Configuration Examples For Accounting - Cisco Catalyst 2960 series Configuration Manual
Consolidated platform configuration guide, ios release 15.2(4)e
Hide thumbs
Also See for Catalyst 2960 series:
- Software configuration manual (980 pages) ,
- Command reference manual (800 pages) ,
- Configuration manual (120 pages)
Table of Contents
Advertisement
Configuration Examples for Accounting
Configuration Examples for Accounting
Example Configuring Named Method List
The following example shows how to configure a Cisco AS5200 (enabled for AAA and communication with
a RADIUS security server) in order for AAA services to be provided by the RADIUS server. If the RADIUS
server fails to respond, then the local database is queried for authentication and authorization information,
and accounting services are handled by a TACACS+ server.
aaa new-model
aaa authentication login admins local
aaa authentication ppp dialins group radius local
aaa authorization network blue1 group radius local
aaa accounting network red1 start-stop group radius group tacacs+
username root password ALongPassword
tacacs-server host 172.31.255.0
tacacs-server key goaway
radius-server host 172.16.2.7
radius-server key myRaDiUSpassWoRd
interface group-async 1
group-range 1 16
encapsulation ppp
ppp authentication chap dialins
ppp authorization blue1
ppp accounting red1
line 1 16
autoselect ppp
autoselect during-login
login authentication admins
modem dialin
The lines in this sample RADIUS AAA configuration are defined as follows:
• The aaa new-model command enables AAA network security services.
• The aaa authentication login admins local command defines a method list "admins", for login
• The aaa authentication ppp dialins group radius local command defines the authentication method
• The aaa authorization network blue1 group radius local command defines the network authorization
• The aaa accounting network red1 start-stop group radius group tacacs+command defines the
• The username command defines the username and password to be used for the PPP Password
• The tacacs-server host command defines the name of the TACACS+ server host.
• The tacacs-server key command defines the shared secret text string between the network access server
• The radius-server host command defines the name of the RADIUS server host.
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
1028
authentication.
list "dialins", which specifies that first RADIUS authentication and then (if the RADIUS server does not
respond) local authentication is used on serial lines using PPP.
method list named "blue1", which specifies that RADIUS authorization is used on serial lines using PPP.
If the RADIUS server fails to respond, then local network authorization is performed.
network accounting method list named red1, which specifies that RADIUS accounting services (in this
case, start and stop records for specific events) are used on serial lines using PPP. If the RADIUS server
fails to respond, accounting services are handled by a TACACS+ server.
Authentication Protocol (PAP) caller identification.
and the TACACS+ server host.
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
