Authentication and authorization for CRS-1 IOS-XR ?

jorge.nielsen · ‎11-11-2008

Have any body implemented authentication and authorization using Cisco ACS 1114 for Cisco CRS Routers ????

wong34539 · ‎11-17-2008

Use the aaa authentication command to create a series of authentication methods, or method list. You can specify up to four methods in the method list. To create a method list for authentication, use the aaa authentication command in global configuration mode. To disable this authentication method, use the no form of this command.

aaa authentication {login | ppp} {default | remote | list-name} {local | line | group {tacacs+ | radius | group-name}}

no aaa authentication {login | ppp} {default | remote | list-name}

To create a method list for authorization, use the aaa authorization command in global configuration mode. To disable authorization for a function, use the no form of this command.

aaa authorization {commands | exec | network} {default | list-name} {none | local | group {tacacs+ | radius | group-name}}

no aaa authorization {commands | exec | network} {default | list-name}

For further information click this link.

http://www.cisco.com/en/US/docs/ios_xr_sw/iosxr_r3.2/security/command/reference/sr32aaa.html

jorge.nielsen · ‎11-17-2008

fine, but at the ACS, when you configure customer attribute on authorization screenshot, the ACS send all authorization...ios privilege and ios xr taskgroup and the IOS based Routers don't understand that instruction and the authorization fail...!