EasyManuals Logo
Home>Cisco>Network Router>CRS-1 - Carrier Routing System Router

Cisco CRS-1 - Carrier Routing System Router Configuration Guide

Cisco CRS-1 - Carrier Routing System Router
232 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #63 background imageLoading...
Page #63 background image
Configuring AAA Services on Cisco IOS XR Software
Configuration Examples for Configuring AAA Services
SC-57
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
OL-20382-01
A username user1 is created for login purposes, a secure login password is assigned, and user1 is made
a root-system user. Configure similar settings for username user2.
username user1
secret lab
group root-system
exit
username user2
secret lab
exit
A task group named tga is created, tasks are added to tga, a user group named uga is created, and uga is
configured to inherit permissions from task group tga. A description is added to task group uga.
taskgroup tga
task read bgp
task write ospf
exit
usergroup uga
taskgroup tga
description usergroup uga
exit
Username user2 is configured to inherit from user group uga.
username user2
group uga
exit
Three TACACS servers are configured.
tacacs-server host 1.1.1.1 port 1 key abc
tacacs-server host 2.2.2.2 port 2 key def
tacacs-server host 3.3.3.3 port 3 key ghi
A user group named priv5 is created, which will be used for users authenticated using the TACACS+
method and whose entry in the external TACACS+ daemon configuration file has a privilege level of 5.
usergroup priv5
taskgroup operator
exit
An authorization method list, vty-author, is configured. This example specifies that command
authorization be done using the list of all configured TACACS+ servers.
aaa authorization commands vty-author group tacacs+
An accounting method list, vty-acct, is configured. This example specifies that start-stop command
accounting be done using the list of all configured TACACS+ servers.
aaa accounting commands vty-acct start-stop group tacacs+
For TACACS+ authentication, if, for example, a privilege level 8 is returned, and no local usergroup
priv8 exists and no local user with the same name exists, the aaa default-taskgroup command with tga
specified as the taskgroup-name argument ensures that such users are given the taskmap of the task group
tga.
aaa default-taskgroup tga

Table of Contents

Other manuals for Cisco CRS-1 - Carrier Routing System Router

Preview: Administration Guide
Administration Guide436 pages
Preview: Troubleshooting Guide
Troubleshooting Guide264 pages
Preview: Migration Guide
Migration Guide250 pages
Preview: Getting Started Guide
Getting Started Guide289 pages
Preview: Api Guide
Api Guide127 pages
Preview: Hardware Installation Guide
Hardware Installation Guide104 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco CRS-1 - Carrier Routing System Router and is the answer not in the manual?

Cisco CRS-1 - Carrier Routing System Router Specifications

General IconGeneral
BrandCisco
ModelCRS-1 - Carrier Routing System Router
CategoryNetwork Router
LanguageEnglish

Related product manuals