Brocade Communications Systems Brocade ICX 6650 6650 Manual De Usuario
Brocade ICX 6650 Security Configuration Guide
55
53-1002601-01
RADIUS security
Syntax: enable aaa console
CAUTION
If you have previously configured the device to perform command authorization using a RADIUS
server, entering the enable aaa console command may prevent the execution of any subsequent
commands entered on the console.
server, entering the enable aaa console command may prevent the execution of any subsequent
commands entered on the console.
This happens because RADIUS command authorization requires a list of allowable commands
from the RADIUS server. This list is obtained during RADIUS authentication. For console sessions,
RADIUS authentication is performed only if you have configured Enable authentication and
specified RADIUS as the authentication method (for example, with the aaa authentication enable
default radius command). If RADIUS authentication is never performed, the list of allowable
commands is never obtained from the RADIUS server. Consequently, there would be no allowable
commands on the console.
from the RADIUS server. This list is obtained during RADIUS authentication. For console sessions,
RADIUS authentication is performed only if you have configured Enable authentication and
specified RADIUS as the authentication method (for example, with the aaa authentication enable
default radius command). If RADIUS authentication is never performed, the list of allowable
commands is never obtained from the RADIUS server. Consequently, there would be no allowable
commands on the console.
RADIUS accounting
Brocade devices support RADIUS accounting for recording information about user activity and
system events. When you configure RADIUS accounting on a Brocade device, information is sent to
a RADIUS accounting server when specified events occur, such as when a user logs into the device
or the system is rebooted.
system events. When you configure RADIUS accounting on a Brocade device, information is sent to
a RADIUS accounting server when specified events occur, such as when a user logs into the device
or the system is rebooted.
Configuring RADIUS accounting for Telnet/SSH (Shell) access
To send an Accounting Start packet to the RADIUS accounting server when an authenticated user
establishes a Telnet or SSH session on the Brocade device, and an Accounting Stop packet when
the user logs out.
establishes a Telnet or SSH session on the Brocade device, and an Accounting Stop packet when
the user logs out.
Brocade(config)# aaa accounting exec default start-stop radius
Syntax: aaa accounting exec default start-stop radius | tacacs+ | none
Configuring RADIUS accounting for CLI commands
You can configure RADIUS accounting for CLI commands by specifying a privilege level whose
commands require accounting. For example, to configure the Brocade device to perform RADIUS
accounting for the commands available at the Super User privilege level (that is; all commands on
the device), enter the following command.
commands require accounting. For example, to configure the Brocade device to perform RADIUS
accounting for the commands available at the Super User privilege level (that is; all commands on
the device), enter the following command.
Brocade(config)# aaa accounting commands 0 default start-stop radius
An Accounting Start packet is sent to the RADIUS accounting server when you enters a command,
and an Accounting Stop packet is sent when the service provided by the command is completed.
and an Accounting Stop packet is sent when the service provided by the command is completed.
NOTE
If authorization is enabled, and the command requires authorization, then authorization is
performed before accounting takes place. If authorization fails for the command, no accounting
takes place.
performed before accounting takes place. If authorization fails for the command, no accounting
takes place.
Syntax: aaa accounting commands privilege-level default start-stop radius | tacacs | none