Header
Home | Set as homepage | Add to favorites
  Search the Site     » Advanced Search
Sections
Syndication


Blogroll:

||||| ALL Cisco-Network ARTICLES |||||  
CCIE Journey,
The CCIE Journey,

Home : CCSP-Cisco Certified Security Professional : Activate Authentication Proxy Accounting

Activate Authentication Proxy Accounting

Sep 17,2009 by alperen

small font medium font large font
image

Activate Authentication Proxy Accounting

The aaa accounting command enables accounting and creating named method lists to define specific accounting methods on a per-line or per-interface basis. Use the global configuration mode command aaa accounting auth-proxy to activate the security server that will monitor the accounting information. The router reports these attributes as accounting records, which are then stored in an accounting log on the security server. Use the no form of this command to disable accounting. The basic syntax is

Rtr1(config)#aaa accounting auth-proxy default {accounting-method} method1 [method2. . .]

The accounting methods include the following four choices:

start-stop

Sends a start accounting notice at the beginning of a process and a stop accounting notice at the end of a process. The start accounting record is sent in the background. The requested user process begins regardless of whether the start accounting notice was received by the accounting server.

wait-start

Sends both a start and a stop accounting notice to the accounting server. But, if the wait-start keyword is used, the requested user service does not begin until the start accounting notice is acknowledged.

stop-only

Sends a stop accounting notice at the end of the requested user process.

None

Disables accounting services on this line or interface.

For minimal accounting, use the stop-only keyword. For more detailed accounting, include the start-stop keyword. For even more accounting control, include the wait-start keyword, which ensures the start notice is received by the RADIUS or TACACS+ server before granting the user’s process request.

Unlike other AAA authorization options, this one requires the keyword default, not allowing the creation of a named list. Also, this feature only allows three method options: group tacacas+, group radius, and group group-name.

group tacacs+

Uses the list of all TACACS+ servers defined with the tacacs-server host command to provide authorization services. The servers are tried in sequential order from the top, first entered.

group radius

Uses the list of all RADIUS servers defined with the radius-server host command to provide authorization services. The servers are tried in sequential order from the top, first entered.

group group-name

Uses the list of specified TACACS+ or RADIUS servers defined with the aaa group server command to provide authorization services. The servers are tried in sequential order within the group from the top, first entered.

The following example uses TACACS+ servers for both login authentication and proxy authorization.

Rtr1(config)#aaa new-model 
Rtr1(config)#tacacs-server timeout 7
Rtr1(config)#tacacs-server key cisco-key
Rtr1(config)#tacacs-server host 192.168.1.4
Rtr1(config)#aaa authentication login default group tacacs+ local secret
Rtr1(config)#aaa authorization auth-proxy default group tacacs+
Rtr1(config)#aaa accounting auth-proxy default start-stop group tacacs+

196 times read

Related news
» Define the Accounting Method Lists
by alperen posted on Jul 16,2009
» Implementing Accounting Method Lists
by alperen posted on Jul 16,2009
» Accounting
by alperen posted on Jul 16,2009
» Enable Authorization Proxy (auth-proxy) for AAA
by alperen posted on Sep 17,2009
» Authentication and Authorization
by alperen posted on Jul 08,2009
Did you enjoy this article?
1 2 3 4 5
(total 0 votes)

comment Comments (0 posted) 

More Top News
CCSP-Cisco Certified Security Professional
arrow Cisco SAFE Implementation
arrow Preparation Documents
arrow Exam Topics
arrow Skills Required for the Exam
arrow Cisco SAFE Implementation Questions and Answers
arrow Access Control Lists Cisco
arrow Access List Basics
arrow Standard Access Lists
arrow Verifying ACLs
arrow Extended Access Lists
arrow TCP Access Lists
arrow UDP Access Lists
arrow ICMP Access Lists
arrow Named Access Lists
arrow Signature and Alarm Management Review
arrow Signature and Alarm Management Review Questions and Answers
arrow Event Viewer
arrow Managing Alarms
arrow Event Viewer Customization
arrow Preference Settings
arrow Sensor Installation
arrow Connecting to Your Network Sensor Appliance
arrow Sensor Bootstrap
arrow Sensor Installation and Configuration Review
arrow Sensor Installation and Configuration Questions and Answers
arrow Signature and Alarm Management
arrow CIDS Signatures
arrow Signature Series
arrow Signature Implementations
arrow Signature Classes
arrow Signature Types
arrow Signature Severity
Most Popular
Most Commented
Featured Author

admin

image
<| Cisco Articles | Maximum Learning | All Cisco-Network Study Notes | Privacy Policy |>
If you think you own the material being used without permission, contact alperenmad[at]hotmail.com. material will be removed from the site.