Authentication, Authorization, and Accounting
24 7705 SAR OS System Management Guide
Accounting
Accounting tracks user activity to a specific host. The 7705 SAR supports RADIUS and
TACACS+ accounting.
RADIUS Accounting
When enabled, RADIUS accounting sends command line accounting from the 7705 SAR
router to the RADIUS server. The router sends accounting records using UDP packets at port
1813 (decimal).
The router issues an accounting request packet for each event requiring the activity to be
recorded by the RADIUS server. The RADIUS server acknowledges each accounting request
by sending an accounting response after it has processed the accounting request. If no
response is received in the time defined in the timeout parameter, the accounting request must
be retransmitted until the configured retry count is exhausted. A trap is issued to alert the
NMS (or trap receiver) that the server is unresponsive. The router issues the accounting
request to the next configured RADIUS server (up to 5).
User passwords and authentication keys of any type are never transmitted as part of the
accounting request.
When RADIUS accounting is enabled, the server is responsible for receiving accounting
requests and returning a response to the client indicating that it has successfully received the
request. Each command issued on the 7705 SAR router generates a record sent to the
RADIUS server. The record identifies the user who issued the command and the timestamp.
Accounting can be configured independently from RADIUS authorization and RADIUS
authentication.
TACACS+ Accounting
The 7705 SAR allows you to configure the type of accounting record packet that is to be sent
to the TACACS+ server when specified events occur on the device. The accounting
record-type parameter indicates whether TACACS+ accounting start and stop packets
will be sent or just stop packets will be sent. A start packet is sent to a TACACS+ server when
an authenticated user establishes a Telnet or SSH session and a stop packet is sent when the
user logs out.
To Next Page
Loading...
