HostedDB - Dedicated UNIX Servers

index_148
Router Security Configuration Guide UNCLASSIFIED 148 UNCLASSIFIED Version 1.0g servers.  Periodic generates more accounting records than newinfo since it will also include interim reports on actions in progress. § (line): accounting {arap | commands level | connection | exec} [default | list-name] can be used to apply different accounting services and le vels to different lines. § show accounting {system | network | exec | commands level} {start-stop | wait-start | stop-only} tacacs+ command can be used to show active connection information.  This is not a configuration command but is worth mention. AAA allows for four levels of accounting as set by the aaa accounting command: § start-stop accounting sends records when the accounting type starts and stops.  This is all done in the background and the user process will continue regardless of the outcome of the accounting attempt. § wait-start accounting sends an accounting record at the start and stop of each specified type.  In this case the user process can not continue, and will actually be terminated, if the start accounting record can not be recorded.  If the start record is sent and acknowledged the user process can continue and at the end a stop accounting record will also be sent. § stop-only sends an accounting record at the end user process which is of an accountable type. § none specifies that no accounting records will be generated for a particular accounting type. Important:  if wait-start accounting is specified on an interface or line and no security server is available for receiving the accounting record then the user process using that interface or line will be locked out.  So don't use wait-start on the console line!  A basic recommendation would be to use wait-start for remote users and start-stop for local users.  For command accounting stop-only will provide the necessary coverage and will greatly reduce the number of accounting records. As mentioned earlier Cisco's RADIUS implementation does not support system and command accounting.  Therefore, there are two basic scenarios for accounting depending upon which security server is in use. Configuration of TACACS+ accounting: Central(config)# aaa accounting system default start-stop tacacs+ Central(config)# aaa accounting exec default start-stop tacacs+ Central(config)# aaa accounting exec remoteacc wait-start tacacs+ Central(config)# aaa accounting commands 15 cmdacc stop-only tacacs+ Central(config)# aaa accounting connection default start-stop tacacs+ Central(config)# line vty 0 4 Central(config-line)# accounting exec remoteacc