Aaa operations for tacacs and tacacs – Brocade BigIron RX Series Configuration Guide User Manual

Page 156

Advertising
background image

78

BigIron RX Series Configuration Guide

53-1002484-04

Configuring TACACS and TACACS+ security

3

5. The TACACS+ accounting server records information about the event.

6. When the event is concluded, the device sends an Accounting Stop packet to the TACACS+

accounting server.

7. The TACACS+ accounting server acknowledges the Accounting Stop packet.

AAA operations for TACACS and TACACS+

The following table lists the sequence of authentication, authorization, and accounting operations
that take place when a user gains access to a device that has TACACS and TACACS+ security
configured.

User action

Applicable AAA operations

User attempts to gain access to the
Privileged EXEC and CONFIG levels of the
CLI

Enable authentication:
aaa authentication enable default

<

method-list>

Exec authorization (TACACS+):
aaa authorization exec default tacacs+

System accounting start (TACACS+):
aaa accounting system default start-stop

<

method-list>

User logs in using Telnet/SSH

Login authentication:
aaa authentication login default

<

method-list>

Exec authorization (TACACS+):
aaa authorization exec default tacacs+

Exec accounting start (TACACS+):
aaa accounting exec default

<

method-list>

System accounting start (TACACS+):
aaa accounting system default start-stop

<

method-list>

User logs into the Web Management
Interface

Web authentication:
aaa authentication web-server default

<

method-list>

Exec authorization (TACACS+):
aaa authorization exec default tacacs+

User logs out of Telnet/SSH session

Command accounting (TACACS+):
aaa accounting commands

<

privilege-level> default start-stop

<

method-list>

EXEC accounting stop (TACACS+):
aaa accounting exec default start-stop

<

method-list>

User enters system commands
(for example, reload, boot system)

Command authorization (TACACS+):
aaa authorization commands

<

privilege-level> default

<

method-list>

Command accounting (TACACS+):
aaa accounting commands

<

privilege-level> default start-stop

<

method-list>

System accounting stop (TACACS+):
aaa accounting system default start-stop

<

method-list>

Advertising
Popular Brands
Popular manuals