Technical data
ServerIron ADX Administration Guide 109
53-1002434-01
Configuring TACACS or TACACS+ security
2
AAA operations for TACACS or TACACS+
The following table lists the sequence of authentication, authorization, and accounting operations
that take place when a user gains access to a ServerIron that has TACACS or TACACS+ security
configured.
User action Applicable AAA operations
User attempts to gain access to the
Privileged EXEC and CONFIG levels of the
CLI
Enable authentication:
aaa authentication enable default <method-list>
Exec authorization (TACACS+):
aaa authorization exec default tacacs+
System accounting start (TACACS+):
aaa accounting system default start-stop <method-list>
User logs in using Telnet or SSH Login authentication:
aaa authentication login default <method-list>
Exec authorization (TACACS+):
aaa authorization exec default tacacs+
Exec accounting start (TACACS+):
aaa accounting exec default <method-list>
System accounting start (TACACS+):
aaa accounting system default start-stop <method-list>
User logs into the Web Management
Interface
Web authentication:
aaa authentication web-server default <method-list>
Exec authorization (TACACS+):
aaa authorization exec default tacacs+
User logs out of Telnet or SSH session Command accounting (TACACS+):
aaa accounting commands <privilege-level> default start-stop
<method-list>
EXEC accounting stop (TACACS+):
aaa accounting exec default start-stop <method-list>
User enters system commands
(for example, reload, boot system)
Command authorization (TACACS+):
aaa authorization commands <privilege-level> default <method-list>
Command accounting (TACACS+):
aaa accounting commands <privilege-level> default start-stop
<method-list>
System accounting stop (TACACS+):
aaa accounting system default start-stop <method-list>
User enters the command:
[no] aaa accounting system default
start-stop <method-list>
Command authorization (TACACS+):
aaa authorization commands <privilege-level> default <method-list>
Command accounting (TACACS+):
aaa accounting commands <privilege-level> default start-stop
<method-list>
System accounting start (TACACS+):
aaa accounting system default start-stop <method-list>