Examining Cisco AAA Security Technology

Chapter Description

This chapter examines Cisco AAA security technology, including authentication, authorization, and accounting methods, and AAA security servers.

Accounting Methods

AAA accounting lets you track the amount of network resources users are accessing and the types of services they are using. For example, system administrators might need to bill departments or customers for connection time or resources used on the network (for example, total time connected). Accounting tracks this kind of information. You can also use accounting to track suspicious connection attempts into the network.

When AAA accounting is configured, the network access server creates accounting records that report user activity. The accounting records are stored on the network access server or can be sent to the remote security database, as shown in Figure 4-10. The accounting records, which are similar to syslog records, can then be imported into a spreadsheet or accounting program and analyzed for network management, billing, and auditing.

Figure 4-10 The Network Access Server, Router, and Remote Security Database Generating and Processing Accounting Information

The accounting record consists of attribute/value (AV) pairs that typically contain the username, user network address, attempted service, start and stop time and date, amount of data transferred, network access server accessed, and source of the network record. The RADIUS and TACACS+ remote security database protocols each have provisions for recording and transmitting accounting records.

Cisco network access servers can be configured to capture and display accounting data by using the aaa accounting commands including the following: EXEC commands; network services such as SLIP, PPP, and ARA; and system-level events not associated with users, which are covered in Chapters 5 and 6.

