Support User Manuals

Dell FCX624-E Laptop User Manual

Open as PDF

of 1494

1196 PowerConnect B-Series FCX Configuration Guide

53-1002266-01

Configuring RADIUS security

32

Configuring RADIUS accounting for CLI commands

You can configure RADIUS accounting for CLI commands by specifying a privilege level whose

commands require accounting. For example, to configure the Dell PowerConnect device to perform

RADIUS accounting for the commands available at the Super User privilege level (that is; all

commands on the device), enter the following command.

PowerConnect(config)#aaa accounting commands 0 default start-stop radius

An Accounting Start packet is sent to the RADIUS accounting server when a user enters a

command, and an Accounting Stop packet is sent when the service provided by the command is

completed.

NOTE

If authorization is enabled, and the command requires authorization, then authorization is

performed before accounting takes place. If authorization fails for the command, no accounting

takes place.

Syntax: aaa accounting commands <privilege-level> default start-stop radius | tacacs | none

The <privilege-level> parameter can be one of the following:

• 0 – Records commands available at the Super User level (all commands)

• 4 – Records commands available at the Port Configuration level (port-config and read-only

commands)

• 5 – Records commands available at the Read Only level (read-only commands)

Configuring RADIUS accounting for system events

You can configure RADIUS accounting to record when system events occur on the Dell

PowerConnect device. System events include rebooting and when changes to the active

configuration are made.

The following command causes an Accounting Start packet to be sent to the RADIUS accounting

server when a system event occurs, and a Accounting Stop packet to be sent when the system

event is completed.

PowerConnect(config)#aaa accounting system default start-stop radius

Syntax: aaa accounting system default start-stop radius | tacacs+ | none

Configuring an interface as the source for all

RADIUS packets

You can designate the lowest-numbered IP address configured an Ethernet port, loopback

interface, or virtual interface as the source IP address for all RADIUS packets from the Layer 3

Switch. For configuration details, see “Configuring ARP parameters” on page 810.

Displaying RADIUS configuration information

The show aaa command displays information about all TACACS/TACACS+ and RADIUS servers

identified on the device.

previous next