Cisco Systems Understanding AAA Accounting in Cisco: Commands and Configuration

Page 2

Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software

aaa accounting

aaa accounting

To create a method list for accounting, use the aaa accounting command in global configuration mode. To remove a list name from the system, use the no form of this command.

aaaaccounting {commands exec} {default list-name}{start-stop stop-only} {none group {tacacs+ radius group-name}}

no aaa accounting {commands exec} {default list-name}

Syntax Description

commands

Enables accounting for EXEC shell commands.

 

exec

Enables accounting of an EXEC session.

 

 

 

 

default

Uses the listed accounting methods that follow this keyword as the default list

 

 

of methods for accounting services.

 

 

 

 

list-name

Character string used to name the accounting method list.

 

 

 

 

start-stop

Sends a “start accounting” notice at the beginning of a process and a “stop

 

 

accounting” notice at the end of a process. The requested user process begins

 

 

regardless of whether the “start accounting” notice was received by the

 

 

accounting server.

 

 

 

 

stop-only

Sends a “stop accounting” notice at the end of the requested user process.

 

 

 

 

none

Uses no accounting.

 

 

 

 

group tacacs+

Uses the list of all TACACS+ servers for accounting.

 

 

 

 

group radius

Uses the list of all RADIUS servers for accounting.

 

 

 

 

group group-name

Uses a named subset of TACACS+ or RADIUS servers for accounting, as

 

 

defined by the aaa group server tacacs+ command or aaa gbroup server

 

 

radius command.

 

 

 

Defaults

Command Modes

Command History

AAAaccounting is disabled.

Global configuration

Release

Modification

Release 2.0

This command was introduced on the Cisco CRS-1.

 

 

Release 3.0

No modification.

 

 

Release 3.2

This command was supported on the Cisco XR 12000 Series Router.

 

 

Release 3.3.0

No modification.

 

 

Usage Guidelines To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

Cisco IOS XR System Security Command Reference

SR-2

Image 2
Contents SR-1 Aaa accounting SR-2SR-3 Creates a method list to be used for authorizationAaa Read, write Aaa accounting system default SR-4SR-5 Creates a method list for authenticationCreates a method list for authorization Aaa authentication SR-6SR-7 Radius, group named-group,local, or line optionsCreates a method list for accounting Command Description SR-8Local Aaa authorizationNetwork SR-9SR-10 Which specifies that TACACS+ authorization is used SR-11Aaa default-taskgroup SR-12Aaa group server radius SR-13Comprises three member servers SR-14Aaa group server tacacs+ SR-15SR-16 SR-17 Aaa accounting commandAccounting List named listname2 on a line template named configure SR-18SR-19 AuthorizationAuthorization command Listname4 on a line template named configure SR-20SR-21 Deadtime server-group configurationDeadtime minutes no deadtime Related Commands Description SR-22SR-23 Description AAADescription string No description Taskgroup SR-24Group SR-25Task ID Examples SR-26Inherit taskgroup SR-27SR-28 SR-29 Inherit usergroupInherit usergroup usergroup-name Sales user group SR-30SR-31 Login authenticationAuthentication login command SR-32 SR-33 Password AAAPassword 0 7 password No password 0 7 password SR-34 Radius-server dead-criteria time SR-35SR-36 Radius-server dead-criteria tries SR-37Dead-criteria time SR-38SR-39 Radius-server deadtimeRadius-server deadtime minutes No radius-server deadtime SR-40 Retransmit retries Timeout secondsRadius-server host SR-41SR-42 SR-43 Radius-server key SR-44Specifies a Radius server host SR-45Radius-server retransmit SR-46SR-47 Radius-server timeoutRadius-server timeout seconds No radius-server timeout Radius source-interface SR-48Outgoing Radius packets SR-49SR-50 SecretSecret 0 5 secret no secret 0 5 secret SR-51 Server Radius SR-52SR-53 Server TACACS+ SR-54Groups different TACACS+ server hosts into distinct lists SR-55Show aaa SR-56SR-57 Aaa usergroup operatorSR-58 Displays task IDs enabled for the currently logged-in user SR-59Show radius If no radius servers are configured, no output is displayedShow radius SR-60Field Description SR-61SR-62 Show radius accountingShow radius accounting Show radius authentication SR-63SR-64 Show radius authenticationShow radius authentication Show radius accounting SR-65SR-66 Show radius clientShow radius client SR-67 Show radius dead-criteria SR-68SR-69 Show radius server-groups No default behavior or valuesShow radius server-groups SR-70Field Description SR-71SR-72 Show tacacsShow tacacs SR-73 SR-74 Show tacacs server-groupsShow tacacs server-groups SR-75 SR-76 Show task supportedShow task supported SR-77 Ouni pkg-mgmt pos-dpt pppShow user SR-78SR-79 User allSR-80 SR-81 Tacacs-server host SR-82SR-83 SR-84 Tacacs-server keyTacacs-server key key-nameno tacacs-server key Specifies a TACACS+ host SR-85SR-86 Tacacs-server timeoutTacacs-server timeout seconds No tacacs-server timeout Tacacs source-interface SR-87Aaa group server radius SR-88Execute TaskWrite DebugSR-90 Taskgroup SR-91SR-92 Creates a task group description in task configuration modeAdds a task ID to a task group Timeout login response SR-93Enables AAA authentication for logins SR-94Usergroup SR-95Creates a description of a task group during configuration SR-96Username SR-97Adds a user to a group Defines a method list for authenticationCreates a login password for a user SR-98Users group SR-99Given operator privileges SR-100