Cisco Systems XR manual Aaa authentication, SR-6

Page 6

Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software

aaa authentication

aaa authentication

To create a method list for authentication, use the aaa authentication command in global configuration mode. To disable this authentication method, use the no form of this command.

aaa authentication {login ppp} {default list-nameremote} method-list

no aaa authentication {login ppp} {default list-nameremote} method-list

Syntax Description

 

login

Sets authentication for login.

 

 

ppp

Sets authentication for Point-to-Point Protocol.

 

 

 

 

 

 

default

Uses the listed authentication methods that follow this keyword as the

 

 

 

default list of methods for authentication.

 

 

 

 

 

 

list-name

Character string used to name the authentication method list.

 

 

 

 

 

 

remote

Uses the listed authentication methods that follow this keyword as the

 

 

 

default list of methods for administrative authentication on a remote

 

 

 

nonowner secure domain router. The remote keyword is used only with the

 

 

 

login keyword and not with the ppp keyword.

 

 

 

Note The remote keyword is available only on the admin plane.

 

 

 

 

 

 

method-list

Method used to enable AAA system accounting. The value is one of the

 

 

 

following options:

 

 

 

group tacacs+—Specifies a method list that uses the list of all

 

 

 

configured TACACS+ servers for authentication.

 

 

 

group radius—Specifies a method list that uses the list of all configured

 

 

 

RADIUS servers for authentication.

 

 

 

group named-group—Specifies a method list that uses a named subset

 

 

 

of TACACS+ or RADIUS servers for authentication as defined by the

 

 

 

aaa group server tacacs+ or aaa group server radius command.

 

 

 

local—Specifies a method list that uses the local username database

 

 

 

method for authentication. Rollover cannot happen beyond the local

 

 

 

method.

 

 

 

line—Specifies a method list that uses the line password for

 

 

 

authentication.

 

 

 

 

 

 

 

Defaults

 

Default behavior applies the local authentication on all ports.

 

 

 

 

Command Modes

 

Global configuration

 

Cisco IOS XR System Security Command Reference

SR-6

Page 5 Page 7
Image 6
Page 5 Page 7
Contents SR-1 Aaa accounting SR-2Creates a method list to be used for authorization Aaa Read, writeSR-3 Aaa accounting system default SR-4Creates a method list for authentication Creates a method list for authorizationSR-5 Aaa authentication SR-6Radius, group named-group,local, or line options Creates a method list for accountingSR-7 Command Description SR-8Local Aaa authorizationNetwork SR-9SR-10 Which specifies that TACACS+ authorization is used SR-11Aaa default-taskgroup SR-12Aaa group server radius SR-13Comprises three member servers SR-14Aaa group server tacacs+ SR-15SR-16 Aaa accounting command AccountingSR-17 List named listname2 on a line template named configure SR-18Authorization Authorization commandSR-19 Listname4 on a line template named configure SR-20Deadtime server-group configuration Deadtime minutes no deadtimeSR-21 Related Commands Description SR-22Description AAA Description string No descriptionSR-23 Taskgroup SR-24Group SR-25Task ID Examples SR-26Inherit taskgroup SR-27SR-28 Inherit usergroup Inherit usergroup usergroup-nameSR-29 Sales user group SR-30Login authentication Authentication login commandSR-31 SR-32 Password AAA Password 0 7 password No password 0 7 passwordSR-33 SR-34 Radius-server dead-criteria time SR-35SR-36 Radius-server dead-criteria tries SR-37Dead-criteria time SR-38Radius-server deadtime Radius-server deadtime minutes No radius-server deadtimeSR-39 SR-40 Retransmit retries Timeout secondsRadius-server host SR-41SR-42 SR-43 Radius-server key SR-44Specifies a Radius server host SR-45Radius-server retransmit SR-46Radius-server timeout Radius-server timeout seconds No radius-server timeoutSR-47 Radius source-interface SR-48Outgoing Radius packets SR-49Secret Secret 0 5 secret no secret 0 5 secretSR-50 SR-51 Server Radius SR-52SR-53 Server TACACS+ SR-54Groups different TACACS+ server hosts into distinct lists SR-55Show aaa SR-56SR-57 Aaa usergroup operatorSR-58 Displays task IDs enabled for the currently logged-in user SR-59Show radius If no radius servers are configured, no output is displayedShow radius SR-60Field Description SR-61Show radius accounting Show radius accountingSR-62 Show radius authentication SR-63Show radius authentication Show radius authenticationSR-64 Show radius accounting SR-65Show radius client Show radius clientSR-66 SR-67 Show radius dead-criteria SR-68SR-69 Show radius server-groups No default behavior or valuesShow radius server-groups SR-70Field Description SR-71Show tacacs Show tacacsSR-72 SR-73 Show tacacs server-groups Show tacacs server-groupsSR-74 SR-75 Show task supported Show task supportedSR-76 SR-77 Ouni pkg-mgmt pos-dpt pppShow user SR-78SR-79 User allSR-80 SR-81 Tacacs-server host SR-82SR-83 Tacacs-server key Tacacs-server key key-nameno tacacs-server keySR-84 Specifies a TACACS+ host SR-85Tacacs-server timeout Tacacs-server timeout seconds No tacacs-server timeoutSR-86 Tacacs source-interface SR-87Aaa group server radius SR-88Execute TaskWrite DebugSR-90 Taskgroup SR-91Creates a task group description in task configuration mode Adds a task ID to a task groupSR-92 Timeout login response SR-93Enables AAA authentication for logins SR-94Usergroup SR-95Creates a description of a task group during configuration SR-96Username SR-97Adds a user to a group Defines a method list for authenticationCreates a login password for a user SR-98Users group SR-99Given operator privileges SR-100
Top Page Image Contents