Name: Cisco IOS XR
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

Configuring AAA Services on Cisco IOS XR Software

Information About Configuring AAA Services

SC-181

Cisco IOS XR System Security Configuration Guide

Task: ext-access :READ EXECUTE

Task: logging :READ

Alternatively, if a user named user2, who does not have a task string, logs in to the external server, the

following information is displayed:

Username:user2

Password:

RP/0/RP0/CPU0:router# show user tasks

No task ids available

Privilege Level Mapping

For compatibility with TACACS+ daemons that do not support the concept of task IDs, AAA supports a

mapping between privilege levels defined for the user in the external TACACS+ server configuration file

and local user groups. Following TACACS+ authentication, the task map of the user group that has been

mapped from the privilege level returned from the external TACACS+ server is assigned to the user. For

example, if a privilege level of 5 is returned from the external TACACS server, AAA attempts to get the

task map of the local user group priv5. This mapping process is similar for other privilege levels from 1

to 13. For privilege level 15, the root-system user group is used; privilege level 14 maps to the user group

owner-sdr.

For example, with the Cisco freeware tac plus server, the configuration file has to specify priv_lvl in its

configuration file, as shown in the following example:

user = sampleuser1{

member = bar

service = exec-ext {

priv_lvl = 5

}

The number 5 in this example can be replaced with any privilege level that has to be assigned to the user

sampleuser.

With the RADIUS server, task IDs are defined using the Cisco-AVPair, as shown in the following

example:

user = sampleuser2{

member = bar

Cisco-AVPair = "shell:tasks=#root-system,#cisco-support"{

Cisco-AVPair = "shell:priv-lvl=10"

}

XML Schema for AAA Services

The eXtensible Markup Language (XML) interface uses requests and responses in XML document

format to configure and monitor AAA. The AAA components publish the XML schema corresponding

to the content and structure of the data used for configuration and monitoring. The XML tools and

applications use the schema to communicate to the XML agent for performing the configuration.

The following schema are published by AAA:

• Authentication, Authorization and Accounting configuration

• User, user group, and task group configuration

Questions and Answers:

Need help?

Do you have a question about the Cisco IOS XR and is the answer not in the manual?

Cisco IOS XR Specifications

General

Operating System	Cisco IOS XR
Architecture	Microkernel
High Availability	Yes
Type	Network operating system
Developed by	Cisco Systems
License	Proprietary
Programming Language	C, C++
Kernel	QNX
Supported Platforms	Cisco ASR9000, NCS series
Security Features	Role-Based Access Control (RBAC), Secure Boot, Encryption
Management Interface	CLI, SNMP, NETCONF, RESTCONF
Release Date	2004
Target Devices	High-end core routers, service provider edge routers, data center interconnect (DCI) routers
Supported Hardware	Cisco routers and switches
Networking Protocols	BGP, OSPF, IS-IS, MPLS
Virtualization Support	Virtualization-ready, supports network function virtualization (NFV) and containerization technologies.