beautypg.com

Configuring command authorization, Tacacs+ accounting configuration – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 55

background image

Configuring command authorization

When TACACS+ command authorization is enabled, the Brocade device consults a TACACS+ server
to get authorization for commands entered by the user.

You enable TACACS+ command authorization by specifying a privilege level whose commands require
authorization. For example, to configure the Brocade device to perform authorization for the commands
available at the Super User privilege level (that is, all commands on the device), enter the following
command.

device(config)#aaa authorization commands 0 default tacacs+

Syntax: aaa authorization commands privilege-level default [ tacacs+ | radius | none ]

The privilege-level parameter can be one of the following:

0 - Authorization is performed for commands available at the Super User level (all commands)
4 - Authorization is performed for commands available at the Port Configuration level (port-config and

read-only commands)

5 - Authorization is performed for commands available at the Read Only level (read-only commands)

NOTE
TACACS+ command authorization can be performed only for commands entered from Telnet or SSH
sessions, or from the console.

TACACS+ command authorization is not performed for the following commands:

• At all levels: exit , logout , end , and quit .
• At the Privileged EXEC level: enable or enable text , where text is the password configured for the

Super User privilege level.

If configured, command accounting is performed for these commands.

AAA support for console commands

AAA support for commands entered at the console includes the following:

• Login prompt that uses AAA authentication, using authentication-method Lists
• Exec Authorization
• Exec Accounting
• Command authorization
• Command accounting
• System Accounting

To enable AAA support for commands entered at the console, enter the following command.

device(config)#enable aaa console

Syntax: [no] enable aaa console

TACACS+ accounting configuration

Brocade devices support TACACS+ accounting for recording information about user activity and system
events. When you configure TACACS+ accounting on a Brocade device, information is sent to a
TACACS+ accounting server when specified events occur, such as when a user logs into the device or
the system is rebooted.

Configuring command authorization

FastIron Ethernet Switch Security Configuration Guide

55

53-1003088-03

See also other documents in the category Brocade Computer Accessories: