Header
Home | Set as homepage | Add to favorites
  Search the Site     » Advanced Search
Sections
Syndication


Blogroll:

||||| ALL Cisco-Network ARTICLES |||||  
CCIE Journey,
The CCIE Journey,

Home : CCSP-Cisco Certified Security Professional : Define the Accounting Method Lists

Define the Accounting Method Lists

Jul 16,2009 by alperen

small font medium font large font
image

Define the Accounting Method Lists

When aaa accounting is activated, the NAS monitors either RADIUS accounting attributes or TACACS+ AV pairs pertinent to the connection, depending on the security method you implemented. The NAS reports these attributes as accounting records, which are then stored in an accounting log on the security server. The aaa accounting command enables accounting and enables you to create named method lists defining specific accounting methods on a per-line or per-interface basis. Use the no form of this command to disable accounting. The basic syntax is

Rtr1(config)#aaa accounting {accounting-type} {default | list-name} {accounting-method}
 method1 [method2...]

Rtr1(config)#no aaa accounting {accounting-type}

The first step is to choose which of the eight authorization types that AAA supports should be validated. The syntax and choices include

Rtr1(config)# aaa accounting {system | network | exec | connection | commands level | nested
| update} {default | list-name} {accounting-method} method1 [method2...]

system

All system-level events not associated with users, such as reloads. Don’t use named accounting lists, only use the default list for system accounting.

network

All network-related service requests, including SLIP, PPP, PPP NCPs, and ARAP.

exec

Creates accounting records about user EXEC terminal sessions on the NAS, including user name, date, start, and stop times.

connection

All outbound connections from the NAS, such as Telnet, local-area transport (LAT), TN3270, packet assembler/disassembler (PAD), and rlogin.

commands level

Specific command level to track for accounting (0 through 15).

nested

Provides accounting when starting PPP from EXEC, generate NETWORK records before EXEC-STOP record.

update

Enables periodic interim accounting records to be sent to the accounting server.

Once the accounting type is selected, you must specify the accounting method to be used in recording the results. The syntax and choices include

Rtr1(config)#aaa accounting {accounting-type} {default | list-name} {start-stop | wait-start |
 stop-only | none} method1 [method2...]

start-stop

Sends a start accounting notice at the beginning of a process and a stop accounting notice at the end of a process. The start accounting record is sent in the background. The requested user process begins, regardless of whether the start accounting notice was received by the accounting server.

wait-start

Sends both a start and a stop accounting notice to the accounting server. But, if the wait-start keyword is used, the requested user service does not begin until the start accounting notice is acknowledged.

stop-only

Sends a stop accounting notice at the end of the requested user process.

None

Disables accounting services on this line or interface.

For minimal accounting, use the stop-only keyword. For more detailed accounting, include the start-stop keyword. For even more accounting control, include the wait-start keyword, which ensures the start notice is received by the RADIUS or TACACS+ server before granting the user’s process request.

When aaa accounting is activated, the network access server monitors either RADIUS accounting attributes or TACACS+ AV pairs pertinent to the connection, depending on the security method implemented. The network access server reports these attributes as accounting records, which are then stored in an accounting log on the security server. The default | list-name and method options are just like in the authentication and authorization process. Individual named accounting method lists are specific to the indicated accounting type. System accounting doesn’t use named accounting lists. Only the default list for system accounting can be defined.

default

Uses the listed accounting methods that follow this argument as the default list of methods for accounting

list-name

Character string used to name the list of accounting methods

method1 [method2...]

One of the keywords listed in the following table

Accounting method keywords are described in the following table.

Keyword

Description

group tacacs+

Uses the list of all TACACS+ servers to provide authorization services. The NAS reports user activity to the TACACS+ security server in the form of accounting records. Each accounting record contains accounting attribute-value (AV) pairs and is stored on the security server.

group radius

Uses the list of all RADIUS servers to provide authorization service. The NAS reports user activity to the RADIUS security server in the form of accounting records. Each accounting record contains accounting attribute-value (AV) pairs and is stored on the security server.

group | group-name

Uses a subset of RADIUS or TACACS+ servers for accounting, as defined by the server group group-name.

Method lists for accounting define the way accounting will be performed. Named accounting method lists enable the option to designate a particular security protocol to be used on specific lines or interfaces for particular types of accounting services.


370 times read

Related news
» Accounting
by alperen posted on Jul 16,2009
» Activate Authentication Proxy Accounting
by alperen posted on Sep 17,2009
» Implementing Accounting Method Lists
by alperen posted on Jul 16,2009
» Authentication and Authorization
by alperen posted on Jul 08,2009
» Capturing User Keystrokes
by admin posted on Jul 21,2008
Did you enjoy this article?
1 2 3 4 5
(total 0 votes)

comment Comments (0 posted) 

More Top News
CCSP-Cisco Certified Security Professional
arrow Cisco SAFE Implementation
arrow Preparation Documents
arrow Exam Topics
arrow Skills Required for the Exam
arrow Cisco SAFE Implementation Questions and Answers
arrow Access Control Lists Cisco
arrow Access List Basics
arrow Standard Access Lists
arrow Verifying ACLs
arrow Extended Access Lists
arrow TCP Access Lists
arrow UDP Access Lists
arrow ICMP Access Lists
arrow Named Access Lists
arrow Signature and Alarm Management Review
arrow Signature and Alarm Management Review Questions and Answers
arrow Event Viewer
arrow Managing Alarms
arrow Event Viewer Customization
arrow Preference Settings
arrow Sensor Installation
arrow Connecting to Your Network Sensor Appliance
arrow Sensor Bootstrap
arrow Sensor Installation and Configuration Review
arrow Sensor Installation and Configuration Questions and Answers
arrow Signature and Alarm Management
arrow CIDS Signatures
arrow Signature Series
arrow Signature Implementations
arrow Signature Classes
arrow Signature Types
arrow Signature Severity
Most Popular
Most Commented
Featured Author

alperen

image
<| Cisco Articles | Maximum Learning | All Cisco-Network Study Notes | Privacy Policy |>
If you think you own the material being used without permission, contact alperenmad[at]hotmail.com. material will be removed from the site.