Netgear M5300-28G (GSM7228S) - ProSAFE 24-port Gigabit L2+ Managed Stackable Switch 管理者ガイド
Security Management
404
Managed Switches
present in RADIUS response packet as administrator, the Cisco VSA “shell:priv-lvl” is
ignored.
ignored.
CLI: Configure Exec Command Authorization by a TACACS+
Server
Server
(Netgear Switch)(Config)#aaa authorization exec execList tacacs
(Netgear Switch)(Config)#tacacs-server host 10.100.5.13
(Netgear Switch)(Config)#tacacs-server host 10.100.5.13
(Netgear Switch)(Config)#tacacs-server key 12345678
(Netgear Switch)(Config)#line telnet
(Netgear Switch)(Config-telnet)#authorization commands execList
(M7100-24X) #show authorization methods
Command Authorization Method Lists
-------------------------------------
dfltCmdAuthList : none
commandlist : tacacs
Line Command Method List
--------- ---------------------
Console dfltCmdAuthList
Telnet execList
SSH
dfltCmdAuthList
Exec Authorization Method Lists
-------------------------------------
dfltExecAuthList : none
execList
: tacacs
Line Exec Method List
--------- ---------------------
Console dfltExecAuthList
Telnet execList
SSH
dfltExecAuthList
Accounting
The accounting process records what a user does or has done on the switch. You can
configure a TACACS+ accounting server or RADIUS accounting server to account for the
following actions:
configure a TACACS+ accounting server or RADIUS accounting server to account for the
following actions:
•
Account for services that were used, such as in a billing environment. You can use this
type of accounting as an auditing tool for security services.
•
Account when a user logs in and logs out of a user EXEC session.