Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1110
Views
0
Helpful
3
Replies

commands privilege in IOS XR

simone.c
Level 1
Level 1

‎09-04-2020 07:47 AM

Hi all,

in our IOS devices we use lines like 'privilege exec level 1 show ip mroute', to make this specific show command allowed for a user with privilege level 1.

I know that the concept in IOS XR is completely different, and there's no direct equivalent to the command above. So if I have ASR 9000 series, IOS XR release 6.6 and users AAA managed through tacacs+, how can I achieve the result above? Any example is strongly appreciated.

Thanks,

S.

Labels:
0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎09-04-2020 07:56 AM

If the Device administration through AAA ( TACACS - is this Cisco ISE ?)

 

If ISE beloe guide help to bind the command to Group which user belong to.

 

https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_0100010.html

 

if not what TACACS you using ? please let us know so we can suggest better.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

simone.c
Level 1
Level 1
In response to balaji.bandi

‎09-22-2020 03:11 AM

Hi Balaji,

 

we have Cisco ACS.

Simone

0 Helpful

smilstea
Cisco Employee
Cisco Employee

‎09-04-2020 09:36 AM

You can use the describe command.

 

 

 

RP/0/RSP0/CPU0:ASR-9010-D#des show mrib route
The command is defined in mrib_cmds.parser

Node 0/RSP0/CPU0 has file mrib_cmds.parser for boot package /disk0/asr9k-os-mbi-6.6.3/0x100305/mbiasr9k-rsp3.vm from iosxr-mcast
Package:
iosxr-mcast
iosxr-mcast V6.6.3[Default] IOS-XR Multicast Package Definition
Vendor : Cisco Systems
Desc : IOS-XR Multicast Package Definition
Build : Built on Sat Dec 14 02:03:40 UTC 2019
Source : By iox-lnx-024 in /auto/srcarchive15/prod/6.6.3/asr9k-px/ws for pie
Card(s): RP, CRS-RP-X86, CRS8-RP-x86, CRS16-RP-x86, ASR9K-RP2-x86, ASR9001-RP, ASR9K-RSP4L-x86, NP40-40x1GE, NP40-4x10GE, NP40-8x10GE, NP40-2_20_COMBO, NP80-8x10GE, NP80-16x10GE, NP200-24x10GE, NP200-36x10GE, NP200-2x100GE, NP200-1x100GE, NP200-5x40GE, NP200-MOD-SMEM, NP200-MOD-LMEM, NP200-WILDCHILD, ASR9001-LC, A9K-SIP-700, A9K-SIP-500, A9K-SIP-AVSM, A9K-TOMAHAWK, A9K-FORGE
Restart information:
Default:
parallel impacted processes restart
Size Compressed/Uncompressed: 23MB/80MB (28%)

Component:
ipv4-mrib.x86e V[r66x/26] Multicast Routing Information Base

File:
mrib_cmds.parser
Card(s) : CRS-RP-X86, CRS8-RP-x86, CRS16-RP-x86, ASR9K-RP2-x86, ASR9K-RSP4L-x86
File type : Default
Remotely-hosted : No
Local view : /pkg/parser/mrib_cmds.parser
Local install path : /disk0/iosxr-mcast-6.6.3/0x100305/parser/mrib_cmds.parser (Compressed)
Central install path : /disk0/iosxr-mcast-6.6.3/0x100305/parser/mrib_cmds.parser (Compressed)
Uncompressed size : 63KB
Compressed size : 22KB
Uncompressed MD5 : f9aa0f6d37cb62f3b458c91d84bb4769
Compressed MD5 : e5b391526b2f4700e7268b8431ef85c3

User needs ALL of the following taskids:

multicast (READ) <<< this is the task the user needs to be able to run the command

It will take the following actions:
Fri Sep 4 16:30:29.226 UTC
Spawn the process:
mrib_show -e ,,, -i ,,,,,,,,,, -O <<< this is the shell command
RP/0/RSP0/CPU0:ASR-9010-D#

 

 

 

Sam

0 Helpful
Customers Also Viewed These Support Documents