL-20382-01
• group tacacs+—Uses the list of all configured TACACS+ servers for authorization.
• group radius—Uses the list of all configured RADIUS servers for authorization.
• group group-name—Uses a named subset of TACACS+ or RADIUS servers for authorization.
SUMMARY STEPS
1. configure
2. aaa authorization {commands | eventmanager | exec | network} {default | list-name} {none |
local | group {tacacs+ | radius | group-name}}
3. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1
configure
Example:
RP/0/RP0/CPU0:router# configure
Enters global configuration mode.
Step 2
aaa authorization {commands | eventmanager |
exec | network} {default | list-name} {none |
local | group {tacacs+ | radius | group-name}}
Example:
RP/0/RP0/CPU0:router(config)# aaa authorization
commands listname1 group tacacs+
Creates a series of authorization methods, or a method list.
• The commands keyword configures authorization for
all EXEC shell commands. Command authorization
applies to the EXEC mode commands issued by a user.
Command authorization attempts authorization for all
EXEC mode commands.
• The eventmanager keyword applies an authorization
method for authorizing an event manager (fault
manager).
• The exec keyword configures authorization for an
interactive (EXEC) session.
• The network keyword configures authorization for
network services like PPP or IKE.
• The default keyword causes the listed authorization
methods that follow this keyword to be the default list
of methods for authorization.
To Next Page
Loading...
Need help?
General
