Technical data

BLADE OS 5.1 Application Guide

BMD00136, November 2009 Chapter 1: Accessing the Switch

 33

Accounting

Accounting is the action of recording a user's activities on the device for the purposes of billing

and/or security. It follows the authentication and authorization actions. If the authentication and

authorization is not performed via TACACS+, there are no TACACS+ accounting messages sent

out.

You can use TACACS+ to record and track software logins, configuration changes, and interactive

commands.

The G8000 supports the following TACACS+ accounting attributes:

 protocol (console/Telnet/SSH/HTTP/HTTPS)

 start_time

 stop_time

 elapsed_time

 disc_cause

Note – When using the Browser-Based Interface, the TACACS+ Accounting Stop records are sent

only if the Logout button on the browser is clicked.

Command Authorization and Logging

When TACACS+ Command Authorization is enabled, Blade OS configuration commands are sent

to the TACACS+ server for authorization. Use the following command to enable TACACS+

Command Authorization:

When TACACS+ Command Logging is enabled, Blade OS configuration commands are

logged on the TACACS+ server. Use the following command to enable TACACS+

Command Logging:

The following examples illustrate the format of Blade OS commands sent to the TACACS+ server:

RS G8000 (config)# tacacs-server command-authorization

RS G8000 (config)# tacacs-server command-logging

authorization request, cmd=shell, cmd-arg=interface ip

accounting request, cmd=shell, cmd-arg=interface ip

authorization request, cmd=shell, cmd-arg=enable

accounting request, cmd=shell, cmd-arg=enable