Cisco Systems XR manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100

Go to page of

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of Cisco Systems XR, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of Cisco Systems XR one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of Cisco Systems XR. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of Cisco Systems XR should contain:
- informations concerning technical data of Cisco Systems XR
- name of the manufacturer and a year of construction of the Cisco Systems XR item
- rules of operation, control and maintenance of the Cisco Systems XR item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of Cisco Systems XR alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of Cisco Systems XR, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the Cisco Systems service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of Cisco Systems XR.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the Cisco Systems XR item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    SR-1 Cisco IOS XR System Security Command Reference Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software This chapter describes the Cisco IOS XR software commands used to conf igure authentication, authorization, and accounting (AAA) services. For detailed information about AAA concepts, conf iguration tasks, and examples[...]

  • Page 2

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software aaa accounting SR-2 Cisco IOS XR System Security Command Reference aaa accounting T o create a method list for accounting, use the aaa accounting command in global conf iguration mode. T o remo ve a list name from the system, use the no form of this command. aaa account[...]

  • Page 3

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software aaa accounting SR-3 Cisco IOS XR System Security Command Reference Use the aaa accounting command to create default or named method lists def ining specif ic accounting methods and that can be used on a per-line or per -interface basis. Y ou can specify up to four metho[...]

  • Page 4

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software aaa accounting system default SR-4 Cisco IOS XR System Security Command Reference aaa accounting system default T o enable authentication, authorization, and accounting (AAA) system accounting, use the aaa accounting system default command in global conf iguration mode.[...]

  • Page 5

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software aaa accounting system default SR-5 Cisco IOS XR System Security Command Reference The default method list is automatically applied to all interfaces or lines. If no def ault method list is def ined, then no accounting takes place. Y ou can specify up to four methods in [...]

  • Page 6

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software aaa authentication SR-6 Cisco IOS XR System Security Command Reference aaa authentication T o create a method list for authentication, use the aaa authentication command in global conf iguration mode. T o disable this authentication method, use the no form of this comma[...]

  • Page 7

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software aaa authentication SR-7 Cisco IOS XR System Security Command Reference Command History Usage Guidelines T o use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task [...]

  • Page 8

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software aaa authentication SR-8 Cisco IOS XR System Security Command Reference aaa group ser ver radius Groups different RADIUS serv er hosts into distinct lists and distinct methods. aaa group ser ver tacacs+ Groups different T A CA CS+ server hosts into distinct lists and dis[...]

  • Page 9

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software aaa authorization SR-9 Cisco IOS XR System Security Command Reference aaa authorization T o create a method list for authorization, use the aaa authorization command in global conf iguration mode. T o disable authorization for a function, use the no form of this command[...]

  • Page 10

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software aaa authorization SR-10 Cisco IOS XR System Security Command Reference Use the aaa authorization command to create method lists def ining specif ic authorization methods that can be used on a per-line or per -interface basis. Y ou can specify up to four methods in the m[...]

  • Page 11

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software aaa authorization SR-11 Cisco IOS XR System Security Command Reference Examples The following e xample sho ws how to def ine the network authorization method list named listname1, which specif ies that T A CA CS+ authorization is used: RP/0/RP0/CPU0:router# configure RP[...]

  • Page 12

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software aaa default-taskgroup SR-12 Cisco IOS XR System Security Command Reference aaa default-taskgroup T o specify a task group to be used for both remote T A CA CS+ authentication and RADIUS authentication, use the aaa default-taskgroup command in global conf iguration mode.[...]

  • Page 13

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software aaa group server radius SR-13 Cisco IOS XR System Security Command Reference aaa group server radius T o group different RADIUS serv er hosts into distinct lists, use the aaa group server radius command in global conf iguration mode. T o remov e a group server from the [...]

  • Page 14

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software aaa group server radius SR-14 Cisco IOS XR System Security Command Reference T ask ID Examples The following e xample sho ws the conf iguration of an AAA group server named radgroup1, which comprises three member servers: RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:ro[...]

  • Page 15

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software aaa group server tacacs+ SR-15 Cisco IOS XR System Security Command Reference aaa group server tacacs+ T o group different T ACA CS+ server hosts into distinct lists, use the b command in global conf iguration mode. T o remove a serv er group from the conf iguration lis[...]

  • Page 16

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software aaa group server tacacs+ SR-16 Cisco IOS XR System Security Command Reference Examples The following e xample sho ws the conf iguration of an AAA group server named tacgroup1, which comprises three member servers: RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(con[...]

  • Page 17

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software accounting SR-17 Cisco IOS XR System Security Command Reference accounting T o enable authentication, authorization, and accounting (AAA) accounting services for a specif ic line or group of lines, use the accounting command in line conf iguration mode. T o disable AAA [...]

  • Page 18

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software accounting SR-18 Cisco IOS XR System Security Command Reference Examples The following example sho ws how to enable command accounting services using the accounting method list named listname2 on a line template named conf igure: RP/0/RP0/CPU0:router# configure RP/0/RP0[...]

  • Page 19

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software authorization SR-19 Cisco IOS XR System Security Command Reference authorization T o enable authentication, authorization, and accounting (AAA) authorization for a specif ic line or group of lines, use the authorization command in line conf iguration mode. T o disable a[...]

  • Page 20

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software authorization SR-20 Cisco IOS XR System Security Command Reference Examples The following e xample sho ws how to enable command authorization using the method list named listname4 on a line template named conf igure: RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router([...]

  • Page 21

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software deadtime (server-group configuration) SR-21 Cisco IOS XR System Security Command Reference deadtime (server-group configuration) T o conf igure the deadtime v alue at the RADIUS server group le vel, use the deadtime command in server -group conf iguration mode. T o set [...]

  • Page 22

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software deadtime (server-group configuration) SR-22 Cisco IOS XR System Security Command Reference Related Commands Command Description aaa group ser ver radius Groups different RADIUS serv er hosts into distinct lists and distinct methods. radius-server dead-criteria time Forc[...]

  • Page 23

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software description (AAA) SR-23 Cisco IOS XR System Security Command Reference description (AAA) T o create a description of a task group or user group during conf iguration, use the description command in task group conf iguration or user group conf iguration mode. T o delete [...]

  • Page 24

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software description (AAA) SR-24 Cisco IOS XR System Security Command Reference Examples The following e xample sho ws the creation of a task group description: RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# taskgroup alpha RP/0/RP0/CPU0:router(config-tg)# descrip[...]

  • Page 25

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software group SR-25 Cisco IOS XR System Security Command Reference group T o add a user to a group, use the group command in username conf iguration mode. T o remov e the user from a group, use the no form of this command. group { r oot-system | root-lr | netadmin | sysadmin | [...]

  • Page 26

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software group SR-26 Cisco IOS XR System Security Command Reference Use the group command in username conf iguration mode. T o access username conf iguration mode, use the username command in global conf iguration mode. If the group command is used in admin conf iguration mode, [...]

  • Page 27

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software inherit taskgroup SR-27 Cisco IOS XR System Security Command Reference inherit taskgroup T o enable a task group to deriv e permissions from another task group, use the inherit taskgroup command in task group conf iguration mode. inherit taskgroup { taskgr oup-name | ne[...]

  • Page 28

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software inherit taskgroup SR-28 Cisco IOS XR System Security Command Reference Examples In the following e xample, the permissions of task group tg2 are inherited by task group tg1: RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# taskgroup tg1 RP/0/RP0/CPU0:router[...]

  • Page 29

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software inherit usergroup SR-29 Cisco IOS XR System Security Command Reference inherit usergroup T o enable a user group to deriv e characteristics of another user group, use the inherit usergroup command in user group conf iguration mode. inherit usergr oup user gr oup-name Sy[...]

  • Page 30

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software inherit usergroup SR-30 Cisco IOS XR System Security Command Reference Examples The following e xample sho ws how to enable the purchasing user group to inherit properties from the sales user group: RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# usergroup[...]

  • Page 31

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software login authentication SR-31 Cisco IOS XR System Security Command Reference login authentication T o enable authentication, authorization, and accounting (AAA) authentication for logins, use the login authentication command in line conf iguration mode. T o return to the d[...]

  • Page 32

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software login authentication SR-32 Cisco IOS XR System Security Command Reference T ask ID Examples The following e xample sho ws that the default AAA authentication is to be used for the line template template1 : RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# li[...]

  • Page 33

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software password (AAA) SR-33 Cisco IOS XR System Security Command Reference password (AAA) T o create a login password for a user , use the password command in username or line conf iguration mode. T o remove the passw ord, use the no form of this command. password { 0 | 7 } pa[...]

  • Page 34

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software password (AAA) SR-34 Cisco IOS XR System Security Command Reference Examples The following e xample sho ws how to establish the unencrypted passw ord pwd1 for the user user1: RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# username user1 RP/0/RP0/CPU0:rout[...]

  • Page 35

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software radius-server dead-criteria time SR-35 Cisco IOS XR System Security Command Reference radius-server dead-criteria time T o specify the minimum amount of time, in seconds, that must elapse from the time that the router last receiv ed a v alid packet from the RADIUS serve[...]

  • Page 36

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software radius-server dead-criteria time SR-36 Cisco IOS XR System Security Command Reference Examples The following e xample sho ws how to establish the time for the dead-criteria conditions for a RADIUS server to be mark ed as dead for the radius-server dead-criteria time com[...]

  • Page 37

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software radius-server dead-criteria tries SR-37 Cisco IOS XR System Security Command Reference radius-server dead-criteria tries T o specify the number of consecutiv e timeouts that must occur on the router before the RADIUS server is marked as dead, use the radius-server dead-[...]

  • Page 38

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software radius-server dead-criteria tries SR-38 Cisco IOS XR System Security Command Reference Examples The following example sho ws how to establish the number of tries for the dead-criteria conditions for a RADIUS server to be mark ed as dead for the radius-server dead-criter[...]

  • Page 39

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software radius-server deadtime SR-39 Cisco IOS XR System Security Command Reference radius-server deadtime T o improve RADIUS response times when some serv ers are unav ailable and cause the unav ailable servers to be skipped immediately , use the radius-server deadtime command[...]

  • Page 40

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software radius-server deadtime SR-40 Cisco IOS XR System Security Command Reference Related Commands Command Description deadtime (server -group conf iguration) Conf igures the deadtime value at the RADIUS server group le vel. radius-server dead-criteria time Forces one or both[...]

  • Page 41

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software radius-server host SR-41 Cisco IOS XR System Security Command Reference radius-server host T o specify a RADIUS server host, use the radius-server host command in global conf iguration mode. T o delete the specif ied RADIUS host, use the no form of this command. radius-[...]

  • Page 42

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software radius-server host SR-42 Cisco IOS XR System Security Command Reference Command History Usage Guidelines T o use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task[...]

  • Page 43

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software radius-server host SR-43 Cisco IOS XR System Security Command Reference Related Commands Command Description aaa accounting Creates a method list for accounting. aaa authentication Creates a method list for authentication. aaa authorization Creates a method list for aut[...]

  • Page 44

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software radius-server key SR-44 Cisco IOS XR System Security Command Reference radius-server key T o set the authentication and encryption key for all RADIUS communications between the router and the RADIUS daemon, use the radius-server key command in global conf iguration mode[...]

  • Page 45

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software radius-server key SR-45 Cisco IOS XR System Security Command Reference Related Commands Command Description radius-server host Specif ies a RADIUS server host.[...]

  • Page 46

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software radius-server retransmit SR-46 Cisco IOS XR System Security Command Reference radius-server retransmit T o specify the number of times the Cisco IOS XR software retransmits a packet to a serv er before giving up, use the radius-server retransmit command in global conf i[...]

  • Page 47

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software radius-server timeout SR-47 Cisco IOS XR System Security Command Reference radius-server timeout T o set the interval for which a router waits for a serv er host to reply before timing out, use the radius-server timeout command in global conf iguration mode. T o restore[...]

  • Page 48

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software radius source-interface SR-48 Cisco IOS XR System Security Command Reference radius source-interface T o force RADIUS to use the IP address of a specif ied interface or subinterf ace for all outgoing RADIUS packets, use the radius source-interface command in global conf[...]

  • Page 49

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software radius source-interface SR-49 Cisco IOS XR System Security Command Reference Examples The following e xample sho ws how to mak e RADIUS use the IP address of subinterface s2 for all outgoing RADIUS packets: RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# r[...]

  • Page 50

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software secret SR-50 Cisco IOS XR System Security Command Reference secret T o create a secure login secret for a user , use the secret command in username or line conf iguration mode. T o remove the secure secret, use the no form of this command. secret { 0 | 5 } secr et no se[...]

  • Page 51

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software secret SR-51 Cisco IOS XR System Security Command Reference Examples The following e xample sho ws how to establish the secure encrypted secret pwd2 for the user user2: RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:router(config)# username user2 RP/0/RP0/CPU0:router(con[...]

  • Page 52

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software server (RADIUS) SR-52 Cisco IOS XR System Security Command Reference server (RADIUS) T o associate a particular RADIUS server with a def ined server group, use the s erver command in RADIUS server -group conf iguration mode. T o remov e the associated server from the se[...]

  • Page 53

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software server (RADIUS) SR-53 Cisco IOS XR System Security Command Reference When you use the optional ke ywords, the network access serv er identif ies RADIUS security servers and host instances associated with a group server based on their IP address and specif ic UDP port nu[...]

  • Page 54

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software server (TACACS+) SR-54 Cisco IOS XR System Security Command Reference server (TACACS+) T o associate a particular T A CA CS+ server with a def ined server group, use the server command in T A CA CS+ server-group conf iguration mode. T o remove the associated serv er fro[...]

  • Page 55

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software server (TACACS+) SR-55 Cisco IOS XR System Security Command Reference Related Commands Command Description aaa group ser ver tacacs+ Groups different T A CA CS+ server hosts into distinct lists.[...]

  • Page 56

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show aaa SR-56 Cisco IOS XR System Security Command Reference show aaa T o display information about a user group, local user, or task group; to list all task IDs associated with all user groups, local users, or task groups in the system; or to list all task IDs for a s[...]

  • Page 57

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show aaa SR-57 Cisco IOS XR System Security Command Reference Examples The following sample output is from the show aaa usergr oup command: RP/0/RP0/CPU0:router# show aaa usergroup operator User group 'operator' Inherits from task group 'operator' Us[...]

  • Page 58

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show aaa SR-58 Cisco IOS XR System Security Command Reference Task: netflow : READ WRITE EXECUTE DEBUG Task: network : READ WRITE EXECUTE DEBUG Task: ospf : READ WRITE EXECUTE DEBUG Task: ouni : READ WRITE EXECUTE DEBUG Task: pkg-mgmt : READ Task: pos-dpt : READ WRITE E[...]

  • Page 59

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show aaa SR-59 Cisco IOS XR System Security Command Reference Task: inventory : READ WRITE EXECUTE DEBUG Task: ip-services : READ WRITE EXECUTE DEBUG Task: ipv4 : READ WRITE EXECUTE DEBUG Task: ipv6 : READ WRITE EXECUTE DEBUG Task: isis : READ WRITE EXECUTE DEBUG Task: [...]

  • Page 60

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show radius SR-60 Cisco IOS XR System Security Command Reference show radius T o display information about the RADIUS servers that are conf igured in the system, use the show radius command in EXEC mode. show radius Syntax Description This command has no arguments or ke[...]

  • Page 61

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show radius SR-61 Cisco IOS XR System Security Command Reference T able 2 describes the signif icant f ields shown in the display . Related Commands T able 2 show r adius Field Descr iptions Field Description Server Server IP address/UDP destination port for authenticat[...]

  • Page 62

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show radius accounting SR-62 Cisco IOS XR System Security Command Reference show radius accounting T o obtain information and detailed statistics for the RADIUS accounting server and port, use the show radius accounting command in EXEC mode. show radius accounting Synta[...]

  • Page 63

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show radius accounting SR-63 Cisco IOS XR System Security Command Reference Server: 12.38.28.18, port: 29199 0 requests, 0 pending, 0 retransmits 0 responses, 0 timeouts, 0 bad responses 0 bad authenticators, 0 unknown types, 0 dropped 0 ms latest rtt RP/0/RP0/CPU0:rout[...]

  • Page 64

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show radius authentication SR-64 Cisco IOS XR System Security Command Reference show radius authentication T o obtain information and detailed statistics for the RADIUS authentication server and port, use the show radius authentication command in EXEC mode. show radius [...]

  • Page 65

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show radius authentication SR-65 Cisco IOS XR System Security Command Reference Server: 12.38.28.18, port: 21099 0 requests, 0 pending, 0 retransmits 0 accepts, 0 rejects, 0 challenges 0 timeouts, 0 bad responses, 0 bad authenticators 0 unknown types, 0 dropped, 0 ms la[...]

  • Page 66

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show radius client SR-66 Cisco IOS XR System Security Command Reference show radius client T o obtain general information about the RADIUS client on Cisco IOS XR software, use the show radius client command in EXEC mode. show radius client Syntax Description This comman[...]

  • Page 67

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show radius client SR-67 Cisco IOS XR System Security Command Reference T able 5 describes the signif icant f ields shown in the display . Related Commands T able 5 show r adius client Field Descr iptions Field Description Client N AS identif ier Identif ies the NAS-ide[...]

  • Page 68

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show radius dead-criteria SR-68 Cisco IOS XR System Security Command Reference show radius dead-criteria T o obtain information about the dead server detection criteria, use the show radius dead-criteria command in EXEC mode. show radius dead-criteria host ip-addr [ aut[...]

  • Page 69

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show radius dead-criteria SR-69 Cisco IOS XR System Security Command Reference T able 6 describes the signif icant f ields shown in the display . Related Commands T able 6 show r adius dead-cr iter ia Field Descriptions Field Description Server Server IP address/UDP des[...]

  • Page 70

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show radius server-groups SR-70 Cisco IOS XR System Security Command Reference show radius server-groups T o display information about the RADIUS server groups that are conf igured in the system, use the show radius server -groups command in EXEC mode. show radius serv [...]

  • Page 71

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show radius server-groups SR-71 Cisco IOS XR System Security Command Reference T able 7 describes the signif icant f ields shown in the display . Related Commands T able 7 show r adius server -groups Field Descr iptions Field Description Server Server IP address/UDP des[...]

  • Page 72

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show tacacs SR-72 Cisco IOS XR System Security Command Reference show tacacs T o display information about the T A CA CS+ servers that are conf igured in the system, use the show tacacs command in EXEC mode. show tacacs Syntax Description This command has no arguments o[...]

  • Page 73

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show tacacs SR-73 Cisco IOS XR System Security Command Reference T able 8 describes the signif icant f ields shown in the display . T able 8 show tacacs Field Descr iptions Field Description Server Server IP address. opens Number of socket opens to the external serv er [...]

  • Page 74

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show tacacs server-groups SR-74 Cisco IOS XR System Security Command Reference show tacacs server-groups T o display information about the T A CA CS+ server groups that are conf igured in the system, use the show tacacs serv er -groups command in EXEC mode. show tacacs [...]

  • Page 75

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show tacacs server-groups SR-75 Cisco IOS XR System Security Command Reference T able 9 describes the signif icant f ields shown in the display . Related Commands T able 9 show tacacs serv er -groups Field Descr iptions Field Description Server Server IP address. Comman[...]

  • Page 76

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show task supported SR-76 Cisco IOS XR System Security Command Reference show task supported T o display all task IDs av ailable in the system, use the show task supported command in EXEC mode. show task supported Syntax Description This command has no arguments or ke y[...]

  • Page 77

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show task supported SR-77 Cisco IOS XR System Security Command Reference cisco-support config-mgmt config-services crypto diag disallowed drivers eigrp ext-access fabric fault-mgr filesystem firewall fr hdlc host-services hsrp interface inventory ip-services ipv4 ipv6 i[...]

  • Page 78

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show user SR-78 Cisco IOS XR System Security Command Reference show user T o display all user groups and task IDs associated with the currently logged-in user , use the show user command in EXEC mode. show user [ all | authentication | group | tasks ] Syntax Description[...]

  • Page 79

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show user SR-79 Cisco IOS XR System Security Command Reference Examples The following sample output displays the authentication parameters from the show user command: RP/0/RP0/CPU0:router# show user authentication method local The following sample output displays the gr[...]

  • Page 80

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show user SR-80 Cisco IOS XR System Security Command Reference Task: network : READ WRITE EXECUTE DEBUG Task: ospf : READ WRITE EXECUTE DEBUG Task: ouni : READ WRITE EXECUTE DEBUG Task: pkg-mgmt : READ WRITE EXECUTE DEBUG Task: pos-dpt : READ WRITE EXECUTE DEBUG Task: p[...]

  • Page 81

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software show user SR-81 Cisco IOS XR System Security Command Reference Task: logging : READ WRITE EXECUTE DEBUG Task: lpts : READ WRITE EXECUTE DEBUG Task: monitor : READ WRITE EXECUTE DEBUG Task: mpls-ldp : READ WRITE EXECUTE DEBUG Task: mpls-static : READ WRITE EXECUTE DEBUG [...]

  • Page 82

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software tacacs-server host SR-82 Cisco IOS XR System Security Command Reference tacacs-server host T o specify a T ACA CS+ host server , use the tacacs-server host command in global conf iguration mode. T o delete the specif ied name or address, use the no form of this command.[...]

  • Page 83

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software tacacs-server host SR-83 Cisco IOS XR System Security Command Reference Usage Guidelines T o use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Co[...]

  • Page 84

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software tacacs-server key SR-84 Cisco IOS XR System Security Command Reference tacacs-server key T o set the authentication encryption key used for all T ACA CS+ communications between the HF and the T A CA CS+ daemon, use the tacacs-server key command in global conf iguration [...]

  • Page 85

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software tacacs-server key SR-85 Cisco IOS XR System Security Command Reference Related Commands Command Description tacacs-server host Specif ies a T A CA CS+ host.[...]

  • Page 86

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software tacacs-server timeout SR-86 Cisco IOS XR System Security Command Reference tacacs-server timeout T o set the interval that the serv er waits for a server host to reply , use the tacacs-server timeout command in global conf iguration mode. T o restore the default, use th[...]

  • Page 87

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software tacacs source-interface SR-87 Cisco IOS XR System Security Command Reference tacacs source-interface T o specify the source IP address of a selected interface for all outgoing T A CA CS+ packets, use the tacacs source-interface command in global conf iguration mode. T o[...]

  • Page 88

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software tacacs source-interface SR-88 Cisco IOS XR System Security Command Reference Usage Guidelines T o use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see t[...]

  • Page 89

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software task SR-89 Cisco IOS XR System Security Command Reference task T o add a task ID to a task group, use the task command in task group conf iguration mode. T o remove a task ID from a task group, use the no form of this command. task { read | write | execute | debug } tas[...]

  • Page 90

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software task SR-90 Cisco IOS XR System Security Command Reference Related Commands Command Description taskgroup Conf igures a task group to be associated with a set of task IDs.[...]

  • Page 91

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software taskgroup SR-91 Cisco IOS XR System Security Command Reference taskgroup T o conf igure a task group to be associated with a set of task IDs, and to enter task group conf iguration mode, use the taskgroup command in global conf iguration mode. T o delete a task group, u[...]

  • Page 92

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software taskgroup SR-92 Cisco IOS XR System Security Command Reference Entering the taskgroup command with no k eywords or ar guments enters task group conf iguration mode, in which you can use the description , inherit , show , and task commands. T ask ID Examples The followin[...]

  • Page 93

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software timeout login response SR-93 Cisco IOS XR System Security Command Reference timeout login response T o set the interval that the serv er waits for a reply to a login, use the timeout login r esponse command in line conf iguration mode. T o restore the default, use the n[...]

  • Page 94

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software timeout login response SR-94 Cisco IOS XR System Security Command Reference Related Commands Command Description login authentication Enables AAA authentication for logins.[...]

  • Page 95

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software usergroup SR-95 Cisco IOS XR System Security Command Reference usergroup T o conf igure a user group and associate it with a set of task groups, and to enter user group conf iguration mode, use the usergr oup command in global conf iguration mode. T o delete a user grou[...]

  • Page 96

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software usergroup SR-96 Cisco IOS XR System Security Command Reference From global conf iguration mode, you can display all the conf igured user groups. Howev er , you cannot display all the conf igured user groups in usergroup conf iguration mode. T ask ID Examples The follo w[...]

  • Page 97

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software username SR-97 Cisco IOS XR System Security Command Reference username T o conf igure a ne w user with a username, establish a password, and grant permissions for the user , and to enter username conf iguration mode, use the username command in global conf iguration mod[...]

  • Page 98

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software username SR-98 Cisco IOS XR System Security Command Reference From global conf iguration mode, you can display all the conf igured usernames. Howev er , you cannot display all the conf igured usernames in username conf iguration mode. Each user is identif ied by a usern[...]

  • Page 99

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software users group SR-99 Cisco IOS XR System Security Command Reference users group T o associate a user group and its privile ges with a line, use the users group command in line conf iguration mode. T o delete a user group association with a line, use the no form of this com[...]

  • Page 100

    Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software users group SR-100 Cisco IOS XR System Security Command Reference T ask ID Examples In the following example, if a vty-pool is created with line template vty , users logging in through vty are gi ven operator pri vileges: RP/0/RP0/CPU0:router# configure RP/0/RP0/CPU0:ro[...]