Name: Cisco IOS XR
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

Configuring AAA Services on Cisco IOS XR Software

How to Configure AAA Services

SC-184

Cisco IOS XR System Security Configuration Guide

• Applying Method Lists for Applications, page SC-216 (required)

• Configuring Login Parameters, page SC-220 (required)

Configuring Task Groups

Task-based authorization employs the concept of a task ID as its basic element. A task ID defines the

permission to execute an operation for a given user. Each user is associated with a set of permitted router

operation tasks identified by task IDs. Users are granted authority by being assigned to user groups that

are in turn associated with task groups. Each task group is associated with one or more task IDs selected

from the Cisco CRS-1 set of available task IDs. The first configuration task in setting up the

Cisco CRS-1 authorization scheme is to configure the task groups, followed by user groups, followed by

individual users.

Task Group Configuration

Task groups are configured with a set of task IDs per action type.

The inherit taskgroup command may be used to derive permissions from another group. Cyclic

references are detected and rejected. It is not possible to inherit from the root-system and owner-sdr

predefined groups.

Specific task IDs can be removed from a task group by specifying the no prefix for the task command.

The task group itself can be removed. Deleting a task group that is still referred to will result in an error.

Prerequisites

Before creating task groups and associating them with task IDs, the user should have some familiarity

with the router list of task IDs and purpose of each task ID. Use the show task supported command to

display a complete list of task IDs.

Restrictions

Only users with write permissions for the AAA task ID can configure task groups.

SUMMARY STEPS

1. configure

2. taskgroup taskgroup-name

3. description string

4. inherit taskgroup taskgroup-name

5. task {read | write | execute | debug} taskid-name

6. Repeat Step 5 for each task ID to be associated with the task group named in Step 2.

7. end

commit

Questions and Answers:

Need help?

Do you have a question about the Cisco IOS XR and is the answer not in the manual?

Cisco IOS XR Specifications

General

Operating System	Cisco IOS XR
Architecture	Microkernel
High Availability	Yes
Type	Network operating system
Developed by	Cisco Systems
License	Proprietary
Programming Language	C, C++
Kernel	QNX
Supported Platforms	Cisco ASR9000, NCS series
Security Features	Role-Based Access Control (RBAC), Secure Boot, Encryption
Management Interface	CLI, SNMP, NETCONF, RESTCONF
Release Date	2004
Target Devices	High-end core routers, service provider edge routers, data center interconnect (DCI) routers
Supported Hardware	Cisco routers and switches
Networking Protocols	BGP, OSPF, IS-IS, MPLS
Virtualization Support	Virtualization-ready, supports network function virtualization (NFV) and containerization technologies.