Configuring AAA Services on Cisco IOS XR Software
Prerequisites for Configuring AAA Services
SC-3
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
OL-20382-01
Prerequisites for Configuring AAA Services
The following are the prerequisites to configure AAA services:
• You must be in a user group associated with a task group that includes the proper task IDs. The
command reference guides include the task IDs required for each command.
• If you suspect user group assignment is preventing you from using a command, contact your AAA
administrator for assistance.
Establish a root system user using the initial setup dialog. The administrator may configure a few
local users without any specific AAA configuration. The external security server becomes necessary
when user accounts are shared among many routers within an administrative domain. A typical
configuration would include the use of an external AAA security server and database with the local
database option as a backup in case the external server becomes unreachable.
Restrictions for Configuring AAA Services
This section lists the restrictions for configuring AAA services.
Compatibility
Compatibility is verified with the Cisco freeware TACACS+ server and FreeRADIUS only.
Interoperability
Router administrators can use the same AAA server software and database (for example,
CiscoSecure ACS) for the router and any other Cisco equipment that does not currently run
Cisco
IOS XR software. To support interoperability between the router and external TACACS+ servers
that do not support task IDs, see the “
Task IDs for TACACS+ and RADIUS Authenticated Users”
section.
Information About Configuring AAA Services
This section lists all the conceptual information that a Cisco IOS XR software user must understand
before configuring user groups and task groups through AAA or configuring Remote Authentication
Dial-in User Service (RADIUS) or TACACS+ servers. Conceptual information also describes what AAA
is and why it is important.
• User, User Groups, and Task Groups, page SC-4
• Cisco IOS XR Software Administrative Model, page SC-6
• Password Types, page SC-11
• Task-Based Authorization, page SC-11
• Task IDs for TACACS+ and RADIUS Authenticated Users, page SC-14
• XML Schema for AAA Services, page SC-16
• About RADIUS, page SC-17