Reference Guide

ManualsBrandsDell ManualsComputer equipmentNetworking Z9500

661

662

663

664

665

666

667

668

669

670

○ wait-start: ensures that the TACACS+ security server acknowledges the start notice before granting the user's

process request.

○ stop-only: use for minimal accounting; instructs the TACACS+ server to send a stop record accounting notice at the

end of the requested user process.

○ tacacs+: designate the security service. The system supports only TACACS+.

Suppressing AAA Accounting for Null Username Sessions

When you activate AAA accounting, the system issues accounting records for all users on the system, including users whose

username string, because of protocol translation, is NULL.

An example of this is a user who comes in on a line where the AAA authentication login method-list none command is

applied. To prevent accounting records from being generated for sessions that do not have usernames associated with them,

use the following command.

● Prevent accounting records from being generated for users whose username string is NULL.

CONFIGURATION mode

aaa accounting suppress null-username

Configuring Accounting of EXEC and Privilege-Level Command Usage

The network access server monitors the accounting functions defined in the TACACS+ attribute/value (AV) pairs.

● Configure AAA accounting to monitor accounting functions defined in TACACS+.

CONFIGURATION mode

aaa accounting system default start-stop tacacs+

aaa accounting command 15 default start-stop tacacs+

System accounting can use only the default method list.

In the following sample configuration, AAA accounting is set to track all usage of EXEC commands and commands on privilege

level 15.

Dell(conf)#aaa accounting exec default start-stop tacacs+

Dell(conf)#aaa accounting command 15 default start-stop tacacs+

Configuring AAA Accounting for Terminal Lines

To enable AAA accounting with a named method list for a specific terminal line (where com15 and execAcct are the method list

names), use the following commands.

● Configure AAA accounting for terminal lines.

CONFIG-LINE-VTY mode

accounting commands 15 com15

accounting exec execAcct

Dell(config-line-vty)# accounting commands 15 com15

Dell(config-line-vty)# accounting exec execAcct

Monitoring AAA Accounting

The system does not support periodic interim accounting because the periodic command can cause heavy congestion when

many users are logged in to the network.

No specific show command exists for TACACS+ accounting.

To obtain accounting records displaying information about users currently logged in, use the following command.

● Step through all active sessions and print all the accounting records for the actively accounted functions.

662

Security