|
| Chapter 25 AAA |
|
|
|
| Table 71 Advanced Application > AAA > AAA Setup (continued) | |
| LABEL | DESCRIPTION |
| Type | Set whether the Switch provides the following services to a user. |
|
| • Exec: Allow an administrator which logs in the Switch through Telnet |
|
| or SSH to have different access privilege level assigned via the |
|
| external server. |
|
| • Dot1x: Allow an IEEE 802.1x client to have different bandwidth limit |
|
| or VLAN ID assigned via the external server. |
|
|
|
| Active | Select this to activate authorization for a specified event types. |
|
|
|
| Method | Select whether you want to use RADIUS or TACACS+ for authorization of |
|
| specific types of events. |
|
| RADIUS is the only method for IEEE 802.1x authorization. |
|
|
|
| Accounting | Use this section to configure accounting settings on the Switch. |
|
|
|
| Update Period | This is the amount of time in minutes before the Switch sends an update |
|
| to the accounting server. This is only valid if you select the |
|
| option for the Exec or Dot1x entries. |
|
|
|
| Type | The Switch supports the following types of events to be sent to the |
|
| accounting server(s): |
|
| • System - Configure the Switch to send information when the |
|
| following system events occur: system boots up, system shuts down, |
|
| system accounting is enabled, system accounting is disabled |
|
| • Exec - Configure the Switch to send information when an |
|
| administrator logs in and logs out via the console port, telnet or SSH. |
|
| • Dot1x - Configure the Switch to send information when an IEEE |
|
| 802.1x client begins a session (authenticates via the Switch), ends a |
|
| session as well as interim updates of a session. |
|
| • Commands - Configure the Switch to send information when |
|
| commands of specified privilege level and higher are executed on the |
|
| Switch. |
|
|
|
| Active | Select this to activate accounting for a specified event types. |
|
|
|
| Broadcast | Select this to have the Switch send accounting information to all |
|
| configured accounting servers at the same time. |
|
| If you don’t select this and you have two accounting servers set up, then |
|
| the Switch sends information to the first accounting server and if it |
|
| doesn’t get a response from the accounting server then it tries the |
|
| second accounting server. |
|
|
|
| Mode | The Switch supports two modes of recording login events. Select: |
|
| • |
|
| server when a user begins a session, during a user’s session (if it |
|
| lasts past the Update Period), and when a user ends a session. |
|
| • |
|
| server only when a user ends a session. |
|
|
|
| Method | Select whether you want to use RADIUS or TACACS+ for accounting of |
|
| specific types of events. |
|
| TACACS+ is the only method for recording Commands type of event. |
|
|
|
| Privilege | This field is only configurable for Commands type of event. Select the |
|
| threshold command privilege level for which the Switch should send |
|
| accounting information. The Switch will send accounting information |
|
| when commands at the level you specify and higher are executed on the |
|
| Switch. |
|
|
|
| 253 |
|
|