beautypg.com

Configuring radius accounting for system events, Displaying radius configuration information – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 72

background image

NOTE
If authorization is enabled, and the command requires authorization, then authorization is performed
before accounting takes place. If authorization fails for the command, no accounting takes place.

Syntax: aaa accounting commands privilege-level default start-stop [ radius | tacacs | none ]

The privilege-level parameter can be one of the following:

0 - Records commands available at the Super User level (all commands)
4 - Records commands available at the Port Configuration level (port-config and read-only

commands)

5 - Records commands available at the Read Only level (read-only commands)

Configuring RADIUS accounting for system events

You can configure RADIUS accounting to record when system events occur on the Brocade device.
System events include rebooting and when changes to the active configuration are made.

The following command causes an Accounting Start packet to be sent to the RADIUS accounting
server when a system event occurs, and a Accounting Stop packet to be sent when the system event
is completed.

device(config)#aaa accounting system default start-stop radius

Syntax: aaa accounting system default start-stop [ radius | tacacs+ | none ]

Configuring an interface as the source for allRADIUS packets

You can designate the lowest-numbered IP address configured an Ethernet port, loopback interface,
or virtual interface as the source IP address for all RADIUS packets from the Layer 3 Switch. For
configuration details, see "Specifying a single source interface for specified packet types" section in
the FastIron Ethernet Switch Layer 3 Routing Configuration Guide .

Displaying RADIUS configuration information

The show aaa command displays information about all TACACS/TACACS+ and RADIUS servers
identified on the device.

device#show aaa

Tacacs+ key: foundry

Tacacs+ retries: 1

Tacacs+ timeout: 15 seconds

Tacacs+ Server: 10.95.6.90 Port:49:

opens=6 closes=3 timeouts=3 errors=0

packets in=4 packets out=4

no connection

Radius key: networks

Radius retries: 3

Radius timeout: 3 seconds

Radius Server: 10.95.6.90 Auth Port=1645 Acct Port=1646:

opens=2 closes=1 timeouts=1 errors=0

packets in=1 packets out=4

no connection

The following table describes the RADIUS information displayed by the show aaa command.

Configuring RADIUS accounting for system events

72

FastIron Ethernet Switch Security Configuration Guide

53-1003088-03

See also other documents in the category Brocade Computer Accessories: