Configuring radius accounting, Configuring radius accounting for cli commands, Configuring radius accounting for system events – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

64

Multi-Service IronWare Security Configuration Guide

53-1003035-02

Configuring RADIUS security

1

Configuring RADIUS accounting

The Brocade devices support RADIUS accounting for recording information about user activity and
system events. When you configure RADIUS accounting on a Brocade device, information is sent to
a RADIUS accounting server when specified events occur, such as when a user logs into the device
or the system is rebooted.

Configuring RADIUS accounting for Telnet or SSH
(shell) access

To send an Accounting Start packet to the RADIUS accounting server when an authenticated user
establishes a Telnet or SSH session on the Brocade device, and an Accounting Stop packet when
the user logs out, enter the following command.

Brocade(config)# aaa accounting exec default start-stop radius

Syntax: [no] aaa accounting exec default start-stop radius | tacacs+ | none

Configuring RADIUS accounting for CLI commands

You can configure RADIUS accounting for CLI commands by specifying a privilege level whose
commands require accounting. For example, to configure a Brocade device to perform RADIUS
accounting for the commands available at the Super User privilege level (that is; all commands on
the device), enter the following command.

Brocade(config)# aaa accounting commands 0 default start-stop radius

An Accounting Start packet is sent to the RADIUS accounting server when a user enters a
command, and an Accounting Stop packet is sent when the service provided by the command is
completed.

NOTE

If authorization is enabled, and the command requires authorization, then authorization is
performed before accounting takes place. If authorization fails for the command, no accounting
takes place.

Syntax: [no] aaa accounting commands privilege-level default start-stop radius | tacacs | none

The privilege-level parameter can be one of the following:

•

0 – Records commands available at the Super User level (all commands)

•

4 – Records commands available at the Port Configuration level (port-config and read-only
commands)

•

5 – Records commands available at the Read Only level (read-only commands)

Configuring RADIUS accounting for system events

You can configure RADIUS accounting to record when system events occur on a Brocade device.
System events include rebooting and when changes to the active configuration are made.

The following command causes an Accounting Start packet to be sent to the RADIUS accounting
server when a system event occurs, and a Accounting Stop packet to be sent when the system
event is completed.

Brocade(config)# aaa accounting system default start-stop radius