Cisco Systems XR manual SR-57, Aaa usergroup operator

Page 57

Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software

show aaa

Examples	The following sample output is from the show aaa usergroup command:
	RP/0/RP0/CPU0:router# show		aaa usergroup operator
	User group 'operator'
	Inherits from task group		'operator'
	User group 'operator' has the following combined set
	of task IDs (including all		inherited groups):
	Task:	basic-services	: READ	WRITE	EXECUTE DEBUG
	Task:	cdp	: READ
	Task:	diag	: READ
	Task:	ext-access	: READ		EXECUTE
	Task:	logging	: READ

The following sample output is from the taskgroup keyword for a task group named netadmin:

RP/0/RP0/CPU0:router# show aaa taskgroup netadmin

Task group 'netadmin'

Task group 'netadmin' has the following combined set of task IDs (including all inherited groups):

Task:	aaa	: READ
Task:	acl	: READ	WRITE	EXECUTE	DEBUG
Task:	admin	: READ
Task:	atm	: READ	WRITE	EXECUTE	DEBUG
Task:	basic-services	: READ	WRITE	EXECUTE	DEBUG
Task:	bcdl	: READ
Task:	bfd	: READ	WRITE	EXECUTE	DEBUG
Task:	bgp	: READ	WRITE	EXECUTE	DEBUG
Task:	boot	: READ	WRITE	EXECUTE	DEBUG
Task:	bundle	: READ	WRITE	EXECUTE	DEBUG
Task:	cdp	: READ	WRITE	EXECUTE	DEBUG
Task:	cef	: READ	WRITE	EXECUTE	DEBUG
Task:	cisco-support : READ
Task:	config-mgmt	: READ	WRITE	EXECUTE	DEBUG
Task:	config-services	: READ	WRITE	EXECUTE	DEBUG
Task:	crypto	: READ	WRITE	EXECUTE	DEBUG
Task:	diag	: READ	WRITE	EXECUTE	DEBUG
Task:	disallowed	: READ
Task:	drivers	: READ
Task:	ext-access	: READ	WRITE	EXECUTE	DEBUG
Task:	fabric	: READ	WRITE	EXECUTE	DEBUG
Task:	fault-mgr	: READ	WRITE	EXECUTE	DEBUG
Task:	filesystem	: READ	WRITE	EXECUTE	DEBUG
Task:	fr	: READ	WRITE	EXECUTE	DEBUG
Task:	hdlc	: READ	WRITE	EXECUTE	DEBUG
Task:	host-services	: READ	WRITE	EXECUTE	DEBUG
Task:	hsrp	: READ	WRITE	EXECUTE	DEBUG
Task:	interface	: READ	WRITE	EXECUTE	DEBUG
Task:	inventory	: READ
Task:	ip-services	: READ	WRITE	EXECUTE	DEBUG
Task:	ipv4	: READ	WRITE	EXECUTE	DEBUG
Task:	ipv6	: READ	WRITE	EXECUTE	DEBUG
Task:	isis	: READ	WRITE	EXECUTE	DEBUG
Task:	logging	: READ	WRITE	EXECUTE	DEBUG
Task:	lpts	: READ	WRITE	EXECUTE	DEBUG
Task:	monitor	: READ
Task:	mpls-ldp	: READ	WRITE	EXECUTE	DEBUG
Task:	mpls-static	: READ	WRITE	EXECUTE	DEBUG
Task:	mpls-te	: READ	WRITE	EXECUTE	DEBUG
Task:	multicast	: READ	WRITE	EXECUTE	DEBUG

Cisco IOS XR System Security Command Reference

SR-57

Image 57

Contents SR-1 SR-2 Aaa accountingCreates a method list to be used for authorization Aaa Read, writeSR-3 SR-4 Aaa accounting system defaultCreates a method list for authentication Creates a method list for authorizationSR-5 SR-6 Aaa authenticationRadius, group named-group,local, or line options Creates a method list for accountingSR-7 SR-8 Command DescriptionNetwork Aaa authorizationLocal SR-9SR-10 SR-11 Which specifies that TACACS+ authorization is usedSR-12 Aaa default-taskgroupSR-13 Aaa group server radiusSR-14 Comprises three member serversSR-15 Aaa group server tacacs+SR-16 Aaa accounting command AccountingSR-17 SR-18 List named listname2 on a line template named configureAuthorization Authorization commandSR-19 SR-20 Listname4 on a line template named configureDeadtime server-group configuration Deadtime minutes no deadtimeSR-21 SR-22 Related Commands DescriptionDescription AAA Description string No descriptionSR-23 SR-24 TaskgroupSR-25 GroupSR-26 Task ID ExamplesSR-27 Inherit taskgroupSR-28 Inherit usergroup Inherit usergroup usergroup-nameSR-29 SR-30 Sales user groupLogin authentication Authentication login commandSR-31 SR-32 Password AAA Password 0 7 password No password 0 7 passwordSR-33 SR-34 SR-35 Radius-server dead-criteria timeSR-36 SR-37 Radius-server dead-criteria triesSR-38 Dead-criteria timeRadius-server deadtime Radius-server deadtime minutes No radius-server deadtimeSR-39 SR-40 Radius-server host Timeout secondsRetransmit retries SR-41SR-42 SR-43 SR-44 Radius-server keySR-45 Specifies a Radius server hostSR-46 Radius-server retransmitRadius-server timeout Radius-server timeout seconds No radius-server timeoutSR-47 SR-48 Radius source-interfaceSR-49 Outgoing Radius packetsSecret Secret 0 5 secret no secret 0 5 secretSR-50 SR-51 SR-52 Server RadiusSR-53 SR-54 Server TACACS+SR-55 Groups different TACACS+ server hosts into distinct listsSR-56 Show aaaAaa usergroup operator SR-57SR-58 SR-59 Displays task IDs enabled for the currently logged-in userShow radius If no radius servers are configured, no output is displayedShow radius SR-60SR-61 Field DescriptionShow radius accounting Show radius accountingSR-62 SR-63 Show radius authenticationShow radius authentication Show radius authenticationSR-64 SR-65 Show radius accountingShow radius client Show radius clientSR-66 SR-67 SR-68 Show radius dead-criteriaSR-69 Show radius server-groups No default behavior or valuesShow radius server-groups SR-70SR-71 Field DescriptionShow tacacs Show tacacsSR-72 SR-73 Show tacacs server-groups Show tacacs server-groupsSR-74 SR-75 Show task supported Show task supportedSR-76 Ouni pkg-mgmt pos-dpt ppp SR-77SR-78 Show userUser all SR-79SR-80 SR-81 SR-82 Tacacs-server hostSR-83 Tacacs-server key Tacacs-server key key-nameno tacacs-server keySR-84 SR-85 Specifies a TACACS+ hostTacacs-server timeout Tacacs-server timeout seconds No tacacs-server timeoutSR-86 SR-87 Tacacs source-interfaceSR-88 Aaa group server radiusWrite TaskExecute DebugSR-90 SR-91 TaskgroupCreates a task group description in task configuration mode Adds a task ID to a task groupSR-92 SR-93 Timeout login responseSR-94 Enables AAA authentication for loginsSR-95 UsergroupSR-96 Creates a description of a task group during configurationSR-97 UsernameCreates a login password for a user Defines a method list for authenticationAdds a user to a group SR-98SR-99 Users groupSR-100 Given operator privileges