cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
222
Views
0
Helpful
1
Replies
Highlighted
Beginner

Cisco XR router tacacs config

We are using TAC_PLUS as our tacacs server and we have made changes to Tacacs server for better control

 

so when user is in config mode he can run some commands while not execute some command

 

we were able to achieve this on XE router by enabling "aaa authorization config-commands "

 

but on XR platform router,above command is not supported so how can we achieve this.

 

 

1 REPLY 1
Highlighted
Beginner

Re: Cisco XR router tacacs config

The command will be:

aaa authorization commands -> but only applies to user-exec mode.

This is all you can configure on the XR under aaa authorization:

commands

Configures authorization for all EXEC shell commands.

eventmanager

Applies an authorization method for authorizing an event manager (fault manager).

exec

Configures authorization for an interactive ( EXEC) session.

network

Configures authorization for network services, such as PPP or Internet Key Exchange (IKE).

subscriber

Sets the authorization lists for the subscriber.

default

Uses the listed authorization methods that follow this keyword as the default list of methods for authorization.

list-name

Character string used to name the list of authorization methods.

none

Uses no authorization. If you specify none, no subsequent authorization methods is attempted. However, the task ID authorization is always required and cannot be disabled.

local

Uses local authorization. This method of authorization is not available for command authorization.

group tacacs+

Uses the list of all configured TACACS+ servers for authorization.

group radius

Uses the list of all configured RADIUS servers for authorization. This method of authorization is not available for command authorization.

group group-name

Uses a named subset of TACACS+ or RADIUS servers for authorization as defined by the aaa group server tacacs+ or aaa group server radius command.