Implementing Authentication, Authorization, and Accounting – AAA
Configuring AAA accounting and comprehensive AAA

Accounting is the process of keeping track of the activity of each user who is accessing the network resources; including the amount of time spent in the network, the services accessed while there, and the amount of data transferred during the session. Accounting data is used for trend analysis, capacity planning, billing, auditing and cost allocation.

AAA supports six different accounting types:

  • Network accounting – Provides information for all PPP, SLIP, or ARAP sessions, including packet and byte counts
  • Connection accounting – Provides information about all outbound connections made from the network, such as Telnet and remote login (rlogin)
  • EXEC accounting – Provides information about user EXEC terminal sessions (user shells) on the network access server, including username, date, start and stop times, the access server IP address, and (for dial-in users) the telephone number the call originated from
  • System accounting – Provides information about all system-level events (for example, when the system reboots or when accounting is turned on or off)
  • Command accounting – Provides information about the EXEC shell commands for a specified privilege level that are being executed on a network access server
  • Resource accounting – Provides start and stop record support for calls that have passed user authentication

To configure AAA accounting using named method lists, use the commands in listed in Figures  – , beginning in global configuration mode.

Comprehensive AAA Configuration Example
Figure shows how to configure a Cisco access device for AAA services to be provided by the RADIUS server for an access server with dialup links. If the RADIUS server fails to respond, then the local database will be queried for authentication and authorization information, and accounting services will be handled by a TACACS+ server.