Cisco NCS 5000 Series Manual page 21

System security command reference for cisco ncs 5000 series routers

Hide thumbs Also See for Cisco NCS 5000 Series:

Hardware installation manual (72 pages)

Manual (188 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

page of 186

/ 186
Contents
Table of Contents
Bookmarks

Table of Contents

Authentication, Authorization, and Accounting Commands

Command History

Release

Release 6.0

Usage Guidelines

Use the aaa authorization command to create method lists defining specific authorization methods that can

be used on a per-line or per-interface basis. You can specify up to four methods in the method list.

The command authorization mentioned here applies to the one performed by an external AAA server and

Note

not for task-based authorization.

Method lists for authorization define the ways authorization will be performed and the sequence in which

these methods will be performed. A method list is a named list describing the authorization methods (such as

TACACS+), in sequence. Method lists enable you to designate one or more security protocols for authorization,

thus ensuring a backup system in case the initial method fails. Cisco IOS XR software uses the first method

listed to authorize users for specific network services; if that method fails to respond, Cisco IOS XR software

selects the next method listed in the method list. This process continues until there is successful communication

with a listed authorization method or until all methods defined have been exhausted.

Note

Cisco IOS XR software attempts authorization with the next listed method only when there is no response

(not a failure) from the previous method. If authorization fails at any point in this cycle—meaning that

the security server or local username database responds by denying the user services—the authorization

process stops and no other authorization methods are attempted.

The Cisco IOS XR software supports the following methods for authorization:

• none—The router does not request authorization information; authorization is not performed over this

• local—Use the local database for authorization.

• group tacacs+—Use the list of all configured TACACS+ servers for authorization.

• group radius—Use the list of all configured RADIUS servers for authorization.

• group group-name—Uses a named subset of TACACS+ or RADIUS servers for authorization.

Method lists are specific to the type of authorization being requested. Cisco IOS XR software supports four

types of AAA authorization:

• Commands authorization—Applies to the XR EXEC mode commands a user issues. Command

line or interface.

authorization attempts authorization for all XR EXEC mode commands.

"Command" authorization is distinct from "task-based" authorization, which is based on

Note

the task profile established during authentication.

System Security Command Reference for Cisco NCS 5000 Series Routers

aaa authorization (XR-VM)

Modification

This command was introduced.

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

Cisco NCS 5000 Series Manual page 21

Hide quick links:

Related Manuals for Cisco Cisco NCS 5000 Series

Related Products for Cisco Cisco NCS 5000 Series

Table of Contents