Accounting Overview
| The final portion of AAA is the accounting module. Accounting can also be explained using an example of the airline industry. As you enter or board the plane, you hand a boarding pass to the agent, and it is scanned through a machine. This accounts for you boarding the plane. As far as the airline is concerned, you were there, and you were on the airplane. AAA accounting is similar. When you access the network, AAA can begin to track any actions you take. Once you authenticate, you were there, as far as the AAA process is concerned. Accounting in a Cisco environment allows you to track the amount of network resources your users are accessing and the types of services they are using. For example, system administrators might need to bill departments or customers for connection time or resources used on the network (for example, total time connected). AAA accounting allows you to track this activity, as well as suspicious connection attempts into the network. When you use AAA accounting, the router can send messages either to the AAA server or to a remote SYSLOG server, depending on your configuration. You then have the ability to import the accounting records into a spreadsheet or accounting program for viewing. The CSACS can be used to store these accounting messages, and you can also download these accounting statements in .CSV format or use Open Database Connectivity (ODBC) logging, which is supported in CSACS. Cisco devices performing accounting can be configured to capture and display accounting data by using the AAA accounting commands including the following: EXEC commands; network services such as SLIP, PPP, and ARAP; and system-level events not associated with users. These accounting records that are sent by a Cisco device to the accounting server are sent in the form of an AV pair. An AV pair is an attribute and a value. Some of these AV pairs contain information such as username, address, service that is being requested, and the Cisco device that this request is going through, also known as the access server or AAA client. AAA actually supports six types of accounting:
Network AccountingNetwork accounting provides information for all Point-to-Point Protocol (PPP), Serial Line Internet Protocol (SLIP), or Apple Remote Access Protocol (ARAP) sessions, including packet and byte counts. Connection AccountingConnection accounting provides information about all outbound connections made from the AAA client, such as Telnet, local-area transport (LAT), TN3270, packet assembler/disassembler (PAD), and rlogin. EXEC AccountingEXEC accounting provides information about user EXEC terminal sessions (user shells) on the network access server, including username, date, start and stop times, the access server IP address, and (for dial-in users) the telephone number the call originated from. System AccountingSystem accounting provides information about all system-level events (for example, when the system reboots or when accounting is turned on or off). Command AccountingCommand accounting provides information about the EXEC shell commands for a specified privilege level that are being executed on a network access server. Each command accounting record includes a list of the commands executed for that privilege level, as well as the date and time each command was executed, and the user who executed it. Resource AccountingThe Cisco implementation of AAA accounting provides "start" and "stop" record support for calls that have passed user authentication. The additional feature of generating "stop" records for calls that fail to authenticate as part of user authentication is also supported. Such records are necessary for users employing accounting records to manage and monitor their networks. |
EAN: 2147483647
Pages: 173