Command authorization and logging – Blade ICE G8000 User Manual

RackSwitch G8000 Application Guide

32

„

Chapter 1: Accessing the Switch

BMD00041, November 2008

If the remote user is successfully authenticated by the authentication server, the switch
verifies the privileges of the remote user and authorizes the appropriate access. The adminis-
trator has an option to allow secure backdoor access via Telnet/SSH. Secure
backdoor provide switch access when the TACACS+ servers cannot be reached.

N

OTE

– To obtain the TACACS+ backdoor password for your G8000, contact

Technical Support.

Accounting

Accounting is the action of recording a user's activities on the device for the purposes of billing
and/or security. It follows the authentication and authorization actions. If the authentication
and authorization is not performed via TACACS+, there are no TACACS+ accounting mes-
sages sent out.

You can use TACACS+ to record and track software logins, configuration changes, and inter-
active commands.

The G8000 supports the following TACACS+ accounting attributes:

„

protocol (console/Telnet/SSH/HTTP/HTTPS)

„

start_time

„

stop_time

„

elapsed_time

„

disc_cause

N

OTE

– When using the Browser-Based Interface, the TACACS+ Accounting Stop records are

sent only if the Logout button on the browser is clicked.

Command authorization and logging

When TACACS+ Command Authorization is enabled, Blade OS configuration commands are
sent to the TACACS+ server for authorization. Use the following command to enable
TACACS+ Command Authorization:

RS G8000 (config)#

tacacs-server command-authorization