Brocade Communications Systems 6650 Switch User Manual


 
Brocade ICX 6650 Security Configuration Guide 29
53-1002601-01
TACACS and TACACS+ security
AAA operations for TACACS/TACACS+
The following table lists the sequence of authentication, authorization, and accounting operations
that take place when a user gains access to a Brocade device that has TACACS/TACACS+ security
configured.
AAA security for commands pasted into the running-config
If AAA security is enabled on the device, commands pasted into the running-config are subject to
the same AAA operations as if they were entered manually.
TABLE 3 AAA operations
User action Applicable AAA operations
User attempts to gain access to the
Privileged EXEC and CONFIG levels
of the CLI
Enable authentication:
aaa authentication enable default method-list
Exec authorization (TACACS+):
aaa authorization exec default tacacs+
System accounting start (TACACS+):
aaa accounting system default start-stop method-list
User logs in using Telnet/SSH Login authentication:
aaa authentication login default method-list
Exec authorization (TACACS+):
aaa authorization exec default tacacs+
Exec accounting start (TACACS+):
aaa accounting exec default method-list
System accounting start (TACACS+):
aaa accounting system default start-stop method-list
User logs out of Telnet/SSH session Command accounting (TACACS+):
aaa accounting commands privilege-level default start-stop method-list
EXEC accounting stop (TACACS+):
aaa accounting exec default start-stop method-list
User enters system commands
(for example, reload, boot system)
Command authorization (TACACS+):
aaa authorization commands privilege-level default method-list
Command accounting (TACACS+):
aaa accounting commands privilege-level default start-stop method-list
System accounting stop (TACACS+):
aaa accounting system default start-stop method-list
User enters the command:
[no] aaa accounting system default
start-stop method-list
Command authorization (TACACS+):
aaa authorization commands privilege-level default method-list
Command accounting (TACACS+):
aaa accounting commands privilege-level default start-stop method-list
System accounting start (TACACS+):
aaa accounting system default start-stop method-list
User enters other commands Command authorization (TACACS+):
aaa authorization commands privilege-level default method-list
Command accounting (TACACS+):
aaa accounting commands privilege-level default start-stop method-list