In preparation of your CCNA Security 640-553 exam, we want to make sure we cover topics that you are very likely to encounter on your Cisco CCNA exam. So to assist you, below we will discuss Configuring AAA Accounting.

The aaa authorization network command runs authorization for all network-related service requests such as PPP, SLIP and ARAP. This section focusses on PPP, which is most commonly used.

The AAA server checks if a PPP session by the client is allowed. Moreover, PPP options can be requested by the client: callback, compression, IP address, and so on. These options have to be configured on the user profile on the AAA server. Moreover, for a specific client, the AAA profile can contain idle-timeout, access-list and other per-user attributes which will be downloaded by the Cisco IOS software and applied for this client.

The following example shows authorization using Radius:

Example 1: Same Network Authorization Methods for All Users

The access server is used to accept PPP dialin connections. Firstly, users are authenticated (as was previously configured) using:

aaa authentication ppp default group radius local

Ten they have to be authorized using:

aaa authorization network default group radius local

Configuring Accounting Examples

Example 1: Generating Start and Stop Accounting Records

For every dialin PPP session, accounting information is sent to the AAA server once the client is authenticated and after the disconnect using the keyword start-stop.

aaa accounting network default start-stop group radius local

Example 2 : Generating Only Stop Accounting Records

If accounting information has to be sent only after a client's disconnection, use the keyword stop and configure the following line:

aaa accounting network default stop group radius local

Example 3 : Generating Resource Records for Authentication and Negotiation Failures

Until this point, AAA accounting provides start and stop record support for calls that have passed user authentication.

If authentication or PPP negotiation fails, there is no record of authentication.

The solution is to use AAA resource failure stop accounting:

aaa accounting send stop-record authentication failure

A stop record is sent to the AAA server.

Example 4 : Enabling Full Resource Accounting

To enable full resource accounting, which generates both a start record at call setup and a stop record at call termination, configure:

aaa accounting resource start-stop

With this command, a call setup and call disconnect start-stop accounting record tracks the progress of the resource connection to the device. A separate user authentication start-stop accounting record tracks the user management progress. These two sets of accounting records are interlinked using a unique session ID for the call.

I hope you found this article to be of use and it helps you prepare for your Cisco CCNA Security 640-553 certification exam. I am sure you will quickly find out that hands-on real world experience that our CCNA lab kits offer is the best way to cement the CCNA concepts in your head to help you pass your CCNA test!