Accounting

Accounting occurs after authentication and authorization have been completed. Accounting allows administrators to collect information about users. Specifically, administrators can track which user logged into which router, which IOS commands a user issued, and how many bytes were transferred during a user's session. For example, accounting enables administrators to monitor which routers have had their configurations changed. Accounting information can be collected by a router or by a remote security server.

To display local account information on a Cisco router collecting accounting information, issue the show accounting IOS command. Example 5-3 displays sample output when the command is issued on Router R1.

Example 5-3 show accounting Command

R1#show accounting

Active Accounted actions on Interface Serial0:1, User jdoe Priv 1 Task ID 15, Network Accounting record, 00:00:18 Elapsed task_id=15 timezone=PDT service=ppp mlp-links-max=4 mlp-links-current=4 protocol=ip addr=119.0.0.2 mlp-sess-id=1 Overall Accounting Traffic

Starts Stops Updates Active Drops Exec 0 0 0 0 0

Network 8 4 0 4 0

Connect 0 0 0 0 0

Command 0 0 0 0 0

User creates:21, frees:9, Acctinfo mallocs:15, frees:6 Users freed with accounting unaccounted for:0 Queue length:0

Table 5-1 describes the fields contained in Example 5-3.

Table 5-1 show accounting Fields

Field

Description

User

The user's ID

Priv

The user's privilege level (0-15)

Task ID

Each accounting session's unique identifier

Accounting Record

Type of accounting session

Elapsed

Length of time (hh:mm:ss) for this session type

Rather than maintain a separate database with usernames, passwords, and privilege levels, you can use external security servers to run external security protocols—namely RADIUS, TACACS+, and Kerberos.

These security server protocols stop unauthorized access to your network. The following sections review these three security protocols.

Security Server Protocols

In many circumstances, AAA uses security protocols to administer its security functions. If your router or access server is acting as a NAS, AAA is the means through which you establish communication between your network access server and your RADIUS, TACACS+, or Kerberos security server.

0 0

Post a comment