Tacacs+ accounting, Enabling login accounting – Brocade Network OS NETCONF Operations Guide v4.1.1 User Manual
Page 243
Network OS NETCONF Operations Guide
211
53-1003231-02
TACACS+ accounting
16
</tacacs-server>
</config>
</edit-config>
</rpc>
<rpc-reply message-id="918" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<ok/>
</rpc-reply>
Configuring the client to use TACACS+ for login authentication
After configuring the client-side TACACS+ server list, you must set the authentication mode so that
TACACS+ is used as the primary source of authentication. Refer to
page 198 for information on how to configure the login authentication mode.
TACACS+ accounting
This section provides procedures and examples for configuring TACACS+ accounting on the client.
For related conceptual information, limitations, information about viewing TACACS+ accounting
logs, and firmware downgrade considerations, refer to the Network OS Administrator’s Guide.
Enabling login accounting
The following procedure enables login accounting on a switch where accounting is disabled.
1. Issue the <edit-config> RPC to configure the <aaa-config> node in the
urn:brocade.com:mgmt:brocade-aaa namespace.
2. Under the <aaa-config> node, include the
<aaa>/<accounting>/<exec>/<defaultacc>/<start-stop> hierarchy of node elements.
3. Under the <start-stop> node, include the <server-type> element and specify tacacs+ as the
server type.
<?xml version="1.0" encoding="UTF-8"?>
<rpc message-id="919" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<edit-config>
<target>
<running/>
</target>
<config>
<aaa-config xmlns="urn:brocade.com:mgmt:brocade-aaa">
<aaa>
<accounting>
<exec>
<defaultacc>
<start-stop>
<server-type>tacacs+</server-type>
</start-stop>
</defaultacc>
</exec>
</accounting>
</aaa>
</aaa-config>
</config>