AAA Accounting Setup

Sometimes a corporation wishes to keep track of which resources individuals or groups use. Examples of this include when the IS department charges other departments for access, or one company provides internal support to another company. For whatever reason you choose, AAA accounting gives the ability to track usage, such as dial-in access; the ability to log the data gathered to a database; and the ability to produce reports on the data gathered.

Although accounting is generally considered a network management or financial management issue, it is looked at briefly here because it is so closely linked with security. One security issue that accounting can address is creating a list of users and the time of day they choose to dial into the system. If, for example, the administrator knows that a worker logs onto the system in the middle of the night, this information can be used to further investigate the purpose of the login.

Another reason to implement accounting is to create a list of changes occurring on the network, who made the changes, and the exact nature of the changes. Knowing this information helps in the troubleshooting process if the changes cause unexpected results.

AAA accounting is started with the aaa accounting command. Note that AAA accounting is currently supported only on TACACS+ and RADIUS servers. The full syntax of the aaa accounting command follows:

						aaa accounting
						event-type {default | list-name}
    {start-stop | wait-start | stop-only | none} method1 [method2]

event-type can be one of the event types shown in Table 10-6.

Table 10-6. AAA Accounting Event Types
Event Type Description
command {level} Applies to all commands for the optionally specified level
connection Applies to all outbound connections, including LAT, PAD, and so on
exec Runs accounting for all user shell EXEC commands
network Runs accounting for all network-related service requests such as PPP and ARAP
system Runs accounting for system-related events that are not associated with users, for example, a reload command

As with AAA authentication, either the keyword default or a list name is used. Next, the trigger is entered. The trigger specifies what actions cause accounting records to be updated. The list of possible triggers and their meanings is shown in Table 10-7.

Table 10-7. AAA Authentication Triggers
Trigger Description
none Stops accounting on this interface.
start-stop The accounting record is sent as soon as a session begins. This is in contrast to wait-start. Another accounting record (which includes the session statistics) is sent as soon as the session ends.
stop-only A record is sent only when the session ends. This record includes the session statistics.
wait-start The accounting record is sent when an acknowledgment is received from the server that a session has started. This is in contrast to start-stop. Another accounting record (which includes the session statistics) is sent as soon as the session ends.

The parameters method1 and method2 have only two possible values: tacacs+ and radius. Using tacacs+ uses a TACACS+ server, while radius uses a RADIUS server.

An example of using AAA accounting follows:

aaa new-model
!Set up for AAA

tacacs-server host 172.30.1.50
!The TACACS+ server is at 172.30.1.50

tacacs-server key mysecretkey
!Use the encrypted keys

aaa accounting exec start-stop tacacs+
!Start accounting whenever an exec command is issued

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.133.151.144