EasyManuals Logo
Home>Cisco>Network Router>CRS-1 - Carrier Routing System Router

Cisco CRS-1 - Carrier Routing System Router Configuration Guide

Cisco CRS-1 - Carrier Routing System Router
232 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #25 background imageLoading...
Page #25 background image
Configuring AAA Services on Cisco IOS XR Software
How to Configure AAA Services
SC-19
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
OL-20382-01
Configuring Per VRF AAA, page SC-31 (optional)
Configuring a TACACS+ Server, page SC-33 (optional)
Configuring RADIUS Server Groups, page SC-36 (optional)
Configuring TACACS+ Server Groups, page SC-38 (optional)
Configuring AAA Method Lists, page SC-39 (required)
Applying Method Lists for Applications, page SC-51 (required)
Configuring Login Parameters, page SC-55 (required)
Configuring Task Groups
Task-based authorization employs the concept of a task ID as its basic element. A task ID defines the
permission to execute an operation for a given user. Each user is associated with a set of permitted router
operation tasks identified by task IDs. Users are granted authority by being assigned to user groups that
are in turn associated with task groups. Each task group is associated with one or more task IDs selected
from the Cisco
CRS-1 set of available task IDs. The first configuration task in setting up an the
Cisco
CRS-1 authorization scheme is to configure the task groups, followed by user groups, followed by
individual users.
Task Group Configuration
Task groups are configured with a set of task IDs per action type.
The inherit taskgroup command may be used to derive permissions from another group. Circular
references are detected and rejected. It is not possible to inherit from the root-system and owner-sdr
predefined groups.
Specific task IDs can be removed from a task group by specifying the no prefix for the task command.
The task group itself can be removed. Deleting a task group that is still referred to elsewhere results in
an error.
Prerequisites
Before creating task groups and associating them with task IDs, you should have some familiarity with
the router list of task IDs and the purpose of each task ID. Use the show aaa task supported command
to display a complete list of task IDs.
Restrictions
Only users with write permissions for the AAA task ID can configure task groups.
SUMMARY STEPS
1. configure
2. taskgroup taskgroup-name
3. description string
4. inherit taskgroup taskgroup-name
5. task {read | write | execute | debug} taskid-name

Table of Contents

Other manuals for Cisco CRS-1 - Carrier Routing System Router

Preview: Administration Guide
Administration Guide436 pages
Preview: Troubleshooting Guide
Troubleshooting Guide264 pages
Preview: Migration Guide
Migration Guide250 pages
Preview: Getting Started Guide
Getting Started Guide289 pages
Preview: Api Guide
Api Guide127 pages
Preview: Hardware Installation Guide
Hardware Installation Guide104 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco CRS-1 - Carrier Routing System Router and is the answer not in the manual?

Cisco CRS-1 - Carrier Routing System Router Specifications

General IconGeneral
BrandCisco
ModelCRS-1 - Carrier Routing System Router
CategoryNetwork Router
LanguageEnglish

Related product manuals