Cisco Systems XR manual Aaa Read, write, SR-53

Page 53

Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software

server (RADIUS)

Task ID

Examples

When you use the optional keywords, the network access server identifies RADIUS security servers and host instances associated with a group server based on their IP address and specific UDP port numbers. The combination of the IP address and UDP port number creates a unique identifier, allowing different ports to be individually defined as RADIUS host entries providing a specific AAA service. If two different host entries on the same RADIUS server are configured for the same service, for example, accounting, the second host entry configured acts as failover backup to the first one. Using this example, if the first host entry fails to provide accounting services, the network access server will try the second host entry configured on the same device for accounting services. (The RADIUS host entries are tried in the order they are configured.)

Task ID	Operations
aaa	read, write

The following example shows how to use two different host entries on the same RADIUS server that are configured for the same services—authentication and accounting. The second host entry configured acts as fail-over backup to the first one.

RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# aaa group server radius group1 RP/0/RP0/CPU0:router(config-sg-radius)# server 1.1.1.1 auth-port 1645 acct-port 1646 RP/0/RP0/CPU0:router(config-sg-radius)# server 2.2.2.2 auth-port 2000 acct-port 2001

Related Commands	Command	Description
	aaa group server radius	Groups different RADIUS server hosts into distinct lists and distinct
		methods.

	deadtime (server-group	Configures the deadtime value at the RADIUS server group level.
	configuration)

	radius-server host	Specifies a RADIUS server host.

Cisco IOS XR System Security Command Reference

SR-53

Image 53

Contents SR-1 SR-2 Aaa accountingSR-3 Creates a method list to be used for authorizationAaa Read, write SR-4 Aaa accounting system defaultSR-5 Creates a method list for authenticationCreates a method list for authorization SR-6 Aaa authenticationSR-7 Radius, group named-group,local, or line optionsCreates a method list for accounting SR-8 Command DescriptionNetwork Aaa authorizationLocal SR-9SR-10 SR-11 Which specifies that TACACS+ authorization is usedSR-12 Aaa default-taskgroupSR-13 Aaa group server radiusSR-14 Comprises three member serversSR-15 Aaa group server tacacs+SR-16 SR-17 Aaa accounting commandAccounting SR-18 List named listname2 on a line template named configureSR-19 AuthorizationAuthorization command SR-20 Listname4 on a line template named configureSR-21 Deadtime server-group configurationDeadtime minutes no deadtime SR-22 Related Commands DescriptionSR-23 Description AAADescription string No description SR-24 TaskgroupSR-25 GroupSR-26 Task ID ExamplesSR-27 Inherit taskgroupSR-28 SR-29 Inherit usergroupInherit usergroup usergroup-name SR-30 Sales user groupSR-31 Login authenticationAuthentication login command SR-32 SR-33 Password AAAPassword 0 7 password No password 0 7 password SR-34 SR-35 Radius-server dead-criteria timeSR-36 SR-37 Radius-server dead-criteria triesSR-38 Dead-criteria timeSR-39 Radius-server deadtimeRadius-server deadtime minutes No radius-server deadtime SR-40 Radius-server host Timeout secondsRetransmit retries SR-41SR-42 SR-43 SR-44 Radius-server keySR-45 Specifies a Radius server hostSR-46 Radius-server retransmitSR-47 Radius-server timeoutRadius-server timeout seconds No radius-server timeout SR-48 Radius source-interfaceSR-49 Outgoing Radius packetsSR-50 SecretSecret 0 5 secret no secret 0 5 secret SR-51 SR-52 Server RadiusSR-53 SR-54 Server TACACS+SR-55 Groups different TACACS+ server hosts into distinct listsSR-56 Show aaaAaa usergroup operator SR-57SR-58 SR-59 Displays task IDs enabled for the currently logged-in userShow radius If no radius servers are configured, no output is displayedShow radius SR-60SR-61 Field DescriptionSR-62 Show radius accountingShow radius accounting SR-63 Show radius authenticationSR-64 Show radius authenticationShow radius authentication SR-65 Show radius accountingSR-66 Show radius clientShow radius client SR-67 SR-68 Show radius dead-criteriaSR-69 Show radius server-groups No default behavior or valuesShow radius server-groups SR-70SR-71 Field DescriptionSR-72 Show tacacsShow tacacs SR-73 SR-74 Show tacacs server-groupsShow tacacs server-groups SR-75 SR-76 Show task supportedShow task supported Ouni pkg-mgmt pos-dpt ppp SR-77SR-78 Show userUser all SR-79SR-80 SR-81 SR-82 Tacacs-server hostSR-83 SR-84 Tacacs-server keyTacacs-server key key-nameno tacacs-server key SR-85 Specifies a TACACS+ hostSR-86 Tacacs-server timeoutTacacs-server timeout seconds No tacacs-server timeout SR-87 Tacacs source-interfaceSR-88 Aaa group server radiusWrite TaskExecute DebugSR-90 SR-91 TaskgroupSR-92 Creates a task group description in task configuration modeAdds a task ID to a task group SR-93 Timeout login responseSR-94 Enables AAA authentication for loginsSR-95 UsergroupSR-96 Creates a description of a task group during configurationSR-97 UsernameCreates a login password for a user Defines a method list for authenticationAdds a user to a group SR-98SR-99 Users groupSR-100 Given operator privileges