Accounting - HP 438031-B21 - 1:10Gb Ethernet BL-c Switch Application Manual

Alternate mapping between TACACS+ privilege levels and switch management access levels is shown in
the table below. Use the command /cfg/sys/tacacs/cmap ena to use the alternate TACACS+
privilege levels.
Alternate TACACS+ privilege levels
Table 5
User access level
user
oper
admin
You can customize the mapping between TACACS+ privilege levels and HP 1:10GbE switch
management access levels. Use the command /cfg/sys/tacacs/usermap to manually map each
TACACS+ privilege level (0-15) to a corresponding HP 1:10GbE switch management access level (user,
oper, admin, none).
If the remote user is authenticated by the authentication server, the HP 1:10GbE switch verifies the
privileges of the remote user and authorizes the appropriate access. When both the primary and
secondary authentication servers are not reachable, the administrator has an option to allow backdoor
access via the console only or console and Telnet access. The default value is disabled for Telnet access
and enabled for console access. The administrator also can enable secure backdoor
(/cfg/sys/tacacs/secbd) to allow access if both the primary and secondary TACACS+ servers fail to
respond.

Accounting

Accounting is the action of recording a user's activities on the device for the purposes of billing and/or
security. It follows the authentication and authorization actions. If the authentication and authorization is
not performed via TACACS+, no TACACS+ accounting messages are sent out.
You can use TACACS+ to record and track software logins, configuration changes, and interactive
commands.
The switch supports the following TACACS+ accounting attributes:
protocol (console/telnet/ssh/http)
start_time
stop_time
elapsed_time
NOTE: When using the browser-based Interface, the TACACS+ Accounting Stop records are sent
only if the Quit button on the browser is clicked.
TACACS+ level
0—1
6—8
14—15
Accessing the switch
27