ZyXEL Communications MSC1000G User Manual page 579

Table 311 Sys > AAA (continued)
LABEL
Method1 ~
Method3
Try Cont.
Authorization
Accounting
Update Period
Type
Active
Mode
Method
Management Switch Card User's Guide
DESCRIPTION
Specify the databases the system uses to authenticate privilege level changes and logins.
Set up the corresponding database properly before you select a method. Configure the local
passwords for changing the privilege level in the Enable > Password screen. Configure the
local login user accounts in the Sys > User Account screen. The TACACS+ and RADIUS are
external servers.
You can specify up to two methods for authenticating privilege level changes and up to three
methods for authenticating administrator logins. You must configure the Method 1 field. If
you want the system to check other sources for authentication, specify them in the Method
2 and (if applicable) Method 3 fields. The system uses Method 1 first, then Method 2 and
finally, (if applicable) Method 3.
For the Enable type, select enable to have the system use its local database to
authenticate privilege level change attempts or select tacacs+ to have the system check
them against your TACACS+ server.
Select local to have the system check the administrator logins against the accounts
configured in the Sys > User Account screen.
Select radius to have the system check the administrator logins against the accounts
configured in your RADIUS server.
Select tacacs+ to have the system check the administrator logins against the accounts
configured in your TACACS+ server.
Select this to have the system try to use the next method in turn if the first method failed to
authenticate a user.
Clear this option to have the system try the next authentication method only when the
current method is unavailable. The authentication fails if the first available method fails to
authenticate users.
Authorization checks whether an individual configuration session has the privilege to
execute individual commands. Click Advanced to go to a screen where you can configure
how the system checks for specific privilege levels.
Use this section to configure accounting settings on the system.
This is the amount of time in minutes before the system sends an update to the accounting
server. This is only valid if you select the start-stop option for the Exec entries.
The system supports the following types of events to be sent to the accounting server(s):
System: Configure the system to send information when the following system events
occur: system boots up, system shuts down, system accounting is enabled, system
accounting is disabled
Exec: Configure the system to send information when an administrator logs in and logs out
via the console port, Telnet or SSH.
Commands: Configure the system to send information when commands of specified
privilege level and higher are executed on the system.
Select this to activate accounting for a specified event types.
The MSC supports two modes of recording login events. Select:
start-stop: to have the system send information to the accounting server when a user
begins a session, during a user's session (if it lasts past the Update Period), and when a
user ends a session.
stop-only: to have the system send information to the accounting server only when a user
ends a session.
Select whether you want to use RADIUS or TACACS+ for accounting of specific types of
events.
TACACS+ is the only method for recording Commands type of event.
Chapter 14 Sys Screens
579