Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

AAA authorization and accounting

Hello everyone.
I am given a project to implement AAA on routers and switches in our environment. Can some one please help me out in understanding the difference between,
1) aaa authorization exec and aaa authorization command option.
2) aaa accounting exec and aaa accounting command option.
Many thanks.


Sent from Cisco Technical Support Android App

1 ACCEPTED SOLUTION

Accepted Solutions

AAA authorization and accounting

Hello,

1) aaa authorization exec and aaa authorization command option.
The first one authorizes if the user has the right privilege level to enter to one of the IOS priviliege levels (0,1,15) you can customize this.

The second one authorizes the different commands a user can type and send to the device

2) aaa accounting exec and aaa accounting command option.

The first one again accounts when a users enters a specific user-level (Privileged level 15 or Exec user-level 1)

Second one sends an accounting message per each command send to the box

Check my blog at http:laguiadelnetworking.com for further information.

Cheers,

Julio Carvajal Segura

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
6 REPLIES
New Member

AAA authorization and accounting

In Brief(not command specific)-

In AAA autorization - the user will be granted access to a requested service only if the information in the user profile allows it(In ACS or Radius Server).

AAA accounting - during Newtork device access or doing any changes or config log will captured by ACS or Radius Server This data can then be analyzed for network management, client billing or auditing.

AAA authorization and accounting

Hello,

1) aaa authorization exec and aaa authorization command option.
The first one authorizes if the user has the right privilege level to enter to one of the IOS priviliege levels (0,1,15) you can customize this.

The second one authorizes the different commands a user can type and send to the device

2) aaa accounting exec and aaa accounting command option.

The first one again accounts when a users enters a specific user-level (Privileged level 15 or Exec user-level 1)

Second one sends an accounting message per each command send to the box

Check my blog at http:laguiadelnetworking.com for further information.

Cheers,

Julio Carvajal Segura

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

AAA authorization and accounting


Kindly go through the link in which you will find the difference for the query you sent.

http://www.cisco.com/en/US/products/sw/secursw/ps4911/products_tech_note09186a0080107cfd.shtml

New Member

Re:AAA authorization and accounting

Thank you so much everyone for giving your valueable comments.

Sent from Cisco Technical Support Android App

New Member

Re:AAA authorization and accounting

One another question. I am working on gns3 with 2 aaa servers on 2 different machines.
I am doing it for redundancy. When I want to add a device in primary acs its only working on ip address of directly connected interface and same is with secondary acs. I have primary server on 10.10.10.x network and secondary on 192.168.150.x network.if I add same router in primary acs console I have to use 10.10 interface and when I add it in secondary. Its not working unless I give 192 interface ip. I have reachibiliry to every network and I can even telnet the same router with these 2 interfaces. Please help me out. Thanks in advance.

Sent from Cisco Technical Support Android App

Cisco Employee

AAA authorization and accounting

exec

Runs authorization to determine if the user is allowed to run an   EXEC shell. This facility might return user profile information such as autocommand information

commands

Runs authorization for all commands at the specified privilege   level.

698
Views
5
Helpful
6
Replies