EasyManuals Logo
Home>Cisco>Network Router>CRS-1 - Carrier Routing System Router

Cisco CRS-1 - Carrier Routing System Router Configuration Guide

Cisco CRS-1 - Carrier Routing System Router
232 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #22 background imageLoading...
Page #22 background image
Configuring AAA Services on Cisco IOS XR Software
Information About Configuring AAA Services
SC-16
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
OL-20382-01
Task: ext-access :READ EXECUTE
Task: logging :READ
Alternatively, if a user named user2, who does not have a task string, logs in to the external server, the
following information is displayed:
Username:user2
Password:
RP/0/RP0/CPU0:router# show user tasks
No task ids available
Privilege Level Mapping
For compatibility with TACACS+ daemons that do not support the concept of task IDs, AAA supports a
mapping between privilege levels defined for the user in the external TACACS+ server configuration file
and local user groups. Following TACACS+ authentication, the task map of the user group that has been
mapped from the privilege level returned from the external TACACS+ server is assigned to the user. For
example, if a privilege level of 5 is returned from the external TACACS server, AAA attempts to get the
task map of the local user group priv5. This mapping process is similar for other privilege levels from 1
to 13. For privilege level 15, the root-system user group is used; privilege level 14 maps to the user group
owner-sdr.
For example, with the Cisco freeware tac plus server, the configuration file has to specify priv_lvl in its
configuration file, as shown in the following example:
user = sampleuser1{
member = bar
service = exec-ext {
priv_lvl = 5
}
}
The number 5 in this example can be replaced with any privilege level that has to be assigned to the user
sampleuser.
With the RADIUS server, task IDs are defined using the Cisco-AVPair, as shown in the following
example:
user = sampleuser2{
member = bar
Cisco-AVPair = "shell:tasks=#root-system,#cisco-support"{
Cisco-AVPair = "shell:priv-lvl=10"
}
}
XML Schema for AAA Services
The extensible markup language (XML) interface uses requests and responses in XML document format
to configure and monitor AAA. The AAA components publish the XML schema corresponding to the
content and structure of the data used for configuration and monitoring. The XML tools and applications
use the schema to communicate to the XML agent for performing the configuration.
The following schema are published by AAA:
Authentication, Authorization and Accounting configuration
User, user group, and task group configuration

Table of Contents

Other manuals for Cisco CRS-1 - Carrier Routing System Router

Preview: Administration Guide
Administration Guide436 pages
Preview: Troubleshooting Guide
Troubleshooting Guide264 pages
Preview: Migration Guide
Migration Guide250 pages
Preview: Getting Started Guide
Getting Started Guide289 pages
Preview: Api Guide
Api Guide127 pages
Preview: Hardware Installation Guide
Hardware Installation Guide104 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco CRS-1 - Carrier Routing System Router and is the answer not in the manual?

Cisco CRS-1 - Carrier Routing System Router Specifications

General IconGeneral
BrandCisco
ModelCRS-1 - Carrier Routing System Router
CategoryNetwork Router
LanguageEnglish

Related product manuals