Manualshelf

Configuration Guide User guide

ManualsBrandsBrocade ManualsComputer AccessoriesFastIron
201202203204205206207208209210
FastIron Configuration Guide 143
53-1002494-02
TACACS and TACACS+ security
3. The Brocade device consults the TACACS+ server to determine the privilege level of the user.
4. The TACACS+ server sends back a response containing an A-V (Attribute-Value) pair with the
privilege level of the user.
5. The user is granted the specified privilege level.
When TACACS+ command authorization takes place, the following events occur.
1. A Telnet, SSH, or Web Management Interface user previously authenticated by a TACACS+
server enters a command on the Brocade device.
2. The Brocade device looks at its configuration to see if the command is at a privilege level that
requires TACACS+ command authorization.
3. If the command belongs to a privilege level that requires authorization, the Brocade device
consults the TACACS+ server to see if the user is authorized to use the command.
4. If the user is authorized to use the command, the command is executed.
TACACS+ accounting
TACACS+ accounting works as follows.
1. One of the following events occur on the Brocade device:
A user logs into the management interface using Telnet or SSH
A user enters a command for which accounting has been configured
A system event occurs, such as a reboot or reloading of the configuration file
2. The Brocade device checks the configuration to see if the event is one for which TACACS+
accounting is required.
3. If the event requires TACACS+ accounting, the Brocade device sends a TACACS+ Accounting
Start packet to the TACACS+ accounting server, containing information about the event.
4. The TACACS+ accounting server acknowledges the Accounting Start packet.
5. The TACACS+ accounting server records information about the event.
6. When the event is concluded, the Brocade device sends an Accounting Stop packet to the
TACACS+ accounting server.
7. The TACACS+ accounting server acknowledges the Accounting Stop packet.
AAA operations for TACACS/TACACS+
The following table lists the sequence of authentication, authorization, and accounting operations
that take place when a user gains access to a Brocade device that has TACACS/TACACS+ security
configured.