Chapter 25 AAA

 

Table 71 Advanced Application > AAA > AAA Setup (continued)

 

LABEL

DESCRIPTION

 

Type

Set whether the Switch provides the following services to a user.

 

 

Exec: Allow an administrator which logs in the Switch through Telnet

 

 

or SSH to have different access privilege level assigned via the

 

 

external server.

 

 

Dot1x: Allow an IEEE 802.1x client to have different bandwidth limit

 

 

or VLAN ID assigned via the external server.

 

 

 

 

Active

Select this to activate authorization for a specified event types.

 

 

 

 

Method

Select whether you want to use RADIUS or TACACS+ for authorization of

 

 

specific types of events.

 

 

RADIUS is the only method for IEEE 802.1x authorization.

 

 

 

 

Accounting

Use this section to configure accounting settings on the Switch.

 

 

 

 

Update Period

This is the amount of time in minutes before the Switch sends an update

 

 

to the accounting server. This is only valid if you select the start-stop

 

 

option for the Exec or Dot1x entries.

 

 

 

 

Type

The Switch supports the following types of events to be sent to the

 

 

accounting server(s):

 

 

System - Configure the Switch to send information when the

 

 

following system events occur: system boots up, system shuts down,

 

 

system accounting is enabled, system accounting is disabled

 

 

Exec - Configure the Switch to send information when an

 

 

administrator logs in and logs out via the console port, telnet or SSH.

 

 

Dot1x - Configure the Switch to send information when an IEEE

 

 

802.1x client begins a session (authenticates via the Switch), ends a

 

 

session as well as interim updates of a session.

 

 

Commands - Configure the Switch to send information when

 

 

commands of specified privilege level and higher are executed on the

 

 

Switch.

 

 

 

 

Active

Select this to activate accounting for a specified event types.

 

 

 

 

Broadcast

Select this to have the Switch send accounting information to all

 

 

configured accounting servers at the same time.

 

 

If you don’t select this and you have two accounting servers set up, then

 

 

the Switch sends information to the first accounting server and if it

 

 

doesn’t get a response from the accounting server then it tries the

 

 

second accounting server.

 

 

 

 

Mode

The Switch supports two modes of recording login events. Select:

 

 

start-stop- to have the Switch send information to the accounting

 

 

server when a user begins a session, during a user’s session (if it

 

 

lasts past the Update Period), and when a user ends a session.

 

 

stop-only- to have the Switch send information to the accounting

 

 

server only when a user ends a session.

 

 

 

 

Method

Select whether you want to use RADIUS or TACACS+ for accounting of

 

 

specific types of events.

 

 

TACACS+ is the only method for recording Commands type of event.

 

 

 

 

Privilege

This field is only configurable for Commands type of event. Select the

 

 

threshold command privilege level for which the Switch should send

 

 

accounting information. The Switch will send accounting information

 

 

when commands at the level you specify and higher are executed on the

 

 

Switch.

 

 

 

 

251

XGS-4526/4528F/4728F User’s Guide