Accounting – Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

TACACS+ Introduction and Configuration

Software Reference for x310 Series Switches

48.4

AlliedWare Plus

TM

Operating System - Version 5.4.4C

C613-50046-01 REV A

Accounting

TACACS+ accounting usually takes place after authentication and authorization. However,
because TACACS+ separates these three functions, neither authentication nor
authorization are required for accounting to function. TACACS+ accounting provides the
following two distinct functions:

■

a record of services used for billing purposes

■

an audit trail for user exec sessions

The AlliedWare Plus TACACS+ accounting implementation supports an audit trail for user
exec sessions only. This includes the ability to configure accounting for user logins and
logouts, and accounting of any commands executed by the user while they are logged
into the switch.

TACACS+ accounting includes three different types of accounting records:

■

start records that indicate a service is about to start

■

stop records that indicate a service has just ended

■

update records that indicate a service is still in progress

Note

In the AlliedWare Plus TACACS+ implementation, authorization for privilege
level, timeout, and idletime AV pairs is only attempted if enable password
authentication (

aaa authentication enable default group tacacs+

command)

is not configured. If enable password authentication is configured then the
privilege level a user is granted access to is determined during the enable
password authentication session.