Reference Guide

ManualsBrandsDell ManualsComputer HardwarePowerEdge FX2/FX2s

141

142

143

144

145

146

147

148

149

150

AAA accounting enables tracking of services that users are accessing and the amount of network resources being consumed by

those services. When you enable AAA accounting, the network server reports user activity to the security server in the form of

accounting records. Each accounting record comprises accounting attribute/value (AV) pairs and is stored on the access control

server.

As with authentication and authorization, you must congure AAA accounting by dening a named list of accounting methods and

then applying that list to various virtual terminal line (VTY) lines.

Conguration Task List for AAA Accounting

The following sections present the AAA accounting conguration tasks.

• Enabling AAA Accounting (mandatory)

• Suppressing AAA Accounting for Null Username Sessions (optional)

• Conguring Accounting of EXEC and Privilege-Level Command Usage (optional)

• Conguring AAA Accounting for Terminal Lines (optional)

• Monitoring AAA Accounting (optional)

Enabling AAA Accounting

The aaa accounting command allows you to create a record for any or all of the accounting functions monitored.

To enable AAA accounting, use the following command.

• Enable AAA accounting and create a record for monitoring the accounting function.

CONFIGURATION mode

aaa accounting {commands | exec | suppress | system level} {default | name} {start-stop |

wait-start | stop-only} {tacacs+}

The variables are:

– system: sends accounting information of any other AAA conguration.

– exec: sends accounting information when a user has logged in to EXEC mode.

– command level: sends accounting of commands executed at the specied privilege level.

– suppress: Do not generate accounting records for a specic type of user.

– default | name: enter the name of a list of accounting methods.

– start-stop: use for more accounting information, to send a start-accounting notice at the beginning of the requested

event and a stop-accounting notice at the end.

– wait-start: ensures that the TACACS+ security server acknowledges the start notice before granting the user's process

request.

– stop-only: use for minimal accounting; instructs the TACACS+ server to send a stop record accounting notice at the end

of the requested user process.

– tacacs+: designate the security service. Currently, Dell Networking OS supports only TACACS+.

Suppressing AAA Accounting for Null Username Sessions

When you activate AAA accounting, the Dell Networking OS software issues accounting records for all users on the system,

including users whose username string is NULL because of protocol translation.

An example of this is a user who comes in on a line where the AAA authentication login method-list none command is

applied. To prevent accounting records from being generated for sessions that do not have usernames associated with them, use the

following command.

• Prevent accounting records from being generated for users whose username string is NULL.

CONFIGURATION mode

aaa accounting suppress null-username

Security

149