Cisco Systems XR manual Radius, group named-group,local, or line options, SR-7

Page 7

Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software

aaa authentication

Command History

Release

Modification

 

Release 2.0

This command was introduced on the Cisco CRS-1.

 

 

 

 

Release 3.0

No modification.

 

 

 

 

Release 3.2

This command was supported on the Cisco XR 12000 Series Router.

 

 

 

 

Release 3.3.0

The method-listargument was added to specify either group tacacs+, group

 

 

radius, group named-group,local, or line options.

 

 

 

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper

 

 

 

task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on

 

 

 

Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

 

 

 

Use the aaa authentication command to create a series of authentication methods, or method list. You

 

 

 

can specify up to four methods in the method list. A method list is a named list describing the

 

 

 

authentication methods to be used (such as TACACS+ or RADIUS) in sequence. The subsequent

 

 

 

methods of authentication are used only if the initial method is not available, not if it fails.

 

 

 

The default method list is applied for all interfaces for authentication, except when a different named

 

 

 

method list is explicitly specified—in which case the explicitly specified method list overrides the

 

 

 

default list.

 

 

 

For console and vty access, if no authentication is configured, a default of local method is applied.

 

 

 

 

Note

The group tacacs+, group radius, and group group-nameforms of this command refer to a set of

 

 

 

previously defined TACACS+ or RADIUS servers.

 

 

 

Use the tacacs-server host or radius-server host command to configure the host servers.

 

 

 

Use the aaa group server tacacs+ or aaa group server radius command to create a named subset

 

 

 

of servers.

 

 

 

The login keyword, remote keyword, local option, and group option are available only in

 

 

 

administration configuration mode.

 

 

 

 

Task ID

Examples

Task ID

Operations

aaa

read, write

 

 

The following example shows how to specify the default method list to be used for authentication, and also enable authentication for console:

RP/0/RP0/CPU0:router# configure

RP/0/RP0/CPU0:router(config)# aaa authentication login default group tacacs+

Related Commands

Command

Description

 

aaa accounting

Creates a method list for accounting.

 

 

 

 

aaa authorization

Creates a method list for authorization.

 

 

 

Cisco IOS XR System Security Command Reference

SR-7

Page 6 Page 8
Image 7
Page 6 Page 8
Contents SR-1 SR-2 Aaa accountingAaa Read, write Creates a method list to be used for authorizationSR-3 SR-4 Aaa accounting system defaultCreates a method list for authorization Creates a method list for authenticationSR-5 SR-6 Aaa authenticationCreates a method list for accounting Radius, group named-group,local, or line optionsSR-7 SR-8 Command DescriptionSR-9 Aaa authorizationNetwork LocalSR-10 SR-11 Which specifies that TACACS+ authorization is usedSR-12 Aaa default-taskgroupSR-13 Aaa group server radiusSR-14 Comprises three member serversSR-15 Aaa group server tacacs+SR-16 Accounting Aaa accounting commandSR-17 SR-18 List named listname2 on a line template named configureAuthorization command AuthorizationSR-19 SR-20 Listname4 on a line template named configureDeadtime minutes no deadtime Deadtime server-group configurationSR-21 SR-22 Related Commands DescriptionDescription string No description Description AAASR-23 SR-24 TaskgroupSR-25 GroupSR-26 Task ID ExamplesSR-27 Inherit taskgroupSR-28 Inherit usergroup usergroup-name Inherit usergroupSR-29 SR-30 Sales user groupAuthentication login command Login authenticationSR-31 SR-32 Password 0 7 password No password 0 7 password Password AAASR-33 SR-34 SR-35 Radius-server dead-criteria timeSR-36 SR-37 Radius-server dead-criteria triesSR-38 Dead-criteria timeRadius-server deadtime minutes No radius-server deadtime Radius-server deadtimeSR-39 SR-40 SR-41 Timeout secondsRadius-server host Retransmit retriesSR-42 SR-43 SR-44 Radius-server keySR-45 Specifies a Radius server hostSR-46 Radius-server retransmitRadius-server timeout seconds No radius-server timeout Radius-server timeoutSR-47 SR-48 Radius source-interfaceSR-49 Outgoing Radius packetsSecret 0 5 secret no secret 0 5 secret SecretSR-50 SR-51 SR-52 Server RadiusSR-53 SR-54 Server TACACS+SR-55 Groups different TACACS+ server hosts into distinct listsSR-56 Show aaaAaa usergroup operator SR-57SR-58 SR-59 Displays task IDs enabled for the currently logged-in userSR-60 If no radius servers are configured, no output is displayedShow radius Show radiusSR-61 Field DescriptionShow radius accounting Show radius accountingSR-62 SR-63 Show radius authenticationShow radius authentication Show radius authenticationSR-64 SR-65 Show radius accountingShow radius client Show radius clientSR-66 SR-67 SR-68 Show radius dead-criteriaSR-69 SR-70 No default behavior or valuesShow radius server-groups Show radius server-groupsSR-71 Field DescriptionShow tacacs Show tacacsSR-72 SR-73 Show tacacs server-groups Show tacacs server-groupsSR-74 SR-75 Show task supported Show task supportedSR-76 Ouni pkg-mgmt pos-dpt ppp SR-77SR-78 Show userUser all SR-79SR-80 SR-81 SR-82 Tacacs-server hostSR-83 Tacacs-server key key-nameno tacacs-server key Tacacs-server keySR-84 SR-85 Specifies a TACACS+ hostTacacs-server timeout seconds No tacacs-server timeout Tacacs-server timeoutSR-86 SR-87 Tacacs source-interfaceSR-88 Aaa group server radiusDebug TaskWrite ExecuteSR-90 SR-91 TaskgroupAdds a task ID to a task group Creates a task group description in task configuration modeSR-92 SR-93 Timeout login responseSR-94 Enables AAA authentication for loginsSR-95 UsergroupSR-96 Creates a description of a task group during configurationSR-97 UsernameSR-98 Defines a method list for authenticationCreates a login password for a user Adds a user to a groupSR-99 Users groupSR-100 Given operator privileges
Top Page Image Contents