09-04-2020 07:47 AM
Hi all,
in our IOS devices we use lines like 'privilege exec level 1 show ip mroute', to make this specific show command allowed for a user with privilege level 1.
I know that the concept in IOS XR is completely different, and there's no direct equivalent to the command above. So if I have ASR 9000 series, IOS XR release 6.6 and users AAA managed through tacacs+, how can I achieve the result above? Any example is strongly appreciated.
Thanks,
S.
09-04-2020 07:56 AM
If the Device administration through AAA ( TACACS - is this Cisco ISE ?)
If ISE beloe guide help to bind the command to Group which user belong to.
if not what TACACS you using ? please let us know so we can suggest better.
09-22-2020 03:11 AM
Hi Balaji,
we have Cisco ACS.
Simone
09-04-2020 09:36 AM
You can use the describe command.
RP/0/RSP0/CPU0:ASR-9010-D#des show mrib route
The command is defined in mrib_cmds.parser
Node 0/RSP0/CPU0 has file mrib_cmds.parser for boot package /disk0/asr9k-os-mbi-6.6.3/0x100305/mbiasr9k-rsp3.vm from iosxr-mcast
Package:
iosxr-mcast
iosxr-mcast V6.6.3[Default] IOS-XR Multicast Package Definition
Vendor : Cisco Systems
Desc : IOS-XR Multicast Package Definition
Build : Built on Sat Dec 14 02:03:40 UTC 2019
Source : By iox-lnx-024 in /auto/srcarchive15/prod/6.6.3/asr9k-px/ws for pie
Card(s): RP, CRS-RP-X86, CRS8-RP-x86, CRS16-RP-x86, ASR9K-RP2-x86, ASR9001-RP, ASR9K-RSP4L-x86, NP40-40x1GE, NP40-4x10GE, NP40-8x10GE, NP40-2_20_COMBO, NP80-8x10GE, NP80-16x10GE, NP200-24x10GE, NP200-36x10GE, NP200-2x100GE, NP200-1x100GE, NP200-5x40GE, NP200-MOD-SMEM, NP200-MOD-LMEM, NP200-WILDCHILD, ASR9001-LC, A9K-SIP-700, A9K-SIP-500, A9K-SIP-AVSM, A9K-TOMAHAWK, A9K-FORGE
Restart information:
Default:
parallel impacted processes restart
Size Compressed/Uncompressed: 23MB/80MB (28%)
Component:
ipv4-mrib.x86e V[r66x/26] Multicast Routing Information Base
File:
mrib_cmds.parser
Card(s) : CRS-RP-X86, CRS8-RP-x86, CRS16-RP-x86, ASR9K-RP2-x86, ASR9K-RSP4L-x86
File type : Default
Remotely-hosted : No
Local view : /pkg/parser/mrib_cmds.parser
Local install path : /disk0/iosxr-mcast-6.6.3/0x100305/parser/mrib_cmds.parser (Compressed)
Central install path : /disk0/iosxr-mcast-6.6.3/0x100305/parser/mrib_cmds.parser (Compressed)
Uncompressed size : 63KB
Compressed size : 22KB
Uncompressed MD5 : f9aa0f6d37cb62f3b458c91d84bb4769
Compressed MD5 : e5b391526b2f4700e7268b8431ef85c3
User needs ALL of the following taskids:
multicast (READ) <<< this is the task the user needs to be able to run the command
It will take the following actions:
Fri Sep 4 16:30:29.226 UTC
Spawn the process:
mrib_show -e ,,, -i ,,,,,,,,,, -O <<< this is the shell command
RP/0/RSP0/CPU0:ASR-9010-D#
Sam
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide