Brocade TurboIron 24X Series Configuration Guide User Manual

88

Brocade TurboIron 24X Series Configuration Guide

53-1003053-01

Configuring TACACS/TACACS+ security

AAA security for commands pasted into the running-config

If AAA security is enabled on the device, commands pasted into the running-config are subject to
the same AAA operations as if they were entered manually.

When you paste commands into the running-config, and AAA command authorization or
accounting, or both, are configured on the device, AAA operations are performed on the pasted
commands. The AAA operations are performed before the commands are actually added to the
running-config. The server performing the AAA operations should be reachable when you paste the
commands into the running-config file. If the device determines that a pasted command is invalid,
AAA operations are halted on the remaining commands. The remaining commands may not be
executed if command authorization is configured.

User logs in using Telnet/SSH

Login authentication:
aaa authentication login default <method-list>

Exec authorization (TACACS+):
aaa authorization exec default tacacs+

Exec accounting start (TACACS+):
aaa accounting exec default <method-list>
System accounting start (TACACS+):
aaa accounting system default start-stop <method-list>

User logs out of Telnet/SSH session

Command accounting (TACACS+):
aaa accounting commands <privilege-level> default start-stop
<method-list>
EXEC accounting stop (TACACS+):
aaa accounting exec default start-stop <method-list>

User enters system commands
(for example, reload, boot system)

Command authorization (TACACS+):
aaa authorization commands <privilege-level> default <method-list>

Command accounting (TACACS+):
aaa accounting commands <privilege-level> default start-stop
<method-list>
System accounting stop (TACACS+):
aaa accounting system default start-stop <method-list>

User enters the command:

[

no

]

aaa accounting system default

start-stop <method-list>

Command authorization (TACACS+):
aaa authorization commands <privilege-level> default <method-list>

Command accounting (TACACS+):
aaa accounting commands <privilege-level> default start-stop
<method-list>
System accounting start (TACACS+):
aaa accounting system default start-stop <method-list>

User enters other commands

Command authorization (TACACS+):
aaa authorization commands <privilege-level> default <method-list>

Command accounting (TACACS+):
aaa accounting commands <privilege-level> default start-stop
<method-list>

TABLE 19

User action

Applicable AAA operations