Xml Schema For Aaa Services - Cisco IOS XR Configuration Manual

System security configuration guide

Hide thumbs Also See for IOS XR:

Getting started manual (222 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

page of 254

/ 254
Contents
Table of Contents
Bookmarks

Table of Contents

Configuring AAA Services on Cisco IOS XR Software

Task:

Alternatively, if a user named user2, who does not have a task string, logs in to the external server, the

following information is displayed:

Username:user2

Password:

RP/0/RP0/CPU0:router# show user tasks

No task ids available

Privilege Level Mapping

For compatibility with TACACS+ daemons that do not support the concept of task IDs, AAA supports a

mapping between privilege levels defined for the user in the external TACACS+ server configuration file

and local user groups. Following TACACS+ authentication, the task map of the user group that has been

mapped from the privilege level returned from the external TACACS+ server is assigned to the user. For

example, if a privilege level of 5 is returned from the external TACACS server, AAA attempts to get the

task map of the local user group priv5. This mapping process is similar for other privilege levels from 1

to 13. For privilege level 15, the root-system user group is used; privilege level 14 maps to the user group

owner-sdr.

For example, with the Cisco freeware tac plus server, the configuration file has to specify priv_lvl in its

configuration file, as shown in the following example:

user = sampleuser1{

}

The number 5 in this example can be replaced with any privilege level that has to be assigned to the user

sampleuser.

With the RADIUS server, task IDs are defined using the Cisco-AVPair, as shown in the following

example:

user = sampleuser2{

}

XML Schema for AAA Services

The eXtensible Markup Language (XML) interface uses requests and responses in XML document

format to configure and monitor AAA. The AAA components publish the XML schema corresponding

to the content and structure of the data used for configuration and monitoring. The XML tools and

applications use the schema to communicate to the XML agent for performing the configuration.

The following schema are published by AAA:

•

ext-access

logging

member = bar

service = exec-ext {

priv_lvl = 5

}

member = bar

Cisco-AVPair = "shell:tasks=#root-system,#cisco-support"{

Cisco-AVPair = "shell:priv-lvl=10"

}

Authentication, Authorization and Accounting configuration

User, user group, and task group configuration

:READ

EXECUTE

:READ

Cisco IOS XR System Security Configuration Guide

Information About Configuring AAA Services

SC-181

Table of Contents

Show Quick Links

Quick Links:
Prerequisites for Configuring Aaa Services

Hide quick links:

Chapters

Table of Contents

This manual is also suitable for:

Ios xr 3.5

Xml Schema For Aaa Services - Cisco IOS XR Configuration Manual

XML Schema for AAA Services

Hide quick links:

Chapters

Related Manuals for Cisco IOS XR

Related Content for Cisco IOS XR

This manual is also suitable for:

Table of Contents