Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S3048-ON

1341

● All configuration commands entered from a non-console session with the sysadmin user role are authorized using the

configured TACACS+ servers.

OS10(config)# aaa authorization config-commands role sysadmin default group tacacs+

Remove AAA authorization methods

OS10(config)# no aaa authorization commands role sysadmin console

Enable AAA accounting

To record information about all user-entered commands, use the AAA accounting feature — not supported for RADIUS

accounting. AAA accounting records login and command information in OS10 sessions on console connections using the

console option and remote connections using the default option, such as Telnet and SSH.

AAA accounting sends accounting messages:

● Sends a start notice when a process begins, and a stop notice when the process ends using the start-stop option

● Sends only a stop notice when a process ends using the stop-only option

● No accounting notices are sent using the none option

● Logs all accounting notices in syslog using the logging option

● Logs all accounting notices on configured TACACS+ servers using the group tacacs+ option

Enable AAA accounting

● Enable AAA accounting in CONFIGURATION mode.

aaa accounting commands all {console | default} {start-stop | stop-only | none}

[logging] [group tacacs+]

The no version of this command disables AAA accounting.

Example

The following example enables AAA accounting for all commands on the console. And also enables the system to send a start

notice when a process begins, and a stop notice when the process ends to the console and a TACACS+ server.

OS10(config)# aaa accounting commands all console start-stop logging group tacacs+

AAA commands

aaa accounting

Enables AAA accounting.

Syntax

aaa accounting exec commands all {console | default} {start-stop | stop-

only | none} [logging] [group tacacs+]

Parameters

● exec — Record user authentication events.

● commands all — Record all user-entered commands. RADIUS accounting does not support this

option.

● console — Record all user authentication and logins or all user-entered commands in OS10 sessions

on console connections.

● default — Record all user authentication and logins or all user-entered commands in OS10 sessions

on remote connections; for example, Telnet and SSH.

● start-stop — Send a start notice when a process begins, and a stop notice when the process

ends.

● stop-only — Send only a stop notice when a process ends.

● none — No accounting notices are sent.

● logging — Logs all accounting notices in syslog.

● group tacacs+ — Logs all accounting notices on the first reachable TACACS+ server.

1344 Security