13
The device supports the following accounting methods:
•
No accounting
—The NAS does not perform accounting for the users.
•
Local accounting
—Local accounting is implemented on the NAS. It counts and controls the number
of concurrent users who use the same local user account, but does not provide statistics for
charging.
•
Remote accounting
—The NAS works with a RADIUS server or HWTACACS server for accounting.
You can configure backup methods to be used when the remote server is not available.
In addition, the device provides the following login services to enhance device security:
•
Command authorization
—Enables the NAS to let the authorization server determine whether a
command entered by a login user is permitted. Login users can execute only commands permitted
by the authorization server. For more information about command authorization, see
Fundamentals
Configuration Guide
.
•
Command accounting
—When command authorization is disabled, command accounting enables
the accounting server to record all valid commands executed on the device. When command
authorization is enabled, command accounting enables the accounting server to record all
authorized commands. For more information about command accounting, see
Fundamentals
Configuration Guide
.
•
User role authentication
—Authenticates each user who wants to obtain another user role without
logging out or getting disconnected. For more information about user role authentication, see
Fundamentals Configuration Guide
.
Protocols and standards
•
RFC 2865,
Remote Authentication Dial In User Service (RADIUS)
•
RFC 2866,
RADIUS Accounting
•
RFC 2867,
RADIUS Accounting Modifications for Tunnel Protocol Support
•
RFC 2868,
RADIUS Attributes for Tunnel Protocol Support
•
RFC 2869,
RADIUS Extensions
•
RFC 1492,
An Access Control Protocol, Sometimes Called TACACS
•
RFC 1777,
Lightweight Directory Access Protocol
•
RFC 2251,
Lightweight Directory Access Protocol (v3)
RADIUS attributes
Commonly used standard RADIUS attributes
No. Attribute
Description
1
User-Name
Name of the user to be authenticated.
2 User-Password
User password for PAP authentication, only present in Access-Request
packets when PAP authentication is used.
3 CHAP-Password
Digest of the user password for CHAP authentication, only present in
Access-Request packets when CHAP authentication is used.