Configuration Examples for Accounting
Example Configuring Named Method List
The following example shows how to configure a Cisco AS5200 (enabled for AAA and communication with
a RADIUS security server) in order for AAA services to be provided by the RADIUS server. If the RADIUS
server fails to respond, then the local database is queried for authentication and authorization information,
and accounting services are handled by a TACACS+ server.
aaa new-model
aaa authentication login admins local
aaa authentication ppp dialins group radius local
aaa authorization network blue1 group radius local
aaa accounting network red1 start-stop group radius group tacacs+
username root password ALongPassword
tacacs-server host 172.31.255.0
tacacs-server key goaway
radius-server host 172.16.2.7
radius-server key myRaDiUSpassWoRd
interface group-async 1
group-range 1 16
encapsulation ppp
ppp authentication chap dialins
ppp authorization blue1
ppp accounting red1
line 1 16
autoselect ppp
autoselect during-login
login authentication admins
modem dialin
The lines in this sample RADIUS AAA configuration are defined as follows:
•
The aaa new-model command enables AAA network security services.
• The aaa authentication login admins local command defines a method list “admins”, for login
authentication.
•
The aaa authentication ppp dialins group radius local command defines the authentication method
list “dialins”, which specifies that first RADIUS authentication and then (if the RADIUS server does not
respond) local authentication is used on serial lines using PPP.
•
The aaa authorization network blue1 group radius local command defines the network authorization
method list named “blue1”, which specifies that RADIUS authorization is used on serial lines using PPP.
If the RADIUS server fails to respond, then local network authorization is performed.
•
The aaa accounting network red1 start-stop group radius group tacacs+command defines the
network accounting method list named red1, which specifies that RADIUS accounting services (in this
case, start and stop records for specific events) are used on serial lines using PPP. If the RADIUS server
fails to respond, accounting services are handled by a TACACS+ server.
•
The username command defines the username and password to be used for the PPP Password
Authentication Protocol (PAP) caller identification.
•
The tacacs-server host command defines the name of the TACACS+ server host.
•
The tacacs-server key command defines the shared secret text string between the network access server
and the TACACS+ server host.
•
The radius-server host command defines the name of the RADIUS server host.
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
1028
Configuration Examples for Accounting
To Next Page
Loading...
Need help?
General
