TACACS+ accounting enables you to track the services users access and the amount of network resources users consume.
TACACS+ accounting allows you to track:
what a user does
when a user does certain actions
The accounting record includes the following information:
User name
Date
Start/stop/elapsed time
Access server IP address
Reason
You can use accounting for an audit trail, to bill for connection time or resources used, or for network management. TACACS+ accounting provides information about user sessions using the following connection types: Telnet, SSH, and web-based management.
With separation of AAA, accounting can occur independently from authentication and authorization.
The following figure illustrates the accounting process.
After you enable accounting, the switch reports user activity to the TACACS+ server in the form of accounting records. Each accounting record contains accounting attribute value (AV) pairs. AV pairs are strings of text in the form “attribute-value” sent between the switch and a TACACS+ daemon as part of the TACACS+ protocol. The TACACS+ server stores the accounting records.
You cannot customize the set of events the switch monitors and logs with TACACS+ accounting. TACACS+ accounting logs the following events:
User logon and logoff
Logoff generated because of activity timeout
Unauthorized command
Telnet session closed (not logged off)