Cisco Systems XR manual Given operator privileges, SR-100

Page 100

Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software

users group

Task ID		Task ID	Operations
		aaa	read, write


Examples		In the following example, if a vty-pool is created with line template vty, users logging in through vty are
		given operator privileges:

RP/0/RP0/CPU0:router# configure

RP/0/RP0/CPU0:router(config)# aaa authen login vty-authen line

RP/0/RP0/CPU0:router(config)# commit

RP/0/RP0/CPU0:router(config)# line template vty

RP/0/RP0/CPU0:router(config-line)# users group operator

RP/0/RP0/CPU0:router(config-line)# login authentication

Cisco IOS XR System Security Command Reference

SR-100

Image 100

Contents SR-1 Aaa accounting SR-2Aaa Read, write Creates a method list to be used for authorizationSR-3 Aaa accounting system default SR-4Creates a method list for authorization Creates a method list for authenticationSR-5 Aaa authentication SR-6Creates a method list for accounting Radius, group named-group,local, or line optionsSR-7 Command Description SR-8Aaa authorization NetworkLocal SR-9SR-10 Which specifies that TACACS+ authorization is used SR-11Aaa default-taskgroup SR-12Aaa group server radius SR-13Comprises three member servers SR-14Aaa group server tacacs+ SR-15SR-16 Accounting Aaa accounting commandSR-17 List named listname2 on a line template named configure SR-18Authorization command AuthorizationSR-19 Listname4 on a line template named configure SR-20Deadtime minutes no deadtime Deadtime server-group configurationSR-21 Related Commands Description SR-22Description string No description Description AAASR-23 Taskgroup SR-24Group SR-25Task ID Examples SR-26Inherit taskgroup SR-27SR-28 Inherit usergroup usergroup-name Inherit usergroupSR-29 Sales user group SR-30Authentication login command Login authenticationSR-31 SR-32 Password 0 7 password No password 0 7 password Password AAASR-33 SR-34 Radius-server dead-criteria time SR-35SR-36 Radius-server dead-criteria tries SR-37Dead-criteria time SR-38Radius-server deadtime minutes No radius-server deadtime Radius-server deadtimeSR-39 SR-40 Timeout seconds Radius-server hostRetransmit retries SR-41SR-42 SR-43 Radius-server key SR-44Specifies a Radius server host SR-45Radius-server retransmit SR-46Radius-server timeout seconds No radius-server timeout Radius-server timeoutSR-47 Radius source-interface SR-48Outgoing Radius packets SR-49Secret 0 5 secret no secret 0 5 secret SecretSR-50 SR-51 Server Radius SR-52SR-53 Server TACACS+ SR-54Groups different TACACS+ server hosts into distinct lists SR-55Show aaa SR-56SR-57 Aaa usergroup operatorSR-58 Displays task IDs enabled for the currently logged-in user SR-59If no radius servers are configured, no output is displayed Show radiusShow radius SR-60Field Description SR-61Show radius accounting Show radius accountingSR-62 Show radius authentication SR-63Show radius authentication Show radius authenticationSR-64 Show radius accounting SR-65Show radius client Show radius clientSR-66 SR-67 Show radius dead-criteria SR-68SR-69 No default behavior or values Show radius server-groupsShow radius server-groups SR-70Field Description SR-71Show tacacs Show tacacsSR-72 SR-73 Show tacacs server-groups Show tacacs server-groupsSR-74 SR-75 Show task supported Show task supportedSR-76 SR-77 Ouni pkg-mgmt pos-dpt pppShow user SR-78SR-79 User allSR-80 SR-81 Tacacs-server host SR-82SR-83 Tacacs-server key key-nameno tacacs-server key Tacacs-server keySR-84 Specifies a TACACS+ host SR-85Tacacs-server timeout seconds No tacacs-server timeout Tacacs-server timeoutSR-86 Tacacs source-interface SR-87Aaa group server radius SR-88Task WriteExecute DebugSR-90 Taskgroup SR-91Adds a task ID to a task group Creates a task group description in task configuration modeSR-92 Timeout login response SR-93Enables AAA authentication for logins SR-94Usergroup SR-95Creates a description of a task group during configuration SR-96Username SR-97Defines a method list for authentication Creates a login password for a userAdds a user to a group SR-98Users group SR-99Given operator privileges SR-100