Accounting, Command authorization and logging – Blade ICE RACKSWITCH G8124-E User Manual

BLADEOS 6.5.2 Application Guide

BMD00220, October 2010

Chapter 4: Authentication & Authorization Protocols 71

Accounting

Accounting is the action of recording a user's activities on the device for the purposes of billing
and/or security. It follows the authentication and authorization actions. If the authentication and
authorization is not performed via TACACS+, there are no TACACS+ accounting messages sent
out.

You can use TACACS+ to record and track software login access, configuration changes, and
interactive commands.

The G8124 supports the following TACACS+ accounting attributes:

protocol (console/Telnet/SSH/HTTP/HTTPS)

start_time

stop_time

elapsed_time

disc_cause

Note –

When using the Browser-Based Interface, the TACACS+ Accounting Stop records are sent

only if the Logout button on the browser is clicked.

Command Authorization and Logging

When TACACS+ Command Authorization is enabled, BLADEOS configuration commands are
sent to the TACACS+ server for authorization. Use the following command to enable TACACS+
Command Authorization:

When TACACS+ Command Logging is enabled, BLADEOS configuration commands are logged
on the TACACS+ server. Use the following command to enable TACACS+ Command Logging:

The following examples illustrate the format of BLADEOS commands sent to the TACACS+
server:

RS G8124(config)

# tacacs-server command-authorization

RS G8124(config)

# tacacs-server command-logging

authorization request, cmd=shell, cmd-arg=interface ip

accounting request, cmd=shell, cmd-arg=interface ip

authorization request, cmd=shell, cmd-arg=enable

accounting request, cmd=shell, cmd-arg=enable