Chapter 20 Authentication & Accounting
Table 49 Advanced Application > Auth and Acct > Auth and Acct Setup (continued)
LABEL | DESCRIPTION |
Login | These fields specify which database the Switch should use (first, second and third) |
| to authenticate administrator accounts (users for Switch management). |
| Configure the local user accounts in the Access Control > Logins screen. The |
| TACACS+ and RADIUS are external servers. Before you specify the priority, make |
| sure you have set up the corresponding database correctly first. |
| You can specify up to three methods for the Switch to authenticate administrator |
| accounts. The Switch checks the methods in the order you configure them (first |
| Method 1, then Method 2 and finally Method 3). You must configure the settings in |
| the Method 1 field. If you want the Switch to check other sources for administrator |
| accounts, specify them in Method 2 and Method 3 fields. |
| Select local to have the Switch check the administrator accounts configured in the |
| Access Control > Logins screen. |
| Select radius to have the Switch check the administrator accounts via RADIUS |
| servers configured in the RADIUS Server Setup screen. |
| Select tacacs+ to have the Switch check the administrator accounts via TACACS+ |
| servers configured in the TACACS+ Server Setup screen. |
|
|
Accounting | Use this section to configure accounting settings on the Switch. |
|
|
Update Period | This is the amount of time in minutes before the Switch sends an update to the |
| accounting server. This is only valid if you select the |
| or Dot1x entries. |
|
|
Type | The Switch supports the following types of events to be sent to the accounting |
| server(s): |
| • System - Configure the Switch to send information when the following system |
| events occur: system boots up, system shuts down, system accounting is |
| enabled, system accounting is disabled. |
| • Exec - Configure the Switch to send information when an administrator logs in |
| and logs out via the console port, Telnet or SSH. |
| • Dot1x - Configure the Switch to send information when an IEEE 802.1x client |
| begins a session (authenticates via the Switch), ends a session as well as |
| interim updates of a session. |
| • Commands - Configure the Switch to send information when commands of |
| specified privilege level and higher are executed on the Switch. |
|
|
Active | Select this to activate accounting for a specified event types. |
|
|
Broadcast | Select this to have the Switch send accounting information to all configured |
| accounting servers at the same time. |
| If you don’t select this and you have two accounting servers set up, then the Switch |
| sends information to the first accounting server and if it doesn’t get a response from |
| the accounting server then it tries the second accounting server. |
|
|
Mode | The Switch supports two modes of recording login events. Select: |
| • |
| a user begins a session, during a user’s session (if it lasts past the Update |
| Period), and when a user ends a session. |
| • |
| when a user ends a session. |
|
|
Method | Select whether you want to use RADIUS or TACACS+ for accounting of specific |
| types of events. |
| TACACS+ is the only method for recording Commands type of event. |
|
|
Privilege | This field is only configurable for Commands type of event. Select the threshold |
| command privilege level for which the Switch should send accounting information. |
| The Switch will send accounting information when commands at the level you |
| specify and higher are executed on the Switch. |
|
|
152 |
| |
| ||
|
|
|