Table of Contents
Advertisement
Information About Configuring AAA Services
User, User Groups, and Task Groups
Cisco IOS XR software user attributes form the basis of the Cisco IOS XR software administrative
model. Each router user is associated with the following attributes:
•
•
•
User Categories
Router users are classified into the following categories:
•
•
•
Root System Users
The root system user is the entity authorized to "own" the entire router chassis. The root system user
functions with the highest privileges over all router components and can monitor all secure domain
routers in the system. At least one root system user account must be created during router setup. Multiple
root system users can exist.
The root system user can perform any configuration or monitoring task, including the following:
•
•
•
•
Root SDR Users
A root SDR user controls the configuration and monitoring of a particular SDR. The root SDR user can
create users and configure their privileges within the SDR. Multiple root SDR users can work
independently. A single SDR may have more than one root SDR user.
A root SDR user can perform the following administrative tasks for a particular SDR:
•
•
•
A root SDR user cannot deny access to a root system user. (See the
Cisco IOS XR System Security Configuration Guide
SC-170
User ID (ASCII string) that identifies the user uniquely across an administrative domain
Length limitation of 253 characters for passwords and one-way encrypted secrets
List of user groups (at least one) of which the user is a member (thereby enabling attributes such as
task IDs) (see the
"Task IDs"
Root system user (complete administrative authority)
Root SDR user (specific secure domain router administrative authority)
Secure domain router user (specific secure domain router user access)
Configure secure domain routers.
Create, delete, and modify root SDR users (after logging in to the secure domain router as the root
system user). (See the
"Root SDR Users"
Create, delete, and modify secure domain router users and set user task permissions (after logging
in to the secure domain router as the root system user). (See the
section.)
Access fabric racks or any router resource not allocated to a secure domain router, allowing the root
system user to authenticate to any router node regardless of the secure domain router configurations.
Create, delete, and modify secure domain router users and their privileges for the SDR. (See the
"Secure Domain Router Users"
Create, delete, and modify user groups to allow access to the SDR.
Manage nearly all aspects of the SDR.
section)
section.)
section.)
Configuring AAA Services on Cisco IOS XR Software
"Secure Domain Router Users"
"Root System Users"
section.)
Hide quick links:
Advertisement
Chapters
Table of Contents
