TACACS+ accounting enables you to track the services users access and the amount of network resources users consume.
TACACS+ accounting allows you to track:
what a user does
when a user does certain actions
The accounting record includes the following information:
User name
Date
Start/stop/elapsed time
Access server IP address
Reason
You can use accounting for an audit trail, to bill for connection time or resources used, or for network management. TACACS+ accounting provides information about user sessions using the following connection types: Telnet, SSH, and web-based management.
With separation of AAA, accounting can occur independently from authentication and authorization.
The following figure illustrates the accounting process after the user attempts to make a connection to the switch..
After you enable accounting, the switch reports user activity to the TACACS+ server in the form of accounting records. Each accounting record contains accounting attribute value (AV) pairs. AV pairs are strings of text in the form “attribute-value” sent between the switch and a TACACS+ daemon as part of the TACACS+ protocol. The TACACS+ server stores the accounting records.
You cannot customize the set of events the switch monitors and logs with TACACS+ accounting. TACACS+ accounting logs the following events:
User logon and logoff
Logoff generated because of activity timeout
Unauthorized command
Telnet session closed (not logged off)