Accounting
This last section of AAA can be explained in with previous case, after you used badge to authenticate to enter building, the system record date and time when it happened. So your boss can check server (AAA or Syslog) to see when you come or leave work etc.
Accounting in CISCO world allows you to track the amount of network resources your user are accessing and the types of services they are using. When you use accounting, the router/switch can send message to AAA or remote SYSLOG server, depending on configuration.
Accounting records sent by Cisco device to server are sent in the form an AV pair. An AV pair is an attribute and a value.
AAA support six types of accounting:
-
Network accounting
Provides information for all Point-to-Point protocol, Serial Line Internet Protocol, including packet and byte counts.
-
Connection accounting
Provides information about all outbound connection made from the AAA client, such as Telnet, rlogin etc.
-
EXEC accounting
Provides information about user EXEC terminal sessions, including username, date, start and stop times…
-
System accounting
Provides information about all system-level events (e.x. when the system reboots or when accounting is turned on or off)
-
Command accounting
Provides information about the EXEC commands for a specified privilege level that are being executed on a network access server. Each command accounting records includes a list of commands executed for that privilege level, as well as the date and time each command was executed, and user who executed it.
-
Resource accounting
Provides ‘start’ and ‘stop’ record support for calls that have passed user authentication. When user has been authenticated, the AAA accounting process generates start message to begin the accounting process. When user finishes, stop message ending the accounting process.
Sources:
Cisco Access Control Security: AAA Administrative Services [Brandon Carroll]