AAA start-stop and stop-only

The distinction between "start-stop" and "stop-only" accounting methods in AAA (Authentication, Authorization, and Accounting) is crucial for network engineers when configuring how accounting records are sent to the AAA server.

Start-stop

This accounting method sends two records for each process to the AAA server. A "start" record is transmitted at the initiation of the process, signaling its commencement. A "stop" record follows upon the process's completion, indicating its termination. This approach allows for detailed tracking, showing both when a process begins and when it ends.

Stop-only

In contrast, the stop-only method sends a single accounting record, which occurs only at the end of a process. The absence of a "start" record means the AAA server is only informed about the conclusion of the process, not its initiation. This method is simpler and might be sufficient if the primary requirement is to know when a process has ceased.

Conclusion

Selecting between start-stop and stop-only accounting depends on the network activity tracking requirements. For comprehensive lifecycle tracking of a process, start-stop is the appropriate choice, whereas stop-only is suitable for less detailed accounting.

For further details and command references, consult the Cisco IOS Security Command Reference guide, specifically the section on aaa accounting commands.

Understanding these methods and their implications on network activity records is essential for effective network management and security monitoring.