TACACS and TACACS+ security

AAA operations for TACACS/TACACS+

The following table lists the sequence of authentication, authorization, and accounting operations that take place when a user gains access to a Brocade device that has TACACS/TACACS+ security configured.

TABLE 3

AAA operations

 

 

 

 

User action

 

Applicable AAA operations

 

 

User attempts to gain access to the

Enable authentication:

Privileged EXEC and CONFIG levels

aaa authentication enable default method-list

of the CLI

 

 

 

Exec authorization (TACACS+):

 

 

 

 

aaa authorization exec default tacacs+

 

 

 

 

 

System accounting start (TACACS+):

 

 

aaa accounting system default start-stop method-list

 

 

User logs in using Telnet/SSH

Login authentication:

 

 

aaa authentication login default method-list

 

 

 

 

 

Exec authorization (TACACS+):

 

 

aaa authorization exec default tacacs+

 

 

 

 

 

Exec accounting start (TACACS+):

 

 

aaa accounting exec default method-list

 

 

System accounting start (TACACS+):

 

 

aaa accounting system default start-stop method-list

 

 

User logs out of Telnet/SSH session

Command accounting (TACACS+):

 

 

aaa accounting commands privilege-leveldefault start-stop method-list

 

 

EXEC accounting stop (TACACS+):

 

 

aaa accounting exec default start-stop method-list

 

 

User enters system commands

Command authorization (TACACS+):

(for example, reload, boot system)

aaa authorization commands privilege-leveldefault method-list

 

 

 

 

 

Command accounting (TACACS+):

 

 

aaa accounting commands privilege-leveldefault start-stop method-list

 

 

System accounting stop (TACACS+):

 

 

aaa accounting system default start-stop method-list

 

 

User enters the command:

Command authorization (TACACS+):

[no] aaa accounting system default

aaa authorization commands privilege-leveldefault method-list

start-stop method-list

 

Command accounting (TACACS+):

 

 

 

 

aaa accounting commands privilege-leveldefault start-stop method-list

 

 

System accounting start (TACACS+):

 

 

aaa accounting system default start-stop method-list

 

 

User enters other commands

Command authorization (TACACS+):

 

 

aaa authorization commands privilege-leveldefault method-list

Command accounting (TACACS+):

aaaaccounting commands privilege-leveldefault start-stop method-list

AAAsecurity for commands pasted into the running-config

If AAA security is enabled on the device, commands pasted into the running-config are subject to the same AAA operations as if they were entered manually.

Brocade ICX 6650 Security Configuration Guide

29

53-1002601-01

 

Page 49
Image 49
Brocade Communications Systems 6650 manual AAA operations for TACACS/TACACS+, User action Applicable AAA operations