Configuring AAA Services on Cisco IOS XR Software
How to Configure AAA Services
SC-46
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
OL-20382-01
What to Do Next
After configuring authorization method lists, configure accounting method lists. (See the “Configuring
Accounting Method Lists” section.)
Configuring Accounting Method Lists
This task configures method lists for accounting.
Note You can configure the radius keyword for the aaa accounting command.
Accounting Configuration
Currently, Cisco IOS XR software supports both the TACACS+ and RADIUS methods for accounting.
The router reports user activity to the TACACS+ or RADIUS security server in the form of accounting
records. Each accounting record contains accounting AV pairs and is stored on the security server.
Method lists for accounting define the way accounting is performed, enabling you to designate a
particular security protocol to be used on specific lines or interfaces for particular types of accounting
services. When naming a method list, do not use the names of methods, such as TACACS+.
For minimal accounting, include the stop-only keyword to send a “stop accounting” notice at the end of
the requested user process. For more accounting, you can include the start-stop keyword, so that the
external AAA server sends a “start accounting” notice at the beginning of the requested process and a
“stop accounting” notice at the end of the process. In addition, you can use the aaa accounting update
command to periodically send update records with accumulated information. Accounting records are
stored only on the TACACS+ or RADIUS server.
When AAA accounting is activated, the router reports these attributes as accounting records, which are
then stored in an accounting log on the security server.
Creation of a Series of Accounting Methods
Use the aaa accounting command to create default or named method lists defining specific accounting
methods that can be used for each line or interface.
The Cisco IOS XR software supports the following methods for accounting:
• none—Accounting is not performed over this line or interface.
• group tacacs+—Use the list of all configured TACACS+ servers for accounting.
• group radius—Use the list of all configured RADIUS servers for accounting.
SUMMARY STEPS
1. configure
2. aaa accounting {commands | exec | network} {default | list-name} {start-stop | stop-only}
{none | method}
3. end
or
commit
To Next Page
Loading...
Need help?
General
