beautypg.com

Tacacs+ authorization, Tacacs+ accounting, Aaa operations for tacacs/tacacs – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 45

background image

TACACS+ authorization

Brocade devices support two kinds of TACACS+ authorization:

• Exec authorization determines a user privilege level when they are authenticated
• Command authorization consults a TACACS+ server to get authorization for commands entered by

the user

When TACACS+ exec authorization takes place, the following events occur.

1. A user logs into the Brocade device using Telnet or SSH
2. The user is authenticated.
3. The Brocade device consults the TACACS+ server to determine the privilege level of the user.
4. The TACACS+ server sends back a response containing an A-V (Attribute-Value) pair with the

privilege level of the user.

5. The user is granted the specified privilege level.

When TACACS+ command authorization takes place, the following events occur.

TACACS+ accounting

TACACS+ accounting works as follows.

1. One of the following events occur on the Brocade device:

A user logs into the management interface using Telnet or SSH

A user enters a command for which accounting has been configured

A system event occurs, such as a reboot or reloading of the configuration file

2. The Brocade device checks the configuration to see if the event is one for which TACACS+

accounting is required.

3. If the event requires TACACS+ accounting, the Brocade device sends a TACACS+ Accounting Start

packet to the TACACS+ accounting server, containing information about the event.

4. The TACACS+ accounting server acknowledges the Accounting Start packet.
5. The TACACS+ accounting server records information about the event.
6. When the event is concluded, the Brocade device sends an Accounting Stop packet to the TACACS+

accounting server.

7. The TACACS+ accounting server acknowledges the Accounting Stop packet.

AAA operations for TACACS/TACACS+

The following table lists the sequence of authentication, authorization, and accounting operations that
take place when a user gains access to a Brocade device that has TACACS/TACACS+ security
configured.

User action

Applicable AAA operations

User attempts to gain access to the
Privileged EXEC and CONFIG levels of the
CLI

Enable authentication:

aaa authentication enable default method-list

Exec authorization (TACACS+):

aaa authorization exec default tacacs+

TACACS+ authorization

FastIron Ethernet Switch Security Configuration Guide

45

53-1003088-03

See also other documents in the category Brocade Computer Accessories: