AAA - accounting start-stop and start-only
When deploying AAA with an external AAA server such as RADIUS or TACACS+, the aaa accounting
command is used. With this command, there are several options concerning when to send accounting information.
In particular, the start-stop and start-only keywords can be used. According to Cisco's CLI command reference, linked below, these are their functions:
start-stop
- Sends a “start” accounting notice at the beginning of a process and a “stop” accounting notice at the end of a process. The “start” accounting record is sent in the background. The requested user process begins regardless of whether the “start” accounting notice was received by the accounting server.
stop-only
- Sends a stop accounting record for all cases including authentication failures regardless of whether the aaa accounting send stop-record authentication failure
command is configured.
The choice of which to use depends on your specific requirements for tracking and recording network activity. If you only need to know when a process has ended, stop-only
should suffice. But if you need to track the entire lifecycle of a process, from start to finish, you would use start-stop
.
Links:
https://forum.networklessons.com/t/aaa-and-802-1x-authentication/1153/40?u=lagapidis