We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 646 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

479 Sign Ups in the last 30 days

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: , ,

Forum Replies

  1. Hello Azm!

    All of these commands involve the accounting of users connecting to the device as well as of events that occur on the device. Specifically, accounting management in this context is a mechanism that allows you to track individual and group usage of network resources. The different commands above configure what, how and when this information is recorded. Accounting information can be stored locally on the device, but more commonly is sent to an AAA (Authentication, Authorization and Accounting) server.

    You can find detailed information about the aaa

    ... Continue reading in our forum

  2. Hello Azm

    Let’s say I have a router on site and I want to keep track of all of the command line activity. Specifically, I want to monitor all of the commands that are entered in the executive mode command line and the processes they invoke. Since I have a TACACS+ server on site, I decide to use that as my accounting server. (I can use RADIUS as well). Lets say I have two TACACS+ servers at and

    The first thing I would do is create an AAA group called my_server_group using the following commands:

    aaa group server tacacs+ my_server_gro
    ... Continue reading in our forum

  3. Hello Azm

    Yes, that is essentially correct. The first one uses the mode as the criterion for recording the commands while the other two use the criterion of the privilege level of specific commands for recording.

    Note also that the first command records both the beginning and the end of the process that is initiated by the commands (start-stop) while the other two record only the termination of the process (stop-only).

    I hope this has been helpful!


  4. Hi Justin,

    RADIUS encrypts the password in access request packets but that’s it. Other stuff like the username is left unencrypted.

    TACACS+ does encrypt the entire packet (but not the header).


22 more replies! Ask a question or join the discussion by visiting our Community Forum