We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is Why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 617 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

 

378 New Members signed up the last 30 days!

satisfaction-guaranteed

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: , ,


Forum Replies

  1. Hello Laz,
    Would you please explain the functionalities of the below commands at your convenient time? Thank you so much in advance.

    aaa accounting exec default start-stop group tacacs+ 
    aaa accounting commands 1 default stop-only group tacacs+ 
    aaa accounting commands 15 default stop-only group tacacs+
    aaa accounting connection default start-stop group tacacs+ 
    aaa accounting system default start-stop group tacacs+ 
    

    Best Regards,
    Az

  2. Hello Azm!

    All of these commands involve the accounting of users connecting to the device as well as of events that occur on the device. Specifically, accounting management in this context is a mechanism that allows you to track individual and group usage of network resources. The different commands above configure what, how and when this information is recorded. Accounting information can be stored locally on the device, but more commonly is sent to an AAA (Authentication, Authorization and Accounting) server.

    You can find detailed information about the aaa accounting commands and keywords here.

    However, I will briefly explain the above commands:

    First of all, the start-stop and stop-only keywords indicate to the device when to send accounting information to the AAA server, either at both the beginning and end of a process or command, or only at the end.

    The group tacacs+ keywords indicate the list of TACACS+ servers
    to be used for AAA which are those found in the aaa group server tacacs+ command.

    The default keyword just states that the keywords that follow will be the default parameters used for the accounting mechanism.

    Now for the commands themselves:

    aaa accounting exec default start-stop group tacacs+
    This command activates accounting on all EXEC shell sessions (any commands entered after the enable command) and sends accounting information at the beginning and end of each command/process to the server indicated by group tacacs+.

    aaa accounting commands 1 default stop-only group tacacs+
    This command activates accounting on all commands entered at privilege level 1 and sends accounting information at the end of each command/process to the server indicated by group tacacs+.

    aaa accounting commands 15 default stop-only group tacacs+
    This command activates accounting on all commands entered at privilege level 15 and sends accounting information at the end of each command/process to the server indicated by group tacacs+.

    aaa accounting connection default start-stop group tacacs+
    This command activates accounting on all outbound connections made from the device such as telnet and others and sends accounting information at the beginning and end of each command/process to the server indicated by group tacacs+.

    aaa accounting system default start-stop group tacacs+
    This command activates accounting for for all system-level events not associated with users, such as reloads. Accounting information is sent at the beginning and end of each process to the server indicated by group tacacs+.

    I hope this has been helpful!

    Laz

  3. Hello Azm

    All of these commands indicate to the device when and under what circumstances accounting notices will be sent to an accounting server. The keywords used indicate this information as follows:

    * connection - indicates that all outbound connections made from the network access server such as TELNET will be recorded
    * default - Uses the listed accounting methods that follow this argument as the default list of methods for accounting services
    * start-stop - sends a “start” and a “stop” accounting notice to the accounting server at the beginning AND at the end of a process initiated by CLI commands
    * exec - Creates a method list to provide accounting records about user EXEC terminal sessions on the network access server, including username, date, and start and stop times.
    * group group-name - The group or list of servers (Radius or TACACS) that will be used as accounting servers.

    You can find much more detail within Cisco’s documentation for accounting.

    I hope this has been helpful!

    Laz

  4. What if I wanted to move a subset of the enable commands down to a lower privilege level for some basic commands that could be used by a system administrator. I have an account enable 10 and have assigned commands to that privilege level so a system administrator can login with enable 10 and not have access to full list of enable commands. How would the configuration of the switch and the freeradius differ from what was shown in the video?

    Thanks,

    Michael

14 more replies! Ask a question or join the discussion by visiting our Community Forum