aaa accounting identity
To enable accounting and to create an accounting method list for Session Aware Networking subscriber services, use the aaa accounting identity command in global configuration mode. To disable accounting for Session Aware Networking, use the no form of this command.
aaa accounting identity {method-list-name | default} start-stop [broadcast] group {server-group-name | radius | tacacs+} [group {server-group-name | radius | tacacs+}]
no aaa accounting identity {method-list-name | default}
Syntax Description
method-list-name |
Name of the method list for which to create accounting services by specifying the accounting methods that follow this name. |
default |
Creates a default method list for accounting services using the accounting methods that follow this keyword. |
start-stop |
Sends a “start” accounting notice at the beginning of a process and a “stop” accounting notice at the end of a process. The “start” accounting record is sent in the background. The requested user process begins regardless of whether the “start” accounting notice was received by the accounting server. |
broadcast |
(Optional) Sends accounting records to multiple authentication, authorization, and accounting (AAA) servers. Simultaneously sends accounting records to the first server in each group. If the first server is unavailable, the device uses the backup servers defined within that group. |
group |
Specifies one or more server groups to use for accounting services. Server groups are applied in the specified order. |
server-group-name |
Named subset of RADIUS or TACACS+ servers as defined by the aaa group server radius command or aaa group server tacacs+ command. |
radius |
Uses the list of all RADIUS servers configured with the radius-server host command. |
tacacs+ |
Uses the list of all TACACS+ servers configured with the tacacs-server host command. |
Command Default
Accounting is disabled.
Command Modes
Global configuration (config)
Command History
Release |
Modification |
---|---|
Cisco IOS XE Release 3.2SE |
This command was introduced. |
Usage Guidelines
The aaa accounting identity command enables accounting services and creates method lists that define specific accounting methods for Session Aware Networking subscriber services. A method list identifies the list of security servers to which the network access server sends accounting records.
Cisco IOS software supports the following two methods of accounting for Session Aware Networking:
-
RADIUS—The network access server reports user activity to the RADIUS security server in the form of accounting records. Each accounting record contains accounting attribute-value (AV) pairs and is stored on the security server.
-
TACACS+—The network access server reports user activity to the TACACS+ security server in the form of accounting records. Each accounting record contains accounting AV pairs and is stored on the security server.
The default method list is automatically applied to all subscriber sessions except those that have a named method list explicitly defined. A named method list overrides the default method list.
When AAA accounting is activated, the network access server monitors either RADIUS accounting attributes or TACACS+ AV pairs pertinent to the connection, depending on the security method you have implemented. The network access server reports these attributes as accounting records, which are then stored in an accounting log on the security server.
You must enable AAA with the aaa new-model command before you can enter the aaa accounting identity command.
Examples
The following example shows how to configure a default accounting method list where accounting services are provided by a TACACS+ server.
aaa new-model
aaa accounting identity default start-stop group tacacs+
The following example shows how to configure a named accounting method list, where accounting services are provided by a RADIUS server.
aaa new model
aaa accounting identity LIST_1 start-stop group radius