60-13
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 60 Router Device Administration
User Accounts and Device Credentials on Cisco IOS Routers
User Accounts and Device Credentials on Cisco IOS Routers
Accounts and credential policies define the contact information for accessing the router, including the
privilege level provided to each user account. You can configure as many user accounts as required.
However, the user account that Security Manager uses to connect to the router is always the one
configured in the Device Properties page.
Additionally, you use device access policies to define the enable or enable secret password required to
access privileged EXEC mode. This is the mode required to make any configuration changes on the
router.
Generate Accounting
Records for
Defines when the device sends an accounting notice to the accounting
server:
• Start and Stop—Generates accounting records at the beginning and
the end of the user process. The user process begins regardless of
whether the accounting server receives the “start” accounting
record.
• Stop Only—Generates an accounting record at the end of the user
process only.
• None—No accounting records are generated.
Prioritized Method List Defines a sequential list of methods to be used when creating
accounting records for a user. Enter the names of one or more AAA
server group objects (up to 10 for IOS 12.4(22)T+, otherwise up to
four), or click Select to select them. Use the up and down arrows in the
object selector to define the order in which the selected server groups
should be used. If the object that you want is not listed, click the Create
button to create it.
The device tries initially to perform accounting using the first method
in the list. If that method fails to respond, the device tries the next
method, and so on, until a response is received.
TACACS+ is the only supported method, but you can select multiple
AAA server groups configured with TACACS+.
Note If you select None as a method, it must appear as the last
method in the list.
Enable Broadcast to Multiple
Servers
When selected, enables the sending of accounting records to multiple
AAA servers. Accounting records are sent simultaneously to the first
server in each AAA server group defined in the method list. If the first
server is unavailable, failover occurs using the backup servers defined
within that group.
When deselected, accounting records are sent only to the first server in
the first AAA server group defined in the method list.
Table 60-6 Command Accounting Dialog Box (Continued)
Element Description