|
|
This chapter explains the function and syntax of the accounting commands. For more information about defaults and usage guidelines, see the corresponding chapter of the Cisco IOS Security Command Reference, Release 12.1.
Syntax Description
system Performs accounting for all system-level events not associated with users, such as reloads. network Runs accounting for all network-related service requests, including SLIP, PPP, PPP NCPs, and ARA. exec Runs accounting for EXEC session (user shells). This keyword might return user profile information such as autocommand information. connection Provides information about all outbound connections made from the network access server, such as Telnet, local-area transport (LAT), TN3270, packet assembler/disassembler (PAD), and rlogin. commands Runs accounting for all commands at the specified privilege level. level Specific command level to track for accounting. Valid entries are 0 through 15. default Uses the listed accounting methods that follow this argument as the default list of methods for accounting services. list-name Character string used to name the list of accounting methods. start-stop Sends a start accounting notice at the beginning of a process and a stop accounting notice at the end of a process. The start accounting record is sent in the background. The requested user process begins regardless of whether the start accounting notice was received by the accounting server. stop-only Sends a stop accounting notice at the end of the requested user process. none Disables accounting services on this line or interface. method1 [method2...] At least one of the keywords described in Table 39.
Table 39 describes method keywords.
| Keyword | Description |
|---|---|
group radius | Uses the list of all RADIUS servers for authentication. |
group tacacs+ | Uses the list of all TACACS+ servers for authentication. |
group group-name | Uses a subset of RADIUS or TACACS+ servers for authentication as defined by the aaa group server radius or aaa group server tacacs+ command. |
To define the accounting method list H.323 with RADIUS as a method with either stop-only or start-stop accounting options, use the aaa accounting connection h323 command in global configuration mode. Use the no form of this command to disable the use of this accounting method list.
aaa accounting connection h323 {stop-only | start-stop} radius
Syntax Description
stop-only Sends a stop accounting notice at the end of the requested user process. start-stop Sends a start accounting notice at the beginning of a process and a stop accounting notice at the end of a process. The start accounting record is sent in the background. The requested user process begins regardless of whether the start accounting notice was received by the accounting server. radius Use only the RADIUS security protocol with this command.
To specify that NETWORK records be generated, or nested, within EXEC start and stop records for PPP users who start EXEC terminal sessions, use the aaa accounting nested command in global configuration mode. Use the no form of this command to allow sending records for users with a NULL username.
aaa accounting nestedSyntax Description
This command has no arguments or keywords.
To generate accounting stop records for users who fail to authenticate at login or during session negotiation, use the aaa accounting send stop-record authentication failure command in global configuration mode. Use the no form of this command to stop generating records for users who fail to authenticate at login or during session negotiation.
aaa accounting send stop-record authentication failureSyntax Description
This command has no arguments or keywords.
Syntax Description
This command has no arguments or keywords.
Syntax Description
newinfo Causes an interim accounting record to be sent to the accounting server whenever there is new accounting information to report relating to the user in question. periodic Causes an interim accounting record to be sent to the accounting server periodically, as defined by the argument number. number Integer specifying number of minutes.
To map a Dialed Number Information Service (DNIS) number to a particular authentication, authorization, and accounting (AAA) server group (this server group will be used for AAA accounting), use the aaa dnis map accounting network group command in global configuration mode. To remove DNIS mapping from the named server group, use the no form of this command.
aaa dnis map dnis-number accounting network [none | start-stop | stop-only] group server-group-name
Syntax Description
dnis-number Number of the DNIS. none (Optional) Indicates that the defined security server group will not send accounting notices. start-stop (Optional) Indicates that the defined security server group will send a start-accounting notice at the beginning of a process and a stop-accounting notice at the end of a process. The start-accounting record is sent in the background. (The requested user process begins regardless of whether the start accounting notice was received by the accounting server.) stop-only (Optional) Indicates that the defined security server group will send a stop-accounting notice at the end of the requested user process. server-group-name Character string used to name a group of security servers associated in a server group.
Syntax Description
arap Enables accounting on line(s) configured for AppleTalk Remote Access (ARA) protocol. commands Enables accounting on the selected line(s) for all commands at the specified privilege level. level Specifies the command level to track for accounting. Valid entries are 0 through 15. connection Enables both CHAP and PAP, and performs PAP authentication before CHAP. exec Enables accounting for all system-level events not associated with users, such as reloads on the selected line(s). default (Optional) The name of the default method list, created with the aaa accounting command. list-name (Optional) Specifies the name of a list of accounting methods to use. If no list name is specified, the system uses the default. The list is created with the aaa accounting command.
To enable the accounting on the gatekeeper, use the accounting command in gatekeeper configuration mode. To disable accounting, use the no form of this command.
accountingSyntax Description
This command has no arguments or keywords.
Syntax Description
default (Optional) The name of the method list is created with the aaa accounting command. list-name (Optional) Specifies the name of a list of accounting methods to use. If no list name is specified, the system uses the default. The list is created with the aaa accounting command.
To step through all active sessions and to print all the accounting records for actively accounted functions, use the show accounting command in EXEC mode. Use the no form of this command to disable viewing and printing accounting records.
show accounting {system | network | exec | command level} {start-stop | stop-only} group tacacs+
Syntax Description
system Displays accounting for all system-level events not associated with users, such as reloads. network Displays accounting for all network-related service requests, including SLIP, PPP, PPP NCPs, and ARA. exec Displays accounting for EXEC session (user shells). This keyword might return user profile information such as autocommand information. command Displays accounting for all commands at the specified privilege level. level Specifies the command level to display. Valid entries are 0 through 15. start-stop Displays a start record accounting notice at the beginning of a process and a stop record at the end of a process. The start accounting record is sent in the background. The requested user process begins regardless of whether the start accounting record was received by the accounting server. stop-only Displays a stop record accounting notice at the end of the requested user process. group tacacs+ Displays the TACACS-style accounting.
Posted: Wed Jul 26 16:04:34 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.