accounting

Configures the server type and interval at which interim accounting updates are sent to the server. Up to 2 accounting servers can be configured.

This feature tracks user activities on the network, and provides information, such as resources used and the usage time. This information can be used for audit and billing purposes.

TACACS accounting tracks user activity and is useful for security audit purposes.

Supported on the following devices:

Access Points: AP5010, AP310i/e, AP410i/e, AP505i, AP510i, AP510e, AP560i, AP6522, AP6562, AP7161, AP7502, AP7522, AP7532, AP7562, AP7602, AP7612, AP7622, AP763, AP7662, AP8163, AP8543, AP8533.
Service Platforms: NX5500, NX7500, NX9500, NX9600
Virtual Platforms: CX9000, VX9000

Syntax

accounting [access-method|auth-fail|commands|server|session]

accounting access-method [all|console|ssh|telnet] {(console|ssh|telnet)}

accounting [auth-fail|commands|session]

accounting server [<1-2>|preference]

accounting server preference [authenticated-server-host|authenticated-server-number|
authorized-server-host|authorized-server-number|none]

accounting server <1-2> [host|retry-timeout-factor <50-200>|timeout]

accounting server <1-2> host <IP/HOSTNAME> {secret [0 <SECRET>|2 <SECRET>|
<SECRET>]} {port <1-65535>}

accounting server <1-2> timeout <3-5> {attempts <1-3>}

Parameters

accounting access-method [all|console|ssh|telnet] {(console|ssh|telnet)}


access-method	Configures TACACS accounting access mode. The options are: console, SSH, Telnet, and all.
all	Configures TACACS accounting for all access modes
console	Configures TACACS accounting for console access only
ssh	Configures TACACS accounting for SSH access only
telnet	Configures TACACS accounting for Telnet access only

accounting [auth-fail|commands|session]


auth-fail	Enables accounting for authentication fail details. This option is disabled by default.
commands	Enables accounting of commands executed. This option is disabled by default.
session	Enables accounting for session start and stop details. This option is disabled by default.

accounting server preference [authenticated-server-host|authenticated-server-number|
authorized-server-host|authorized-server-number|none]


server	Configures a TACACS accounting server
preference	Configures the accounting server preference (specifies the method of selecting a server, from the pool, to send the request)
authenticated-server-host	Sets the authentication server as the accounting server. This is the default setting. This parameter indicates the same server is used for authentication and accounting. The server is referred to by its hostname.
authenticated-server-number	Sets the authentication server as the accounting server This parameter indicates the same server is used for authentication and accounting. The server is referred to by its index or number.
authorized-server-host	Sets the authorization server as the accounting server This parameter indicates the same server is used for authorization and accounting. The server is referred to by its hostname.
authorized-server-number	Sets the authorized server as the accounting server This parameter indicates the same server is used for authorization and accounting. The server is referred to by its index number.
none	Indicates the accounting server is independent of the authentication and authorization servers

accounting server <1-2> retry-timeout-factor <50-200>


server <1-2>	Configures an accounting server. Up to 2 accounting servers can be configured
retry-timeout-factor <50-200>	Sets the scaling factor for retry timeouts <50-200> – Specify a value from 50 - 200. The default is 100. A value of 100 indicates the time gap between two consecutive retires remains the same irrespective of the number of retries. A value lesser than 100 indicates the time gap between two consecutive retries reduces with each successive retry. A value greater than 100 indicates the time gap between two consecutive retries increases with each successive retry.

accounting server <1-2> host <IP/HOSTNAME> {secret [0 <SECRET>|2 <SECRET>|
<SECRET>]} {port <1-65535>}


server <1-2>	Configures an accounting server. Up to 2 accounting servers can be configured
host <IP/HOSTNAME>	Configures the accounting server‘s IP address or hostname
secret [0 <SECRET>\| 2 <SECRET>\| <SECRET>]	Optional. Configures a common secret key used to authenticate with the accounting server 0 <SECRET> – Configures a clear text secret key 2 <SECRET> – Configures an encrypted secret key <SECRET> – Specify the secret key. This shared secret should not exceed 127 characters.
port <1-65535>	Optional. Configures the accounting server port (the port used to connect to the accounting server) <1-65535> – Specify the TCP accounting port number from 1 - 65535. The default port is 49.

accounting server <1-2> timeout <3-5> {attempts <1-3>}


server <1-2>	Configures an accounting server. Up to 2 accounting servers can be configured
timeout <3-5>	Configures the timeout for each request sent to the TACACS accounting server. This is the time allowed to elapse before another request is sent to the TACACS accounting server. If a response is received from the server within this time, no retry is attempted. <3-5> – Specify a value from 3 - 5 seconds. The default is 3 seconds.
attempts <1-3>	Optional. Specifies the number of times a transmission request is attempted. This is the maximum number of times a request is sent to the TACACS accounting server before getting discarded. <1-3> – Specify a value from 1 - 3. The default is 3.

Examples

nx9500-6C8809(config-aaa-tacacs-policy-test)#accounting auth-fail

nx9500-6C8809(config-aaa-tacacs-policy-test)#accounting commands

nx9500-6C8809(config-aaa-tacacs-policy-test)#accounting server preference 
authorized-server-number

nx9500-6C8809(config-aaa-tacacs-policy-test)#show context
aaa-tacacs-policy test
 accounting server preference authorized-server-number
 accounting auth-fail
 accounting commands
nx9500-6C8809(config-aaa-tacacs-policy-test)#

Related Commands


no (aaa-tacacs-policy-config-mode-command)	Resets values or disables commands