RackSwitch G8000 Application Guide

If the remote user is successfully authenticated by the authentication server, the switch verifies the privileges of the remote user and authorizes the appropriate access. The adminis- trator has an option to allow secure backdoor access via Telnet/SSH. Secure

backdoor provide switch access when the TACACS+ servers cannot be reached.

NOTE To obtain the TACACS+ backdoor password for your G8000, contact

Technical Support.

Accounting

Accounting is the action of recording a user's activities on the device for the purposes of billing and/or security. It follows the authentication and authorization actions. If the authentication and authorization is not performed via TACACS+, there are no TACACS+ accounting mes- sages sent out.

You can use TACACS+ to record and track software logins, configuration changes, and inter- active commands.

The G8000 supports the following TACACS+ accounting attributes:

„protocol (console/Telnet/SSH/HTTP/HTTPS)

„start_time

„stop_time

„elapsed_time

„disc_cause

NOTE When using the Browser-Based Interface, the TACACS+ Accounting Stop records are sent only if the Logout button on the browser is clicked.

Command authorization and logging

When TACACS+ Command Authorization is enabled, Blade OS configuration commands are sent to the TACACS+ server for authorization. Use the following command to enable TACACS+ Command Authorization:

RS G8000 (config)# tacacs-server command-authorization

32 „ Chapter 1: Accessing the Switch

BMD00041, November 2008

Page 32
Image 32
Blade ICE G8000 manual Command authorization and logging, Accounting