Aaa operations for tacacs/tacacs – Brocade Communications Systems Brocade ICX 6650 6650 User Manual

Brocade ICX 6650 Security Configuration Guide

29

53-1002601-01

TACACS and TACACS+ security

AAA operations for TACACS/TACACS+

The following table lists the sequence of authentication, authorization, and accounting operations
that take place when a user gains access to a Brocade device that has TACACS/TACACS+ security
configured.

AAA security for commands pasted into the running-config

If AAA security is enabled on the device, commands pasted into the running-config are subject to
the same AAA operations as if they were entered manually.

TABLE 3

AAA operations

User action

Applicable AAA operations

User attempts to gain access to the
Privileged EXEC and CONFIG levels
of the CLI

Enable authentication:
aaa authentication enable default method-list

Exec authorization (TACACS+):
aaa authorization exec default tacacs+

System accounting start (TACACS+):
aaa accounting system default start-stop method-list

User logs in using Telnet/SSH

Login authentication:
aaa authentication login default method-list

Exec authorization (TACACS+):
aaa authorization exec default tacacs+

Exec accounting start (TACACS+):
aaa accounting exec default method-list
System accounting start (TACACS+):
aaa accounting system default start-stop method-list

User logs out of Telnet/SSH session

Command accounting (TACACS+):
aaa accounting commands privilege-level default start-stop method-list
EXEC accounting stop (TACACS+):
aaa accounting exec default start-stop method-list

User enters system commands
(for example, reload, boot system)

Command authorization (TACACS+):
aaa authorization commands privilege-level default method-list

Command accounting (TACACS+):
aaa accounting commands privilege-level default start-stop method-list
System accounting stop (TACACS+):
aaa accounting system default start-stop method-list

User enters the command:

[

no

]

aaa accounting system default

start-stop method-list

Command authorization (TACACS+):
aaa authorization commands privilege-level default method-list

Command accounting (TACACS+):
aaa accounting commands privilege-level default start-stop method-list
System accounting start (TACACS+):
aaa accounting system default start-stop method-list

User enters other commands

Command authorization (TACACS+):
aaa authorization commands privilege-level default method-list

Command accounting (TACACS+):
aaa accounting commands privilege-level default start-stop method-list