Details

TACACS+ also allows for commands authorization and accounting, permitting more granular control of command-line access and allowing managers to monitor user sessions and configuration activity on their devices.

Solution

The following commands enable authorization and accounting, handled by servers in the default tacacs group:

switch(config)# aaa authorization commands default group tacacs
switch(config)# aaa accounting all default start-stop group tacacs

Supportive Information

The following resource is also helpful.

• https://support.hpe.com/hpesc/public/docDisplay?docId=a00053695en_ushttps://support.hpe.com/hpesc/public/docDisplay?docId=a00053695en_us

This security hardening control applies to the following category of controls within NIST 800-53: Identification and Authentication.This control applies to the following type of system ArubaOS.

References

• 800-53|IA-2.

Source

• Tenable.com/audits