beautypg.com

Configuring tacacs+ accounting, Configuring tacacs+ accounting for cli commands, Configuring tacacs+ accounting for system events – Brocade Virtual ADX Administration Guide (Supporting ADX v03.1.00) User Manual

Page 94

background image

82

Brocade Virtual ADX Administration Guide

53-1003249-01

Configuring TACACS or TACACS+ security

2

Virtual ADX(config)#enable aaa console

Syntax: enable aaa console

Configuring TACACS+ accounting

Brocade Virtual ADX devices support TACACS+ accounting for recording information about user
activity and system events. When you configure TACACS+ accounting on a Brocade Virtual ADX,
information is sent to a TACACS+ accounting server when specified events occur, such as when a
user logs into the device or the system is rebooted.

Configuring TACACS+ accounting for Telnet or SSH (shell) access

To send an Accounting Start packet to the TACACS+ accounting server when an authenticated user
establishes a Telnet or SSH session on the Brocade Virtual ADX, and an Accounting Stop packet
when the user logs out.

Virtual ADX(config)#aaa accounting exec default start-stop tacacs+

Syntax: aaa accounting exec default start-stop radius | tacacs+ | none

Configuring TACACS+ accounting for CLI commands

You can configure TACACS+ accounting for CLI commands by specifying a privilege level whose
commands require accounting. For example, to configure the Brocade Virtual ADX to perform
TACACS+ accounting for the commands available at the Super User privilege level (that is; all
commands on the device), enter the following command.

Virtual ADX(config)#aaa accounting commands 0 default start-stop tacacs+

An Accounting Start packet is sent to the TACACS+ accounting server when a user enters a
command, and an Accounting Stop packet is sent when the service provided by the command is
completed.

NOTE

If authorization is enabled, and the command requires authorization, then authorization is
performed before accounting takes place. If authorization fails for the command, no accounting
takes place.

Syntax: aaa accounting commands privilege-level default start-stop radius | tacacs+ | none

The privilege-level variable can be one of the following:

0 – Records commands available at the Super User level (all commands)

4 – Records commands available at the Port Configuration level (port-config and read-only
commands)

5 – Records commands available at the Read Only level (read-only commands)

Configuring TACACS+ accounting for system events

You can configure TACACS+ accounting to record when system events occur on the Brocade Virtual
ADX. System events include rebooting and when changes to the active configuration are made.

See also other documents in the category Brocade Computer Accessories: