Cisco Systems XR manual Aaa Read, write, Creates a method list to be used for authorization, SR-3

Page 3

Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software

aaa accounting

Use the aaa accounting command to create default or named method lists defining specific accounting methods and that can be used on a per-line or per-interface basis. You can specify up to four methods in the method list. The list name can be applied to a line (console, aux, or vty template) to enable accounting on that particular line.

The Cisco IOS XR software supports both TACACS+ and RADIUS methods for accounting. The router reports user activity to the security server in the form of accounting records, which are stored on the security server.

Method lists for accounting define the way accounting is performed, enabling you to designate a particular security protocol to be used on specific lines or interfaces for particular types of accounting services.

For minimal accounting, include the stop-onlykeyword to send a “stop accounting” notice after the requested user process. For more accounting, you can include the start-stopkeyword, so that TACACS+ or RADIUS sends a “start accounting” notice at the beginning of the requested process and a “stop accounting” notice after the process. The accounting record is stored only on the TACACS+ or RADIUS server.

The requested user process begins regardless of whether the “start accounting” notice was received by the accounting server.

Note This command cannot be used with TACACS or extended TACACS.

Task ID

Examples

Task ID	Operations
aaa	read, write

The following example shows how to define a default commands accounting method list, where accounting services are provided by a TACACS+ security server, with a stop-only restriction:

RP/0/RP0/CPU0:router# configure

RP/0/RP0/CPU0:router(config)# aaa accounting commands default stop-only group tacacs+

Related Commands	Command	Description
	aaa authorization	Creates a method list to be used for authorization.

Cisco IOS XR System Security Command Reference

SR-3

Image 3

Contents SR-1 SR-2 Aaa accountingCreates a method list to be used for authorization Aaa Read, writeSR-3 SR-4 Aaa accounting system defaultCreates a method list for authentication Creates a method list for authorizationSR-5 SR-6 Aaa authenticationRadius, group named-group,local, or line options Creates a method list for accountingSR-7 SR-8 Command DescriptionSR-9 Aaa authorizationNetwork LocalSR-10 SR-11 Which specifies that TACACS+ authorization is usedSR-12 Aaa default-taskgroupSR-13 Aaa group server radiusSR-14 Comprises three member serversSR-15 Aaa group server tacacs+SR-16 Aaa accounting command AccountingSR-17 SR-18 List named listname2 on a line template named configureAuthorization Authorization commandSR-19 SR-20 Listname4 on a line template named configureDeadtime server-group configuration Deadtime minutes no deadtimeSR-21 SR-22 Related Commands DescriptionDescription AAA Description string No descriptionSR-23 SR-24 TaskgroupSR-25 GroupSR-26 Task ID ExamplesSR-27 Inherit taskgroupSR-28 Inherit usergroup Inherit usergroup usergroup-nameSR-29 SR-30 Sales user groupLogin authentication Authentication login commandSR-31 SR-32 Password AAA Password 0 7 password No password 0 7 passwordSR-33 SR-34 SR-35 Radius-server dead-criteria timeSR-36 SR-37 Radius-server dead-criteria triesSR-38 Dead-criteria timeRadius-server deadtime Radius-server deadtime minutes No radius-server deadtimeSR-39 SR-40 SR-41 Timeout secondsRadius-server host Retransmit retriesSR-42 SR-43 SR-44 Radius-server keySR-45 Specifies a Radius server hostSR-46 Radius-server retransmitRadius-server timeout Radius-server timeout seconds No radius-server timeoutSR-47 SR-48 Radius source-interfaceSR-49 Outgoing Radius packetsSecret Secret 0 5 secret no secret 0 5 secretSR-50 SR-51 SR-52 Server RadiusSR-53 SR-54 Server TACACS+SR-55 Groups different TACACS+ server hosts into distinct listsSR-56 Show aaaAaa usergroup operator SR-57SR-58 SR-59 Displays task IDs enabled for the currently logged-in userSR-60 If no radius servers are configured, no output is displayedShow radius Show radiusSR-61 Field DescriptionShow radius accounting Show radius accountingSR-62 SR-63 Show radius authenticationShow radius authentication Show radius authenticationSR-64 SR-65 Show radius accountingShow radius client Show radius clientSR-66 SR-67 SR-68 Show radius dead-criteriaSR-69 SR-70 No default behavior or valuesShow radius server-groups Show radius server-groupsSR-71 Field DescriptionShow tacacs Show tacacsSR-72 SR-73 Show tacacs server-groups Show tacacs server-groupsSR-74 SR-75 Show task supported Show task supportedSR-76 Ouni pkg-mgmt pos-dpt ppp SR-77SR-78 Show userUser all SR-79SR-80 SR-81 SR-82 Tacacs-server hostSR-83 Tacacs-server key Tacacs-server key key-nameno tacacs-server keySR-84 SR-85 Specifies a TACACS+ hostTacacs-server timeout Tacacs-server timeout seconds No tacacs-server timeoutSR-86 SR-87 Tacacs source-interfaceSR-88 Aaa group server radiusDebug TaskWrite ExecuteSR-90 SR-91 TaskgroupCreates a task group description in task configuration mode Adds a task ID to a task groupSR-92 SR-93 Timeout login responseSR-94 Enables AAA authentication for loginsSR-95 UsergroupSR-96 Creates a description of a task group during configurationSR-97 UsernameSR-98 Defines a method list for authenticationCreates a login password for a user Adds a user to a groupSR-99 Users groupSR-100 Given operator privileges