Полезная информация

cc/td/doc/product/software/ios112/112cg_cr
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table of Contents

Configuring Accounting

Configuring Accounting

Accounting management enables you to track individual and group use of network resources. You can then reallocate resources as needed. (Refer to the "Accounting and Billing Commands" chapter in the Security Command Reference.)

This chapter describes the following accounting tasks:

Additional tasks for measuring system resources are covered in other chapters in the Cisco IOS software configuration guides. For example, IP accounting tasks are described in the "Configuring IP" chapter in the Network Protocols Configuration Guide, Part 1.

Enable AAA Accounting

The aaa accounting command allows you to create a record for any or all of the listed functions that this command monitors. For minimal accounting, you can use the stop-only keyword, which instructs the specified authentication system to send a stop record accounting notice at the end of the requested user process. For more accounting, you can use the start-stop keyword to send a start accounting notice at the beginning of the requested process and a stop accounting notice at the end of the process. You can further control access and accounting by using the wait-start keyword, which ensures that the TACACS+ security server receives the start notice before granting the user's process request. Accounting is tracked on the authentication server.

Before using the aaa accounting command, you must initialize AAA authentication as described in the "Configure AAA/TACACS+" section in the "Configuring Network Access Security" chapter.

To enable AAA accounting, perform the following task in global configuration mode:

Task Command
Enable accounting. aaa accounting {system | network | exec | command level} {start-stop | wait-start | stop-only} tacacs+

Suppress Generation of Accounting Records for Null Username Sessions

When aaa accounting is activated, the Cisco IOS software issues accounting records for all users on the system, including users whose username string, because of protocol translation, is NULL. An example of this is users who come in on lines where the aaa authentication login method-list none command is applied. To prevent accounting records from being generated for sessions that do not have usernames associated with them, perform the following task in global configuration mode:

Task Command
Prevent accounting records from being generated for users whose username string is NULL. aaa accounting suppress null-username

Generate Interim Accounting Records

To enable periodic interim accounting records to be sent to the accounting server, perform the following task in global configuration mode:

Task Command
Enable periodic interim accounting records to be sent to the accounting server. aaa accounting update {newinfo | periodic number}

When the aaa accounting update command is activated, the Cisco IOS software issues interim accounting records for all users on the system. If the keyword newinfo is used, interim accounting records will be sent to the accounting server every time there is new accounting information to report. An example of this would be when IPCP completes IP address negotiation with the remote peer. The interim accounting record will include the negotiated IP address used by the remote peer.

When used with the keyword periodic, interim accounting records are sent periodically as defined by the argument number. The interim accounting record contains all of the accounting information recorded for that user up to the time the interim accounting record is sent.

Both of these keywords are mutually exclusive, meaning that whichever keyword is configured last takes precedence over the previous configuration. For example, if you configure aaa accounting update periodic, and then configure aaa accounting update newinfo, all users currently logged in will continue to generate periodic interim accounting records. All new users will generate accounting records based on the newinfo algorithm.

 
Caution Using the aaa accounting update periodic command can cause heavy congestion when many users are logged in to the network.

Monitor Accounting

To obtain accounting records for actively accounted functions, perform the following task in EXEC mode:

Task Command
Step through all active sessions to print all the accounting records for the actively accounted functions. show accounting

When aaa accounting is activated, the Cisco IOS software issues accounting records for all users on the system, including users whose username string, because of protocol translation, is NULL. To prevent accounting records from being generated for users who do not have usernames associated with them, perform the following task in global configuration mode:

Task Command
Prevent accounting records from being generated for users whose username string is NULL. aaa accounting suppress null-username

Accounting Example

In the following sample configuration, RADIUS-style authorization is used to track all usage of the following:

aaa accounting exec start-stop radius
aaa accounting network start-stop radius
aaa accounting system start-stop radius

The show accounting command yields the following output for the above configuration:

Active Accounted actions on tty0, User billw Priv 1
 Task ID 2, EXEC Accounting record, 00:02:13 Elapsed
 task_id=2 service=shell 
 Task ID 3, Connection Accounting record, 00:02:07 Elapsed
 task_id=3 service=connection protocol=telnet address=172.21.14.90 cmd=synth 
Active Accounted actions on tty1, User rubble Priv 1
 Task ID 5, Network Accounting record, 00:00:52 Elapsed
 task_id=5 service=ppp protocol=ip address=10.0.0.98 
Active Accounted actions on tty10, User bill Priv 1
 Task ID 4, EXEC Accounting record, 00:00:53 Elapsed
 task_id=4 service=shell 

hometocprevnextglossaryfeedbacksearchhelp
Copyright 1989-1998 © Cisco Systems Inc.