beautypg.com

Configuring tacacs+ accounting for cli commands, Configuring tacacs+ accounting for system events, Tacacs+ packets – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 56

background image

Configuring TACACS+ accounting for Telnet/SSH (Shell) access

To send an Accounting Start packet to the TACACS+ accounting server when an authenticated user
establishes a Telnet or SSH session on the Brocade device, and an Accounting Stop packet when the
user logs out.

device(config)#aaa accounting exec default start-stop tacacs+

Syntax: aaa accounting exec default start-stop [ tacacs+ | radius | none ]

Configuring TACACS+ accounting for CLI commands

You can configure TACACS+ accounting for CLI commands by specifying a privilege level whose
commands require accounting. For example, to configure the Brocade device to perform TACACS+
accounting for the commands available at the Super User privilege level (that is; all commands on the
device), enter the following command.

device(config)#aaa accounting commands 0 default start-stop tacacs+

An Accounting Start packet is sent to the TACACS+ accounting server when a user enters a
command, and an Accounting Stop packet is sent when the service provided by the command is
completed.

NOTE
If authorization is enabled, and the command requires authorization, then authorization is performed
before accounting takes place. If authorization fails for the command, no accounting takes place.

Syntax: aaa accounting commands privilege-level default start-stop [ radius | tacacs+ | none ]

The privilege-level parameter can be one of the following:

0 - Records commands available at the Super User level (all commands)
4 - Records commands available at the Port Configuration level (port-config and read-only

commands)

5 - Records commands available at the Read Only level (read-only commands)

Configuring TACACS+ accounting for system events

You can configure TACACS+ accounting to record when system events occur on the Brocade device.
System events include rebooting and when changes to the active configuration are made.

The following command causes an Accounting Start packet to be sent to the TACACS+ accounting
server when a system event occurs, and a Accounting Stop packet to be sent when the system event
is completed.

device(config)#aaa accounting system default start-stop tacacs+

Syntax: aaa accounting system default start-stop [ radius | tacacs+ | none ]

Configuring an interface as the source for allTACACS and TACACS+
packets

You can designate the lowest-numbered IP address configured an Ethernet port, loopback interface,
or virtual interface as the source IP address for all TACACS/TACACS+ packets from the Layer 3

Configuring TACACS+ accounting for Telnet/SSH (Shell) access

56

FastIron Ethernet Switch Security Configuration Guide

53-1003088-03

See also other documents in the category Brocade Computer Accessories: