Reference Guide
Security | 781
Suppress AAA Accounting for null username sessions
When AAA Accounting is activated, the FTOS software issues accounting records for all users on the
system, including users whose username string, because of protocol translation, is NULL. An example of
this is a user who comes in on a line where the AAA Authentication
login method-list none command is
applied. To prevent accounting records from being generated for sessions that do not have usernames
associated with them, perform the following task in
CONFIGURATION mode:
Configure Accounting of EXEC and privilege-level command usage
The network access server monitors the accounting functions defined in the TACACS+ attribute/value
(AV) pairs.
In the following sample configuration, AAA accounting is set to track all usage of EXEC commands and
commands on privilege level 15.
System accounting can use only the default method list:
aaa accounting system default start-stop tacacs+
Configure AAA Accounting for terminal lines
Use the following commands to enable accounting with a named method list for a specific terminal line
(where com15 and execAcct are the method list names):
Monitor AAA Accounting
FTOS does not support periodic interim accounting, because the periodic command can cause heavy
congestion when many users are logged in to the network.
Command Syntax Command Mode Purpose
aaa accounting suppress
null-username
CONFIGURATION Prevent accounting records from being generated for
users whose username string is NULL
FTOS(conf)#aaa accounting exec default start-stop tacacs+
FTOS(conf)#aaa accounting command 15 default start-stop tacacs+
FTOS(config-line-vty)# accounting commands 15 com15
FTOS(config-line-vty)# accounting exec execAcct