Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software
aaa authorization
Note
Note
Use the aaa authorization command to create method lists defining specific authorization methods that can be used on a
The command authorization mentioned here applies to the one performed by an external AAA server and not for
Method lists for authorization define the ways authorization will be performed and the sequence in which these methods will be performed. A method list is a named list describing the authorization methods to be used (such as TACACS+), in sequence. Method lists enable you to designate one or more security protocols to be used for authorization, thus ensuring a backup system in case the initial method fails. Cisco IOS XR software uses the first method listed to authorize users for specific network services; if that method fails to respond, Cisco IOS XR software selects the next method listed in the method list. This process continues until there is successful communication with a listed authorization method or until all methods defined have been exhausted.
Cisco IOS XR software attempts authorization with the next listed method only when there is no response (not a failure) from the previous method. If authorization fails at any point in this
The Cisco IOS XR software supports the following methods for authorization:
•
•
•group
•group
•group
Method lists are specific to the type of authorization being requested. The Cisco IOS XR software supports three types of AAA authorization:
•Commands authorization: Applies to the EXEC mode commands a user issues. Command authorization attempts authorization for all EXEC mode commands.
Note “Command” authorization is distinct from
•EXEC authorization: Applies authorization for starting an EXEC session.
•Network authorization: Applies authorization for network services, such as IKE.
When you create a named method list, you are defining a particular list of authorization methods for the indicated authorization type. When defined, method lists must be applied to specific lines or interfaces before any of the defined methods are performed.
Task ID | Task ID | Operations |
| aaa | read, write |
|
|
|
Cisco IOS XR System Security Command Reference