beautypg.com

Configuring radius accounting for cli commands, Configuring radius accounting for system events – Brocade BigIron RX Series Configuration Guide User Manual

Page 180

background image

102

BigIron RX Series Configuration Guide

53-1002484-04

Configuring RADIUS security

3

Configuring RADIUS accounting for CLI commands

You can configure RADIUS accounting for CLI commands by specifying a privilege level whose
commands require accounting. For example, to configure the BigIron RX to perform RADIUS
accounting for the commands available at the Super User privilege level (that is; all commands on
the device), enter the following command.

BigIron RX(config)# aaa accounting commands 0 default start-stop radius

An Accounting Start packet is sent to the RADIUS accounting server when a user enters a
command, and an Accounting Stop packet is sent when the service provided by the command is
completed.

NOTE

If authorization is enabled, and the command requires authorization, then authorization is
performed before accounting takes place. If authorization fails for the command, no accounting
takes place.

Syntax: aaa accounting commands <privilege-level> default start-stop radius | tacacs | none

The <privilege-level> parameter can be one of the following:

0 – Records commands available at the Super User level (all commands)

4 – Records commands available at the Port Configuration level (port-config and read-only
commands)

5 – Records commands available at the Read Only level (read-only commands)

Configuring RADIUS accounting for system events

You can configure RADIUS accounting to record when system events occur on the BigIron RX.
System events include rebooting and when changes to the active configuration are made.

The following command causes an Accounting Start packet to be sent to the RADIUS accounting
server when a system event occurs, and a Accounting Stop packet to be sent when the system
event is completed.

BigIron RX(config)# aaa accounting system default start-stop radius

Syntax: aaa accounting system default start-stop radius | tacacs+ | none

Configuring an interface as the source for all RADIUS
packets

You can designate the lowest-numbered IP address configured an Ethernet port, loopback
interface, or virtual interface as the source IP address for all RADIUS packets from the device.
Identifying a single source IP address for RADIUS packets provides the following benefits:

If your RADIUS server is configured to accept packets only from specific links or IP addresses,
you can use this feature to simplify configuration of the RADIUS server by configuring the
BigIron RX to always send the RADIUS packets from the same link or source address.

See also other documents in the category Brocade Computer Accessories: