TACACS+ Server Configuration on Cisco IOS XR Software

Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software

server (TACACS+)

server (TACACS+)

To associate a particular TACACS+ server with a defined server group, use the server command in TACACS+ server-group configuration mode. To remove the associated server from the server group, use the no form of this command.

server {hostname ip-address}

no server {hostname ip-address}

Syntax Description	hostname	Character string used to name the server host.
	ip-address	IP address of the server host.

Defaults

Command Modes

Command History

No default behavior or values

TACACS+ server-group configuration

Release	Modification
Release 2.0	This command was introduced on the Cisco CRS-1.

Release 3.0	No modification.

Release 3.2	This command was supported on the Cisco XR 12000 Series Router.

Release 3.3.0	No modification.

Usage Guidelines To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

Use the server command to associate a particular TACACS+ server with a defined server group. The server need not be accessible during configuration. Later, you can reference the configured server group from the method lists used to configure authentication, authorization, and accounting (AAA).

Task ID		Task ID	Operations
		aaa	read, write


Examples		The following example shows how to associate the TACACS+ server with the IP address 192.168.60.15
		with the server group tac1:

RP/0/RP0/CPU0:router# configure

RP/0/RP0/CPU0:router(config)# aaa group server tacacs+ tac1

RP/0/RP0/CPU0:router(config-sg-tacacs+)# server 192.168.60.15

Cisco IOS XR System Security Command Reference

SR-54

Image 54

Cisco Systems XR manual Server TACACS+, SR-54

Contents

SR-1 Aaa accounting SR-2 Creates a method list to be used for authorization Aaa Read, writeSR-3 Aaa accounting system default SR-4 Creates a method list for authentication Creates a method list for authorizationSR-5 Aaa authentication SR-6 Radius, group named-group,local, or line options Creates a method list for accountingSR-7 Command Description SR-8 Local Aaa authorizationNetwork SR-9 SR-10 Which specifies that TACACS+ authorization is used SR-11 Aaa default-taskgroup SR-12 Aaa group server radius SR-13 Comprises three member servers SR-14 Aaa group server tacacs+ SR-15 SR-16 Aaa accounting command AccountingSR-17 List named listname2 on a line template named configure SR-18 Authorization Authorization commandSR-19 Listname4 on a line template named configure SR-20 Deadtime server-group configuration Deadtime minutes no deadtimeSR-21 Related Commands Description SR-22 Description AAA Description string No descriptionSR-23 Taskgroup SR-24 Group SR-25 Task ID Examples SR-26 Inherit taskgroup SR-27 SR-28 Inherit usergroup Inherit usergroup usergroup-nameSR-29 Sales user group SR-30 Login authentication Authentication login commandSR-31 SR-32 Password AAA Password 0 7 password No password 0 7 passwordSR-33 SR-34 Radius-server dead-criteria time SR-35 SR-36 Radius-server dead-criteria tries SR-37 Dead-criteria time SR-38 Radius-server deadtime Radius-server deadtime minutes No radius-server deadtimeSR-39 SR-40 Retransmit retries Timeout secondsRadius-server host SR-41 SR-42 SR-43 Radius-server key SR-44 Specifies a Radius server host SR-45 Radius-server retransmit SR-46 Radius-server timeout Radius-server timeout seconds No radius-server timeoutSR-47 Radius source-interface SR-48 Outgoing Radius packets SR-49 Secret Secret 0 5 secret no secret 0 5 secretSR-50 SR-51 Server Radius SR-52 SR-53 Server TACACS+ SR-54 Groups different TACACS+ server hosts into distinct lists SR-55 Show aaa SR-56 SR-57 Aaa usergroup operator SR-58 Displays task IDs enabled for the currently logged-in user SR-59 Show radius If no radius servers are configured, no output is displayedShow radius SR-60 Field Description SR-61 Show radius accounting Show radius accountingSR-62 Show radius authentication SR-63 Show radius authentication Show radius authenticationSR-64 Show radius accounting SR-65 Show radius client Show radius clientSR-66 SR-67 Show radius dead-criteria SR-68 SR-69 Show radius server-groups No default behavior or valuesShow radius server-groups SR-70 Field Description SR-71 Show tacacs Show tacacsSR-72 SR-73 Show tacacs server-groups Show tacacs server-groupsSR-74 SR-75 Show task supported Show task supportedSR-76 SR-77 Ouni pkg-mgmt pos-dpt ppp Show user SR-78 SR-79 User all SR-80 SR-81 Tacacs-server host SR-82 SR-83 Tacacs-server key Tacacs-server key key-nameno tacacs-server keySR-84 Specifies a TACACS+ host SR-85 Tacacs-server timeout Tacacs-server timeout seconds No tacacs-server timeoutSR-86 Tacacs source-interface SR-87 Aaa group server radius SR-88 Execute TaskWrite Debug SR-90 Taskgroup SR-91 Creates a task group description in task configuration mode Adds a task ID to a task groupSR-92 Timeout login response SR-93 Enables AAA authentication for logins SR-94 Usergroup SR-95 Creates a description of a task group during configuration SR-96 Username SR-97 Adds a user to a group Defines a method list for authenticationCreates a login password for a user SR-98 Users group SR-99 Given operator privileges SR-100