Blade ICE G8124 Manuale Utente

BMD00220, October 2010

Chapter 4: Authentication & Authorization Protocols  

  71

Accounting

Accounting is the action of recording a user's activities on the device for the purposes of billing 
and/or security. It follows the authentication and authorization actions. If the authentication and 
authorization is not performed via TACACS+, there are no TACACS+ accounting messages sent 
out.

You can use TACACS+ to record and track software login access, configuration changes, and 
interactive commands. 

The G8124 supports the following TACACS+ accounting attributes: 

protocol (console/Telnet/SSH/HTTP/HTTPS)

start_time

stop_time

elapsed_time

disc_cause

When using the Browser-Based Interface, the TACACS+ Accounting Stop records are sent 

only if the Logout button on the browser is clicked. 

When TACACS+ Command Authorization is enabled, BLADEOS configuration commands are 
sent to the TACACS+ server for authorization. Use the following command to enable TACACS+ 
Command Authorization: 

When TACACS+ Command Logging is enabled, BLADEOS configuration commands are logged 
on the TACACS+ server. Use the following command to enable TACACS+ Command Logging: 

The following examples illustrate the format of BLADEOS commands sent to the TACACS+ 
server:  

RS G8124(config)

# tacacs-server command-authorization

RS G8124(config)

# tacacs-server command-logging

authorization request, cmd=shell, cmd-arg=interface ip

accounting request, cmd=shell, cmd-arg=interface ip

authorization request, cmd=shell, cmd-arg=enable

accounting request, cmd=shell, cmd-arg=enable