Concept Guide

ManualsBrandsDell ManualsAccess PlatformsFN IO Module

721

722

723

724

725

726

727

728

729

730

Example of Enabling AAA Accounting with a Named Method List

DellEMC(config-line-vty)# accounting commands 15 com15

DellEMC(config-line-vty)# accounting exec execAcct

Monitoring AAA Accounting

Dell EMC Networking OS does not support periodic interim accounting because the periodic command can cause heavy congestion

when many users are logged in to the network.

No specic show command exists for TACACS+ accounting.

To obtain accounting records displaying information about users currently logged in, use the following command.

• Step through all active sessions and print all the accounting records for the actively accounted functions.

CONFIGURATION mode or EXEC Privilege mode

show accounting

Example of the show accounting Command for AAA Accounting

DellEMC#show accounting

Active accounted actions on tty2, User admin Priv 1

Task ID 1, EXEC Accounting record, 00:00:39 Elapsed, service=shell

Active accounted actions on tty3, User admin Priv 1

Task ID 2, EXEC Accounting record, 00:00:26 Elapsed, service=shell

DellEMC#

RADIUS Accounting

Dell EMC Networking OS supports Remote Authentication Dial In User Service (RADIUS) protocol to transmit the RADIUS accounting

messages between a Network Access Server (NAS) and an accounting server.

NAS reports the user activity to the accounting server (RADIUS or TACACS+) with accounting records. The RADIUS accounting server

stores the accounting records, which is used for network management, auditing, etc.

Dell EMC Networking OS complies with RFC2866 for RADIUS Accounting.

NAS receives the accounting request from the supplicant and sends the RADIUS request packet to the accounting server after successful

authentication. The RADIUS Accounting request contains a RADIUS Acct-Status-Type as Start or Stop to update the supplicant session

to the accounting server.

NOTE

: In RADIUS accounting, fallback behavior among RADIUS and TACACS servers is not supported as the RADIUS

accounting feature is not available in Dell EMC Networking OS version earlier than 9.14.1.5.

In VLT domain, the NAS sends the RADIUS Accounting Request packets only if the NAS is congured as a VLT primary peer.

Congure RADIUS Accounting

The NAS monitors the accounting functions dened in the RADIUS Accounting attribute/value (AV) pairs.

• Congure AAA accounting to monitor accounting functions dened in RADIUS.

CONFIGURATION mode

aaa accounting {dot1x | exec} default {start-stop | wait-start | stop-only} radius

Example of Conguring AAA Accounting to Track EXEC and EXEC Privilege Level Command Use

In the following sample conguration, AAA accounting is set to track all usage of EXEC commands and commands on privilege level 15.

Dell(conf)# aaa accounting dot1x default start-stop radius

Dell(conf)# aaa accounting exec default stop-only radius

Security

721