Filter
Top Products
60-3
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 60 Router Device Administration
AAA on Cisco IOS Routers
Supported Accounting Types
AAA accounting enables you to track the services the users are accessing and the amount of network
resources that they are consuming. Security Manager supports the following accounting types:
• Connection—Records information about all outbound connections made from this device, such as
Telnet, local-area transport (LAT), TN3270, packet assembler/disassembler (PAD), and rlogin
connections.
For example, a RADIUS connection accounting record for an outbound Telnet connection includes
such information as the port and IP address of the network access server (NAS), the start and end
times of the connection, the identity of the user, and the number of packets that were transmitted
during the session.
• EXEC—Records information about user EXEC (CLI) sessions on the devices, including the
username, date, start and stop times, and the IP address of the NAS. For dial-in users, the record
includes the telephone number from which the call originated.
• Command—Records information about the EXEC commands executed on the device by users with
specific privilege levels. Each command accounting record includes a list of the commands executed
for that privilege level, the date and time each command was executed, and the name of the user who
executed it.
For each accounting type, you can choose whether you want to generate an accounting record at the start
and end of each user session or only at the end.
When AAA accounting is enabled, the router sends accounting records of user activity to the TACACS+
or RADIUS security server. Each accounting record contains accounting attribute-value (AV) pairs and
is stored on the security server. This data can later be analyzed for network management, client billing,
and auditing purposes.
Related Topics
• Supported Accounting Types, page 60-3
• Understanding Method Lists, page 60-3
• Defining AAA Services, page 60-4
• AAA on Cisco IOS Routers, page 60-2
Understanding Method Lists
A method list is a sequential list describing the methods to use to perform a particular AAA function. In
Security Manager, you define method lists by selecting AAA server groups, which are reusable objects
that typically contain one or more AAA servers running the same protocol, such as RADIUS or
TACACS+. Method lists enable you to designate one or more security protocols to be used for each AAA
function, thus ensuring a backup system if the initial method fails.
Note Security Manager also contains predefined AAA server group objects for using the enable password or
a local database. See Predefined AAA Authentication Server Groups, page 6-28.
For each AAA function, the device initially uses the first method defined in the list. If that method fails
to respond, the device selects the next method in the list. This process continues until there is successful
communication with a listed method, or all methods defined in the method list are exhausted.