Brocade Communications Systems Brocade ICX 6650 6650 Manual De Usuario
Brocade ICX 6650 Security Configuration Guide
39
53-1002601-01
TACACS and TACACS+ security
•
Exec Authorization
•
Exec Accounting
•
Command authorization
•
Command accounting
•
System accounting
To enable AAA support for commands entered at the console, enter the following command.
Brocade(config)# enable aaa console
Syntax: [no] enable aaa console
TACACS+ accounting configuration
Brocade devices support TACACS+ accounting for recording information about user activity and
system events. When you configure TACACS+ accounting on a Brocade device, information is sent
to a TACACS+ accounting server when specified events occur, such as when a user logs into the
device or the system is rebooted.
system events. When you configure TACACS+ accounting on a Brocade device, information is sent
to a TACACS+ accounting server when specified events occur, such as when a user logs into the
device or the system is rebooted.
Configuring TACACS+ accounting for Telnet/SSH (Shell) access
To send an Accounting Start packet to the TACACS+ accounting server when an authenticated user
establishes a Telnet or SSH session on the Brocade device, and an Accounting Stop packet when
the user logs out.
establishes a Telnet or SSH session on the Brocade device, and an Accounting Stop packet when
the user logs out.
Brocade(config)# aaa accounting exec default start-stop tacacs+
Syntax: aaa accounting exec default start-stop radius | tacacs+ | none
Configuring TACACS+ accounting for CLI commands
You can configure TACACS+ accounting for CLI commands by specifying a privilege level whose
commands require accounting. For example, to configure the Brocade device to perform TACACS+
accounting for the commands available at the Super User privilege level (that is; all commands on
the device), enter the following command.
commands require accounting. For example, to configure the Brocade device to perform TACACS+
accounting for the commands available at the Super User privilege level (that is; all commands on
the device), enter the following command.
Brocade(config)# aaa accounting commands 0 default start-stop tacacs+
An Accounting Start packet is sent to the TACACS+ accounting server when a user enters a
command, and an Accounting Stop packet is sent when the service provided by the command is
completed.
command, and an Accounting Stop packet is sent when the service provided by the command is
completed.
NOTE
If authorization is enabled, and the command requires authorization, then authorization is
performed before accounting takes place. If authorization fails for the command, no accounting
takes place.
If authorization is enabled, and the command requires authorization, then authorization is
performed before accounting takes place. If authorization fails for the command, no accounting
takes place.
Syntax: aaa accounting commands privilege-level default start-stop radius | tacacs+ | none
The privilege-level parameter can be one of the following:
•
0 – Records commands available at the Super User level (all commands)