Chapter 23 Authentication & Accounting

 

Table 64

Advanced Application > Auth and Acct > Auth and Acct Setup (continued)

 

LABEL

 

DESCRIPTION

 

Type

 

The Switch supports the following types of events to be sent to the

 

 

 

accounting server(s):

 

 

 

System - Configure the Switch to send information when the

 

 

 

following system events occur: system boots up, system shuts down,

 

 

 

system accounting is enabled, system accounting is disabled

 

 

 

Exec - Configure the Switch to send information when an

 

 

 

administrator logs in and logs out via the console port, telnet or SSH.

 

 

 

Dot1x - Configure the Switch to send information when an IEEE

 

 

 

802.1x client begins a session (authenticates via the Switch), ends a

 

 

 

session as well as interim updates of a session.

 

 

 

Commands - Configure the Switch to send information when

 

 

 

commands of specified privilege level and higher are executed on the

 

 

 

Switch.

 

 

 

 

 

Active

 

Select this to activate accounting for a specified event types.

 

 

 

 

 

Broadcast

 

Select this to have the Switch send accounting information to all

 

 

 

configured accounting servers at the same time.

 

 

 

If you don’t select this and you have two accounting servers set up, then

 

 

 

the Switch sends information to the first accounting server and if it

 

 

 

doesn’t get a response from the accounting server then it tries the

 

 

 

second accounting server.

 

 

 

 

 

Mode

 

The Switch supports two modes of recording login events. Select:

 

 

 

start-stop- to have the Switch send information to the accounting

 

 

 

server when a user begins a session, during a user’s session (if it

 

 

 

lasts past the Update Period), and when a user ends a session.

 

 

 

stop-only- to have the Switch send information to the accounting

 

 

 

server only when a user ends a session.

 

 

 

 

 

Method

 

Select whether you want to use RADIUS or TACACS+ for accounting of

 

 

 

specific types of events.

 

 

 

TACACS+ is the only method for recording Commands type of event.

 

 

 

 

 

Privilege

 

This field is only configurable for Commands type of event. Select the

 

 

 

threshold command privilege level for which the Switch should send

 

 

 

accounting information. The Switch will send accounting information

 

 

 

when commands at the level you specify and higher are executed on the

 

 

 

Switch.

 

 

 

 

 

Apply

 

Click Apply to save your changes to the Switch’s run-time memory. The

 

 

 

Switch loses these changes if it is turned off or loses power, so use the

 

 

 

Save link on the top navigation panel to save your changes to the non-

 

 

 

volatile memory when you are done configuring.

 

 

 

 

 

Cancel

 

Click Cancel to begin configuring this screen afresh.

 

 

 

 

23.2.4 Vendor Specific Attribute

RFC 2865 standard specifies a method for sending vendor-specific information between a RADIUS server and a network access device (for example, the Switch). A company can create Vendor Specific Attributes (VSAs) to expand the functionality of a RADIUS server.

 

199

GS2200-48 User’s Guide