beautypg.com

Tacacs+ accounting, Aaa operations for tacacs or tacacs – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 49

background image

Multi-Service IronWare Security Configuration Guide

31

53-1003035-02

Configuring TACACS or TACACS+ security

1

1. A user logs into the Brocade device using console, Telnet, SSH, or the Web Management

Interface

2. The user is authenticated.

3. The Brocade device consults the TACACS+ server to determine the privilege level of the user.

4. The TACACS+ server sends back a response containing an A-V (Attribute-Value) pair with the

privilege level of the user.

5. The user is granted the specified privilege level.

The following events occur when TACACS+ command authorization takes place.

1. A Telnet, SSH, or console interface user previously authenticated by a TACACS+ server enters a

command on the Brocade device.

2. The Brocade device looks at its configuration to see if the command is at a privilege level that

requires TACACS+ command authorization.

3. If the command belongs to a privilege level that requires authorization, the Brocade device

consults the TACACS+ server to see if the user is authorized to use the command.

4. If the user is authorized to use the command, the command is executed.

TACACS+ accounting

The following steps explain the working of TACACS+ accounting.

1. One of the following events occur on the Brocade device:

A user logs into the management interface using console, Telnet or SSH

A user enters a command for which accounting has been configured

A system event occurs, such as a reboot or reloading of the configuration file

2. The Brocade device checks its configuration to see if the event is one for which TACACS+

accounting is required.

3. If the event requires TACACS+ accounting, the Brocade device sends a TACACS+ Accounting

Start packet to the TACACS+ accounting server, containing information about the event.

4. The TACACS+ accounting server acknowledges the Accounting Start packet.

5. The TACACS+ accounting server records information about the event.

6. When the event is concluded, the Brocade device sends an Accounting Stop packet to the

TACACS+ accounting server.

7. The TACACS+ accounting server acknowledges the Accounting Stop packet.

AAA operations for TACACS or TACACS+

The following table lists the sequence of authentication, authorization, and accounting operations
that take place when a user gains access to a Brocade device that has TACACS or TACACS+ security
configured.

See also other documents in the category Brocade Computer Accessories: