RADIUS security

2.The Brocade device checks its configuration to see if the event is one for which RADIUS accounting is required.

3.If the event requires RADIUS accounting, the Brocade device sends a RADIUS Accounting Start packet to the RADIUS accounting server, containing information about the event.

4.The RADIUS accounting server acknowledges the Accounting Start packet.

5.The RADIUS accounting server records information about the event.

6.When the event is concluded, the Brocade device sends an Accounting Stop packet to the RADIUS accounting server.

7.The RADIUS accounting server acknowledges the Accounting Stop packet.

AAA operations for RADIUS

The following table lists the sequence of authentication, authorization, and accounting operations that take place when a user gains access to a Brocade device that has RADIUS security configured.

TABLE 7

AAA operations for RADIUS

 

 

User action

Applicable AAA operations

User attempts to gain access to the Privileged EXEC and CONFIG levels of the CLI

Enable authentication:

aaa authentication enable default method-list

System accounting start:

aaa accounting system default start-stop method-list

User logs in using Telnet/SSH

Login authentication:

 

aaa authentication login default method-list

 

 

 

EXEC accounting Start:

 

aaa accounting exec default start-stop method-list

 

System accounting Start:

 

aaa accounting system default start-stop method-list

 

 

User logs out of Telnet/SSH

Command authorization for logout command:

session

aaa authorization commands privilege-leveldefault method-list

 

 

 

Command accounting:

 

aaa accounting commands privilege-leveldefault start-stop method-list

 

EXEC accounting stop:

 

aaa accounting exec default start-stop method-list

 

 

User enters system commands

Command authorization:

(for example, reload, boot system)

aaa authorization commands privilege-leveldefault method-list

 

 

 

Command accounting:

 

aaa accounting commands privilege-leveldefault start-stop method-list

 

System accounting stop:

 

aaa accounting system default start-stop method-list

 

 

User enters the command:

Command authorization:

[no] aaa accounting system default

aaa authorization commands privilege-leveldefault method-list

start-stop method-list

 

Command accounting:

 

 

aaa accounting commands privilege-leveldefault start-stop method-list

 

System accounting start:

 

aaa accounting system default start-stop method-list

Brocade ICX 6650 Security Configuration Guide

43

53-1002601-01

 

Page 63
Image 63
Brocade Communications Systems 6650 manual AAA operations for Radius