[x]

Configuring AAA methods for an ISP domain > Configuring accounting methods for an ISP domain

 

 Next

Configuring accounting methods for an ISP domain

Restrictions and guidelines

The none keyword is not supported in FIPS mode.

FTP, SFTP, and SCP users do not support accounting.

Local accounting does not provide statistics for charging. It only counts and controls the number of concurrent users that use the same local user account. The threshold is configured by using the access-limit command.

Prerequisites

Before configuring accounting methods, complete the following tasks:

  1. Determine the access type or service type to be configured. With AAA, you can configure an accounting method for each access type and service type.

  2. Determine whether to configure the default accounting method for all access types or service types. The default accounting method applies to all access users. However, the method has a lower priority than the accounting method that is specified for an access type or service type.

Procedure

  1. Enter system view.

    system-view

  2. Enter ISP domain view.

    domain isp-name

  3. (Optional.) Specify default accounting methods for all types of users.

    accounting default { hwtacacs-scheme hwtacacs-scheme-name [ radius-scheme radius-scheme-name ] [ local ] [ none ] | local [ none ] | none | radius-scheme radius-scheme-name [ hwtacacs-scheme hwtacacs-scheme-name ] [ local ] [ none ] }

    By default, the accounting method is local.

  4. Specify accounting methods for a user type.

    • Specify the command accounting method.

      accounting command hwtacacs-scheme hwtacacs-scheme-name

      By default, the default accounting methods are used for command accounting.

    • Specify accounting methods for LAN users.

      accounting lan-access { broadcast radius-scheme radius-scheme-name1 radius-scheme radius-scheme-name2 [ local ] [ none ] | local [ none ] | none | radius-scheme radius-scheme-name [ local ] [ none ] }

      By default, the default accounting methods are used for LAN users.

    • Specify accounting methods for login users.

      accounting login { hwtacacs-scheme hwtacacs-scheme-name [ radius-scheme radius-scheme-name ] [ local ] [ none ] | local [ none ] | none | radius-scheme radius-scheme-name [ hwtacacs-scheme hwtacacs-scheme-name ] [ local ] [ none ] }

      By default, the default accounting methods are used for login users.

    • Specify accounting methods for portal users.

      accounting portal { broadcast radius-scheme radius-scheme-name1 radius-scheme radius-scheme-name2 [ local ] [ none ] | local [ none ] | none | radius-scheme radius-scheme-name [ local ] [ none ] }

      By default, the default accounting methods are used for portal users.

  5. (Optional.) Configure extended accounting policies.

    • Configure access control for users that encounter accounting-start failures.

      accounting start-fail { offline | online }

      By default, the device allows users that encounter accounting-start failures to stay online.

    • Configure access control for users that have failed all their accounting-update attempts.

      accounting update-fail { [ max-times max-times ] offline | online }

      By default, the device allows users that have failed all their accounting-update attempts to stay online.

    • Configure access control for users that have used up their data quotas.

      accounting quota-out { offline | online }

      By default, the device logs off users that have used up their data quotas.

prev

 

up

 next

Configuring authorization methods for an ISP domain 

home

 Display and maintenance commands for ISP domains

© Copyright 2017 Hewlett Packard Enterprise Development LP