beautypg.com

Validating tacacs+ accounting reply – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 66

background image

48

Multi-Service IronWare Security Configuration Guide

53-1003035-02

Configuring TACACS or TACACS+ security

1

Validating TACACS+ accounting reply

The TACACS+ accounting reply packet validates:

Minimum length of data (fixed size 5 bytes) for a valid TACACS+ accounting reply before
reading through individual fields in the reply body.

Reply packet is decrypted correctly, validate the status field received in the reply packet to be
one of the legal value for TACACS+ accounting status.

If server-msg length field is present in the reply packet, ensure server message is within the
received packet and has non-null string message.

If data length field is present in the reply packet, ensure data is within the received packet.

Full packet length (header size + length field received in packet header) against number of
bytes parsed successfully from the received reply packet.

Following table lists all possible error conditions and corresponding messages for the accounting
reply validation.

Warning: Invalid TACACS+ authorization reply
packet body. check key value

Invalid status field in the packet body. possibly key mismatch

Warning: Invalid arg_cnt in TACACS+
authorization reply

The server argument count specified is not within packet
boundary

Warning: Invalid arg_len in TACACS+
authorization reply

Invalid or null data found in argument length field

Warning: Invalid server msg length in TACACS+
authorization reply

The server message length specified is not within packet
boundary

Warning: Invalid server msg in TACACS+
authorization reply

Invalid or null data found in server message

Warning: Invalid data length in TACACS+
authorization reply

The data length specified is not within packet boundary

Warning: Invalid arg length in TACACS+
authorization reply

The argument length specified is not within packet boundary

Warning: Invalid arg in TACACS+ authorization
reply

Invalid or null data found in argument field

Warning: Invalid TACACS+ authorization reply.
packet total length mismatch

The total number of bytes parsed successfully from the
received packet is not matching with data length specified in
the packet

TABLE 9

Accounting reply validation

Error warning message

Error condition

Warning: Invalid TACACS+ accounting reply
packet

Received packet body size is less than minimum length for
TACACS+ accounting reply body

Warning: Invalid TACACS+ accounting reply
packet body

Received packet having invalid or null packet body

Warning: Invalid TACACS+ accounting reply
packet body. check key value

Invalid status field in the packet body. possibly key mismatch

TABLE 8

Authorization reply validation

Error warning message

Error condition

See also other documents in the category Brocade Computer Accessories: