The table below lists the supported accounting methods.
Table 1 |
AAA Accounting Methods |
Keyword |
Description |
group radius |
Uses the list of all RADIUS servers for accounting. |
group tacacs+ |
Uses the list of all TACACS+ servers for accounting. |
group group-name |
Uses a subset of RADIUS or TACACS+ servers for accounting as defined by the server group group-name. |
The method argument refers to the actual method the authentication algorithm tries. Additional methods of authentication are used only if the previous method returns an error, not if it fails. To specify that the authentication should succeed even if all other methods return an error, specify additional methods in the command. For example, to create a method list named acct_tac1 that specifies RADIUS as the backup method of authentication in the event that TACACS+ authentication returns an error, enter the following command:
aaa accounting network acct_tac1 stop-only group tacacs+ group radius
To create a default list that is used when a named list is not specified in the aaa accountingcommand, use the default keyword followed by the methods that are wanted to be used in default situations. The default method list is automatically applied to all interfaces.
For example, to specify RADIUS as the default method for user authentication during login, enter the following command:
aaa accounting network default stop-only group radius
AAA Accounting supports the following methods:
- group tacacs --To have the network access server send accounting information to a TACACS+ security server, use the group tacacs+ method keyword.
- group radius --To have the network access server send accounting information to a RADIUS security server, use the group radius method keyword.
Note |
Accounting method lists for SLIP follow whatever is configured for PPP on the relevant interface. If no lists are defined and applied to a particular interface (or no PPP settings are configured), the default setting for accounting applies.
|
- group group-name --To specify a subset of RADIUS or TACACS+ servers to use as the accounting method, use the aaa accountingcommand with the group group-name method. To specify and define the group name and the members of the group, use the aaa group server command. For example, use the aaa group server command to first define the members of group loginrad:
aaa group server radius loginrad
server 172.16.2.3
server 172.16.2 17
server 172.16.2.32
This command specifies RADIUS servers 172.16.2.3, 172.16.2.17, and 172.16.2.32 as members of the group loginrad.
To specify group loginrad as the method of network accounting when no other method list has been defined, enter the following command:
aaa accounting network default start-stop group loginrad
Before a group name can be used as the accounting method, communication with the RADIUS or TACACS+ security server must be enabled.