[c-nsp] IOS XR AAA
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Mon May 20 13:56:54 EDT 2013
On 20/05/2013 17:00, "Shane Heupel" <sheupel at twlakes.coop> wrote:
>We just purchased a couple of ASR9Ks and we're trying to set up AAA to
>our free radius servers. We have the ASRs configured to authenticate
>against the AAA servers but are having some trouble with the user
>attributes being passed between the ASRs and AAA server that define which
>task group each user is assigned. Does anyone have a radius
>configuration that they would mind sharing?
>
>Example user:
>username bob
>group netadmin
>group sysadmin
>group cisco-support
>
you need to include
Cisco-avpair = "shell:task=#netadmin,#sysadmin,#cisco-support"
in the profile.. If you send this profile to non-XR system, they might
choke, so you might need to make it optional via
Cisco-avpair = "shell:task*#netadmin,#sysadmin,#cisco-support"
don't have a full radius example handy right now, but maybe the above will
help..
oli
More information about the cisco-nsp
mailing list