The table below lists the supported accounting methods.
Table 1. AAA Accounting Methods
Keyword
|
Description
|
group
radius
|
Uses the list of all RADIUS servers for accounting.
|
group
tacacs+
|
Uses the list of all TACACS+ servers for accounting.
|
group
group-name
|
Uses a subset of RADIUS or TACACS+ servers for accounting as defined by the server group group-name .
|
The method argument refers to the actual method the authentication algorithm tries. Additional methods of authentication
are used only if the previous method returns an error, not if it fails. To specify that the authentication should succeed
even if all other methods return an error, specify additional methods in the command. For example, to create a method list
named acct_tac1 that specifies RADIUS as the backup method of authentication in the event that TACACS+ authentication returns
an error, enter the following command:
aaa accounting network acct_tac1 stop-only group tacacs+ group radius
To create a default list that is used when a named list is not specified in the aaa
accounting command, use the default keyword followed by the methods that are wanted to be used in default situations. The default method list is automatically
applied to all interfaces.
For example, to specify RADIUS as the default method for user authentication during login, enter the following command:
aaa accounting network default stop-only group radius
AAA Accounting supports the following methods:
-
group
tacacs
: To have the network access server send accounting information to a TACACS+ security server, use the group
tacacs+
method keyword.
-
group
radius
: To have the network access server send accounting information to a RADIUS security server, use the group
radius
method keyword.
Note |
Accounting method lists for SLIP follow whatever is configured for PPP on the relevant interface. If no lists are defined
and applied to a particular interface (or no PPP settings are configured), the default setting for accounting applies.
|
-
group
group-name
: To specify a subset of RADIUS or TACACS+ servers to use as the accounting method, use the aaa
accounting command with the group
group-name method. To specify and define the group name and the members of the group, use the aaa
group
server command. For example, use the aaa
group
server command to first define the members of group
loginrad :
aaa group server radius loginrad
server 172.16.2.3
server 172.16.2 17
server 172.16.2.32
This command specifies RADIUS servers 172.16.2.3, 172.16.2.17, and 172.16.2.32 as members of the group
loginrad .
To specify group
loginrad as the method of network accounting when no other method list has been defined, enter the following command:
aaa accounting network default start-stop group loginrad
Before a group name can be used as the accounting method, communication with the RADIUS or TACACS+ security server must be
enabled.