RackSwitch G8000 Application Guide
32
Chapter 1: Accessing the Switch BMD00041, November 2008
If the remote user is successfully authenticated by the authentication server, the switch
verifies the privileges of the remote user and authorizes the appropriate access. The adminis-
trator has an option to allow secure backdoor access via Telnet/SSH. Secure
backdoor provide switch access when the TACACS+ servers cannot be reached.
NOTE – To obtain the TACACS+ backdoor password for your G8000, contact
Technical Support.
Accounting
Accounting is the action of recording a user's activities on the device for the purposes of billing
and/or security. It follows the authentication and authorization actions. If the authentication
and authorization is not performed via TACACS+, there are no TACACS+ accounting mes-
sages sent out.
You can use TACACS+ to record and track software logins, configuration changes, and inter-
active commands.
The G8000 supports the following TACACS+ accounting attributes:
protocol (console/Telnet/SSH/HTTP/HTTPS)
start_time
stop_time
elapsed_time
disc_cause
NOTE – When using the Browser-Based Interface, the TACACS+ Accounting Stop records are
sent only if the Logout button on the browser is clicked.
Command authorization and logging
When TACACS+ Command Authorization is enabled, Blade OS configuration commands are
sent to the TACACS+ server for authorization. Use the following command to enable
TACACS+ Command Authorization:
RS G8000 (config)# tacacs-server command-authorization
