Support User Manuals

Brocade Communications Systems 6650 Switch User Manual

Open as PDF

of 332

Brocade ICX 6650 Security Configuration Guide 29

53-1002601-01

TACACS and TACACS+ security

AAA operations for TACACS/TACACS+

The following table lists the sequence of authentication, authorization, and accounting operations

that take place when a user gains access to a Brocade device that has TACACS/TACACS+ security

configured.

AAA security for commands pasted into the running-config

If AAA security is enabled on the device, commands pasted into the running-config are subject to

the same AAA operations as if they were entered manually.

TABLE 3 AAA operations

User action Applicable AAA operations

User attempts to gain access to the

Privileged EXEC and CONFIG levels

of the CLI

Enable authentication:

aaa authentication enable default method-list

Exec authorization (TACACS+):

aaa authorization exec default tacacs+

System accounting start (TACACS+):

aaa accounting system default start-stop method-list

User logs in using Telnet/SSH Login authentication:

aaa authentication login default method-list

Exec authorization (TACACS+):

aaa authorization exec default tacacs+

Exec accounting start (TACACS+):

aaa accounting exec default method-list

System accounting start (TACACS+):

aaa accounting system default start-stop method-list

User logs out of Telnet/SSH session Command accounting (TACACS+):

aaa accounting commands privilege-level default start-stop method-list

EXEC accounting stop (TACACS+):

aaa accounting exec default start-stop method-list

User enters system commands

(for example, reload, boot system)

Command authorization (TACACS+):

aaa authorization commands privilege-level default method-list

Command accounting (TACACS+):

aaa accounting commands privilege-level default start-stop method-list

System accounting stop (TACACS+):

aaa accounting system default start-stop method-list

User enters the command:

[no] aaa accounting system default

start-stop method-list

Command authorization (TACACS+):

aaa authorization commands privilege-level default method-list

Command accounting (TACACS+):

aaa accounting commands privilege-level default start-stop method-list

System accounting start (TACACS+):

aaa accounting system default start-stop method-list

User enters other commands Command authorization (TACACS+):

aaa authorization commands privilege-level default method-list

Command accounting (TACACS+):

aaa accounting commands privilege-level default start-stop method-list

previous next