beautypg.com

Radius accounting, Aaa operations for radius – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 59

background image

3. If the command belongs to a privilege level that requires authorization, the Brocade device looks at

the list of commands delivered to it in the RADIUS Access-Accept packet when the user was
authenticated. (Along with the command list, an attribute was sent that specifies whether the user is
permitted or denied usage of the commands in the list.)

NOTE
After RADIUS authentication takes place, the command list resides on the Brocade device. The
RADIUS server is not consulted again once the user has been authenticated. This means that any
changes made to the user command list on the RADIUS server are not reflected until the next time
the user is authenticated by the RADIUS server, and the new command list is sent to the Brocade
device.

4. If the command list indicates that the user is authorized to use the command, the command is

executed.

RADIUS accounting

RADIUS accounting works as follows.

1. One of the following events occur on the Brocade device:

A user logs into the management interface using Telnet or SSH

A user enters a command for which accounting has been configured

A system event occurs, such as a reboot or reloading of the configuration file

2. The Brocade device checks its configuration to see if the event is one for which RADIUS accounting

is required.

3. If the event requires RADIUS accounting, the Brocade device sends a RADIUS Accounting Start

packet to the RADIUS accounting server, containing information about the event.

4. The RADIUS accounting server acknowledges the Accounting Start packet.
5. The RADIUS accounting server records information about the event.
6. When the event is concluded, the Brocade device sends an Accounting Stop packet to the RADIUS

accounting server.

7. The RADIUS accounting server acknowledges the Accounting Stop packet.

AAA operations for RADIUS

The following table lists the sequence of authentication, authorization, and accounting operations that
take place when a user gains access to a Brocade device that has RADIUS security configured.

User action

Applicable AAA operations

User attempts to gain access to the
Privileged EXEC and CONFIG levels of the
CLI

Enable authentication:

aaa authentication enable default method-list

System accounting start:

aaa accounting system default start-stop method-list

User logs in using Telnet/SSH

Login authentication:

aaa authentication login default method-list

RADIUS accounting

FastIron Ethernet Switch Security Configuration Guide

59

53-1003088-03

See also other documents in the category Brocade Computer Accessories: