Alcatel Carrier Internetworking Solutions omniswitch User Manual
Configuring Accounting for ASA
Managing Switch Security
page 8-12
OmniSwitch 6600 Family Switch Management Guide
March 2005
Configuring Accounting for ASA
Accounting servers track network resources such as time, packets, bytes, etc., and user activity (when a
user logs in and out, how many login attempts were made, session length, etc.). The accounting servers
may be located anywhere in the network.
user logs in and out, how many login attempts were made, session length, etc.). The accounting servers
may be located anywhere in the network.
Note the following:
• Up to 4 servers may be configured.
• The servers may be different types.
• ACE cannot be used as an accounting server.
• The keyword local must be specified if you want accounting to be performed via the Switch Logging
feature in the switch. If local is specified, it must be the last server in the list.
Note that external accounting servers are configured through the
and
commands. These commands are described in “Managing Authentication Servers” in the OmniSwitch
6600 Family Network Configuration Guide.
6600 Family Network Configuration Guide.
To enable accounting (logging a user session) for Authenticated Switch Access, use the
command with the relevant server name(s). In this example, the RADIUS and LDAP servers have
already been configured through the aaa radius-server and aaa ldap-server commands.
-> aaa accounting session rad1 ldap2 local
After this command is entered, accounting will be performed through the rad1 RADIUS server. If that
server is unavailable, the LDAP server, ldap2, will be used for accounting. If that server is unavailable,
logging will be done locally on the switch through the Switch Logging feature. (For more information
about Switch Logging, see the OmniSwitch 6600 Family Network Configuration Guide.)
server is unavailable, the LDAP server, ldap2, will be used for accounting. If that server is unavailable,
logging will be done locally on the switch through the Switch Logging feature. (For more information
about Switch Logging, see the OmniSwitch 6600 Family Network Configuration Guide.)
To remove an individual server from the list of servers, enter the aaa accounting session command with
the relevant server name(s), removing the desired server from the list. For example:
the relevant server name(s), removing the desired server from the list. For example:
-> aaa accounting session rad1 local
The server ldap2 is removed as an accounting server.
To disable accounting for Authenticated Switch Access, use the no form of the aaa accounting session
command:
command:
-> no aaa accounting session
Accounting will not be performed for Authenticated Switch Access sessions.