PowerConnect B-Series FCX Configuration Guide 119553-1002266-01Configuring RADIUS security 32• 5 – Authorization is performed for commands available at the Read Only level (read-onlycommands)NOTERADIUS command authorization can be performed only for commands entered from Telnet or SSHsessions, or from the console. No authorization is performed for commands entered at the WebManagement Interface or Brocade Network Advisor.NOTESince RADIUS command authorization relies on the command list supplied by the RADIUS serverduring authentication, you cannot perform RADIUS authorization without RADIUS authentication.Command authorization and accounting for console commandsThe Dell PowerConnect device supports command authorization and command accounting for CLIcommands entered at the console. To configure the device to perform command authorization andcommand accounting for console commands, enter the following.PowerConnect(config)#enable aaa consoleSyntax: enable aaa consoleCAUTIONIf you have previously configured the device to perform command authorization using a RADIUSserver, entering the enable aaa console command may prevent the execution of any subsequentcommands entered on the console.This happens because RADIUS command authorization requires a list of allowable commandsfrom the RADIUS server. This list is obtained during RADIUS authentication. For console sessions,RADIUS authentication is performed only if you have configured Enable authentication andspecified RADIUS as the authentication method (for example, with the aaa authentication enabledefault radius command). If RADIUS authentication is never performed, the list of allowablecommands is never obtained from the RADIUS server. Consequently, there would be no allowablecommands on the console.Configuring RADIUS accountingDell PowerConnect devices support RADIUS accounting for recording information about useractivity and system events. When you configure RADIUS accounting on a Dell PowerConnect device,information is sent to a RADIUS accounting server when specified events occur, such as when auser logs into the device or the system is rebooted.Configuring RADIUS accounting for Telnet/SSH (Shell) accessTo send an Accounting Start packet to the RADIUS accounting server when an authenticated userestablishes a Telnet or SSH session on the Dell PowerConnect device, and an Accounting Stoppacket when the user logs out.PowerConnect(config)#aaa accounting exec default start-stop radiusSyntax: aaa accounting exec default start-stop radius | tacacs+ | none
