4
Configuring TACACS/TACACS+ security
You enable TACACS+ command authorization by specifying a privilege level whose commands
require authorization. For example, to configure the device to perform authorization for the
commands available at the Super User privilege level (that is, all commands on the device), enter
the following command.
BigIron RX(config)# aaa authorization commands 0 default tacacs+
Syntax: aaa authorization commands <privilege-level> default tacacs+ | radius | none
The <privilege-level> parameter can be one of the following:
•
•
•
NOTE
TACACS+ command authorization can be performed only for commands entered from Telnet or SSH
sessions, or from the console. No authorization is performed for commands entered at the Web
Management Interface or IronView Network Manager .
TACACS+ command authorization is not performed for the following commands:
•
•
If configured, command accounting is performed for these commands.
AAA support for console commands
To enable AAA support for commands entered at the console, enter the following command.
BigIron RX(config)# enable aaa console
Syntax: [no] enable aaa console
NOTES:
Configuring TACACS+ accounting
The device supports TACACS+ accounting for recording information about user activity and system
events. When you configure TACACS+ accounting on a BigIron RX, information is sent to a TACACS+
accounting server when specified events occur, such as when a user logs into the device or the
system is rebooted.
92
0 – Authorization is performed for commands available at the Super User level (all commands)
4 – Authorization is performed for commands available at the Port Configuration level
(port-config and read-only commands)
5 – Authorization is performed for commands available at the Read Only level (read-only
commands)
At all levels: exit, logout, end, and quit.
At the Privileged EXEC level: enable or enable <text>, where <text> is the password configured
for the Super User privilege level.
AAA support for commands entered at the console can include the following:
•
Login prompt that uses AAA authentication, using authentication-method lists
•
Exec Authorization
•
Exec Accounting
•
System Accounting
BigIron RX Series Configuration Guide
53-1001810-01