CBT IT Certification Training

Unlimited IT Certification Courses via Streaming Video

Accounting

Lab 5 

Accounting

Back to book index.

Lab Objective:

The objective of this lab exercise is for you to learn and understand how configure Accounting in Cisco IOS software.

Lab Purpose:

Accounting is one of the three components of AAA services. Accounting allows administrators to configure Cisco IOS routers to send information on the commands or other actions taken by Authenticated and Authorized users on those devices.

Lab Difficulty:

This lab has a difficulty rating of 6/10.

Readiness Assessment:

When you are ready for your certification exam, you should complete this lab in no more than 10 minutes. 

Lab Topology:

Please use the following topology to complete this lab exercise:

Lab 5 1

Lab 5 Configuration Tasks 

Task 1:

Configure the hostname on R1 and IP addressing as illustrated in the diagram. In addition, configure Host 1 with the IP address specified and a default gateway of 172.16.1.1.

NOTE:

 

If you do not have a Host in your lab, you can simply substitute Host 1 for another router with an Ethernet interface and a default static route pointing to 172.16.1.1.

 

Task 2:

Configure Authentication as follows on R1:

  • The Authentication username prompt should read: “Enter Username:”
  • The Authentication password prompt should read: “Enter Password:”
  • Users should be Authenticated only against the local database

Task 3:

Configure Authorization as follows on R1:

  • Level 15 commands should be Authorized based on the local database
  • Level 1 commands should be Authorized if the user is successfully Authenticated
  • The local database should be used to Authorize configuration commands

Task 4:

Configure Accounting as follows on R1:

  • R1 should record start and stop without waiting for Level 15 commands
  • R1 should record stop when service terminates for Level 1 commands
  • Accounting information should be sent to RADUIS server 172.16.1.192

Task 5:

Configure the following username/password pairs on R1:

Username Secret Privilege Level
super cisco123 15
basic cisco456 1

In addition, ensure that R1 uses AAA for inbound connection. 

Task 6:

Verify that your Accounting configuration works as expected using the appropriate debugging commands while you Telnet from Host 1 to R1. 

Lab 5 Configuration and Verification

Task 1:

Router(config)#hostname R1

R1(config)#int f0/0

R1(config-if)#ip address 172.16.1.1 255.255.255.0

R1(config-if)#no shutdown

R1(config-if)#exit

R1(config)#exit

R1#

Lab 5 2

Task 2:

R1(config)#aaa new-model

R1(config)#aaa authentication username-prompt “Enter Username:”

R1(config)#aaa authentication password-prompt “Enter Password:”

R1(config)#aaa authentication login default local

Task 3:

R1(config)#aaa authorization commands 15 default local

R1(config)#aaa authorization commands 1 default if-authenticated

R1(config)#aaa authorization exec default local

R1(config)#aaa authorization config-commands

Task 4:

R1(config)#aaa accounting commands 15 default start-stop group AAA-RADIUS

R1(config)#aaa accounting commands 1 default stop-only group AAA-RADIUS

R1(config)#aaa group server radius AAA-RADIUS

R1(config-sg-radius)#server 172.16.1.192

R1(config-sg-radius)#exit

R1(config)#exit

R1#

Task 5:

R1(config)#username super privilege 15 secret cisco123

R1(config)#username basic privilege 1 secret cisco456

R1(config)#line vty 0 4

R1(config-line)#login authentication default

R1(config-line)#exit

R1(config)#exit

R1#

Task 6:

Lab 5 3

R1#debug aaa accounting

AAA Accounting debugging is on

R1#

R1#

R1#

*Mar  1 01:10:24.351: AAA/ACCT/EVENT/(00000007): CALL START

*Mar  1 01:10:24.351: Getting session id for NET(00000007) : db=84461164

*Mar  1 01:10:24.351: AAA/ACCT(00000000): add node, session 5

*Mar  1 01:10:24.355: AAA/ACCT/NET(00000007): add, count 1

*Mar  1 01:10:24.355: Getting session id for NONE(00000007) : db=84461164

*Mar  1 01:10:30.396: AAA: parse name=tty66 idb type=-1 tty=-1

*Mar  1 01:10:30.396: AAA: name=tty66 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=66 channel=0

*Mar  1 01:10:30.396: AAA/MEMORY: create_user (0x844A52A4) user='super' ruser='R1′ ds0=0 port='tty66′ rem_addr='172.16.1.254′ authen_type=ASCII service=NONE priv=15 initial_task_id='0′, vrf= (id=0)

*Mar  1 01:10:30.396: AAA/MEMORY: free_user (0x844A52A4) user='super' ruser='R1′ port='tty66′ rem_addr='172.16.1.254′ authen_type=ASCII service=NONE priv=15 vrf= (id=0)

*Mar  1 01:10:33.445: AAA: parse name=tty66 idb type=-1 tty=-1

*Mar  1 01:10:33.445: AAA: name=tty66 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=66 channel=0

*Mar  1 01:10:33.445: AAA/MEMORY: create_user (0x835307CC) user='super' ruser='R1′ ds0=0 port='tty66′ rem_addr='172.16.1.254′ authen_type=ASCII service=NONE priv=15 initial_task_id='0′, vrf= (id=0)

*Mar  1 01:10:33.445: AAA/MEMORY: free_user (0x835307CC) user='super' ruser='R1′ port='tty66′ rem_addr='172.16.1.254′ authen_type=ASCII service=NONE priv=15 vrf= (id=0)

*Mar  1 01:10:34.575: %SYS-5-CONFIG_I: Configured from console by super on vty0 (172.16.1.254)

*Mar  1 01:11:57.824: unknown AAA/DISC: 1/”User Request”

*Mar  1 01:11:57.824: unknown AAA/DISC/EXT: 1020/”User Request”

*Mar  1 01:11:57.828: AAA/ACCT/EVENT/(00000007): CALL STOP

*Mar  1 01:11:57.828: AAA/ACCT/CALL STOP(00000007): Sending stop requests

*Mar  1 01:11:57.828: AAA/ACCT(00000007): Send all stops

*Mar  1 01:11:57.828: AAA/ACCT/NET(00000007): STOP

*Mar  1 01:11:57.828: AAA/ACCT/NET(00000007): Method list not found

*Mar  1 01:11:57.828: AAA/ACCT(00000007): del node, session 5

*Mar  1 01:11:57.828: AAA/ACCT/NET(00000007): free_rec, count 0

*Mar  1 01:11:57.828: AAA/ACCT/NET(00000007) reccnt 0, csr TRUE, osr 0

*Mar  1 01:11:57.828: AAA/ACCT/NET(00000007): Last rec in db, intf not enqueued

Lab 5 4

R1#debug aaa accounting

AAA Accounting debugging is on

R1#

*Mar  1 01:13:55.372: AAA/ACCT/EVENT/(00000009): CALL START

*Mar  1 01:13:55.372: Getting session id for NET(00000009) : db=83678F6C

*Mar  1 01:13:55.372: AAA/ACCT(00000000): add node, session 7

*Mar  1 01:13:55.372: AAA/ACCT/NET(00000009): add, count 1

*Mar  1 01:13:55.372: Getting session id for NONE(00000009) : db=83678F6C

*Mar  1 01:14:03.999: AAA: parse name=tty66 idb type=-1 tty=-1

*Mar  1 01:14:03.999: AAA: name=tty66 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=66 channel=0

*Mar  1 01:14:03.999: AAA/MEMORY: create_user (0x84460E48) user='basic' ruser='R1′ ds0=0 port='tty66′ rem_addr='172.16.1.254′ authen_type=ASCII service=NONE priv=1 initial_task_id='0′, vrf= (id=0)

*Mar  1 01:14:03.999: AAA/MEMORY: free_user (0x84460E48) user='basic' ruser='R1′ port='tty66′ rem_addr='172.16.1.254′ authen_type=ASCII service=NONE priv=1 vrf= (id=0)

*Mar  1 01:14:06.150: AAA: parse name=tty66 idb type=-1 tty=-1

*Mar  1 01:14:06.150: AAA: name=tty66 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=66 channel=0

*Mar  1 01:14:06.150: AAA/MEMORY: create_user (0x8446107C) user='basic' ruser='NULL' ds0=0 port='tty66′ rem_addr='172.16.1.254′ authen_type=ASCII service=ENABLE priv=15 initial_task_id='0′, vrf= (id=0)

*Mar  1 01:14:06.154: AAA/MEMORY: free_user (0x8446107C) user='basic' ruser='NULL' port='tty66′ rem_addr='172.16.1.254′ authen_type=ASCII service=ENABLE priv=15 vrf= (id=0)

*Mar  1 01:14:09.820: unknown AAA/DISC: 1/”User Request”

*Mar  1 01:14:09.820: unknown AAA/DISC/EXT: 1020/”User Request”

*Mar  1 01:14:09.824: AAA/ACCT/EVENT/(00000009): CALL STOP

*Mar  1 01:14:09.824: AAA/ACCT/CALL STOP(00000009): Sending stop requests

*Mar  1 01:14:09.824: AAA/ACCT(00000009): Send all stops

*Mar  1 01:14:09.824: AAA/ACCT/NET(00000009): STOP

*Mar  1 01:14:09.824: AAA/ACCT/NET(00000009): Method list not found

*Mar  1 01:14:09.824: AAA/ACCT(00000009): del node, session 7

*Mar  1 01:14:09.824: AAA/ACCT/NET(00000009): free_rec, count 0

*Mar  1 01:14:09.828: AAA/ACCT/NET(00000009) reccnt 0, csr TRUE, osr 0

*Mar  1 01:14:09.828: AAA/ACCT/NET(00000009): Last rec in db, intf not enqueued

Lab 5 Configurations

R1 Configuration

R1#show run

Building configuration…

 

Current configuration : 1208 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R1

!

boot-start-marker

boot-end-marker

!

!

aaa new-model

!

!

aaa group server radius AAA-RADIUS

server 172.16.1.192 auth-port 1645 acct-port 1646

!

aaa authentication password-prompt “Enter Password:”

aaa authentication username-prompt “Enter Username:”

aaa authentication login default local

aaa authorization config-commands

aaa authorization exec default local

aaa authorization commands 1 default if-authenticated

aaa authorization commands 15 default local

!

!

aaa session-id common

no network-clock-participate slot 1

no network-clock-participate wic 0

ip cef

!

!

!

!

!

multilink bundle-name authenticated

!

!

!

!

!

username super privilege 15 secret 5 $1$pvqx$JttbM.xHYFDzzfiBnS89.1

username basic secret 5 $1$ffy6$/cFBje9BqMb1Te64Gwdja0

archive

log config

hidekeys

!

!

!

!

!

!

!

interface FastEthernet0/0

ip address 172.16.1.1 255.255.255.0

duplex auto

speed auto

!

interface Serial0/0

no ip address

shutdown

!

ip forward-protocol nd

!

!

ip http server

no ip http secure-server

!

!

!

!

!

control-plane

!

!

!

line con 0

line aux 0

line vty 0 4

!

!

end

 

content-filler