10-17
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
Chapter 10 Configuring Switch-Based Authentication Controlling Switch Access with RADIUS

Starting TACACS+ Accounting

The AAA accounting feature tracks the services that users are accessing and the amount of network
resources that they are consuming. When AAA accounting is enabled, the switch reports user activity to
the TACACS+ security server in the form of accounting records. Each accounting record contains
accounting attribute-value (AV) pairs and is stored on the security server. This data can then be analyzed
for network management, client billing, or auditing.
Beginning in privileged EXEC mode, follow these steps to enable TACACS+ accounting for each Cisco
IOS privilege level and for network services:
To disable accounting, use the no aaa accounting {network | exec} {start-stop} method1... global
configuration command.

Displaying the TACACS+ Configuration

To display TACACS+ server statistics, use the show tacacs privileged EXEC command.
Controlling Switch Access with RADIUS
This section describes how to enable and configure the RADIUS, which provides detailed accounting
information and flexible administrative control over authentication and authorization processes.
RADIUS is facilitated through AAA and can be enabled only through AAA commands.
Note For complete syntax and usage information for the commands used in this section, see the Cisco IOS
Security Command Reference, Release 12.2.
These sections contain this configuration information:
Understanding RADIUS, page 10-18
RADIUS Operation, page 10-19
RADIUS Change of Authorization, page 10-19
Configuring RADIUS, page 10-26
Displaying the RADIUS Configuration, page 10-39
Command Purpose
Step 1 configure terminal Enter global configuration mode.
Step 2 aaa accounting network start-stop
tacacs+ Enable TACACS+ accounting for all network-related service requests.
Step 3 aaa accounting exec start-stop tacacs+ Enable TACACS+ accounting to send a start-record accounting notice at
the beginning of a privileged EXEC process and a stop-record at the end.
Step 4 end Return to privileged EXEC mode.
Step 5 show running-config Verify your entries.
Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file.