Filter
Top Products
Chapter 25 AAA
XGS-4526/4528F/4728F User’s Guide
251
Type Set whether the Switch provides the following services to a user.
• Exec: Allow an administrator which logs in the Switch through Telnet
or SSH to have different access privilege level assigned via the
external server.
• Dot1x: Allow an IEEE 802.1x client to have different bandwidth limit
or VLAN ID assigned via the external server.
Active Select this to activate authorization for a specified event types.
Method Select whether you want to use RADIUS or TACACS+ for authorization of
specific types of events.
RADIUS is the only method for IEEE 802.1x authorization.
Accounting Use this section to configure accounting settings on the Switch.
Update Period This is the amount of time in minutes before the Switch sends an update
to the accounting server. This is only valid if you select the start-stop
option for the Exec or Dot1x entries.
Type The Switch supports the following types of events to be sent to the
accounting server(s):
• System - Configure the Switch to send information when the
following system events occur: system boots up, system shuts down,
system accounting is enabled, system accounting is disabled
• Exec - Configure the Switch to send information when an
administrator logs in and logs out via the console port, telnet or SSH.
• Dot1x - Configure the Switch to send information when an IEEE
802.1x client begins a session (authenticates via the Switch), ends a
session as well as interim updates of a session.
• Commands - Configure the Switch to send information when
commands of specified privilege level and higher are executed on the
Switch.
Active Select this to activate accounting for a specified event types.
Broadcast Select this to have the Switch send accounting information to all
configured accounting servers at the same time.
If you don’t select this and you have two accounting servers set up, then
the Switch sends information to the first accounting server and if it
doesn’t get a response from the accounting server then it tries the
second accounting server.
Mode The Switch supports two modes of recording login events. Select:
• start-stop - to have the Switch send information to the accounting
server when a user begins a session, during a user’s session (if it
lasts past the Update Period), and when a user ends a session.
• stop-only - to have the Switch send information to the accounting
server only when a user ends a session.
Method Select whether you want to use RADIUS or TACACS+ for accounting of
specific types of events.
TACACS+ is the only method for recording Commands type of event.
Privilege This field is only configurable for Commands type of event. Select the
threshold command privilege level for which the Switch should send
accounting information. The Switch will send accounting information
when commands at the level you specify and higher are executed on the
Switch.
Table 71 Advanced Application > AAA > AAA Setup (continued)
LABEL DESCRIPTION