We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is Why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 549 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

 

299 New Members signed up the last 30 days!

 
satisfaction-guaranteed

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: , ,


Notable Replies

  1. Hello Laz,
    Would you please explain the functionalities of the below commands at your convenient time? Thank you so much in advance.

    aaa accounting exec default start-stop group tacacs+ 
    aaa accounting commands 1 default stop-only group tacacs+ 
    aaa accounting commands 15 default stop-only group tacacs+
    aaa accounting connection default start-stop group tacacs+ 
    aaa accounting system default start-stop group tacacs+

    Best Regards,
    Az

  2. Hello Azm!

    All of these commands involve the accounting of users connecting to the device as well as of events that occur on the device. Specifically, accounting management in this context is a mechanism that allows you to track individual and group usage of network resources. The different commands above configure what, how and when this information is recorded. Accounting information can be stored locally on the device, but more commonly is sent to an AAA (Authentication, Authorization and Accounting) server.

    You can find detailed information about the aaa accounting commands and keywords here.

    However, I will briefly explain the above commands:

    First of all, the start-stop and stop-only keywords indicate to the device when to send accounting information to the AAA server, either at both the beginning and end of a process or command, or only at the end.

    The group tacacs+ keywords indicate the list of TACACS+ servers
    to be used for AAA which are those found in the aaa group server tacacs+ command.

    The default keyword just states that the keywords that follow will be the default parameters used for the accounting mechanism.

    Now for the commands themselves:

    aaa accounting exec default start-stop group tacacs+
    This command activates accounting on all EXEC shell sessions (any commands entered after the enable command) and sends accounting information at the beginning and end of each command/process to the server indicated by group tacacs+.

    aaa accounting commands 1 default stop-only group tacacs+
    This command activates accounting on all commands entered at privilege level 1 and sends accounting information at the end of each command/process to the server indicated by group tacacs+.

    aaa accounting commands 15 default stop-only group tacacs+
    This command activates accounting on all commands entered at privilege level 15 and sends accounting information at the end of each command/process to the server indicated by group tacacs+.

    aaa accounting connection default start-stop group tacacs+
    This command activates accounting on all outbound connections made from the device such as telnet and others and sends accounting information at the beginning and end of each command/process to the server indicated by group tacacs+.

    aaa accounting system default start-stop group tacacs+
    This command activates accounting for for all system-level events not associated with users, such as reloads. Accounting information is sent at the beginning and end of each process to the server indicated by group tacacs+.

    I hope this has been helpful!

    Laz

  3. Hello Laz,
    Thank you for your reply. However, still it's little bit fuzzy to me. Would you please break it down once again with a real life example? Thank you again.

    Best Regards,
    Azm Uddin

  4. Hello Azm

    Let's say I have a router on site and I want to keep track of all of the command line activity. Specifically, I want to monitor all of the commands that are entered in the executive mode command line and the processes they invoke. Since I have a TACACS+ server on site, I decide to use that as my accounting server. (I can use RADIUS as well). Lets say I have two TACACS+ servers at 10.10.10.31 and 10.10.10.32.

    The first thing I would do is create an AAA group called my_server_group using the following commands:

    aaa group server tacacs+ my_server_group 
      server 10.10.10.31
      server 10.10.10.32

    Next, I would issue the following command to initiate accounting:

    aaa accounting exec default start-stop group my_server_group

    So, every time someone logs in to the command line and types enable every additional command is sent to the accounting server and is recorded. For example, if I entered the command line and entered:

    show running-config

    the router would send the following information to the configured TACACS+ server:

    Time of command, issuer of command (user name), the command itself, time when the process has been completed.

    Note that the start-stop keyword will send two times to the accounting server, the time the process was initiated, that is, when the command was entered, and the time when the process completed. The stop-only keyword can be used to give only the time of the ending of the process. Most processes are almost instantaneous, however, some may take seconds or even tens of seconds depending on the command.

    So the TACACS+ server will accumulate a log of all of these events, their times and their details so that in the future, if the network goes down because of a mistake in command line commands, you can know who to blame :slight_smile:.

    The other commands are just permutations of this command and just changes what is recorded and how it is recorded.

    I hope this has been helpful!

    Laz

Continue the discussion forum.networklessons.com

Participants