Name: Cisco IOS XR
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

Configuring AAA Services on Cisco IOS XR Software

How to Configure AAA Services

SC-183

Cisco IOS XR System Security Configuration Guide

–

NetWare Asynchronous Services Interface (NASI)

–

X.25 PAD connections

• Router-to-router situations. RADIUS does not provide two-way authentication. RADIUS can be

used to authenticate from one router to a router other than a Cisco router if that router requires

RADIUS authentication.

• Networks using a variety of services. RADIUS generally binds a user to one service model.

RADIUS Operation

When a user attempts to log in and authenticate to an access server using RADIUS, the following steps

occur:

1. The user is prompted for and enters a username and password.

2. The username and encrypted password are sent over the network to the RADIUS server.

3. The user receives one of the following responses from the RADIUS server:

a. ACCEPT—The user is authenticated.

b. REJECT—The user is not authenticated and is prompted to reenter the username and password,

or access is denied.

c. CHALLENGE—A challenge is issued by the RADIUS server. The challenge collects additional

data from the user.

d. CHANGE PASSWORD—A request is issued by the RADIUS server, asking the user to select

a new password.

The ACCEPT or REJECT response is bundled with additional data that is used for EXEC or network

authorization. You must first complete RADIUS authentication before using RADIUS authorization.

The additional data included with the ACCEPT or REJECT packets consists of the following:

• Services that the user can access, including Telnet, rlogin, or local-area transport (LAT) connections,

and PPP, Serial Line Internet Protocol (SLIP), or EXEC services.

• Connection parameters, including the host or client IP address, access list, and user timeouts.

How to Configure AAA Services

To configure AAA services, perform the tasks described in the following sections.

• Configuring Task Groups, page SC-184 (required)

• Configuring User Groups, page SC-186 (required)

• Configuring Users, page SC-188 (required)

• Configuring Router to RADIUS Server Communication, page SC-190 (required)

• Configuring RADIUS Dead-Server Detection, page SC-194 (required)

• Configuring Per VRF AAA, page SC-196 (required)

• Configuring a TACACS+ Server, page SC-198 (required)

• Configuring RADIUS Server Groups, page SC-201 (required)

• Configuring TACACS+ Server Groups, page SC-203 (required)

• Configuring AAA Method Lists, page SC-204 (required)

Questions and Answers:

Need help?

Do you have a question about the Cisco IOS XR and is the answer not in the manual?

Cisco IOS XR Specifications

General

Operating System	Cisco IOS XR
Architecture	Microkernel
High Availability	Yes
Type	Network operating system
Developed by	Cisco Systems
License	Proprietary
Programming Language	C, C++
Kernel	QNX
Supported Platforms	Cisco ASR9000, NCS series
Security Features	Role-Based Access Control (RBAC), Secure Boot, Encryption
Management Interface	CLI, SNMP, NETCONF, RESTCONF
Release Date	2004
Target Devices	High-end core routers, service provider edge routers, data center interconnect (DCI) routers
Supported Hardware	Cisco routers and switches
Networking Protocols	BGP, OSPF, IS-IS, MPLS
Virtualization Support	Virtualization-ready, supports network function virtualization (NFV) and containerization technologies.