Instruction/ maintenance manual of the product XR Cisco Systems
Go to page of 100
SR-1 Cisco IOS XR System Security Command Reference Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software This chapter describes the Cisco IOS XR software commands used to conf igure authentication, authorization, and accounting (AAA) services.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software aaa accounting SR-2 Cisco IOS XR System Security Command Reference aaa accounting T o create a method list for accounting, use the aaa accounting command in global conf iguration mode.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software aaa accounting SR-3 Cisco IOS XR System Security Command Reference Use the aaa accounting command to create default or named method lists def ining specif ic accounting methods and that can be used on a per-line or per -interface basis.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software aaa accounting system default SR-4 Cisco IOS XR System Security Command Reference aaa accounting system default T o enable authentication, authorization, and accounting (AAA) system accounting, use the aaa accounting system default command in global conf iguration mode.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software aaa accounting system default SR-5 Cisco IOS XR System Security Command Reference The default method list is automatically applied to all interfaces or lines. If no def ault method list is def ined, then no accounting takes place.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software aaa authentication SR-6 Cisco IOS XR System Security Command Reference aaa authentication T o create a method list for authentication, use the aaa authentication command in global conf iguration mode.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software aaa authentication SR-7 Cisco IOS XR System Security Command Reference Command History Usage Guidelines T o use this command, you must be in a user group associated with a task group that includes the proper task IDs.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software aaa authentication SR-8 Cisco IOS XR System Security Command Reference aaa group ser ver radius Groups different RADIUS serv er hosts into distinct lists and distinct methods.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software aaa authorization SR-9 Cisco IOS XR System Security Command Reference aaa authorization T o create a method list for authorization, use the aaa authorization command in global conf iguration mode.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software aaa authorization SR-10 Cisco IOS XR System Security Command Reference Use the aaa authorization command to create method lists def ining specif ic authorization methods that can be used on a per-line or per -interface basis.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software aaa authorization SR-11 Cisco IOS XR System Security Command Reference Examples The following e xample sho ws how to def.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software aaa default-taskgroup SR-12 Cisco IOS XR System Security Command Reference aaa default-taskgroup T o specify a task group to be used for both remote T A CA CS+ authentication and RADIUS authentication, use the aaa default-taskgroup command in global conf iguration mode.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software aaa group server radius SR-13 Cisco IOS XR System Security Command Reference aaa group server radius T o group different RADIUS serv er hosts into distinct lists, use the aaa group server radius command in global conf iguration mode.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software aaa group server radius SR-14 Cisco IOS XR System Security Command Reference T ask ID Examples The following e xample sh.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software aaa group server tacacs+ SR-15 Cisco IOS XR System Security Command Reference aaa group server tacacs+ T o group different T ACA CS+ server hosts into distinct lists, use the b command in global conf iguration mode.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software aaa group server tacacs+ SR-16 Cisco IOS XR System Security Command Reference Examples The following e xample sho ws the.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software accounting SR-17 Cisco IOS XR System Security Command Reference accounting T o enable authentication, authorization, and accounting (AAA) accounting services for a specif ic line or group of lines, use the accounting command in line conf iguration mode.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software accounting SR-18 Cisco IOS XR System Security Command Reference Examples The following example sho ws how to enable comm.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software authorization SR-19 Cisco IOS XR System Security Command Reference authorization T o enable authentication, authorization, and accounting (AAA) authorization for a specif ic line or group of lines, use the authorization command in line conf iguration mode.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software authorization SR-20 Cisco IOS XR System Security Command Reference Examples The following e xample sho ws how to enable .
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software deadtime (server-group configuration) SR-21 Cisco IOS XR System Security Command Reference deadtime (server-group configuration) T o conf igure the deadtime v alue at the RADIUS server group le vel, use the deadtime command in server -group conf iguration mode.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software deadtime (server-group configuration) SR-22 Cisco IOS XR System Security Command Reference Related Commands Command Description aaa group ser ver radius Groups different RADIUS serv er hosts into distinct lists and distinct methods.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software description (AAA) SR-23 Cisco IOS XR System Security Command Reference description (AAA) T o create a description of a task group or user group during conf iguration, use the description command in task group conf iguration or user group conf iguration mode.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software description (AAA) SR-24 Cisco IOS XR System Security Command Reference Examples The following e xample sho ws the creati.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software group SR-25 Cisco IOS XR System Security Command Reference group T o add a user to a group, use the group command in username conf iguration mode. T o remov e the user from a group, use the no form of this command.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software group SR-26 Cisco IOS XR System Security Command Reference Use the group command in username conf iguration mode. T o access username conf iguration mode, use the username command in global conf iguration mode.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software inherit taskgroup SR-27 Cisco IOS XR System Security Command Reference inherit taskgroup T o enable a task group to deriv e permissions from another task group, use the inherit taskgroup command in task group conf iguration mode.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software inherit taskgroup SR-28 Cisco IOS XR System Security Command Reference Examples In the following e xample, the permissio.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software inherit usergroup SR-29 Cisco IOS XR System Security Command Reference inherit usergroup T o enable a user group to deriv e characteristics of another user group, use the inherit usergroup command in user group conf iguration mode.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software inherit usergroup SR-30 Cisco IOS XR System Security Command Reference Examples The following e xample sho ws how to ena.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software login authentication SR-31 Cisco IOS XR System Security Command Reference login authentication T o enable authentication, authorization, and accounting (AAA) authentication for logins, use the login authentication command in line conf iguration mode.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software login authentication SR-32 Cisco IOS XR System Security Command Reference T ask ID Examples The following e xample sho w.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software password (AAA) SR-33 Cisco IOS XR System Security Command Reference password (AAA) T o create a login password for a user , use the password command in username or line conf iguration mode.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software password (AAA) SR-34 Cisco IOS XR System Security Command Reference Examples The following e xample sho ws how to establ.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software radius-server dead-criteria time SR-35 Cisco IOS XR System Security Command Reference radius-server dead-criteria time T.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software radius-server dead-criteria time SR-36 Cisco IOS XR System Security Command Reference Examples The following e xample sh.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software radius-server dead-criteria tries SR-37 Cisco IOS XR System Security Command Reference radius-server dead-criteria tries.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software radius-server dead-criteria tries SR-38 Cisco IOS XR System Security Command Reference Examples The following example sh.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software radius-server deadtime SR-39 Cisco IOS XR System Security Command Reference radius-server deadtime T o improve RADIUS re.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software radius-server deadtime SR-40 Cisco IOS XR System Security Command Reference Related Commands Command Description deadtime (server -group conf iguration) Conf igures the deadtime value at the RADIUS server group le vel.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software radius-server host SR-41 Cisco IOS XR System Security Command Reference radius-server host T o specify a RADIUS server host, use the radius-server host command in global conf iguration mode.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software radius-server host SR-42 Cisco IOS XR System Security Command Reference Command History Usage Guidelines T o use this command, you must be in a user group associated with a task group that includes the proper task IDs.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software radius-server host SR-43 Cisco IOS XR System Security Command Reference Related Commands Command Description aaa accounting Creates a method list for accounting. aaa authentication Creates a method list for authentication.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software radius-server key SR-44 Cisco IOS XR System Security Command Reference radius-server key T o set the authentication and .
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software radius-server key SR-45 Cisco IOS XR System Security Command Reference Related Commands Command Description radius-server host Specif ies a RADIUS server host.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software radius-server retransmit SR-46 Cisco IOS XR System Security Command Reference radius-server retransmit T o specify the n.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software radius-server timeout SR-47 Cisco IOS XR System Security Command Reference radius-server timeout T o set the interval for which a router waits for a serv er host to reply before timing out, use the radius-server timeout command in global conf iguration mode.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software radius source-interface SR-48 Cisco IOS XR System Security Command Reference radius source-interface T o force RADIUS to.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software radius source-interface SR-49 Cisco IOS XR System Security Command Reference Examples The following e xample sho ws how .
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software secret SR-50 Cisco IOS XR System Security Command Reference secret T o create a secure login secret for a user , use the secret command in username or line conf iguration mode.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software secret SR-51 Cisco IOS XR System Security Command Reference Examples The following e xample sho ws how to establish the .
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software server (RADIUS) SR-52 Cisco IOS XR System Security Command Reference server (RADIUS) T o associate a particular RADIUS server with a def ined server group, use the s erver command in RADIUS server -group conf iguration mode.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software server (RADIUS) SR-53 Cisco IOS XR System Security Command Reference When you use the optional ke ywords, the network ac.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software server (TACACS+) SR-54 Cisco IOS XR System Security Command Reference server (TACACS+) T o associate a particular T A CA CS+ server with a def ined server group, use the server command in T A CA CS+ server-group conf iguration mode.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software server (TACACS+) SR-55 Cisco IOS XR System Security Command Reference Related Commands Command Description aaa group ser ver tacacs+ Groups different T A CA CS+ server hosts into distinct lists.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show aaa SR-56 Cisco IOS XR System Security Command Reference show aaa T o display information about a user group, local.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show aaa SR-57 Cisco IOS XR System Security Command Reference Examples The following sample output is from the show aaa .
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show aaa SR-58 Cisco IOS XR System Security Command Reference Task: netflow : READ WRITE EXECUTE DEBUG Task: network : R.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show aaa SR-59 Cisco IOS XR System Security Command Reference Task: inventory : READ WRITE EXECUTE DEBUG Task: ip-servic.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show radius SR-60 Cisco IOS XR System Security Command Reference show radius T o display information about the RADIUS servers that are conf igured in the system, use the show radius command in EXEC mode.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show radius SR-61 Cisco IOS XR System Security Command Reference T able 2 describes the signif icant f ields shown in the display .
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show radius accounting SR-62 Cisco IOS XR System Security Command Reference show radius accounting T o obtain information and detailed statistics for the RADIUS accounting server and port, use the show radius accounting command in EXEC mode.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show radius accounting SR-63 Cisco IOS XR System Security Command Reference Server: 12.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show radius authentication SR-64 Cisco IOS XR System Security Command Reference show radius authentication T o obtain information and detailed statistics for the RADIUS authentication server and port, use the show radius authentication command in EXEC mode.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show radius authentication SR-65 Cisco IOS XR System Security Command Reference Server: 12.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show radius client SR-66 Cisco IOS XR System Security Command Reference show radius client T o obtain general information about the RADIUS client on Cisco IOS XR software, use the show radius client command in EXEC mode.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show radius client SR-67 Cisco IOS XR System Security Command Reference T able 5 describes the signif icant f ields shown in the display .
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show radius dead-criteria SR-68 Cisco IOS XR System Security Command Reference show radius dead-criteria T o obtain information about the dead server detection criteria, use the show radius dead-criteria command in EXEC mode.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show radius dead-criteria SR-69 Cisco IOS XR System Security Command Reference T able 6 describes the signif icant f ields shown in the display .
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show radius server-groups SR-70 Cisco IOS XR System Security Command Reference show radius server-groups T o display information about the RADIUS server groups that are conf igured in the system, use the show radius server -groups command in EXEC mode.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show radius server-groups SR-71 Cisco IOS XR System Security Command Reference T able 7 describes the signif icant f ields shown in the display .
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show tacacs SR-72 Cisco IOS XR System Security Command Reference show tacacs T o display information about the T A CA CS+ servers that are conf igured in the system, use the show tacacs command in EXEC mode.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show tacacs SR-73 Cisco IOS XR System Security Command Reference T able 8 describes the signif icant f ields shown in the display . T able 8 show tacacs Field Descr iptions Field Description Server Server IP address.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show tacacs server-groups SR-74 Cisco IOS XR System Security Command Reference show tacacs server-groups T o display information about the T A CA CS+ server groups that are conf igured in the system, use the show tacacs serv er -groups command in EXEC mode.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show tacacs server-groups SR-75 Cisco IOS XR System Security Command Reference T able 9 describes the signif icant f ields shown in the display . Related Commands T able 9 show tacacs serv er -groups Field Descr iptions Field Description Server Server IP address.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show task supported SR-76 Cisco IOS XR System Security Command Reference show task supported T o display all task IDs av ailable in the system, use the show task supported command in EXEC mode.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show task supported SR-77 Cisco IOS XR System Security Command Reference cisco-support config-mgmt config-services crypt.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show user SR-78 Cisco IOS XR System Security Command Reference show user T o display all user groups and task IDs associated with the currently logged-in user , use the show user command in EXEC mode.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show user SR-79 Cisco IOS XR System Security Command Reference Examples The following sample output displays the authent.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show user SR-80 Cisco IOS XR System Security Command Reference Task: network : READ WRITE EXECUTE DEBUG Task: ospf : REA.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show user SR-81 Cisco IOS XR System Security Command Reference Task: logging : READ WRITE EXECUTE DEBUG Task: lpts : REA.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software tacacs-server host SR-82 Cisco IOS XR System Security Command Reference tacacs-server host T o specify a T ACA CS+ host server , use the tacacs-server host command in global conf iguration mode.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software tacacs-server host SR-83 Cisco IOS XR System Security Command Reference Usage Guidelines T o use this command, you must be in a user group associated with a task group that includes the proper task IDs.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software tacacs-server key SR-84 Cisco IOS XR System Security Command Reference tacacs-server key T o set the authentication encr.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software tacacs-server key SR-85 Cisco IOS XR System Security Command Reference Related Commands Command Description tacacs-server host Specif ies a T A CA CS+ host.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software tacacs-server timeout SR-86 Cisco IOS XR System Security Command Reference tacacs-server timeout T o set the interval that the serv er waits for a server host to reply , use the tacacs-server timeout command in global conf iguration mode.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software tacacs source-interface SR-87 Cisco IOS XR System Security Command Reference tacacs source-interface T o specify the source IP address of a selected interface for all outgoing T A CA CS+ packets, use the tacacs source-interface command in global conf iguration mode.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software tacacs source-interface SR-88 Cisco IOS XR System Security Command Reference Usage Guidelines T o use this command, you must be in a user group associated with a task group that includes the proper task IDs.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software task SR-89 Cisco IOS XR System Security Command Reference task T o add a task ID to a task group, use the task command in task group conf iguration mode. T o remove a task ID from a task group, use the no form of this command.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software task SR-90 Cisco IOS XR System Security Command Reference Related Commands Command Description taskgroup Conf igures a task group to be associated with a set of task IDs.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software taskgroup SR-91 Cisco IOS XR System Security Command Reference taskgroup T o conf igure a task group to be associated with a set of task IDs, and to enter task group conf iguration mode, use the taskgroup command in global conf iguration mode.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software taskgroup SR-92 Cisco IOS XR System Security Command Reference Entering the taskgroup command with no k eywords or ar guments enters task group conf iguration mode, in which you can use the description , inherit , show , and task commands.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software timeout login response SR-93 Cisco IOS XR System Security Command Reference timeout login response T o set the interval that the serv er waits for a reply to a login, use the timeout login r esponse command in line conf iguration mode.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software timeout login response SR-94 Cisco IOS XR System Security Command Reference Related Commands Command Description login authentication Enables AAA authentication for logins.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software usergroup SR-95 Cisco IOS XR System Security Command Reference usergroup T o conf igure a user group and associate it with a set of task groups, and to enter user group conf iguration mode, use the usergr oup command in global conf iguration mode.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software usergroup SR-96 Cisco IOS XR System Security Command Reference From global conf iguration mode, you can display all the conf igured user groups. Howev er , you cannot display all the conf igured user groups in usergroup conf iguration mode.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software username SR-97 Cisco IOS XR System Security Command Reference username T o conf igure a ne w user with a username, estab.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software username SR-98 Cisco IOS XR System Security Command Reference From global conf iguration mode, you can display all the conf igured usernames. Howev er , you cannot display all the conf igured usernames in username conf iguration mode.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software users group SR-99 Cisco IOS XR System Security Command Reference users group T o associate a user group and its privile ges with a line, use the users group command in line conf iguration mode.
Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software users group SR-100 Cisco IOS XR System Security Command Reference T ask ID Examples In the following example, if a vty-p.
An important point after buying a device Cisco Systems XR (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought Cisco Systems XR yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data Cisco Systems XR - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, Cisco Systems XR you will learn all the available features of the product, as well as information on its operation. The information that you get Cisco Systems XR will certainly help you make a decision on the purchase.
If you already are a holder of Cisco Systems XR, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime Cisco Systems XR.
However, one of the most important roles played by the user manual is to help in solving problems with Cisco Systems XR. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device Cisco Systems XR along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center