Chapter 30
Configuring Switch Access Using AAA
local
Radius Deadtime:
Radius Key:
Radius Retransmit:
Radius Timeout:
Radius-Server
----------------------------- -------
172.20.52.3
Console> (enable)
Updating the Server
You can configure the switch to send accounting information to the TACACS+ server. There are two
options:
•
•
Suppressing Accounting
You can configure the system to suppress accounting when an unknown user with no username accesses
the switch by using the set accounting suppress null-username enable command.
Note
RADIUS and TACACS+ accounting are the same, except that RADIUS does not do command
accounting, periodic updates, or allow null-username suppression.
Configuring Accounting
The following sections describe how to configure accounting for both TACACS+ and RADIUS.
Accounting Default Configuration
Table 30-4
Table 30-4 Accounting Default Configuration
Feature
Accounting
Accounting events (EXEC, system, commands, and connect) Disabled
Accounting records
Catalyst 4500 Series, Catalyst 2948G, Catalyst 2948G-GE-TX, and Catalyst 2980G Switches Software Configuration Guide—Release 8.2GLX
78-15908-01
enabled(primary)
Newinfo—Sends accounting information to the server only when new accounting information
becomes available.
Periodic—Sends accounting update records at regular intervals. This option can be used to keep
up-to-date connection and session information even if the NAS restarts and loses the initial start
time. You must set a time lapse between periodic updates. Valid intervals are from 1 to
71582 minutes.
shows the default accounting configuration.
enabled(primary)
0 minutes
2
5 seconds
Status
Auth-port
------------
primary
1812
Configuring Accounting
Default
Disabled
Stop-only
30-49