1-22
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring AAA Rules for Network Access
Configuring Accounting for Network Access
accounting information by IP address. Accounting information includes session start and stop times,
username, the number of bytes that pass through the ASA for the session, the service used, and the
duration of each session.
To configure accounting, perform the following steps:
Examples
The following example authenticates, authorizes, and accounts for inside Telnet traffic. Telnet traffic to
servers other than 209.165.201.5 can be authenticated alone, but traffic to 209.165.201.5 requires
authorization and accounting.
hostname(config)#
aaa-server AuthOutbound protocol
hostname(config-aaa-server-group)#
exit
hostname(config)#
aaa-server AuthOutbound (inside) host 10.1.1.1
hostname(config-aaa-server-host)#
key TACPlusUauthKey
Command
Purpose
Step 1
access-list
Example:
hostname(config)#
access-list TELNET_AUTH extended
permit tcp any any eq telnet
If you want the ASA to provide accounting data per
user, you must enable authentication. For more
information, see the
Authentication” section on page 1-7
. If you want the
ASA to provide accounting data per IP address,
enabling authentication is not necessary.
Creates an access list that identifies the source
addresses and destination addresses of traffic for
which you want accounting data. For instructions,
see
Chapter 1, “Adding an Extended Access Control
The permit ACEs mark matching traffic for
accounting, while deny entries exclude matching
traffic from accounting.
Note
If you have configured authentication and
want accounting data for all the traffic being
authenticated, you can use the same access
list that you created for use with the
aaa
authentication match
command.
Step 2
aaa accounting match
acl_name
interface_name
server_group
Example:
hostname(config)# aaa accounting match SERVER_AUTH
inside AuthOutbound
Enables accounting.
The
acl_name
argument is the access list name set in
the
access-list
command.
The
interface_name
argument is the interface name
set in the
nameif
command.
The
server_group
argument is the server group
name set in the
aaa-server
command.
Note
Alternatively, you can use the
aaa
accounting include
command (which
identifies traffic within the command), but
you cannot use both methods in the same
configuration. See the command reference
for more information.
Summary of Contents for 5505 - ASA Firewall Edition Bundle
Page 28: ...Glossary GL 24 Cisco ASA Series CLI Configuration Guide ...
Page 61: ...P A R T 1 Getting Started with the ASA ...
Page 62: ......
Page 219: ...P A R T 2 Configuring High Availability and Scalability ...
Page 220: ......
Page 403: ...P A R T 2 Configuring Interfaces ...
Page 404: ......
Page 499: ...P A R T 2 Configuring Basic Settings ...
Page 500: ......
Page 533: ...P A R T 2 Configuring Objects and Access Lists ...
Page 534: ......
Page 601: ...P A R T 2 Configuring IP Routing ...
Page 602: ......
Page 745: ...P A R T 2 Configuring Network Address Translation ...
Page 746: ......
Page 845: ...P A R T 2 Configuring AAA Servers and the Local Database ...
Page 846: ......
Page 981: ...P A R T 2 Configuring Access Control ...
Page 982: ......
Page 1061: ...P A R T 2 Configuring Service Policies Using the Modular Policy Framework ...
Page 1062: ......
Page 1093: ...P A R T 2 Configuring Application Inspection ...
Page 1094: ......
Page 1191: ...P A R T 2 Configuring Unified Communications ...
Page 1192: ......
Page 1333: ...P A R T 2 Configuring Connection Settings and QoS ...
Page 1334: ......
Page 1379: ...P A R T 2 Configuring Advanced Network Protection ...
Page 1380: ......
Page 1475: ...P A R T 2 Configuring Modules ...
Page 1476: ......
Page 1549: ...P A R T 2 Configuring VPN ...
Page 1550: ......
Page 1965: ...P A R T 2 Configuring Logging SNMP and Smart Call Home ...
Page 1966: ......
Page 2059: ...P A R T 2 System Administration ...
Page 2060: ......
Page 2098: ...1 8 Cisco ASA Series CLI Configuration Guide Chapter 1 Troubleshooting Viewing the Coredump ...
Page 2099: ...P A R T 2 Reference ...
Page 2100: ......