Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsC9010 Modular Chassis Switch

791

792

793

794

795

796

797

798

799

800

Configuration Task List for AAA Accounting

The following sections present the AAA accounting configuration tasks.

• Enabling AAA Accounting (mandatory)

• Suppressing AAA Accounting for Null Username Sessions (optional)

• Configuring Accounting of EXEC and Privilege-Level Command Usage (optional)

• Configuring AAA Accounting for Terminal Lines (optional)

• Monitoring AAA Accounting (optional)

Enabling AAA Accounting

The aaa accounting command allows you to create a record for any or all of the accounting functions monitored.

To enable AAA accounting, use the following command.

• Enable AAA accounting and create a record for monitoring the accounting function.

CONFIGURATION mode

aaa accounting {dot+x | system | exec | command level} {default | name} {start-stop | wait-

start | stop-only} {tacacs+}

The variables are:

• system: sends accounting information of any other AAA configuration.

• dot1x: Enter the keyword dot1x for dot1x events.

• exec: sends accounting information when a user has logged in to EXEC mode.

• command level: sends accounting of commands executed at the specified privilege level.

• default | name: enter the name of a list of accounting methods.

• start-stop: use for more accounting information, to send a start-accounting notice at the beginning of the requested event

and a stop-accounting notice at the end.

• wait-start: ensures that the TACACS+ security server acknowledges the start notice before granting the user's process

request.

• stop-only: use for minimal accounting; instructs the TACACS+ server to send a stop record accounting notice at the end of the

requested user process.

• tacacs+: designate the security service. The system supports only TACACS+.

Example

Dell(conf)#aaa accounting dot1x default start-stop tacacs+

Dell(conf)# tacacs-server host server-address key key

Suppressing AAA Accounting for Null Username Sessions

When you activate AAA accounting, the system issues accounting records for all users on the system, including users whose username

string, because of protocol translation, is NULL.

An example of this is a user who comes in on a line where the AAA authentication login method-list none command is applied. To

prevent accounting records from being generated for sessions that do not have usernames associated with them, use the following

command.

• Prevent accounting records from being generated for users whose username string is NULL.

CONFIGURATION mode

aaa accounting suppress null-username

Configuring Accounting of EXEC and Privilege-Level Command Usage

The network access server monitors the accounting functions defined in the TACACS+ attribute/value (AV) pairs.

• Configure AAA accounting to monitor accounting functions defined in TACACS+.

CONFIGURATION mode

aaa accounting system default start-stop tacacs+

aaa accounting command 15 default start-stop tacacs+

System accounting can use only the default method list.

796

Security