aaa accounting all-mgmt

Description

Defines accounting as being local (with the namelocal) (default). Or defines a sequence of remote AAA server groups to be accessed for accounting purposes.

For remote accounting, the information is sent to the first reachable remote server that was configured with this command for remote accounting. If no remote server is reachable, local accounting remains available. Each available connection type (channel) can be configured individually as either local or using remote AAA server groups. All server groups named in your command, must exist. This command can be issued multiple times, once for each connection type. Local is always available for any connection type not configured for remote accounting.

Thenoform of this command removes for the specified connection type, any defined remote AAA server group accounting sequence. Local accounting is available for connection types without a configured remote AAA server group list (whether default or for the specific connection type).

Command context

config

Parameters

其中一个连接类型(渠道):

default

Defines a list of accounting server groups to be used for thedefaultconnection type. This configuration applies to all other connection types (console,https-server,ssh) that are not explicitly configured with this command. For example, if you do not useaaa accounting all-mgmt console...to define the console accounting list, then this default configuration is used for console.

console

Defines a list of accounting server groups to be used for theconsoleconnection type.

https-server

Defines a list of accounting server groups to be used for thehttps-server(REST, Web UI) connection type.

ssh

Defines a list of accounting server groups to be used for thesshconnection type.

start-stop

Selects accounting information capture at both the beginning and end of a process.

local

Selects local-only accounting when used without thegroupparameter.

group

Specifies the list of remote AAA server group names. Each name can be specified one time. Predefined remote AAA group namestacacsandradiusare available. Although not a group name, predefined namelocalis available. User-defined TACACS+ and RADIUS server group names may also be used. The remote AAA server groups are accessed in the order that the group names are listed in this command. Within each group, the servers are accessed in the order in which the servers were added to the group. Server groups are defined using commandaaa group serverand servers are added to a server group with the commandserver.

Authority

Administrators or local user group members with execution rights for this command.

Usage

Local accounting is always active. It cannot be turned off.

Examples

Defining the default accounting sequence based on two user-defined TACACS+ server groups, then the default TACACS+ server group, and finally (if needed), local accounting.

switch(config)#aaa accounting all-mgmt default start-stop group tg1 tg2 tacacs local

Defining the console accounting sequence based on two user-defined TACACS+ server groups, then the default TACACS+ server group, and finally (if needed), local accounting.

switch(config)#aaa accounting all-mgmt console start-stop group tg2 tg3 tacacs local

Defining the ssh accounting sequence based on one user-defined TACACS+ server group and then the default TACACS+ server group.

switch(config)#aaa accounting all-mgmt ssh start-stop group tg2 tacacs

Defining the default accounting sequence based on two user-defined RADIUS server groups, then the default RADIUS server group, and finally (if needed), local accounting.

switch(config)#aaa accounting all-mgmt default start-stop group rg1 rg2 radius local

Defining the https-server accounting sequence based on one user-defined RADIUS server group and then the default RADIUS server group.

switch(config)#aaa accounting all-mgmt https-server start-stop group rg1 radius

Setting local accounting for the default connection type:

switch(config)#aaa accounting all-mgmt default start-stop local