Cisco WS-C4003 Software Guide - Page 411
Specifying When to Create Accounting Records, Specifying RADIUS Servers
View all Cisco WS-C4003 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 411 highlights
Chapter 27 Configuring Switch Access Using AAA Understanding How Accounting Works Specifying When to Create Accounting Records You can configure the switch to gather accounting information and create records. When Accounting is configured (using the set accounting command), the switch can generate two types of records: • Start records-Include partial information of the event (when the event started, type of service, and traffic statistics). • Stop records-Include complete information of the event (when the event started, its duration, type of service, and traffic statistics). Accounting records are created and sent to the server at two events: • Start-stop-Accounting records are sent at both the start and stop of an action, if the action has duration. If the NAS fails to send the accounting record at the start of the action, it still allows you to proceed with the action. • Stop-only-Accounting records are sent only at the termination of the event. Commands are assumed to have zero duration, so only stop records are generated for command accounting. No users are associated with system events; therefore, the start-stop option in the set accounting system command is ignored for system events. The stop-only option in the set accounting commands provides complete accounting information. Note Stop records include complete information of the event (when the event started, its duration, and traffic statistics). However, you might want redundancy and also to monitor both start and stop records of events occurring on the NAS. Specifying RADIUS Servers To specify one or more RADIUS servers, perform this task in privileged mode: Step 1 Step 2 Task Specify the IP address of up to three RADIUS servers. Specify the primary server using the primary keyword. Optionally, specify the destination UDP port to use on the server. Verify the RADIUS server configuration. Command set radius server ip_addr [acct-port port_number] [primary] show radius This example shows how to specify a RADIUS server and verify the configuration: Console> (enable) set radius server 172.20.52.3 172.20.52.3 with auth-port 1812 added to radius server table as primary server. Console> (enable) show radius Login Authentication tacacs radius local Console Session disabled disabled enabled(primary) Telnet Session disabled disabled enabled(primary) Enable Authentication: Console Session Telnet Session tacacs disabled disabled radius disabled disabled 78-12647-02 Software Configuration Guide-Catalyst 4000 Family, Catalyst 2948G, Catalyst 2980G, Releases 6.3 and 6.4 27-57