index_142
Router Security Configuration Guide
UNCLASSIFIED
142
UNCLASSIFIED
Version 1.0g
Routers send their accounting records to the security server for storage. Information
in an accounting record includes the users identity, the usage start and stop times,
number of packets and bytes, and the command that was executed. AAA accounting
can only use the TACACS+ or RADIUS security servers for record logging.
As with authentication and authorization, you configure AAA accounting by defining
a list of accounting methods. If the list was a named list then it must be applied to
the appropriate lines and interfaces. The list will define the list of accounting
methods for the indicated accounting type. For an accounting type, if a default list is
not defined and a named list is not applied to the line then no accounting will occur
for that type on that line.
There are several types of accounting which can be turned on: exec, network,
connection, command, system. All types are supported by TACACS+, but RADIUS
does not support command or system.
§ network accounting Provides information for PPP, SLIP, and ARAP
protocols. The information includes the number of packets and bytes.
§ EXEC accounting Provides information about user EXEC sessions on
the network access server. The information includes the username, date,
start and stop times, IP address of access server, and telephone number the
call originated from for dial in users.
§ connection accounting Provides information about all outbound
connections made from the network access server. This includes telnet,
rlogin, etc. (local-area transport (LAT), TN3270, packet
assembler/disassembler (PAD)).
§ commands This applies to commands which are entered in an EXEC
shell. This option will apply accounting to all commands issued at the
specified privilege level. If accounting is turned on for level 15 and user
logged in at enable level 15 runs a level 1 exec command no audit event
will be generated. Account records are generated based upon the level of
the command not the level of the user. Accounting records will include
the command, date, time, and the user. Cisco's implementation of
RADIUS does not support command accounting.
§ system Provides information about system-level events. This would
include information like system reboots, accounting being turned on or off,
etc. Note that system accounting will only use the default list. Ciscos
implementation of RADIUS does not support system accounting.
AAA accounting requires that AAA is enabled, security servers are defined, and that
a security server is specified for each accounting type which is desired. Each
accounting record is comprised of accounting AV pairs and is stored on the access
control server. Accountin g can also be configured such that a user requested action
can not occur until an acknowledgement is received from the security server stating
that the accounting record has been saved.