Chapter 27
Configuring Switch Access Using AAA
Specifying When to Create Accounting Records
You can configure the switch to gather accounting information and create records. When Accounting is
configured (using the set accounting command), the switch can generate two types of records:
•
•
Accounting records are created and sent to the server at two events:
•
•
Specifying RADIUS Servers
To specify one or more RADIUS servers, perform this task in privileged mode:
Task
Step 1
Specify the IP address of up to three RADIUS
servers. Specify the primary server using the
primary keyword. Optionally, specify the
destination UDP port to use on the server.
Step 2
Verify the RADIUS server configuration.
This example shows how to specify a RADIUS server and verify the configuration:
Console> (enable) set radius server 172.20.52.3
172.20.52.3 with auth-port 1812 added to radius server table as primary server.
Console> (enable) show radius
Login Authentication:
---------------------
tacacs
radius
local
Enable Authentication: Console Session
---------------------- ----------------- ----------------
tacacs
radius
78-12647-02
Start records—Include partial information of the event (when the event started, type of service, and
traffic statistics).
Stop records—Include complete information of the event (when the event started, its duration, type
of service, and traffic statistics).
Start-stop—Accounting records are sent at both the start and stop of an action, if the action has
duration. If the NAS fails to send the accounting record at the start of the action, it still allows you
to proceed with the action.
Stop-only—Accounting records are sent only at the termination of the event. Commands are
assumed to have zero duration, so only stop records are generated for command accounting. No
users are associated with system events; therefore, the start-stop option in the set accounting
system command is ignored for system events. The stop-only option in the set accounting
commands provides complete accounting information.
Stop records include complete information of the event (when the event started, its duration,
Note
and traffic statistics). However, you might want redundancy and also to monitor both start
and stop records of events occurring on the NAS.
Console Session
----------------
disabled
disabled
enabled(primary)
disabled
disabled
Software Configuration Guide—Catalyst 4000 Family, Catalyst 2948G, Catalyst 2980G, Releases 6.3 and 6.4
Understanding How Accounting Works
Command
set radius server ip_addr [acct-port
port_number] [primary]
show radius
Telnet Session
----------------
disabled
disabled
enabled(primary)
Telnet Session
disabled
disabled
27-57