Security | 475
Configure Accounting of EXEC and Privilege-Level Command Usage
The network access server monitors the accounting functions defined in the terminal access controller
access control system (TACACS+) attribute/value (AV) pairs.
In Figure 28-1, AAA accounting is set to track all usage of EXEC commands and commands on privilege
level 15.
Figure 28-1. AAA Accounting Tracking All Usage of EXEC Commands
System accounting can use only the default method list: aaa accounting system default start-stop tacacs+.
Configure AAA Accounting for Terminal Lines
To enable accounting with a named method list for a specific terminal line (where com15 and execAcct are
the method list names), use the
accounting commands and accounting exec commands (Figure 28-2).
Figure 28-2. accounting and accounting exec Command Example
Monitor AAA Accounting
The Dell Force10 operating software (FTOS) does not support periodic interim accounting because the
periodic command can cause heavy congestion when many users are logged into the network.
No specific
show command exists for TACACS+ accounting. To obtain accounting records displaying
information about users currently logged in, perform the following task in Privileged EXEC mode
(Figure 28-3):
Command Syntax Command Mode Purpose
show accounting
CONFIGURATION Step through all active sessions and print all the accounting records
for the actively accounted functions.
FTOS(conf)#aaa accounting exec default start-stop
tacacs+
FTOS(conf)#aaa accounting command 15 default
start-stop tacacs+
FTOS(conf-line-vty)# accounting commands 15 com15
FTOS(conf-line-vty)# accounting exec execAcct
To Next Page
Loading...
Need help?
General
