Starting tacacs+ accounting – Rockwell Automation 1783-WAPxxx Stratix 5100 Wireless Access Point User Manual User Manual

438

Rockwell Automation Publication 1783-UM006A-EN-P - May 2014

Chapter 14

Configuring RADIUS and TACACS+ Servers

Beginning in privileged EXEC mode, follow these

steps to specify TACACS+ authorization for

privileged EXEC access and network services:

1. Enter global configuration mode.

configure terminal

2. Configure the access point for administrator TACACS+ authorization for

all network-related service requests.

aaa authorization network tacacs+

3. Configure the access point for administrator TACACS+ authorization to

determine if the administrator has privileged EXEC access.

The

exec

keyword can return user profile information (such as

autocommand

information).

aaa authorization exec tacacs+

4. Return to privileged EXEC mode.

end

5. Verify your entries.

show running-config

6. (Optional) Save your entries in the configuration file.

copy running-config startup-config

To disable authorization, use the

no aaa authorization {network |

exec} method1

global configuration command.

Starting TACACS+ Accounting

The AAA accounting feature tracks the services that administrators are accessing
and the amount of network resources that they are consuming. When AAA
accounting is enabled, the access point reports administrator activity to the
TACACS+ security server in the form of accounting records. Each accounting
record contains accounting attribute-value (AV) pairs and is stored on the
security server. This data can then be analyzed for network management, client
billing, or auditing.

Beginning in privileged EXEC mode, follow these steps to enable TACACS+
accounting for each Cisco IOS privilege level and for network services:

1. Enter global configuration mode.

configure terminal

2. Enable TACACS+ accounting for all network-related service requests.

aaa accounting network start-stop tacacs+