Cisco Systems XR manual Users group, SR-99

Page 99

Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software

users group

users group

To associate a user group and its privileges with a line, use the users group command in line configuration mode. To delete a user group association with a line, use the no form of this command.

users group {usergroup-namecisco-support netadmin operator root-lr root-system sysadmin}

no users group {usergroup-namecisco-support netadmin operator root-lr root-system

		serviceadim sysadmin}

Syntax Description		usergroup-name	Name of the user group. The usergroup-nameargument can be only one word.
			Spaces and quotation marks are not allowed.

		cisco-support	Specifies that users logging in through the line are given Cisco support personnel
			privileges.

		netadmin	Specifies that users logging in through the line are given network administrator
			privileges.

		operator	Specifies that users logging in through the line are given operator privileges.

		root-lr	Specifies that users logging in through the line are given root logical router (LR)
			privileges.

		root-system	Specifies that users logging in through the line are given root system privileges.

		serviceadmin	Specifies that users logging in through the line are given service administrator
			group privileges.

		sysadmin	Specifies that users logging in through the line are given system administrator
			privileges.

Defaults

Command Modes

Command History

No default behavior or values

Line configuration

Release	Modification
Release 2.0	This command was introduced on the Cisco CRS-1.

Release 3.0	No modification.

Release 3.2	This command was supported on the Cisco XR 12000 Series Router.

Release 3.3.0	The serviceadmin keyword was added.

Usage Guidelines To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

Use the users group command to enable a user group and its privileges to be associated with a line, meaning that users logging in through the line are given the privileges of the particular user group.

Cisco IOS XR System Security Command Reference

SR-99

Image 99

Contents SR-1 SR-2 Aaa accountingCreates a method list to be used for authorization Aaa Read, writeSR-3 SR-4 Aaa accounting system defaultCreates a method list for authentication Creates a method list for authorizationSR-5 SR-6 Aaa authenticationRadius, group named-group,local, or line options Creates a method list for accountingSR-7 SR-8 Command DescriptionSR-9 Aaa authorizationNetwork LocalSR-10 SR-11 Which specifies that TACACS+ authorization is usedSR-12 Aaa default-taskgroupSR-13 Aaa group server radiusSR-14 Comprises three member serversSR-15 Aaa group server tacacs+SR-16 Aaa accounting command AccountingSR-17 SR-18 List named listname2 on a line template named configureAuthorization Authorization commandSR-19 SR-20 Listname4 on a line template named configureDeadtime server-group configuration Deadtime minutes no deadtimeSR-21 SR-22 Related Commands DescriptionDescription AAA Description string No descriptionSR-23 SR-24 TaskgroupSR-25 GroupSR-26 Task ID ExamplesSR-27 Inherit taskgroupSR-28 Inherit usergroup Inherit usergroup usergroup-nameSR-29 SR-30 Sales user groupLogin authentication Authentication login commandSR-31 SR-32 Password AAA Password 0 7 password No password 0 7 passwordSR-33 SR-34 SR-35 Radius-server dead-criteria timeSR-36 SR-37 Radius-server dead-criteria triesSR-38 Dead-criteria timeRadius-server deadtime Radius-server deadtime minutes No radius-server deadtimeSR-39 SR-40 SR-41 Timeout secondsRadius-server host Retransmit retriesSR-42 SR-43 SR-44 Radius-server keySR-45 Specifies a Radius server hostSR-46 Radius-server retransmitRadius-server timeout Radius-server timeout seconds No radius-server timeoutSR-47 SR-48 Radius source-interfaceSR-49 Outgoing Radius packetsSecret Secret 0 5 secret no secret 0 5 secretSR-50 SR-51 SR-52 Server RadiusSR-53 SR-54 Server TACACS+SR-55 Groups different TACACS+ server hosts into distinct listsSR-56 Show aaaAaa usergroup operator SR-57SR-58 SR-59 Displays task IDs enabled for the currently logged-in userSR-60 If no radius servers are configured, no output is displayedShow radius Show radiusSR-61 Field DescriptionShow radius accounting Show radius accountingSR-62 SR-63 Show radius authenticationShow radius authentication Show radius authenticationSR-64 SR-65 Show radius accountingShow radius client Show radius clientSR-66 SR-67 SR-68 Show radius dead-criteriaSR-69 SR-70 No default behavior or valuesShow radius server-groups Show radius server-groupsSR-71 Field DescriptionShow tacacs Show tacacsSR-72 SR-73 Show tacacs server-groups Show tacacs server-groupsSR-74 SR-75 Show task supported Show task supportedSR-76 Ouni pkg-mgmt pos-dpt ppp SR-77SR-78 Show userUser all SR-79SR-80 SR-81 SR-82 Tacacs-server hostSR-83 Tacacs-server key Tacacs-server key key-nameno tacacs-server keySR-84 SR-85 Specifies a TACACS+ hostTacacs-server timeout Tacacs-server timeout seconds No tacacs-server timeoutSR-86 SR-87 Tacacs source-interfaceSR-88 Aaa group server radiusDebug TaskWrite ExecuteSR-90 SR-91 TaskgroupCreates a task group description in task configuration mode Adds a task ID to a task groupSR-92 SR-93 Timeout login responseSR-94 Enables AAA authentication for loginsSR-95 UsergroupSR-96 Creates a description of a task group during configurationSR-97 UsernameSR-98 Defines a method list for authenticationCreates a login password for a user Adds a user to a groupSR-99 Users groupSR-100 Given operator privileges