beautypg.com

Configuring tacacs+ accounting – Brocade TurboIron 24X Series Configuration Guide User Manual

Page 131

background image

Brocade TurboIron 24X Series Configuration Guide

97

53-1003053-01

Configuring TACACS/TACACS+ security

0 – Authorization is performed for commands available at the Super User level (all commands)

4 – Authorization is performed for commands available at the Port Configuration level
(port-config and read-only commands)

5 – Authorization is performed for commands available at the Read Only level (read-only
commands)

NOTE

TACACS+ command authorization can be performed only for commands entered from Telnet or SSH
sessions, or from the console.

TACACS+ command authorization is not performed for the following commands:

At all levels: exit, logout, end, and quit.

At the Privileged EXEC level: enable or enable , where is the password configured
for the Super User privilege level.

If configured, command accounting is performed for these commands.

AAA support for console commands
AAA support for commands entered at the console includes the following:

Login prompt that uses AAA authentication, using authentication-method Lists

Exec Authorization

Exec Accounting

Command authorization

Command accounting

System Accounting

To enable AAA support for commands entered at the console, enter the following command.

TurboIron(config)#enable aaa console

Syntax: [no] enable aaa console

Configuring TACACS+ accounting

Devices support TACACS+ accounting for recording information about user activity and system
events. When you configure TACACS+ accounting on a device, information is sent to a TACACS+
accounting server when specified events occur, such as when a user logs into the device or the
system is rebooted.

Configuring TACACS+ accounting for Telnet/SSH (Shell) access

To send an Accounting Start packet to the TACACS+ accounting server when an authenticated user
establishes a Telnet or SSH session on the device, and an Accounting Stop packet when the user
logs out.

TurboIron(config)#aaa accounting exec default start-stop tacacs+

Syntax: aaa accounting exec default start-stop radius | tacacs+ | none

See also other documents in the category Brocade Computer Accessories: