Accounting – Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual
Page 1292

TACACS+ Introduction and Configuration
Software Reference for x310 Series Switches
48.4
AlliedWare Plus
TM
Operating System - Version 5.4.4C
C613-50046-01 REV A
Accounting
TACACS+ accounting usually takes place after authentication and authorization. However,
because TACACS+ separates these three functions, neither authentication nor
authorization are required for accounting to function. TACACS+ accounting provides the
following two distinct functions:
■
a record of services used for billing purposes
■
an audit trail for user exec sessions
The AlliedWare Plus TACACS+ accounting implementation supports an audit trail for user
exec sessions only. This includes the ability to configure accounting for user logins and
logouts, and accounting of any commands executed by the user while they are logged
into the switch.
TACACS+ accounting includes three different types of accounting records:
■
start records that indicate a service is about to start
■
stop records that indicate a service has just ended
■
update records that indicate a service is still in progress
Note
In the AlliedWare Plus TACACS+ implementation, authorization for privilege
level, timeout, and idletime AV pairs is only attempted if enable password
authentication (
aaa authentication enable default group tacacs+
command)
is not configured. If enable password authentication is configured then the
privilege level a user is granted access to is determined during the enable
password authentication session.