60-10
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 60 Router Device Administration
AAA Policy Page
Field Reference
AAA Page—Accounting Tab
Use the Accounting tab of the AAA page to define the type of accounting services to enable on the device
and the methods to use for each type. Security Manager supports the following types of accounting:
Connection—Records information about all outbound connections made from this device.
EXEC—Records information about user EXEC sessions on the devices, including the username,
date, start and stop times, and the IP address.
Command—Records information about the EXEC commands executed on the device by users with
specific privilege levels.
In addition, you use the Accounting page to determine when accounting records should be generated and
whether they should be broadcast to more than one AAA server.
Note You can use the method lists defined in this policy on the console and VTY lines that are used to
communicate with the device. See Console Policy Page, page 60-42 and VTY Line Dialog
Box—Authentication Tab, page60-55.
Navigation Path
Go to the AAA Policy Page, page 60-6, then click the Accounting tab.
Related Topics
Defining AAA Services, page 60-4
Supported Accounting Types, page60-3
Understanding Method Lists, page 60-3
AAA Server Group Dialog Box, page 6-46
Filtering Tables, page1-45
Table60-4 Command Authorization Dialog Box
Element Description
Privilege Level The privilege level for which you want to define a command accounting
list. Valid values range from 0 to 15.
Prioritized Method List Defines a sequential list of methods to be used when authorizing a user.
Enter the names of one or more AAA server group objects (up to four),
or click Select to select them. Use the up and down arrows in the object
selector to define the order in which the selected server groups should
be used. If the object that you want is not listed, click the Create button
to create it.
The device tries initially to authorize users using the first method in the
list. If that method fails to respond, the device tries the next method,
and so on, until a response is received.
Supported methods include TACACS+, Local, and None.
Note If you select None as a method, it must appear as the last
method in the list.