Authentication, Authorization and Accounting (AAA) Commands
OL-32830-01 Command Line Interface Reference Guide 102
3
Command Mode
Global Configuration mode
User Guidelines
This command enables the recording of device management sessions (Telnet,
serial and WEB but not SNMP).
It records only users that were identified with a username (e.g. a user that was
logged in with a line password is not recorded).
If accounting is activated, the device sends a “start”/“stop” messages to a RADIUS
server when a user logs in / logs out respectively.
The device uses the configured priorities of the available RADIUS/TACACS+
servers in order to select the RADIUS/TACACS+ server.
The following table describes the supported RADIUS accounting attributes
values, and in which messages they are sent by the switch.
Name Start
Messag
e
Stop
Message
Description
User-Name (1) Yes Yes User’s identity.
NAS-IP-Address (4) Yes Yes The switch IP address that is
used for the session with the
RADIUS server.
Class (25) Yes Yes Arbitrary value is included in all
accounting packets for a specific
session.
Called-Station-ID
(30)
Yes Yes The switch IP address that is
used for the management
session.
Calling-Station-ID
(31)
Yes Yes The user IP address.
Acct-Session-ID
(44)
Yes Yes A unique accounting identifier.
Acct-Authentic (45) Yes Yes Indicates how the supplicant was
authenticated.
Acct-Session-Time
(46)
No Yes Indicates how long the user was
logged in.
Acct-Terminate-Cau
se (49)
No Yes Reports why the session was
terminated.
To Next Page
Loading...
Need help?
General
