beautypg.com

Tacacs+ accounting, Aaa operations for tacacs/tacacs – Brocade TurboIron 24X Series Configuration Guide User Manual

Page 121

background image

Brocade TurboIron 24X Series Configuration Guide

87

53-1003053-01

Configuring TACACS/TACACS+ security

1. A Telnet or SSH user previously authenticated by a TACACS+ server enters a command on the

device.

2. The device looks at its configuration to see if the command is at a privilege level that requires

TACACS+ command authorization.

3. If the command belongs to a privilege level that requires authorization, the device consults the

TACACS+ server to see if the user is authorized to use the command.

4. If the user is authorized to use the command, the command is executed.

TACACS+ accounting

TACACS+ accounting works as follows.

1. One of the following events occur on the device:

A user logs into the management interface using Telnet or SSH

A user enters a command for which accounting has been configured

A system event occurs, such as a reboot or reloading of the configuration file

2. The device checks the configuration to see if the event is one for which TACACS+ accounting is

required.

3. If the event requires TACACS+ accounting, the device sends a TACACS+ Accounting Start

packet to the TACACS+ accounting server, containing information about the event.

4. The TACACS+ accounting server acknowledges the Accounting Start packet.

5. The TACACS+ accounting server records information about the event.

6. When the event is concluded, the device sends an Accounting Stop packet to the TACACS+

accounting server.

7. The TACACS+ accounting server acknowledges the Accounting Stop packet.

AAA operations for TACACS/TACACS+

The following table lists the sequence of authentication, authorization, and accounting operations
that take place when a user gains access to a device that has TACACS/TACACS+ security
configured.

TABLE 19

User action

Applicable AAA operations

User attempts to gain access to the
Privileged EXEC and CONFIG levels
of the CLI

Enable authentication:
aaa authentication enable default

Exec authorization (TACACS+):
aaa authorization exec default tacacs+

System accounting start (TACACS+):
aaa accounting system default start-stop

See also other documents in the category Brocade Computer Accessories: