We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is Why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 622 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)


422 New Members signed up the last 30 days!


100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: , ,

Forum Replies

  1. Hello Laz,
    Would you please explain the functionalities of the below commands at your convenient time? Thank you so much in advance.

    aaa accounting exec default start-stop group tacacs+ 
    aaa accounting commands 1 default stop-only group tacacs+ 
    aaa accounting commands 15 default stop-only group tacacs+
    aaa accounting connection default start-stop group tacacs+ 
    aaa accounting system default start-stop group tacacs+ 

    Best Regards,

  2. Hello Azm!

    All of these commands involve the accounting of users connecting to the device as well as of events that occur on the device. Specifically, accounting management in this context is a mechanism that allows you to track individual and group usage of network resources. The different commands above configure what, how and when this information is recorded. Accounting information can be stored locally on the device, but more commonly is sent to an AAA (Authentication, Authorization and Accounting) server.

    You can find detailed information about the aaa

    ... Continue reading in our forum

  3. Hello Azm

    Let’s say I have a router on site and I want to keep track of all of the command line activity. Specifically, I want to monitor all of the commands that are entered in the executive mode command line and the processes they invoke. Since I have a TACACS+ server on site, I decide to use that as my accounting server. (I can use RADIUS as well). Lets say I have two TACACS+ servers at and

    The first thing I would do is create an AAA group called my_server_group using the following commands:

    aaa group server tacacs+ my_server_gro
    ... Continue reading in our forum

  4. Hi Justin,

    RADIUS encrypts the password in access request packets but that’s it. Other stuff like the username is left unencrypted.

    TACACS+ does encrypt the entire packet (but not the header).


16 more replies! Ask a question or join the discussion by visiting our Community Forum