Options
AAA Accounting
Does anybody know what the difference is between "start-stop" and "start-only" under accounting COMMANDS? I know with exec the start flag is sent to tacacs to indicate the start of a users exec session once the user logs in and the stop is sent when the user logs out. With stop-only, only the stop flag is sent when a user logs out, so no indication in the tacacs accounting logs regarding when a user logged in. But i don't see a use for this under the accounting commands, testing both hasn't shed any light. Under the commands i have three options start-stop, stop-only and none, i really don't see a point to any of these as by default the behavior is none. I'm thinking it's a cosmetic command at the moment, which you just match against whatever is configured on the acc exec line, but it doesn't do anything. Has anyone thought about this? found an answer?
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting exec default stop-only group tacacs+
aaa accounting commands 0 default stop-only group tacacs+
aaa accounting commands 1 default stop-only group tacacs+
aaa accounting commands 15 default stop-only group tacacs+
(Why not mix them?)
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 default stop-only group tacacs+
aaa accounting commands 1 default stop-only group tacacs+
aaa accounting commands 15 default stop-only group tacacs+
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting exec default stop-only group tacacs+
aaa accounting commands 0 default stop-only group tacacs+
aaa accounting commands 1 default stop-only group tacacs+
aaa accounting commands 15 default stop-only group tacacs+
(Why not mix them?)
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 default stop-only group tacacs+
aaa accounting commands 1 default stop-only group tacacs+
aaa accounting commands 15 default stop-only group tacacs+
Networking, sometimes i love it, mostly i hate it.Its all about the $$$$
Comments
-
Options
down77
Member Posts: 1,009
Quick search:
Configuring Accounting Examples
Example 1: Generating Start and Stop Accounting Records
For every dialin PPP session, accounting information is sent to the AAA server once the client is authenticated and after the disconnect using the keyword start-stop.
aaa accounting network default start-stop group radius local
Example 2 : Generating Only Stop Accounting Records
If accounting information has to be sent only after a client's disconnection, use the keyword stop and configure the following line:
aaa accounting network default stop group radius local
Reference:
Configuring Basic AAA on an Access Server - Cisco SystemsCCIE Sec: Starting Nov 11 -
Options
EdTheLad
Member Posts: 2,111 ■■■■□□□□□□
That was my first thoughts on how it should work, but it didn't work like that.With either way configured as soon as i executed a command it was sent to the aaa server.
Can anyone else see if its working on their ios?
R3#sh runn | sec aaa
aaa new-model
aaa authentication login default group tacacs+ local
aaa authorization console
aaa authorization config-commands
aaa authorization exec default group tacacs+ local
aaa authorization commands 0 default group tacacs+
aaa authorization commands 1 default group tacacs+
aaa authorization commands 2 default group tacacs+
aaa authorization commands 15 default group tacacs+
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 default stop-only group tacacs+
aaa accounting commands 1 default stop-only group tacacs+
aaa accounting commands 15 default stop-only group tacacs+
aaa session-id common
R3#
*Nov 27 14:29:10.668: AAA: parse name=tty0 idb type=-1 tty=-1
*Nov 27 14:29:10.668: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=0 channel=0
*Nov 27 14:29:10.668: AAA/MEMORY: create_user (0x8D62100) user='router3' ruser='R3' ds0=0 port='tty0' rem_addr='async' authen_type=ASCII service=NONE priv=15 initial_task_id='0', vrf= (id=0)
*Nov 27 14:29:10.880: AAA/MEMORY: free_user (0x8D62100) user='router3' ruser='R3' port='tty0' rem_addr='async' authen_type=ASCII service=NONE priv=15 vrf= (id=0)
*Nov 27 14:29:10.880: AAA/ACCT/3844(0000011A): Pick method list 'default'
*Nov 27 14:29:10.880: AAA/ACCT/SETMLIST(0000011A): Handle 0, mlist 07BD51B0, Name default
R3#
*Nov 27 14:29:10.880: Getting session id for CMD(0000011A) : db=8D61E28
*Nov 27 14:29:10.880: AAA/ACCT/CMD(0000011A): add, count 3
*Nov 27 14:29:10.880: AAA/ACCT/EVENT/(0000011A): COMMAND
*Nov 27 14:29:10.880: AAA/ACCT/CMD(0000011A): Queueing record is COMMAND osr 1
*Nov 27 14:29:10.880: AAA/ACCT/CMD(0000011A): free_rec, count 2
*Nov 27 14:29:10.880: AAA/ACCT/CMD(0000011A): Setting session id 321 : db=8D61E28
*Nov 27 14:29:11.092: AAA/ACCT(0000011A): Accounting method=tacacs+ (TACACS+)
*Nov 27 14:29:11.576: AAA/ACCT/CMD(0000011A): STOP protocol reply PASS
*Nov 27 14:29:11.576: AAA/ACCT(0000011A): Accounting response status = SUCCESS
*Nov 27 14:29:11.576: AAA/ACCT(0000011A): Send STOP accounting notification to EM successfully
*Nov 27 14:29:11.576: AAA/ACCT/CMD(0000011A): Cleaning up from Callback osr 0
*Nov 27 14:29:11.576: AAA/ACCT/CMD(0000011A) Record not present
*Nov 27 14:29:11.576: /AAA/ACCTCMD(0000011A) reccnt 2, csr FALSE, osr 0
R3#config t
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#
*Nov 27 14:29:35.336: AAA: parse name=tty0 idb type=-1 tty=-1
*Nov 27 14:29:35.336: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=0 channel=0
*Nov 27 14:29:35.336: AAA/MEMORY: create_user (0x8D62100) user='router3' ruser='R3' ds0=0 port='tty0' rem_addr='async' authen_type=ASCII service=NONE priv=15 initial_task_id='0', vrf= (id=0)
*Nov 27 14:29:35.540: AAA/MEMORY: free_user (0x8D62100) user='router3' ruser='R3' port='tty0' rem_addr='async' authen_type=ASCII service=NONE priv=15 vrf= (id=0)
*Nov 27 14:29:35.540: AAA/ACCT/3844(0000011A): Pick method list 'default'
*Nov 27 14:29:35.540: AAA/ACCT/SETMLIST(0000011A): Handle 0, mlist 07BD51B0, Name default
R3(config)#
*Nov 27 14:29:35.540: Getting session id for CMD(0000011A) : db=8D61E28
*Nov 27 14:29:35.540: AAA/ACCT/CMD(0000011A): add, count 3
*Nov 27 14:29:35.540: AAA/ACCT/EVENT/(0000011A): COMMAND
*Nov 27 14:29:35.540: AAA/ACCT/CMD(0000011A): Queueing record is COMMAND osr 1
*Nov 27 14:29:35.540: AAA/ACCT/CMD(0000011A): free_rec, count 2
*Nov 27 14:29:35.540: AAA/ACCT/CMD(0000011A): Setting session id 322 : db=8D61E28
*Nov 27 14:29:35.544: AAA/ACCT(0000011A): Accounting method=tacacs+ (TACACS+)
*Nov 27 14:29:36.024: AAA/ACCT/CMD(0000011A): STOP protocol reply PASS
*Nov 27 14:29:36.024: AAA/ACCT(0000011A): Accounting response status = SUCCESS
R3(config)#
*Nov 27 14:29:36.024: AAA/ACCT(0000011A): Send STOP accounting notification to EM successfully
*Nov 27 14:29:36.024: AAA/ACCT/CMD(0000011A): Cleaning up from Callback osr 0
*Nov 27 14:29:36.024: AAA/ACCT/CMD(0000011A) Record not present
*Nov 27 14:29:36.024: /AAA/ACCTCMD(0000011A) reccnt 2, csr FALSE, osr 0
R3(config)#Networking, sometimes i love it, mostly i hate it.Its all about the $$$$