Use this command to enable or disable TACACS+ session accounting, or to configure TACACS+ session authorization parameters.
| authorization | Specifies that TACACS+ session authorization service or privilege level is being configured. |
| service name | Specifies the name of the service that the TACACS+ client will request from the TACACS+ server. The name specified here must match the name of a service configured on the server. |
| accounting | Specifies that TACACS+ session accounting service is being enabled or disabled. |
| read-only attribute value | Specifies that the Extreme Networks read-only access privilege level should be matched to a privilege level configured on the TACACS+ server by means of an attribute-value pair specified by attribute and value. By default, attribute is “priv-lvl” and value is 0. |
| read-write attribute value | Specifies that the Extreme Networks read-write access privilege level should be matched to a privilege level configured on the TACACS+ server by means of an attribute-value pair specified by attribute and value. By default, attribute is “priv-lvl” and value is 1. |
| super-user attribute value | Specifies that the Extreme Networks super-user access privilege level should be matched to a privilege level configured on the TACACS+ server by means of an attribute-value pair specified by attribute and value. By default, attribute is “priv-lvl” and value is 15. |
| enable | disable | Enables or disables TACACS+ session accounting. |
None.
All command modes.
When session accounting is enabled, the TACACS+ server will log accounting information, such as start and stop times, IP address of the client, and so forth, for each authorized client session.
When the TACACS+ client is enabled on the Extreme Networks switch (with the set tacacs enable command), the session authorization parameters configured with this command are sent by the client to the TACACS+ server when a session is initiated on the Extreme Networks switch. The parameter values must match a service and access level attribute-value pairs configured on the server for the session to be authorized. If the parameter values do not match, the session will not be allowed.
The service name and attribute-value pairs can be any character string, and are determined by your TACACS+ server configuration.
This example configures the service requested by the TACACS+ client as the service name “basic.”
System(rw)->set tacacs session authorization service basic
This example maps the Extreme Networks read-write access privilege level to an attribute named “priv-lvl” with the value of 5 configured on the TACACS+ server.
System(rw)->set tacacs session authorization read-write priv-lvl 5
This example enables TACACS+ session accounting.
System(rw)->set tacacs session accounting enable
Print
this page
Email this topic
Feedback
View PDF
Download EPUB