beautypg.com

Aaa authentication, Configuration task list for aaa authentication, Monitoring aaa accounting – Dell PowerEdge FX2/FX2s User Manual

Page 160: Optional)

background image

Monitoring AAA Accounting

Dell Networking OS does not support periodic interim accounting because the periodic command can

cause heavy congestion when many users are logged in to the network.
No specific show command exists for TACACS+ accounting.
To obtain accounting records displaying information about users currently logged in, use the following
command.

• Step through all active sessions and print all the accounting records for the actively accounted

functions.
CONFIGURATION mode or EXEC Privilege mode

show accounting

Example of the show accounting Command for AAA Accounting

Dell#show accounting

Active accounted actions on tty2, User admin Priv 1

Task ID 1, EXEC Accounting record, 00:00:39 Elapsed, service=shell

Active accounted actions on tty3, User admin Priv 1

Task ID 2, EXEC Accounting record, 00:00:26 Elapsed, service=shell

Dell#

AAA Authentication

Dell Networking OS supports a distributed client/server system implemented through authentication,

authorization, and accounting (AAA) to help secure networks against unauthorized access.

In the Dell Networking implementation, the Dell Networking system acts as a RADIUS or TACACS+ client
and sends authentication requests to a central remote authentication dial-in service (RADIUS) or Terminal
access controller access control system plus (TACACS+) server that contains all user authentication and
network service access information.
Dell Networking uses local usernames/passwords (stored on the Dell Networking system) or AAA for login
authentication. With AAA, you can specify the security protocol or mechanism for different login methods
and different users. In Dell Networking OS, AAA uses a list of authentication methods, called method lists,
to define the types of authentication and the sequence in which they are applied. You can define a
method list or use the default method list. User-defined method lists take precedence over the default
method list.

NOTE: If a console user logs in with RADIUS authentication, the privilege level is applied from the
RADIUS server if the privilege level is configured for that user in RADIUS, whether you configure
RADIUS authorization.

NOTE: In the release 9.4.(0.0), RADIUS and TACACS servers support VRF-awareness functionality.
You can create RADIUS and TACACS groups and then map multiple servers to a group. The group
to which you map multiple servers is bound to a single VRF.

Configuration Task List for AAA Authentication

The following sections provide the configuration tasks.

Configure Login Authentication for Terminal Lines

Configuring AAA Authentication Login Methods

160

Security

See also other documents in the category Dell Computer hardware: