Полезная информация

cc/td/doc/product/software/ios112/112cg_cr
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table of Contents

Accounting and Billing Commands

Accounting and Billing Commands

This chapter describes the commands used to manage accounting on the network. Accounting management allows you to track individual and group usage of network resources. The aaa accounting command allows you to set start-stop accounting for any or all of the listed functions for this command.

Refer also to the IP accounting feature in the "Configuring IP" chapter of the Network Protocols Configuration Guide, Part 1.

aaa accounting

To enable AAA accounting of requested services for billing or security purposes when you use TACACS+, use the aaa accounting global configuration command. Use the no form of this command to disable accounting.

aaa accounting {system | network | exec | command level} {start-stop |
wait-start | stop-only} {tacacs+ | radius}
no aaa accounting {system | network | exec | command level}

Syntax Description
system Performs accounting for all system-level events not associated with users, such as reloads.
network Runs accounting for all network-related service requests, including SLIP, PPP, PPP NCPs, and ARAP.
exec Runs accounting for EXEC session (user shells). This keyword might return user profile information such as autocommand information.
command Runs accounting for all commands at the specified privilege level.
level Specifies the command level to track for accounting. Valid entries are 0 through 15.
start-stop Sends a start accounting notice at the beginning of a process and a stop accounting notice at the end of a process. The start accounting record is sent in the background. The requested user process begins regardless of whether or not the start accounting notice was received by the accounting server.
wait-start As in start-stop, sends both a start and a stop accounting notice to the accounting server. However, if you use the wait-start keyword, the requested user service does not begin until the start accounting notice is acknowledged. A stop accounting notice is also sent.
stop-only Sends a stop accounting notice at the end of the requested user process.
tacacs+ Enables the TACACS-style accounting.
radius Enables the RADIUS-style authorization.
Default

AAA accounting is not enabled.

Command Mode

Global configuration

Usage Guidelines

This command first appeared in Cisco IOS Release 10.3.

For minimal accounting, issue the stop-only keyword, to send a stop record accounting notice at the end of the requested user process. For more accounting, you can issue the start-stop command, so that TACACS+ sends a start accounting notice at the beginning of the requested process and a stop accounting notice at the end of the process. For even more accounting control, you can issue the wait-start command, which ensures that the start notice is received by the TACACS+ server before granting the user's process request. Accounting is done only to the TACACS+ server.


Note This command, along with aaa authorization, replaces the tacacs-server authenticate command in previous versions of TACACS and can be used only with AAA/TACACS+.
Example

In the following example, accounting is set for privilege level 15 commands with a wait-start restriction:

aaa accounting command 15 wait-start tacacs+
Related Commands

A dagger (+) indicates the command is documented outside this chapter.

aaa authorization+
aaa new-model+

aaa accounting suppress null-username

To prevent the Cisco IOS software from sending accounting records for users whose username string is NULL, use the aaa accounting suppress null-username global configuration command. Use the no form of this command to disable this feature.

aaa accounting suppress null-username
no aaa accounting suppress null-username

Syntax Description

This command has no arguments or keywords.

Default

This command is not enabled.

Command Mode

Global configuration

Usage Guidelines

This command first appeared in Cisco IOS Release 11.2.

When aaa accounting is activated, the Cisco IOS software issues accounting records for all users on the system, including users whose username string, because of protocol translation, is NULL. This command prevents accounting records from being generated for those users who do not have usernames associated with them.

Example

In the following example, accounting records for users who do not have usernames associated with them have been suppressed:

aaa accounting suppress null-username
Related Commands

aaa accounting

aaa accounting update

To enable periodic interim accounting records to be sent to the accounting server, use the aaa accounting update global configuration command. Use the no form of this command to disable this feature.

aaa accounting update {newinfo | periodic number}
no aaa accounting update

Syntax Description
newinfo Causes an interim accounting record to be sent to the accounting server whenever there is new accounting information to report relating to the user in question.
periodic Causes an interim accounting record to be sent to the accounting server periodically, as defined by the argument number.
number Integer specifying number of minutes.
Default

Disabled

Command Mode

Global configuration

Usage Guidelines

This command first appeared in Cisco IOS Release 11.3.

When aaa accounting update is activated, the Cisco IOS software issues interim accounting records for all users on the system. If the keyword newinfo is used, interim accounting records will be sent to the accounting server every time there is new accounting information to report. An example of this would be when IPCP completes IP address negotiation with the remote peer. The interim accounting record will include the negotiated IP address used by the remote peer.

When used with the keyword periodic, interim accounting records are sent periodically as defined by the argument number. The interim accounting record contains all of the accounting information recorded for that user up to the time the accounting record is sent.

Both of these keywords are mutually exclusive, meaning that whichever keyword is configured last takes precedence over the previous configuration. For example, if you configure aaa accounting update periodic, and then configure aaa accounting update newinfo, all users currently logged in will continue to generate periodic interim accounting records. All new users will generate accounting records based on the newinfo algorithm.

 
Caution Using the aaa accounting update periodic command can cause heavy congestion when many users are logged in to the network.
Example

The following example sends PPP accounting records to a remote RADIUS server and, when IPCP completes negotiation, sends an interim accounting record to the RADIUS server that includes the negotiated IP address for this user:

aaa accounting network start-stop radius
aaa accounting update newinfo
Related Commands

You can use the master indexes or search online to find documentation of related commands.

aaa accounting exec
aaa accounting network

show accounting

Use the show accounting command to step through all active sessions and to print all the accounting records for actively accounted functions. To disable this function, use the no form of the command.

show accounting {system | network | exec | command level} {start-stop |
wait-start | stop-only} tacacs+
no show accounting
{system | network | exec | command level}

Syntax Description
system Displays accounting for all system-level events not associated with users, such as reloads.
network Displays accounting for all network-related service requests, including SLIP, PPP, PPP NCPs, and ARAP.
exec Displays accounting for EXEC session (user shells). This keyword might return user profile information such as autocommand information.
command Displays accounting for all commands at the specified privilege level.
level Specifies the command level to display. Valid entries are 0 through 15.
start-stop Displays a start record accounting notice at the beginning of a process and a stop record at the end of a process. The start accounting record is sent in the background. The requested user process begins regardless of whether or not the start accounting record was received by the accounting server.
wait-start Displays both a start and a stop accounting notice to the accounting server.
stop-only Displays a stop record accounting notice at the end of the requested user process.
tacacs+ Displays the TACACS-style accounting.
Default

Disabled.

Command Mode

EXEC

Usage Guidelines

This command first appeared in Cisco IOS Release 11.1.

The show accounting command allows you to display the active accountable events on the network. It provides systems administrators with a quick look at what is going on, and it also can help collect information in the event of a data loss on the accounting server.

The show accounting command displays additional data on the internal state of AAA if debug aaa accounting is activated.

Sample Display

The following is sample output from the show accounting command:

router# show accounting
Active Accounted actions on tty0, User chard Priv 1
 Task ID 4425, EXEC Accounting record, 0:04:53 Elapsed
 task_id=4425 service=exec port=0 
 Task ID 3759, Connection Accounting record, 0:01:06 Elapsed
 task_id=3759 service=exec port=0 protocol=telnet address=171.19.3.78 cmd=grill 
Active Accounted actions on tty10, User chard Priv 1
 Task ID 5115, EXEC Accounting record, 0:04:07 Elapsed
 task_id=5115 service=exec port=10 
 Task ID 2593, Connection Accounting record, 0:00:56 Elapsed
 task_id=2593 service=exec port=10 protocol=tn3270 address=172.21.14.90 cmd=tn snap 
Active Accounted actions on tty11, User mary Priv 1
 Task ID 7390, EXEC Accounting record, 0:00:25 Elapsed
 task_id=7390 service=exec port=11 
 Task ID 931, Connection Accounting record, 0:00:20 Elapsed
 task_id=931 service=exec port=11 protocol=telnet address=171.19.6.129 cmd=coal 
Related Commands

A dagger (+) indicates that the command is documented outside this chapter. Two daggers (++) indicates that the command is documented in the Debug Command Reference.

debug aaa accounting++
show line+
show users

hometocprevnextglossaryfeedbacksearchhelp
Copyright 1989-1998 © Cisco Systems Inc.